Page 1
User's Manual
AudioCodes Mediant™ Family of Session Border Controllers (SBC)
Mediant 4000 SBC
Version 7.2
Page 2
Page 3
User's Manual Contents
Table of Contents
1 Introduction ....................................................................................................... 25
1.1 Product Overview ................................................................................................... 25
1.2 Typographical Conventions .................................................................................... 26
1.3 Getting Familiar with Configuration Concepts and Terminology ............................ 27
1.3.1 SBC Application ....................................................................................................... 27
Getting Started with Initial Connectivity ................................................................31
2 Introduction ....................................................................................................... 33
3 Default OAMP IP Address ................................................................................. 35
4 Configuring VoIP LAN Interface for OAMP ..................................................... 37
4.1 Web Interface ......................................................................................................... 37
4.2 CLI .......................................................................................................................... 39
Management Tools ..................................................................................................41
5 Introduction ....................................................................................................... 43
6 Web-Based Management .................................................................................. 45
6.1 Getting Acquainted with the Web Interface ............................................................ 45
6.1.1 Computer Requirements .......................................................................................... 45
6.1.2 Accessing the Web Interface ................................................................................... 46
6.1.3 Areas of the GUI ...................................................................................................... 47
6.1.4 Accessing Configuration Pages from Navigation Tree ............................................ 49
6.1.5 Configuring Stand-alone Parameters ...................................................................... 51
6.1.6 Configuring Table Parameters ................................................................................. 52
6.1.6.1 Adding Table Rows ..................................................................................53
6.1.6.2 Modifying Table Rows ..............................................................................55
6.1.6.3 Deleting Table Rows ................................................................................55
6.1.6.4 Invalid Value Indications ..........................................................................56
6.1.6.5 Viewing Table Rows .................................................................................58
6.1.6.6 Sorting Tables by Column ........................................................................59
6.1.6.7 Changing Index Position of Table Rows ..................................................59
6.1.6.8 Searching Table Entries ...........................................................................60
6.1.7 Searching for Configuration Parameters ................................................................. 61
6.1.8 Getting Help ............................................................................................................. 62
6.1.9 Logging Off the Web Interface ................................................................................. 62
6.2 Customizing the Web Interface .............................................................................. 62
6.2.1 Replacing the Corporate Logo ................................................................................. 62
6.2.1.1 Replacing the Corporate Logo with an Image ..........................................63
6.2.1.2 Replacing the Corporate Logo with Text ..................................................64
6.2.2 Customizing the Product Name ............................................................................... 65
6.2.3 Customizing the Favicon ......................................................................................... 65
6.2.4 Creating a Login Welcome Message ....................................................................... 67
6.3 Configuring Additional Management Interfaces ..................................................... 67
6.4 Configuring Management User Accounts .............................................................. 69
6.5 Displaying Login Information upon Login ............................................................... 74
Version 7.2 3 Mediant 4000 SBC
Page 4
Mediant 4000 SBC
6.6 Viewing Logged-In User Information ...................................................................... 75
6.7 Configuring Web Session and Access Settings ..................................................... 75
6.8 Changing Login Password for Administrator and Monitor Users ........................... 76
6.9 Configuring Secured (HTTPS) Web ....................................................................... 77
6.10 Web Login Authentication using Smart Cards ....................................................... 78
6.11 Configuring Web and Telnet Access List ............................................................... 79
7 CLI-Based Management .................................................................................... 81
7.1 Enabling CLI ........................................................................................................... 81
7.1.1 Enabling Telnet for CLI ............................................................................................ 81
7.1.2 Enabling SSH with RSA Public Key for CLI ............................................................. 82
7.2 Configuring Maximum Telnet/SSH Sessions ......................................................... 84
7.3 Establishing a CLI Session .................................................................................... 84
7.4 Viewing Current CLI Sessions ............................................................................... 85
7.5 Terminating a User's CLI Session .......................................................................... 86
7.6 Configuring Displayed Output Lines in CLI Terminal Window ............................... 86
8 SNMP-Based Management ............................................................................... 87
8.1 Disabling SNMP ..................................................................................................... 87
8.2 Configuring SNMP Community Strings .................................................................. 87
8.3 Configuring SNMP Trap Destinations with IP Addresses ...................................... 89
8.4 Configuring an SNMP Trap Destination with FQDN .............................................. 91
8.5 Configuring SNMP Trusted Managers ................................................................... 91
8.6 Enabling SNMP Traps for Web Activity .................................................................. 92
8.7 Configuring SNMP V3 Users .................................................................................. 92
9 INI File-Based Management .............................................................................. 95
9.1 INI File Format ....................................................................................................... 95
9.1.1 Configuring Individual ini File Parameters ............................................................... 95
9.1.2 Configuring Table ini File Parameters ..................................................................... 95
9.1.3 General ini File Formatting Rules ............................................................................ 97
9.2 Configuring an ini File ............................................................................................ 97
9.3 Loading an ini File to the Device ............................................................................ 98
9.4 Secured Encoded ini File ....................................................................................... 98
9.5 Configuring Password Display in ini File ................................................................ 98
9.6 INI Viewer and Editor Utility ................................................................................. 100
General System Settings ......................................................................................101
10 Configuring SSL/TLS Certificates .................................................................. 103
10.1 Configuring TLS Certificate Contexts ................................................................... 103
10.2 Assigning CSR-based Certificates to TLS Contexts ............................................ 107
10.3 Viewing Certificate Information ............................................................................ 110
10.4 Assigning Externally Created Private Keys to TLS Contexts ............................... 111
10.5 Generating Private Keys for TLS Contexts .......................................................... 112
10.6 Creating Self-Signed Certificates for TLS Contexts ............................................. 113
10.7 Importing Certificates into Trusted Certificate Store ............................................ 114
10.8 Configuring Mutual TLS Authentication ................................................................ 116
User's Manual 4 Document #: LTRT-40203
Page 5
User's Manual Contents
10.8.1 TLS for SIP Clients ................................................................................................116
10.8.2 TLS for Remote Device Management ...................................................................116
10.9 Configuring TLS Server Certificate Expiry Check ................................................ 117
11 Network ............................................................................................................ 119
11.1 Building and Viewing your Network Topology ...................................................... 119
11.2 Configuring Physical Ethernet Ports .................................................................... 122
11.3 Configuring Ethernet Port Groups ........................................................................ 125
11.4 Configuring Underlying Ethernet Devices ............................................................ 127
11.5 Configuring IP Network Interfaces ....................................................................... 129
11.5.1 Assigning NTP Services to Application Types ......................................................134
11.5.2 IP Interfaces Table Configuration Guidelines ........................................................134
11.5.3 Networking Configuration Examples .....................................................................134
11.5.3.1 One VoIP Interface for All Applications ................................................. 135
11.5.3.2 VoIP Interface per Application Type ...................................................... 135
11.5.3.3 VoIP Interfaces for Combined Application Types ................................. 136
11.5.3.4 VoIP Interfaces with Multiple Default Gateways ................................... 137
11.6 Configuring Static IP Routes ................................................................................ 137
11.6.1 Configuration Example of Static IP Routes ...........................................................140
11.6.2 Troubleshooting the Static Routes Table ..............................................................141
11.7 Network Address Translation Support ................................................................. 141
11.7.1 Device Located behind NAT ..................................................................................141
11.7.1.1 Configuring NAT Translation per IP Interface ....................................... 142
11.7.2 Remote UA behind NAT ........................................................................................144
11.7.2.1 SIP Signaling Messages ....................................................................... 144
11.7.2.2 Media (RTP/RTCP/T.38) ....................................................................... 145
11.8 Configuring Quality of Service .............................................................................. 148
11.8.1 Configuring Class-of-Service QoS .........................................................................149
11.8.2 Configuring DiffServ-to-VLAN Priority Mapping.....................................................150
11.9 Configuring ICMP Messages ............................................................................... 151
11.10 DNS ...................................................................................................................... 152
11.10.1 Configurin g the Internal DNS Table .......................................................................152
11.10.2 Configurin g the Internal SRV Table .......................................................................154
11.11 Robust Receipt of Media Streams by Media Latching ......................................... 156
11.12 Multiple Routers Support ...................................................................................... 158
12 Date and Time .................................................................................................. 159
12.1 Configuring Automatic Date and Time using SNTP ............................................. 159
12.2 Configuring Date and Time Manually ................................................................... 160
12.3 Configuring the Time Zone ................................................................................... 161
12.4 Configuring Daylight Saving Time ........................................................................ 162
General VoIP Configuration ..................................................................................163
13 Security ............................................................................................................ 165
13.1 Configuring Firewall Settings ............................................................................... 165
13.2 Configuring General Security Settings ................................................................. 170
13.3 Intrusion Detection System .................................................................................. 171
13.3.1 Enabling IDS ..........................................................................................................172
13.3.2 Configuring IDS Policies ........................................................................................172
Version 7.2 5 Mediant 4000 SBC
Page 6
Mediant 4000 SBC
13.3.3 Assigning IDS Policies ...........................................................................................176
13.3.4 Viewing IDS Alarms ...............................................................................................178
14 Media ................................................................................................................ 181
14.1 Configuring Voice Settings ................................................................................... 181
14.1.1 Configuring Voice Gain (Volume) Control .............................................................181
14.1.2 Configuring Echo Cancellation ..............................................................................181
14.2 Fax and Modem Capabilities ................................................................................ 183
14.2.1 Fax/Modem Operating Modes ...............................................................................183
14.2.2 Fax/Modem Transport Modes ...............................................................................184
14.2.2.1 T.38 Fax Relay Mode ............................................................................ 184
14.2.2.2 G.711 Fax / Modem Transport Mode .................................................... 186
14.2.2.3 Fax Fallback .......................................................................................... 187
14.2.2.4 Fax/Modem Bypass Mode .................................................................... 188
14.2.2.5 Fax / Modem NSE Mode ....................................................................... 189
14.2.2.6 Fax / Modem Transparent with Events Mode ....................................... 190
14.2.2.7 Fax / Modem Transparent Mode ........................................................... 190
14.2.2.8 RFC 2833 ANS Report upon Fax/Modem Detection ............................ 191
14.2.3 V.34 Fax Support ...................................................................................................191
14.2.3.1 Bypass Mechanism for V.34 Fax Transmission .................................... 192
14.2.3.2 Relay Mode for T.30 and V.34 Faxes ................................................... 192
14.2.4 V.152 Support ........................................................................................................193
14.3 Configuring RTP/RTCP Settings .......................................................................... 193
14.3.1 Configuring the Dynamic Jitter Buffer ....................................................................193
14.3.2 Configuring RFC 2833 Payload .............................................................................195
14.3.3 Configuring RTP Base UDP Port ...........................................................................195
14.4 Event Detection and Notification using X-Detect Header ..................................... 196
14.4.1 Detecting Answering Machine Beeps ....................................................................197
14.4.2 SIP Call Flow Examples of Event Detection and Notification ................................198
14.5 Answering Machine Detection (AMD) .................................................................. 200
14.5.1 Configuring AMD ...................................................................................................202
14.6 Automatic Gain Control (AGC) ............................................................................. 203
14.7 Configuring Media (SRTP) Security ..................................................................... 204
14.7.1 SRTP using DTLS Protocol ...................................................................................207
15 Services ........................................................................................................... 209
15.1 DHCP Server Functionality .................................................................................. 209
15.1.1 Configuring the DHCP Server ...............................................................................209
15.1.2 Configuring the Vendor Class Identifier .................................................................214
15.1.3 Configuring Additional DHCP Options ...................................................................215
15.1.4 Configuring Static IP Addresses for DHCP Clients ...............................................217
15.1.5 Viewing and Deleting DHCP Clients ......................................................................218
15.2 SIP-based Media Recording ................................................................................ 219
15.2.1 Enabling SIP-based Media Recording ...................................................................224
15.2.2 Configuring SIP Recording Rules ..........................................................................225
15.2.3 Using Conditions for Starting a SIPRec Session ...................................................227
15.2.4 Configuring SIP User Part for SRS ........................................................................228
15.2.5 Interworking SIP-based Media Recording with Third-Party Vendors ....................228
15.2.5.1 Genesys ................................................................................................ 228
15.2.5.2 Avaya UCID ........................................................................................... 228
15.3 RADIUS-based Services ...................................................................................... 229
15.3.1 Enabling RADIUS Services ...................................................................................229
15.3.2 Configuring RADIUS Servers ................................................................................229
15.3.3 Configuring Interface for RADIUS Communication ...............................................232
User's Manual 6 Document #: LTRT-40203
Page 7
User's Manual Contents
15.3.4 Configuring RADIUS Packet Retransmission ........................................................232
15.3.5 Configuring the RADIUS Vendor ID ......................................................................233
15.3.6 RADIUS-based Management User Authentication ...............................................233
15.3.6.1 Setting Up a Third-Party RADIUS Server ............................................. 234
15.3.6.2 Configuring RADIUS-based User Authentication .................................. 235
15.3.6.3 Securing RADIUS Communication ....................................................... 237
15.3.6.4 RADIUS-based User Authentication in URL ......................................... 237
15.3.7 RADIUS-based CDR Accounting ..........................................................................237
15.4 LDAP-based Management and SIP Services ...................................................... 237
15.4.1 Enabling the LDAP Service ...................................................................................239
15.4.2 Enabling LDAP-based Web/CLI User Login Authentication and Authorization.....239
15.4.3 Configuring LDAP Server Groups .........................................................................240
15.4.4 Configuring LDAP Servers.....................................................................................242
15.4.5 Configuring LDAP DNs (Base Paths) per LDAP Server ........................................245
15.4.6 Configuring the LDAP Search Filter Attribute ........................................................246
15.4.7 Configuring Access Level per Management Groups Attributes ............................247
15.4.8 Configuring the Device's LDAP Cache ..................................................................249
15.4.8.1 Refreshing the LDAP Cache ................................................................. 251
15.4.8.2 Clearing the LDAP Cache ..................................................................... 253
15.4.9 Configuring Local Database for Management User Authentication ......................253
15.4.10 LDAP-based Login Aut hentication Example ..........................................................255
15.4.11 Enabling LDAP Searches for Numbers with Characters .......................................259
15.4.12 AD-based Ro ut i ng for Microsoft Skype for Business ............................................259
15.4.12.1 Querying the AD and Routing Priority ................................................... 260
15.4.12.2 Configuring AD-Based Routing Rules ................................................... 263
15.5 Least Cost Routing ............................................................................................... 265
15.5.1 Overview ................................................................................................................265
15.5.2 Configuring LCR ....................................................................................................267
15.5.2.1 Configuring Cost Groups ....................................................................... 267
15.5.2.2 Assigning Cost Groups to Routing Rules .............................................. 270
15.6 Remote Web Services ......................................................................................... 271
15.6.1 Configuring Remote Web Services .......................................................................271
15.6.1.1 Configuring Remote HTTP Hosts .......................................................... 275
15.6.2 Enabling Topology Status Services .......................................................................277
15.6.3 Centralized Third-Party Routing Server .................................................................278
15.6.4 Configuring QoS-Based Routing by Routing Server .............................................281
15.7 HTTP-based Proxy Services ................................................................................ 282
15.7.1 Enabling the HTTP Proxy Application ...................................................................283
15.7.2 Debugging Remote HTTP Services ......................................................................283
15.7.3 Configuring HTTP Interfaces .................................................................................284
15.7.4 Configuring HTTP Proxy Services .........................................................................285
15.7.4.1 Configuring HTTP Proxy Hosts ............................................................. 287
15.7.5 Configuring an HTTP-based OVOC Service .........................................................289
15.8 E9-1-1 Support for Microsoft Skype for Business ................................................ 291
15.8.1 About E9-1-1 Services ...........................................................................................291
15.8.2 Microsoft Skype for Business and E9-1-1 .............................................................292
15.8.2.1 Gathering Location Information of Skype for Busin ess Clients for 911
Calls 293
15.8.2.2 Adding ELINs to the Location Information Server ................................. 294
15.8.2.3 Passing Location Information to the PSTN Emerg ency Provider ......... 295
15.8.3 AudioCodes ELIN Device for Skype for Business E9-1-1 Calls to PSTN .............296
15.8.3.1 Detecting and Handling E9-1-1 Calls .................................................... 297
15.8.3.2 Pre-empting Existing Calls for E9-1-1 Calls .......................................... 299
15.8.3.3 PSAP Callback to Skype for Business Clients f or Dropped E9-1-1 Calls
299
Version 7.2 7 Mediant 4000 SBC
Page 8
Mediant 4000 SBC
15.8.3.4 Selecting ELIN for Multiple Calls within Same ERL .............................. 300
15.8.4 Configuring AudioCodes ELIN Device ...................................................................301
15.8.4.1 Enabling the E9-1-1 Feature ................................................................. 301
15.8.4.2 Configuring the E9-1-1 Callback Timeout ............................................. 301
15.8.4.3 Configuring SBC IP-to-IP Routing Rule for E9-1-1 ............................... 301
15.8.4.4 Viewing the ELIN Table ......................................................................... 302
15.9 Microsoft Skype for Business Presence of Third-Party Endpoints ....................... 302
15.9.1 Configuring Skype for Business Server for Presence ...........................................304
15.9.2 Configuring the Device for Skype for Business Presence .....................................305
16 Quality of Experience ...................................................................................... 309
16.1 Reporting Voice Quality of Experience to OVOC ................................................. 309
16.1.1 Configuring the OVOC Server ...............................................................................309
16.1.2 Configuring Clock Synchronization between Device and OVOC ..........................310
16.1.3 Enabling RTCP XR Reporting to OVOC ................................................................310
16.2 Configuring Quality of Experience Profiles ........................................................... 311
16.3 Configuring Bandwidth Profiles ............................................................................ 316
16.4 Configuring Quality of Service Rules ................................................................... 320
17 Control Network .............................................................................................. 323
17.1 Configuring Media Realms ................................................................................... 323
17.1.1 Configuring Remote Media Subnets ......................................................................326
17.1.2 Configuring Media Realm Extensions ...................................................................329
17.2 Configuring SRDs ................................................................................................ 331
17.2.1 Filtering Tables in Web Interface by SRD .............................................................337
17.2.2 Multiple SRDs for Multi-tenant Deployments .........................................................337
17.2.3 Cloning SRDs ........................................................................................................339
17.2.4 Color-Coding of SRDs in Web Interface ................................................................340
17.2.5 Automatic Configuration based on SRD ................................................................341
17.3 Configuring SIP Interfaces ................................................................................... 341
17.4 Configuring IP Groups .......................................................................................... 349
17.5 Configuring Proxy Sets ........................................................................................ 363
17.6 Building and Viewing SIP Entities in Topology View ............................................ 372
18 SIP Definitions ................................................................................................. 377
18.1 Configuring Registration Accounts ....................................................................... 377
18.1.1 Regular Registration Mode ....................................................................................382
18.1.2 Single Registration for Multiple Phone Numbers using GIN ..................................382
18.1.3 Registrar Stickiness ...............................................................................................383
18.2 Configuring Proxy and Registration Parameters .................................................. 384
18.2.1 SIP Message Authentication Example ..................................................................384
18.3 Configuring Call Setup Rules ............................................................................... 386
18.3.1 Call Setup Rule Examples .....................................................................................392
19 SIP Message Manipulation ............................................................................. 395
19.1 Configuring SIP Message Manipulation ............................................................... 395
19.2 Configuring Message Condition Rules ................................................................. 400
19.3 Configuring SIP Message Policy Rules ................................................................ 401
19.4 Configuring Pre-Parsing Manipulation Rules ....................................................... 405
20 Coders and Profiles ........................................................................................ 409
20.1 Configuring Coder Groups ................................................................................... 409
User's Manual 8 Document #: LTRT-40203
Page 9
User's Manual Contents
20.1.1 Supported Audio Coders .......................................................................................411
20.1.2 Configuring Various Codec Attributes ...................................................................413
20.2 Configuring Allowed Audio Coder Groups ........................................................... 414
20.3 Configuring Allowed Video Coder Groups ........................................................... 417
20.4 Configuring IP Profiles ......................................................................................... 418
Session Border Controller Application................................................................449
21 SBC Overview .................................................................................................. 451
21.1 Feature List .......................................................................................................... 451
21.2 B2BUA and Stateful Proxy Operating Modes ...................................................... 452
21.3 Call Processing of SIP Dialog Requests .............................................................. 455
21.4 User Registration ................................................................................................. 457
21.4.1 Initial Registration Request Processing .................................................................457
21.4.2 Classification and Routing of Registered Users ....................................................458
21.4.3 General Registration Request Processing ............................................................459
21.4.4 Registration Refreshes ..........................................................................................459
21.4.5 Registration Restriction Control .............................................................................460
21.4.6 Deleting Registered Users .....................................................................................460
21.5 Media Handling .................................................................................................... 460
21.5.1 Media Anchoring ....................................................................................................461
21.5.2 Direct Media ...........................................................................................................462
21.5.3 Restricting Audio Coders .......................................................................................464
21.5.4 Coder Transcoding ................................................................................................465
21.5.5 Transcoding Mode .................................................................................................468
21.5.6 Prioritizing Coder List in SDP Offer .......................................................................468
21.5.7 SRTP-RTP and SRTP-SRTP Transcoding ...........................................................469
21.5.8 Multiple RTP Media Streams per Call Session .....................................................469
21.5.9 Interworking Miscellaneous Media Handling .........................................................470
21.5.9.1 Interworking DTMF Methods ................................................................. 470
21.5.9.2 Interworking RTP Redundancy ............................................................. 470
21.5.9.3 Interworking RTP-RTCP Multiplexing ................................................... 471
21.5.9.4 Interworking RTCP Attribute in SDP ..................................................... 471
21.5.9.5 Interworking Crypto Lifetime Field ......................................................... 471
21.5.9.6 Interworking Media Security Protocols .................................................. 471
21.5.9.7 Interworking ICE Lite for NAT Traversal ............................................... 471
21.6 Fax Negotiation and Transcoding ........................................................................ 471
21.7 Limiting SBC Call Duration ................................................................................... 472
21.8 SBC Authentication .............................................................................................. 472
21.8.1 SIP Authentication Server Functionality ................................................................472
21.8.2 User Authentication based on RADIUS .................................................................473
21.9 Interworking SIP Signaling ................................................................................... 474
21.9.1 Interworking SIP 3xx Redirect Responses ............................................................474
21.9.1.1 Resultant INVITE Traversing Device .................................................... 474
21.9.1.2 Local Handling of SIP 3xx ..................................................................... 475
21.9.2 Interworking SIP Diversion and History-Info Headers ...........................................476
21.9.3 Interworking SIP REFER Messages ......................................................................476
21.9.4 Interworking SIP PRACK Messages .....................................................................477
21.9.5 Interworking SIP Session Timer ............................................................................477
21.9.6 Interworking SIP Early Media ................................................................................477
21.9.7 Interworking SIP re-INVITE Messages ..................................................................480
21.9.8 Interworking SIP UPDATE Messages ...................................................................480
Version 7.2 9 Mediant 4000 SBC
Page 10
Mediant 4000 SBC
21.9.9 Interworking SIP re-INVITE to UPDATE ................................................................481
21.9.10 Interwor king Delaye d Offer ....................................................................................481
21.9.11 Interwor king Call Hold ............................................................................................481
21.9.12 Interwor king SIP Via Headers ...............................................................................482
21.9.13 Interworking SIP User-Agent Headers ..................................................................482
21.9.14 Interworking S IP Record-Route Hea ders ..............................................................482
21.9.15 Interworking SIP To-Header Tags in Multiple SDP Answers ................................482
21.9.16 Interwor king In-dialog SIP Contact and Record-Route Hea ders ...........................482
22 Enabling the SBC Application ........................................................................ 483
23 Configuring General SBC Settings ................................................................ 485
23.1 Interworking Dialog Information in SIP NOTIFY Messages ................................. 485
24 Configuring Admission Control ..................................................................... 487
25 Routing SBC .................................................................................................... 491
25.1 Configuring Classification Rules .......................................................................... 491
25.1.1 Classification Based on URI of Selected Header Example ...................................498
25.2 Configuring SBC IP-to-IP Routing ........................................................................ 499
25.2.1 Configuring Rerouting of Calls to Fax Destinations ...............................................511
25.2.2 Configuring Specific UDP Ports using Tag-based Routing ...................................512
25.3 Configuring SIP Response Codes for Alternative Routing Reasons .................... 516
25.4 Configuring SBC Routing Policy Rules ................................................................ 518
25.5 Configuring IP Group Sets ................................................................................... 523
26 SBC Manipulations .......................................................................................... 527
26.1 Configuring IP-to-IP Inbound Manipulations ........................................................ 529
26.2 Configuring IP-to-IP Outbound Manipulations ...................................................... 533
26.3 Using the Proprietary SIP X-AC-Action Header ................................................... 539
27 Configuring Dial Plans .................................................................................... 541
27.1 Importing and Exporting Dial Plans ...................................................................... 546
27.2 Creating Dial Plan Files ........................................................................................ 549
27.3 Using Dial Plan Tags for IP-to-IP Routing ............................................................ 550
27.3.1 Using Dial Plan Tags for Matching Routing Rules ................................................550
27.3.2 Using Dial Plan Tags for Routing Destinations .....................................................551
27.3.3 Dial Plan Backward Compatibility ..........................................................................554
27.4 Using Dial Plan Tags for Outbound Manipulation ................................................ 555
27.5 Using Dial Plan Tags for Call Setup Rules ........................................................... 557
27.6 Using Dial Plan Tags for Message Manipulation ................................................. 557
28 Configuring Malicious Signatures ................................................................. 559
29 Advanced SBC Features ................................................................................. 561
29.1 Configuring Call Preemption for SBC Emergency Calls ...................................... 561
29.2 Emergency Call Routing using LDAP to Obtain ELIN .......................................... 562
29.3 Enabling Interworking of SIP and SIP-I Endpoints ............................................... 563
29.4 WebRTC .............................................................................................................. 566
29.4.1 SIP over WebSocket ..............................................................................................568
29.4.2 Configuring WebRTC .............................................................................................570
29.5 Handling Registered AORs with Same Contact URIs .......................................... 573
29.6 Configuring Dual Registration .............................................................................. 573
User's Manual 10 Document #: LTRT-40203
Page 11
User's Manual Contents
29.7 Call Forking .......................................................................................................... 577
29.7.1 Initiating SIP Call Forking ......................................................................................577
29.7.2 Configuring SIP Forking Initiated by SIP Proxy .....................................................577
29.7.3 Configuring Call Forking-based IP-to-IP Routing Rules ........................................578
29.8 Call Survivability ................................................................................................... 578
29.8.1 Enabling Auto-Provisioning of Subscriber-Specific Information of BroadWorks
Server for Survivability ........................................................................................................579
29.8.2 Configuring BroadSoft's Shared Phone Line Call Appearance for Survivability ...580
29.8.3 Configuring Call Survivability for Call Centers .......................................................581
29.8.4 Enabling Survivability Display on Aastra IP Phones .............................................583
29.9 Alternative Routing on Detection of Failed SIP Response ................................... 585
29.10 VoIPerfect ............................................................................................................ 586
Cloud Resilience Package ....................................................................................589
30 CRP Overview .................................................................................................. 591
31 CRP Configuration .......................................................................................... 593
31.1 Enabling the CRP Application .............................................................................. 593
31.2 Configuring Call Survivability Mode ..................................................................... 594
31.3 Pre-Configured IP Groups .................................................................................... 595
31.4 Pre-Configured IP-to-IP Routing Rules ................................................................ 596
31.4.1 Normal Mode .........................................................................................................596
31.4.2 Emergency Mode ...................................................................................................597
31.4.3 Auto Answer to Registrations ................................................................................597
31.5 Configuring PSTN Fallback .................................................................................. 598
High-Availability System .......................................................................................599
32 HA Overview .................................................................................................... 601
32.1 Connectivity and Synchronization between Devices ............................................ 601
32.2 Device Switchover upon Failure ........................................................................... 602
32.3 Viewing HA Status on Monitor Web Page ............................................................ 603
33 HA Configuration............................................................................................. 605
33.1 Initial HA Configuration ........................................................................................ 605
33.1.1 Network Topology Types and Rx/Tx Ethernet Port Group Settings ......................605
33.1.2 Configuring the HA Devices ..................................................................................607
33.1.2.1 Step 1: Configure the First Device ........................................................ 607
33.1.2.2 Step 2: Configure the Second Device ................................................... 609
33.1.2.3 Step 3: Initialize HA on the Devices ...................................................... 610
33.2 Configuration while HA is Operational ................................................................. 610
33.3 Configuring Firewall Allowed Rules ...................................................................... 612
33.4 Monitoring IP Entity and HA Switchover upon Ping Failure ................................. 613
34 HA Maintenance .............................................................................................. 615
34.1 Maintenance of Redundant Device ...................................................................... 615
34.2 Replacing a Failed Device ................................................................................... 615
34.3 Initiating an HA Switchover .................................................................................. 615
Version 7.2 11 Mediant 4000 SBC
Page 12
Mediant 4000 SBC
34.4 Resetting the Redundant Unit .............................................................................. 616
34.5 Software Upgrade ................................................................................................ 616
34.6 Disconnecting and Reconnecting HA ................................................................... 616
Maintenance ...........................................................................................................619
35 Basic Maintenance .......................................................................................... 621
35.1 Resetting the Device ............................................................................................ 621
35.2 Remotely Resetting Device using SIP NOTIFY ................................................... 622
35.3 Locking and Unlocking the Device ....................................................................... 622
35.4 Saving Configuration ............................................................................................ 624
36 Channel Maintenance ..................................................................................... 625
36.1 Disconnecting Active Calls ................................................................................... 625
37 Auxiliary Files .................................................................................................. 627
37.1 Loading Auxiliary Files ......................................................................................... 627
37.1.1 Loading Auxiliary Files through Web Interface ......................................................627
37.1.2 Loading Auxiliary Files through CLI .......................................................................628
37.2 Deleting Auxiliary Files ......................................................................................... 629
37.3 Call Progress Tones File ...................................................................................... 629
37.4 Prerecorded Tones File ........................................................................................ 632
37.5 Dial Plan File ........................................................................................................ 633
37.5.1 Creating a Dial Plan File ........................................................................................633
37.5.2 Obtaining IP Destination from Dial Plan File .........................................................634
37.5.3 Viewing Information of Installed Dial Plan File ......................................................634
37.6 User Information File ............................................................................................ 635
37.6.1 Enabling the User Info Table .................................................................................635
37.6.2 User Information File for SBC User Database.......................................................635
37.6.2.1 Configuring SBC User Info Table through Web Inte rface ..................... 636
37.6.2.2 Configuring SBC User Info Table through CLI ...................................... 637
37.6.2.3 Configuring SBC User Info Table in Loadable Text F i l e ....................... 638
37.6.3 Viewing the Installed User Info File Name .............................................................639
37.7 AMD Sensitivity File ............................................................................................. 639
38 License Key ..................................................................................................... 641
38.1 Viewing the License Key ...................................................................................... 641
38.2 Installing a New License Key ............................................................................... 642
38.2.1 Installing License Key through Web Interface .......................................................642
38.2.1.1 Installing a License Key String .............................................................. 643
38.2.1.2 Installing a License Key File .................................................................. 644
38.2.2 Installing License Key through CLI ........................................................................648
38.2.3 Verifying Installed License Key ..............................................................................648
38.3 Upgrading SBC Capacity Licenses by License Pool Manager Server ................. 649
38.4 Backing up the License Key ................................................................................. 651
38.5 Viewing the Device's Product Key ....................................................................... 652
39 Software Upgrade Wizard ............................................................................... 653
40 Configuration File ............................................................................................ 659
40.1 Saving Configuration to a File .............................................................................. 659
User's Manual 12 Document #: LTRT-40203
Page 13
User's Manual Contents
40.2 Loading a Configuration File ................................................................................ 659
41 Automatic Provisioning .................................................................................. 661
41.1 Automatic Configuration Methods ........................................................................ 661
41.1.1 DHCP-based Provisioning .....................................................................................661
41.1.1.1 Provisioning the Device using DHCP Option 160 ................................. 662
41.1.2 HTTP-based Provisioning ......................................................................................663
41.1.3 FTP-based Provisioning ........................................................................................664
41.1.4 Provisioning using AudioCodes OVOC .................................................................664
41.2 HTTP/S-Based Provisioning using the Automatic Update Feature ...................... 664
41.2.1 Files Provisioned by Automatic Update .................................................................665
41.2.2 File Location for Automatic Update .......................................................................666
41.2.3 MAC Address Placeholder in Configuration File Name .........................................666
41.2.4 File Template for Automatic Provisioning ..............................................................667
41.2.5 Triggers for Automatic Update ...............................................................................668
41.2.6 Access Authentication with HTTP Server ..............................................................669
41.2.7 Querying Provisioning Server for Updated Files ...................................................670
41.2.8 File Download Sequence .......................................................................................672
41.2.9 Cyclic Redundancy Check on Downloaded Configuration Files ...........................673
41.2.10 Automatic U pdate Configuration Examples ...........................................................674
41.2.10.1 Automatic Update for Single Dev i ce ..................................................... 674
41.2.10.2 Automatic Update from Rem ot e S ervers .............................................. 675
41.2.10.3 Automatic Update for Mass Deploy m ent ............................................... 676
42 SBC Configuration Wizard ............................................................................. 679
42.1 Starting the SBC Configuration Wizard ................................................................ 680
42.2 General Setup Page ............................................................................................. 681
42.3 System Page ........................................................................................................ 683
42.4 Interfaces Page .................................................................................................... 684
42.5 IP-PBX Page ........................................................................................................ 685
42.6 SIP Trunk Page .................................................................................................... 687
42.7 Number Manipulation Page .................................................................................. 689
42.8 Remote Users Page ............................................................................................. 690
42.9 Summary Page .................................................................................................... 691
42.10 Congratulations Page ........................................................................................... 692
43 Restoring Factory Defaults ............................................................................ 693
43.1 Restoring Factory Defaults through CLI ............................................................... 693
43.2 Restoring Factory Defaults through Web Interface .............................................. 694
43.3 Restoring Defaults through ini File ....................................................................... 694
Status, Performance Monitoring and Reporting .................................................695
44 System Status ................................................................................................. 697
44.1 Viewing Device Information .................................................................................. 697
44.2 Viewing Device Status on Monitor Page .............................................................. 699
45 Reporting DSP Utilization through SNMP MIB.............................................. 703
46 Viewing Carrier-Grade Alarms ....................................................................... 705
46.1 Viewing Active Alarms .......................................................................................... 705
Version 7.2 13 Mediant 4000 SBC
Page 14
Mediant 4000 SBC
46.2 Viewing History Alarms ........................................................................................ 706
47 Viewing Management User Activity Logs ..................................................... 709
48 Viewing Performance Monitoring .................................................................. 711
48.1 Viewing Call Success and Failure Ratio .............................................................. 711
48.2 Viewing Average Call Duration ............................................................................ 713
48.3 Configuring Performance Profiles ........................................................................ 714
49 Viewing VoIP Status ........................................................................................ 719
49.1 Viewing SBC Registered Users ........................................................................... 719
49.2 Viewing Proxy Set Status ..................................................................................... 720
49.3 Viewing Registration Status ................................................................................. 722
49.4 Viewing Test Call CDRs ....................................................................................... 722
49.5 Viewing SBC CDR History ................................................................................... 723
50 Viewing Network Status .................................................................................. 725
50.1 Viewing Active IP Interfaces ................................................................................. 725
50.2 Viewing Ethernet Device Status ........................................................................... 725
50.3 Viewing Ethernet Port Information ....................................................................... 725
50.4 Viewing Static Routes Status ............................................................................... 726
51 Viewing Hardware Status ............................................................................... 727
51.1 Viewing Hardware Components Status ............................................................... 727
52 Reporting Information to External Party ....................................................... 729
52.1 Configuring RTCP XR .......................................................................................... 729
52.2 Generating Call Detail Records ............................................................................ 733
52.2.1 CDR Field Description ...........................................................................................734
52.2.1.1 CDR Fields for SBC Signaling .............................................................. 734
52.2.1.2 CDR Fields for SBC Media ................................................................... 739
52.2.1.3 CDR Fields for SBC Local Storage ....................................................... 741
52.2.2 Customizing CDRs for SBC Calls ..........................................................................743
52.2.3 Configuring CDR Reporting ...................................................................................746
52.2.4 Storing CDRs on the Device ..................................................................................747
52.3 Configuring RADIUS Accounting ......................................................................... 750
Diagnostics ............................................................................................................757
53 Syslog and Debug Recording ........................................................................ 759
53.1 Configuring Log Filter Rules ................................................................................. 759
53.1.1 Filtering IP Network Traces ...................................................................................763
53.2 Configuring Syslog ............................................................................................... 764
53.2.1 Syslog Message Format ........................................................................................764
53.2.1.1 Event Representation in Syslog Messages .......................................... 766
53.2.1.2 Identifying AudioCodes Syslog Messages using Fa cility Levels .......... 768
53.2.1.3 Syslog Fields for Answering Machine Detection (AMD) ....................... 768
53.2.1.4 SNMP Alarms in Syslog Messages ....................................................... 769
53.2.2 Enabling Syslog .....................................................................................................769
53.2.3 Configuring the Syslog Server Address .................................................................770
53.2.4 Configuring Syslog Debug Level ...........................................................................770
53.2.5 Configuring Reporting of Management User Activities ..........................................771
User's Manual 14 Document #: LTRT-40203
Page 15
User's Manual Contents
53.2.6 Viewing Syslog Messages .....................................................................................772
53.3 Configuring Debug Recording .............................................................................. 773
53.3.1 Configuring the Debug Recording Server Address ...............................................774
53.3.2 Collecting Debug Recording Messages ................................................................774
53.3.3 Debug Capturing on Physical VoIP Interfaces ......................................................775
54 Enabling SIP Call Flow Diagrams in OVOC ................................................... 777
55 Debugging Web Services ............................................................................... 779
56 Creating Core Dump and Debug Files upon Device Crash ......................... 781
57 Testing SIP Signaling Calls ............................................................................ 783
57.1 Configuring Test Call Endpoints ........................................................................... 783
57.2 Starting and Stopping Test Calls .......................................................................... 787
57.3 Viewing Test Call Status ...................................................................................... 788
57.4 Viewing Test Call Statistics .................................................................................. 788
57.5 Configuring DTMF Tones for Test Calls ............................................................... 790
57.6 Configuring Basic Test Calls ................................................................................ 790
57.7 Test Call Configuration Examples ........................................................................ 791
58 Pinging a Remote Host or IP Address ........................................................... 795
Appendix ................................................................................................................797
59 Dialing Plan Notation for Routing and Manipulation .................................... 799
60 Configuration Parameters Reference ............................................................ 803
60.1 Management Parameters ..................................................................................... 803
60.1.1 General Parameters ..............................................................................................803
60.1.2 Web Parameters ....................................................................................................804
60.1.3 Telnet Parameters .................................................................................................809
60.1.4 ini File Parameters .................................................................................................810
60.1.5 SNMP Parameters .................................................................................................810
60.1.6 Serial Parameters ..................................................................................................814
60.1.7 Auxiliary and Configuration File Name Parameters ..............................................815
60.1.8 Automatic Update Parameters ..............................................................................816
60.2 Networking Parameters ........................................................................................ 820
60.2.1 Ethernet Parameters ..............................................................................................820
60.2.2 Multiple VoIP Network Interfaces and VLAN Parameters .....................................821
60.2.3 Routing Parameters ...............................................................................................821
60.2.4 Quality of Service Parameters ...............................................................................822
60.2.5 NAT Parameters ....................................................................................................823
60.2.6 DNS Parameters ....................................................................................................824
60.2.7 DHCP Parameters .................................................................................................825
60.2.8 NTP and Daylight Saving Time Parameters ..........................................................827
60.3 Debugging and Diagnostics Parameters .............................................................. 829
60.3.1 General Parameters ..............................................................................................829
60.3.2 SIP Test Call Parameters ......................................................................................829
60.3.3 Syslog, CDR and Debug Parameters ....................................................................830
60.3.4 Resource Allocation Indication Parameters...........................................................836
60.4 HA Parameters ..................................................................................................... 836
60.5 Security Parameters ............................................................................................. 838
Version 7.2 15 Mediant 4000 SBC
Page 16
Mediant 4000 SBC
60.5.1 General Security Parameters ................................................................................838
60.5.2 HTTPS Parameters ...............................................................................................840
60.5.3 SRTP Parameters ..................................................................................................841
60.5.4 TLS Parameters .....................................................................................................843
60.5.5 SSH Parameters ....................................................................................................845
60.5.6 IDS Parameters .....................................................................................................846
60.5.7 OCSP Parameters .................................................................................................847
60.6 Quality of Experience Parameters ....................................................................... 848
60.7 Control Network Parameters ................................................................................ 850
60.7.1 IP Group, Proxy, Registration and Authentication Parameters .............................850
60.7.2 Network Application Parameters ...........................................................................859
60.8 General SIP Parameters ...................................................................................... 861
60.9 Coders and Profile Parameters ............................................................................ 878
60.10 Channel Parameters ............................................................................................ 879
60.10.1 Voice Parameters ..................................................................................................880
60.10.2 Coder Parameters .................................................................................................882
60.10.3 DTMF Parameters .................................................................................................883
60.10.4 RTP, RTCP and T.38 Parameters .........................................................................884
60.11 SBC Parameters .................................................................................................. 888
60.11.1 Supplement ary Services ........................................................................................907
60.12 IP Media Parameters ........................................................................................... 908
60.13 Services ............................................................................................................... 911
60.13.1 SIP-based Media Recording Parameters ..............................................................911
60.13.2 RADIUS and LDAP Parameters ............................................................................912
60.13.2.1 General Parameters .............................................................................. 912
60.13.2.2 RADIUS Parameters ............................................................................. 913
60.13.2.3 LDAP Parameters ................................................................................. 915
60.13.3 Least Cost Routing Parameters ............................................................................918
60.13.4 Call Setup Rul es P arameters ................................................................................919
60.13.5 HTTP-based Services ............................................................................................919
60.13.6 HTTP Proxy Parameters ........................................................................................920
61 Channel Capacity ............................................................................................ 923
61.1 Mediant 4000 SBC ............................................................................................... 924
61.2 Mediant 4000B SBC ............................................................................................. 925
62 Technical Specifications ................................................................................ 927
User's Manual 16 Document #: LTRT-40203
Page 17
User's Manual Notices
Notice
Information contained in this document is believed to be accurate and reliable at the time of
printing. However, due to ongoing product improvements and revisions, AudioCodes cannot
guarantee accuracy of printed material after the Date Published nor can it accept responsibility
for errors or omissions. Before consulting this document, check the corresponding Release
Notes regarding feature preconditions and/or specific support in this release. In cases where
there are discrepancies between this document and the Release Notes, the information in the
Release Notes supersedes that in this document. Updates to this document and other
documents as well as software files can be downloaded by registered customers at
http://www.audiocodes.com/downloads.
This document is subject to change without notice.
Date Published: November-14-2017
WEEE EU Directive
Pursuant to the WEEE EU Directive, electronic and electrical waste must not be disposed
of with unsorted waste. Please contact your local recycling authority for disposal of this
product.
Customer Support
Customer technical support and services are provided by AudioCodes or by an authorized
AudioCodes Service Partner. For more information on how to buy technical support for
AudioCodes products and for contact information, please visit our Web site at
www.audiocodes.com/support
.
Abbreviations and Terminology
Each abbreviation, unless widely used, is spelled out in full when first used.
Related Documentation
Manual Name
SIP Release Notes
Mediant 4000 E-SBC Hardware Installation Manu al
Complementary Guides
CLI Reference Guide
SNMP User's Guide
SBC Design Guide
Recommended Security Guidelines Configuration Note
SIP Message Manipulations Quick Reference Guide
Version 7.2 17 Mediant 4000 SBC
Page 18
Mediant 4000 SBC
with your organization’s security policies. For basic security guidelines, refer to
Utility Guides
INI Viewer & Editor Utility User's Guide
AcBootP Utility User's Guide
CLI Wizard User's Guide
Notes and Warnings
Note: The device is an indoor unit and therefore, must be installed only INDOORS. In
addition, Ethernet port interface cabling must be routed only indoors and must not exit
the building.
Note: The scope of this document does not fully cover security aspects for deploying
the device in your environment. Security measures should be done in accordance
Manual Name
AudioCodes Recommended Security Guideline s document.
Note: Throughout this manual, unless otherwise specified, the term device refers to
your AudioCodes product.
Note: Before configuring the device, ensure that it is installed correctly as instructed
in the Hardware Installation Manual.
Note:
• This device includes software developed by the OpenSSL Project for use in the
OpenSSL Toolkit (http://www.openssl.org/).
• This device includes cryptographic software writ t en by Eric Young
(eay@cryptsoft.com).
Note: Some of the features listed in this document are available only if the relevant
License Key has been purchased from AudioCodes and installed on the device. For a
list of License Keys that can be purchased, please consult your AudioCodes sales
representative.
User's Manual 18 Document #: LTRT-40203
Page 19
User's Manual Notices
cense (LGPL), BSD and LDAP, which terms are located at:
code by contacting AudioCodes, by following the instructions available on
Enabling the HTTP Proxy Application (license ); Direct Media; Configuring SBC IP-
Note: OPEN SOURCE SOFTWARE. Portions of the software may be open source
software and may be governed by and distributed under open source licenses, such
as the terms of the GNU General Public License (GPL), the terms of the Lesser
General Public Li
http://www.audiocodes.com/support and all are incorporated herein by reference. If
any open source software is provided in object code, and its accompanying license
requires that it be provided in source code as well, Buyer may receive such source
AudioCodes website.
Document Revision Record
LTRT Description
41727 Initial document release for Version 7.2.
41729
41731
Updated patch version 7.20A.001.
Updated sections: Computer Requirements (supported browsers); CLI-Based
Management (permitted user levels); Configuring TLS Certificate Contexts (TLS
versions); Configuring Physical Ethernet Ports (show command); Configuring
Underlying Ethernet Devices (max. VLANs); SIP Signaling Messag es (procedure);
First Incoming Packet Mechanism (NAT by Signali ng); Robust Receipt of Media
Streams by Media Latching (procedure); Configuring Firewall Settings (note);
Configuring General Security Settings (Web path); Viewing IDS Alarms (show
command); Viewing and Deleting DHCP Clients (show command); Configuring the
Device's LDAP Cache; Centralized Third-Party Routing Server (SIP messages and
credentials for authentication); Configuri ng Call Setup Rules (dial plan queries);
Call Setup Rule Examples; Registration Refre shes; Using Dial Plan Tags for IP-toIP Routing (example); Enabling Interworking of SIP and SIP-I E ndpoi nts (SPIROU
and SIP header X-AC-Action); Configuring WebRTC (Web path); Configuring
BroadSoft's Shared Phone Line Call Appearance f or Survivability (example);
Automatic Provisioning (CLI Script file); Configuring RTCP XR (IP Group); Enabling
Same Call Session ID over Multiple Devices (removed); Configuring Test Call
Endpoints (typo); CLI (illustration); Accessing the Web I nt erf ace (note).
New sections: VoIPerfect; Using Dial Plan Tags for Call Setup Rules; Using Dial
Plan Tags for Message Manipulation.
New parameters: WebLoginBlockAutoComplete; EnforcePasswordComplexity;
IPGroup_SBCKeepOriginalCallID; IPGroup_SBCDialPlanName;
IPGroup_CallSetupRulesSetId; CallSetupRules_QueryType;
CallSetupRules_QueryTarget; IpProfile_SBCVoiceQualityEnhancement;
IpProfile_SBCMaxOpusBW; IpProfile_SBCISUPVariant; AUPDCliScriptURL;
PublicationIPGroupID.
Updated parameters: Web password (EnforcePasswordComplexity);
TLSContexts_TLSVersion; InterfaceTable_InterfaceName;
CallSetupRules_AttributesToQuery (We b nam e and description);
IPProfile_SBCRTCPFeedback (values); IpProfile_MediaIPVersionPreference;
ConditionTable_Name (max. chars); Test_Call_RouteBy (default); NATMode
(values); SendAcSessionIDHeader (removed); QOEPort (removed);
MaxGeneratedRegistersRate; CLIPrivPass; GeneratedRegistersInterval;
RTPOnlyMode (removed); SBCUserRegistrationGraceTime;
SBCKeepOriginalCallId.
Updated sections: Changing Index Position of Table Rows; Searching for
Configuration Parameters; Configuring TLS Certificate Contexts (IPSec removed);
Version 7.2 19 Mediant 4000 SBC
Page 20
Mediant 4000 SBC
to-IP Routing (IP Group load balancing); MAC Address Placeholder in
Wizard (screens); Auxiliary Files (SBC Wizard); Viewing IP Connectivity (typo);
LTRT Description
Configuration File Name; VoIPerfect; Technical Specifications (AMR-WB removed).
New sections: Configuring IP Group Sets.
Updated parameters: SIPInterface_SBCDirectMedia;
IPProfile_SBCDirectMediaTag; IpProfile_DisconnectOnBrokenConnection;
IP2IPRouting_DestType; IPOutboundManipulation_PrivacyRestrictionMode;
BrokenConnectionEventTimeout.
New parameters: IP2IPRouting_IPGroupSetName; EnableNonCallCdr; PGroupSet;
IPGroupSetMember; NoRTPDetectionTimeout; DisconnectOnBrokenConnection;
BrokenConnectionEventTimeout.
41733
Patch version 7.20A.100.
Updated sections: CLI (telnet removed); Areas of the GUI (SBC Wizard); Assigning
Rows from Other Tables (search, add new, and view); Invalid Value Indicatio ns;
Creating a Login Welcome Message; Configuring Man agem ent User Accounts
(CLI); Enabling SSH with RSA Public Key f or CLI (public key); Configuring TLS
Certificate Contexts (DTLS); Assigning CSR-based Certificates to TLS Contexts;
Generating Private Keys for TLS Contexts; Configu rin g Underlying E thernet
Devices (max.); Configuring IP Network Interfaces (max.); Configuring Media
Realms (max.); SRTP using DTLS Protocol; Building and Viewing your Network
Topology; SIP-based Media Recording (multiple SRSs); Enabling SIP-based Media
Recording; Configuring SIP Recording Rules; Co nf i guring Proxy Sets (keep-alive);
WebRTC (RFCs); Configuring WebRTC; VoIPerfect; Pre-Configured IP Groups;
Normal Mode (CRP); Emergency Mode (CRP); Auto Answer to Registrations
(CRP); Network Topology Types and Rx/ T x Ethernet Port Group Settings; License
Key; Viewing the License Key; Obtaining License Key for Feature Upgrade
(removed); Installing the a New License Key; Installing License Key through Web
Interface; Upgrading SBC Capacity Licenses by License Pool Ma nager Server;
Viewing Device Information; Viewing Call Routing Status (removed); Configuring
RTCP XR (IP Group); Configuring RADIUS Accounting (typo for AccountingRequest); Automatic Provisioning (Startup CLI Script File).
New sections: Customizing the Web Interface; Replacing the Corporate Logo;
Replacing the Corporate Logo with an Image; Re placing the Corporate Logo with
Text; Customizing the Product Name; Customizing the Favicon; SRTP using DTLS
Protocol; SBC Wizard; Viewing the Device's Product Key; Saving Configuration to a
File; Loading a Configuration File; Viewing Proxy Set Status.
Updated parameters: TLSContexts_ServerCipherString;
TLSContexts_ClientCipherString; NATTranslation_SourceStartPort;
NATTranslation_SourceEndPort; NATTranslation_TargetStartPort;
NATTranslation_TargetEndPort; SNMPSysOid; SNMPTrapEnterpriseOid;
EnableCoreDump (typo); HTTPSCipherString (removed); SSHAdminKey;
SessionExpiresDisconnectTime; BrokenConnectionEventTimeout;
RADIUSRetransmission (default); RadiusTO (default);
SIPRecRouting_RecordedIPGroupName; S IPRecRouting_SRSIPGroupName.
New parameters: WebUsers_SSHPublicKey; TLSContexts_DTLSVersion;
TLSContexts_DHKeySize; SIPRecRouting_SRSRedundantIPGroupName;
ProxySet_SuccessDetectionRetries; Proxy Set_SuccessDetectionInterval;
ProxySet_FailureDetectionRetransmis sions; ProxySet_MinActiveServersLB;
WebUsers; WebFaviconFileUrl; AUPDStartupScri ptUR L.
41736
Updated sections: Configuring VoIP LAN Interface for OAMP (CLI); Configuring
Management User Accounts (typo); Enabling SNMP; Configuring IP Network
Interfaces; SIP-based Media Recording (multiple SRS); Configuring LDAP Servers
(max. and cache); Configuring Call Setup Rules; Configuring SBC IP-to-IP Routing
(note); Configuring SIP Response Codes for Alternative Routing Reasons; SBC
User's Manual 20 Document #: LTRT-40203
Page 21
User's Manual Notices
Creating Core Dump and Debug Files upon Device Crash (reset); Configuring IP
IP
SIPInterface_PreParsingManSetName; IPGroup_Tags;
LTRT Description
Group Sets (max)
New sections: Debugging Remote HTTP Services
Updated parameters: IpProfile_SBCUseSilenceSupp (removed):
SIPRecRouting_SRSIPGroupName; SIPInterface_InterfaceName (max. char);
ProxySet_ProxyName (max. char); MessageManipulations_ManipulationName
(max. char); MessagePolicy_Name (max. char);
AllowedAudioCodersGroups_Name (max. char);
AllowedVideoCodersGroups_Name (max. char); _ManipulationName (max. char);
SBCAdmissionControl_AdmissionControlName (max. char);
Classification_ClassificationName (max. char); IP2IPRouting_RouteName (max.
char); SBCRoutingPolicy_Name (m ax. char); IPGroupSet_Name (max. char);
IPInboundManipulation_ManipulationName (max. char);
IPOutboundManipulation_ManipulationName (max. char);
SBCAdmissionControl_Rate; EnableWebAccessFromAllInterfaces;
ResetWebPassword; DisableSNMP; EnableCoreDump; SSHMaxLoginAttempts;
IgnoreAlertAfterEarlyMedia; ECNLPMode; PremiumServiceClassMediaDiffServ;
PremiumServiceClassControlDiffServ; IsFaxUsed; EnableAGC
New parameters: HTTPProxySyslogDebugLevel
41739
Updated with patch version 7.20A.150.
Updated sections: Areas of the GUI (Configuration Wizard button); Enabling
Disabling SNMP; Viewing Certificate Information (screen); Assigning Externally
Created Private Keys to TLS Contexts (pass-phrase); Generating P rivate Keys for
TLS Contexts (pass-phrase); Importing Certificates into Trusted Certifi cate S tore
(bulk import); Configuring Underlying Ethernet Devices (MTU); Configuring Firewall
Settings (note); SIP-based Media Recording (max.); Configuring Remote Web
Services (QoS routing); Centralized Third-Party Routing Server (QoS); Configuring
Proxy Sets; Alternative Routing Based on IP Connectivity; Configuring SBC IP-toRouting; Configuring IP Group Sets (dial plan tags); Configuring Dial Plans;
Software Upgrade; Installing License Key through Web Interface; Upgrading SBC
Capacity Licenses by License Pool Manager Server; SBC Configuration Wizard;
Configuring RADIUS Accounting (typo); Configuring DTM F Tones for Test Calls;
Configuring Basic Test Calls; Configuring SBC Test Call with External Proxy
(removed).
New sections: Configuring QoS-Based Routing by Routing Server; Microsoft Skype
for Business Presence of Third-Party Endpoints; Registrar Stickiness; Configuring
Pre-Parsing Manipulation Rules; Configuring Private Wire Interworking; Configuring
Rerouting of Calls to Fax Destinations; Using Dial Plan Tags for Routing
Destinations; Disconnecting and Reconnectin g HA ; Viewing the License Key;
Installing a License Key String; Viewing the Device's Product Key; Debugging Web
Services.
Updated parameters: AccessList_Source_IP; AccessList_Source_Port;
AccessList_Start_Port; AccessList_End_Port; HTTPRemoteServices_HTTPType
(option 5); IPGroup_SBCDialPlanName (note); ProxySet_IsProxyHotSwap;
ProxyIp_IpAddress; IpProfile_SBCRemoteReferBehavior (4);
IpProfile_SBCPlayHeldTone; IP2IPRouting_Trigger (6); IP2IPRouting_DestType
(12/13); DialPlanRule_Tag; SBCCDRFormat_FieldType (818); Test_Call_RouteBy;
Test_Call_Play (tone); KeepAliveTrapPort (default); SBCtestID (removed);
ProxyIPListRefreshTime; RegistrationRetryTime (note); EnablePChargingVector
(removed); EnableSBCApplication (default); SNMPReadOnlyCommunityString_x
(max. char.); SNMPReadWriteCommunityString_x (max. char.);
SNMPTrapCommunityString (max. char.).
New parameters: DeviceTable_MTU; SRD_SBCDialPlanName;
Version 7.2 21 Mediant 4000 SBC
Page 22
Mediant 4000 SBC
Account_RegistrarStickiness; Account_RegistrarSearchMode;
Proprietary SIP X-AC-Action Header; Handling Registered AORs with Same
LTRT Description
Account_RegEventPackageSubscription; IpProfile_SBCFaxReroutingMode;
IP2IPRouting_RoutingTagName; IP2IPRouting_InternalAction; IPGroupSet_Tags;
CustomerSN; MaxRegistrationBackoffTime; MaxSDPSessionVersionId;
UseRandomUser; UnregisterOnStartup; PresencePublishIPGroupId;
EnableMSPresence; PreParsingManipulationSets; PreParsingManipulationRules;
MWINotificationTimeout; RoutingServerQualityStatus;
RoutingServerQualityStatusRate.
40201
Updated with patch version 7.20A.152.
Updated sections: Configuring the LDAP Search Filter Attribute (Web path);
Enabling LDAP Searches for Numbers with Chara cters; Microsoft Skype for
Business Presence of Third-Party Endpoints; Configuring the Device for Skype for
Business Presence (example); Configuring Media Realm Extensio ns; Configuring
Firewall Allowed Rules; Configuring SBC IP-to-IP Routing (back to the sender);
Prerecorded Tones File; Installing on HA Devices (note); Loading a Configurati on
File (note)
Updated parameters: MediaRealmExtension_IPv4IF;
MediaRealmExtension_IPv6IF; ProxySet_EnableProxyKeepAlive;
SIPSDPSessionOwner
New parameters: IPGroup_SBCUserStickiness; IPProfile_LocalRingbackTone;
IPProfile_LocalHeldTone
42022
Updated with patch Version 7.20A.154.007
Updated sections: Silence Suppression (removed); Fax / Modem Transparent
Mode (silnce suppression removed); Configuring SIP Recording Rul es (view
sessions in CLI); Configuring RTP Base UDP Port (note removed re SIP Int erf ace);
Centralized Third-Party Routing Server (call preemption added); Locking and
Unlocking the Device (typos); Viewing Active Alarms (max display)
New sections: Configuring Additional Management Interfaces; Configuring Specific
UDP Ports using Tag-based Routing
Updated parameters: WebUsers_Password (note);
InterfaceTable_ApplicationTypes; CpMediaRealm_PortRangeStart (note removed);
SIPInterface_UDPPort (note removed); ProxySet_SuccessDetectionRetries (max);
ProxySet_SuccessDetectionInterval (max); Account_RegistrarSearchMode (phys
link); AudioCoders_Sce (global parameter removed); IpProfile_SCE (removed);
IpProfile_SBCRemoteReferBehavior (new option 5);
IPProfile_SBCRemoteHoldFormat (new option 6); IP2IPRouting_InternalAction;
SBCCDRFormat_Title (max. char.); WebUsers (CLI name);
EnableWebAccessFromAllInterfaces; FaxBypassPayloadType;
ModemBypassPayloadType; EnableSilenceCompression (removed)
New parameters: SIPInterface_AdditionalUDPPorts;
IPProfile_SBCSupportMultipleDTMFMethods; AdditionalManagementInterfaces;
DefaultTerminalWindowHeight; ActiveAlarmTableMaxSize;
SBCRemoveSIPSFromNonSecuredTransport
42023
Updated with patch Version 7.20A.156.009
Updated sections: Configuring Management User Accounts; Device Located
behind NAT; Configuring a Static NAT IP Address for All Interfaces (removed); SIPbased Media Recording (URL of France reg.; note on S RS redundancy);
Configuring SIP Recording Rules (note re tim est am p); Configuring the OVOC
Server (note re report mode); Configuring Call Setup Rules (ENUM); Call Setup
Rule Examples (e.g., 5); Interworking SIP Early Media (figure); Prerecorded Tones
File; Automatic Configuration Methods; DHCP-based P rovisioning (note re resets)
New sections: Using Conditions for Starting a SIPRec Session; Using the
User's Manual 22 Document #: LTRT-40203
Page 23
User's Manual Notices
Contact URIs; Configuring Dual Registration; Provisioning the Device using DHCP
LTRT Description
Option 160; Enabling SIP Call Flow Diagrams in OVOC
Updated parameters: WebUsers_SessionLimit; WebUsers_SessionTimeout;
SRD_BlockUnRegUsers (option 2 updated); SIPInterface_AdditionalUDPPorts;
SIPInterface_BlockUnRegUsers; IPGroup_SIPConnect;
CallSetupRules_QueryType (OPTION 3); Call S etupRules_QueryTarget;
CallSetupRules_AttributesToQuery; CallSetupRules_Condition;
IpProfile_SBCSDPPtimeAnswer; IpProfile_SBCPreferredPTime;
IpProfile_SBCRemoteRepresentationMode (0 updated); DialPlanRule_Tag;
LoggingFilters_LogDestination (new opti on 3); LoggingFilters_CaptureType (new
option 6); WebSessionTimeout (range); StaticNatIP (removed);
SBCDBRoutingSearchMode; SBCKeepContactUserinRegister
New parameters: WebUsers_CliSessionLimit; SIPRecRouting_ConditionName;
IPGroup_UserUDPPortAssignment; CallFlowReportMode; DhcpOption160Support;
SIPRecTimeStamp
Miscellaneous: EMS/SEM replaced with One Voice Operations Center (OVOC) –
text and screenshots
Version 7.2 23 Mediant 4000 SBC
Page 24
Mediant 4000 SBC
Documentation Feedback
AudioCodes continually strives to produce high quality documentation. If you have any
comments (suggestions or errors) regarding this document, please fill out the
Documentation Feedback form on our Web site at
feedback.
http://online.audiocodes.com/doc-
User's Manual 24 Document #: LTRT-40203
Page 25
User's Manual 1. Introduction
1 Introduction
This User's Manual describes how to configure and manage your AudioCodes product
(hereafter, referred to as device). This document is intended for the professional person
1.1 Product Overview
responsible for installing, configuring and managi ng t he device.
AudioCodes Mediant 4000 Session Border Controller (SBC), hereafter referred to as
device, is a mid-to-high scale capacity member of AudioCodes’ field-proven hardwarebased SBC product family, designed to offer enterprises and service providers a reliable
and scalable SBC solution. The device supports wide-ranging SIP interoperability,
delivering service assurance and enabling scalable, reliable and secured connectivity
between different VoIP networks.
The device provides a perfect solution for enterprises and large organizations such as
contact centers, large data centers, hosted service providers and government institutions
where security, reliability and high performan ce are critical.
The device includes comprehensive media security and SIP normalization capabilities. It
offers full interoperability with an extensive list of IP-PBXs, unified communications
solutions and SIP trunking provider network s.
The device provides robust protection for the IP communications infrastructure, preventing
fraud and service theft and guarding against cyber-attacks and other service impacting
events.
The device offers active/standby high availability and maintains high voice quality to deliver
reliable enterprise VoIP communications. Advanced call routing mechanisms, network
voice quality monitoring and branch survivability capabilities result in minimum
communications downtime.
The device can be used for the following applications:
SIP trunking
Hosted PBX & UC as a Service
IP contact centers
Remote and mobile worker support
SIP mediation between UC and IP-PBX systems
Residential VoIP
Note: For maximum call capacity figures, see ''Channel Capacity'' on page 923.
Version 7.2 25 Mediant 4000 SBC
Page 26
Mediant 4000 SBC
# configure system
1.2 Typographical Conventions
This document uses the following typographical c onventions to convey information:
Table 1-1: Typographical Conventions
Convention Description Example
Boldface font Used for the following Web
Click the Add button.
interface elements:
Buttons
Selectable parameter values
Navigational path
Text enclosed by double
apostrophe "..."
Parameter value that you need
to type.
In the 'IP Address' field, enter
"10.10.1.1".
Courier font CLI commands. At the prompt, type the
following:
Text enclosed by square
brackets [...]
Text enclosed by single
apostrophe '...'
Ini file parameters and values. Configure the [GWDebugLevel]
parameter to [1].
Web interface parameters. From the 'Debug Level' drop-
down list, select Basic.
Notes highlight important or
-
useful information.
Warnings alert you to potentially
serious problems if a specific
action is not taken.
User's Manual 26 Document #: LTRT-40203
Page 27
User's Manual 1. Introduction
1.3 Getting Familiar with Configuration Concepts and Terminology
Before using your device, it is recommended that you familiarize yourself with the basic
configuration concepts and terminology. An understanding of the basic concepts and
1.3.1 SBC Application
terminology will help you configure and manage you r device more effectively and easily.
The objective of your configuration is to enable the device to forward calls between
telephony endpoints in the SIP-based Voice-over-IP (VoIP) network. The endpoints (SIP
entities) can be servers such as SIP proxy servers and IP PBXs, or end users such as IP
phones. In the SIP world, the endpoints are referred to as SIP user agents (UA). The UA
that initiates the call is referred to as the user agent client (UAC); the UA that accepts the
call is referred to as the user-agent server (UAS).
The following table describes the main configuration concepts and terminology.
Table 1-2: Configuration Concepts and Terminology
Configuration Terms Description
IP Group The IP Group is a logical representation of the SIP entity (UA) with which
the device receives and sends calls. The SIP ent i t y can be a server (e.g.,
IP PBX or SIP Trunk) or it can be a group of users (e.g., LAN IP phones).
For servers, the IP Group is typically used to define the address of the
entity (by its associated Proxy Set). IP Groups are used in IP-to-IP routing
rules to denote the source and destination of the call.
Proxy Set The Proxy Set defines the actual address (IP addre ss or FQ DN) of SIP
entities that are servers (e.g., IP PBX). As the IP Group represents the
SIP entity, to associate an address with the SIP entity, the Proxy Set is
assigned to the IP Group. You can assign the sam e Proxy Set to multiple
IP Groups (belonging to the same SRD).
SIP Interface The SIP Interface represents a Layer-3 network. It defines a local
listening port for SIP signaling traffic on a local, l ogical IP network
interface. The term local implies that it's a logical port and network
interface on the device. The SIP Interface is used to receiv e and send
SIP messages with a specific SIP entity (IP Group). Therefore, you can
create a SIP Interface for each SIP entity in the V oIP network with which
your device needs to communicate. For example, i f your VoIP network
consists of three SIP entities -- a SIP Trunk, a LAN IP PBX, and remote
WAN users -- a SIP Interface can be created for each of these Layer-3
networks.
The SIP Interface is associated with the SIP entity, by assigning it to an
SRD that is in turn, assigned to the IP Group of the SIP entity.
Media Realm The Media Realm defines a local UDP port range for RTP (media) traffic
on any one of the device's logical IP network interfac es. T he M edia
Realm is used to receive and send media traffic with a specific SIP entity
(IP Group).
The Media Realm can be associated with the SIP entity, by assigning the
Media Realm to the IP Group of the SIP entity, or by assi gni ng it to the
SIP Interface associated with the SIP entity.
SRD The SRD is a logical representation of your entire S IP-based VoIP
Version 7.2 27 Mediant 4000 SBC
Page 28
Mediant 4000 SBC
network (Layer 5) containing groups of SIP user s and servers. The SRD
SRD topology, the device automatically assigns t he SRD to newly created
it
Inbound and Outbound
Inbound and Outbound Manipulation lets you mani pulate the user part of
Configuration Terms Description
is in effect, the foundation of your configuration to which all other
previously mentioned configuration entities ar e associated. For example,
if your VoIP network consists of three SIP entiti es -- a SIP Trunk, a LAN
IP PBX, and remote WAN users -- the three SIP Interfaces defining these
Layer-3 networks would all assigned to the same SRD.
Typically, only a single SRD is required and this is the recommend ed
configuration topology. As the device provides a defa ult SRD, in a single
configuration entities. Thus, in such scenario s, there is no need to get
involved with SRD configuration.
Multiple SRDs are required only for multi-tenant deployments, where it
"splits" the device into multiple logical devices. For m ultiple SRDs, the
SRD can be configured with a Sharing Policy. The Sharing Policy simply
means whether the SRD's resources (SIP Int erf aces, IP Groups, and
Proxy Sets) can be used by other SRDs. For example, if all tenants route
calls with the same SIP Trunking service provider, the SRD of the SIP
Trunk would be configured as a Shared Sharing P ol i cy. SRDs whose
resources are not shared, would be configured with an Isolated Sharing
Policy.
IP Profile The IP Profile is an optional configuration entity that defines a wide range
of call settings for a specific SIP entity (IP Group). The IP Profile includes
signaling and media related settings, for example, jitter buffer, voice
coders, fax signaling method, SIP header support (local termination if not
supported), and media security method. The IP Profile is in effect, the
interoperability "machine" of the device, enabling communication between
SIP endpoints that "speak" different call "languages".
The IP Profile is associated with the SIP entity, by assigning the IP Profile
to the IP Group of the SIP entity.
Classification Classification is the process that identifies the incoming call (SIP dialog
request) as belonging to a specific SIP entity (IP Group).
There are three chronological classification stages, where each stage is
done only if the previous stage fails. The device first attempts to classify
the SIP dialog by checking if it belongs to a user that is already registered
in the device's registration database. If this stage f ai ls, the device checks
if the source IP address is defined for a Proxy Set and if yes, it classifies
to the IP Group associated with the Proxy Set. I f thi s f ai l s, the device
classifies the SIP dialog using the Classification table, which defines
various characteristics of the incoming dialog t hat if matched, classifies
the call to a specific IP Group. The main characteristics of the incoming
call is the SIP Interface that is associated with the S RD f or which the
Classification rule is configured.
IP-to-IP Routing IP-to-IP routing rules define the routes for routing calls bet ween SIP
entities. As the SIP entities are represented by IP Groups, the routing
rules typically employ IP Groups to denote the sou rc e and destination of
the call. For example, to route calls from the IP PBX to the SIP Trunk, the
routing rule can be configured with the IP PBX as the source IP Group
and the SIP Trunk as the destination IP Group.
Instead of IP Groups, various other source and destination methods can
be used. For example, the source can be a source host nam e while the
destination can be an IP address or based on an LDAP query.
User's Manual 28 Document #: LTRT-40203
Page 29
User's Manual 1. Introduction
Manipulation
the SIP URI in the SIP message for a specific entit y (IP Group). Inbound
outbound
Configuration Terms Description
manipulation is done on messages received f rom the SIP entity;
manipulation is done on messages sent to the SIP entity.
Inbound manipulation lets you manipulate the user part of the SIP URI for
source (e.g., in the SIP From header) and destinati on (e.g., in the
Request-URI line) in the incoming SIP dialog request. Outbound
manipulation lets you manipulate the user part of the Request-URI for
source (e.g., in the SIP From header) or destination (e.g., in the SIP To
header) or calling name, in outbound SIP dialog re quests.
The Inbound and Outbound manipulation are associated with the SIP
entity, by configuring the rules with incoming char acteristics such as
source IP Group and destination host name. The manipulation rules are
also assigned a Routing Policy, which in turn, is assig ned to IP-to-IP
routing rules. As most deployments require only one Routing Policy, the
default Routing Policy is automatically assigned to the manipulation rules
and to the routing rules.
Routing Policy Routing Policy logically groups routing and manipulat ion (inbound and
outbound) rules to a specific SRD. It also enables Least Cost Routing
(LCR) for routing rules and associates an LDAP server for LDAP-based
routing. However, as multiple Routing Policies are required only for multitenant deployments, for most deployments only a single Routing Policy is
required. When only a single Routing Policy is required, handling of this
configuration entity is not required as a default Routing P ol i cy i s provided,
which is automatically associated with all relev ant configuration entities.
Call Admission Control Call Admission Control (CAC) lets you configure the maximum number of
permitted concurrent calls (SIP dialogs) per IP Group, SIP Interface,
SRD, or user.
Accounts Accounts are used to register or authent icate a "served" SIP entity (e.g.,
IP PBX) with a "serving" SIP entity (e.g., a registrar or proxy server). The
device does this on behalf of the "served" IP Group. A uthentication (SIP
401) is typically relevant for INVITE messages for warded by the device to
a "serving" IP Group. Registration is for REGIS T ER messages, which are
initiated by the device on behalf of the "serving" SIP entity.
Version 7.2 29 Mediant 4000 SBC
Page 30
Mediant 4000 SBC
The associations between the configuration ent ities are summarized in the following figure:
Figure 1-1: Association of Configuration Entities
The main configuration entities and their involvement in the call processing is summarized
in following figure. The figure is used only as an example to provide basic understanding of
the configuration terminology. Depending on configuration and network topology, the call
process may include additional stages or a diff erent order of stages.
Figure 1-2: SBC Configuration Terminology for Call Processing
1. The device determines the SIP Interface on which the incoming SIP dialog is received
and thus, determines its associated SRD.
2. The device classifies the dialog to an IP Group (origin of dialog), using a specific
Classification rule that is associated with the dialog's SRD and that matches the
incoming characteristics of the incoming dialog def i ned for the rule.
3. IP Profile and inbound manipulation can be applied to incoming dialog.
4. The device routes the dialog to an IP Group (destination), using the IP-to-IP Routing
table. The destination SRD (and thus, SIP Interface and Media Realm) is the one
assigned to the IP Group. Outbound manipulation can be applied to the outgoing
dialog.
User's Manual 30 Document #: LTRT-40203
Page 31
Getting Started with Initial
Connectivity
Part I
Page 32
Page 33
User's Manual 2. Introduction
2 Introduction
This part describes how to initially access the device's management interface and change
its default IP address to correspond with your net working scheme.
Version 7.2 33 Mediant 4000 SBC
Page 34
Mediant 4000 SBC
This page is intentionally leftblank.
User's Manual 34 Document #: LTRT-40203
Page 35
User's Manual 3. Default OAMP IP Address
3 Default OAMP IP Address
The device is shipped with a factory default IP address for operations, administration,
maintenance, and provisioning (OAMP), through its VoIP LAN interface. You can use this
address to initially access the device from any of its management tools (embedded Web
server, OVOC, or Telnet/SSH). You can also access the device through the console CLI,
by connecting the device's serial (RS-232) port t o a PC.
The table below lists the device's default IP addres s.
Table 3-1: Default VoIP LAN IP Address for OAMP
IP Address Value
Application Type OAMP + Media + Control
IP Address 192.168.0.2 (IP address assigned to the first Ethernet Port Group
(top-left ports 1 & 2)
Prefix Length 24 (255.255.255.0)
Default Gateway 192.168.0.1
Ethernet Device vlan 1
Interface Name O+A+M+P
Version 7.2 35 Mediant 4000 SBC
Page 36
Mediant 4000 SBC
This page is intentionally leftblank.
User's Manual 36 Document #: LTRT-40203
Page 37
User's Manual 4. Configuring VoIP LAN Interface for OAMP
4 Configuring VoIP LAN Interf ace f o r OAMP
You can change the IP address of the VoIP-LAN interface for OAMP, using any of the
following methods:
Embedded HTTP/S-based Web server - see ''Web Interface'' on page 37
Embedded command line interface (CLI) - see ''CLI'' on page 39
Note: If you are implementing the High Availability feature, see also HA Overview on
page 601 for initial setup.
4.1 Web Interface
The following procedure describes how to change the IP address of the OAMP on the
VoIP-LAN interface, using the Web-based management tool (Web interface). The default
IP address is used to initially access the device.
To configure the VoIP-LAN IP Address for OAMP through Web interface:
1. Connect the first Ethernet port group (top-left ports 1 and 2) located on the front panel
directly to the network interface of your computer, using a straight-through Ethernet
cable.
2. Change the IP address and subnet mask of your computer to correspond with the
default OAMP IP address and subnet mask of the device.
Version 7.2 37 Mediant 4000 SBC
Page 38
Mediant 4000 SBC
3. Access the Web interface:
a. On your computer, start a Web browser and in the URL address field, enter the
default IP address of the device; the Web interface' s Web Login screen appears:
Figure 4-1: Web Login Screen
b. In the 'Username' and 'Password' fields, enter t he case-sensitive, default login
username ("Admin") and password ("Admin" ).
c. Click Login.
4. Configure the Ethernet port(s) that you want to use for the OAMP interface:
a. In the Ethernet Groups table, configure an Ethernet Group by assigning it up to
two ports (two ports provide optional, port-pair redundancy). For more
information, see Configuring Physical Et hernet Ports on page 122.
b. In the Physical Ports table, configure port settings such as speed and duplex
mode (see Configuring Physical Ethernet Port s on page 122).
c. In the Ethernet Devices table, configure an Ethernet Device by assigning it the
Ethernet Group and a VLAN ID (see ''Configuring Underlying Ethernet Devices''
on page 127).
5. Modify the OAMP interface address to suite your network environment:
a. Open the IP Interfaces table (see ''Configuring IP Network Interfaces'' on page
129).
b. Select the OAMP interface ("O+M+C"), and then click Edit.
c. From the 'Ethernet Device' drop-down list, select the Ethernet Device that you
configured in the previous step.
d. Under the IP Address group, change the IP address to correspond with your
network IP addressing scheme.
e. Under the DNS group, configure the DNS server, if required.
f. Click Apply.
6. Save your settings by resetting the device with a flash burn (see ''Resetting the
Device'' on page 621).
7. Disconnect the device from your PC and re-cable it to your network. You can now
access the device with the new OAMP interface address.
User's Manual 38 Document #: LTRT-40203
Page 39
User's Manual 4. Configuring VoIP LAN Interface for OAMP
4.2 CLI
This procedure describes how to configure the VoIP-LAN IP address for OAMP through the
device's CLI. The procedure uses the regular CLI commands. Alternatively, you can use
the CLI Wizard utility to set up your device with the initial OAMP settings. The utility
provides a fast-and-easy method for initial configuration of the device through CLI. For
more information, refer to the CLI Wizard User's Guide.
To configure the OAMP IP address through CLI:
1. Connect the RS-232 port of the device to the serial communication port on your
computer. For more information, refer to the Hard ware Installation Manual.
2. Establish serial communication with the device using a terminal emulator program
such as HyperTerminal, with the following communication port settings:
• Baud Rate: 115,200 bps
• Data Bits: 8
• Parity: None
• Stop Bits: 1
• Flow Control: None
3. At the CLI prompt, type the username (default is "Admin" - case sensitive):
Username: Admin
4. At the prompt, type the password (default is "Admin" - case sensitive):
Password: Admin
5. At the prompt, type the following:
enable
6. At the prompt, type the password again:
Password: Admin
7. Access the Network configuration mode:
# configure network
8. Access the IP Interfaces table:
Version 7.2 39 Mediant 4000 SBC
Page 40
Mediant 4000 SBC
(config-network)# interface network-if 0
9. Configure the IP address:
(network-if-0)# ip-address <IP address>
10. Configure the prefix length:
(network-if-0)# prefix-length <prefix length / subnet mask, e.g., 16>
11. Configure the Default Gateway address:
(network-if-0)# gateway <IP address>
12. Apply your settings:
(network-if-0)# activate
13. Cable the device to your network. You can now access the device's management
interface using this new OAMP IP address.
User's Manual 40 Document #: LTRT-40203
Page 41
Management Tools
Part II
Page 42
Page 43
User's Manual 5. Introduction
5 Introduction
This part describes the various management tools that you can use to configure the device:
Embedded HTTP/S-based Web server - see ''Web-based Management'' on page 45
Command Line Interface (CLI) - see ''CLI-Based Management'' on page 81
Simple Network Management Protocol (SNMP) - see ''SNMP-Based Management'' on
87
page
Configuration ini file - see ''INI File-Based Management'' on page 95
Note:
• Some configuration settings can only be done using a specific management tool.
• For a list and description of all the configuration parameters, see ''Configuration
Parameters Reference'' on page 803.
Version 7.2 43 Mediant 4000 SBC
Page 44
Mediant 4000 SBC
This page is intentionally leftblank.
User's Manual 44 Document #: LTRT-40203
Page 45
User's Manual 6. Web-Based Management
6 Web-Based Management
The device provides an embedded Web server (hereafter referred to as Web interface),
supporting fault management, configuration, accounting, performance, and security
(FCAPS), including the following:
Full configuration
Software and configuration upgrades
Loading Auxiliary files, for example, the Call Progress Tones file
Real-time, online monitoring of the device, including display of alarms and t heir
severity
Performance monitoring of voice calls and various traffic parameters
The Web interface provides a user-friendly, graphical user interface (GUI), which can be
accessed using any standard Web browser (e. g. , Microsoft™ Internet Explorer).
Access to the Web interface is controlled by various security mechanisms such as login
user name and password, read-write privileges, and limiting access to specific IP
addresses.
Note:
• The Web interface allows you to configure most of the device's settings. However,
additional configuration parameters may exist t hat are not available in the Web
interface and which can only be configured using other management tools.
• Some Web interface pages and/or parameters are available only for certain
hardware configurations or software features. T he software features are
determined by the installed License Key (see ''License Key'' on page 641).
6.1 Getting Acquainted with the Web Interface
6.1.1 Computer Requirements
This section provides a description of the Web interface.
The client computer requires the following to wor k with the Web interface of the device:
A network connection to the device
One of the following Web browsers:
• Microsoft™ Internet Explorer™ (Version 11.0. 13 or later)
®
• Mozilla Firefox
(Versions 5.02 or later)
• Google Chrome (Version 50 or later)
Recommended screen resolutions: 1024 x 768 pixels, or 1280 x 1024 pixels
Note: Your Web browser must be JavaScript-enabled to access the Web interface.
Version 7.2 45 Mediant 4000 SBC
Page 46
Mediant 4000 SBC
6.1.2 Accessing the Web Interface
The following procedure describes how to access the Web interface.
To access the Web interface:
1. Open a standard Web browser.
2. In the Web browser, specify the OAMP IP address of the device (e.g.,
http://10.1.10.10); the Web interface's Login window appears, as shown below:
Figure 6-1: Web Login Screen
3. In the 'Username' and 'Password' fields, enter the username and password,
respectively. The credentials are case-sensitive.
4. If you want the Web browser to remember your username and password, select the
'Remember Me' check box and then agree to the browser's prompt (depending on
your browser). On your next login attempt, the 'Username' field is automatically
populated with your username. Simply press the Tab or Enter key to auto-fill the
'Password' field, and then click Login.
5. Click Login.
User's Manual 46 Document #: LTRT-40203
Page 47
User's Manual 6. Web-Based Management
Note:
• The default login username and password is "Admin" (case-sensitive). To change
the login credentials, see ''Configuring Management Us er A ccounts'' on page 69.
• By default, Web access is only through the IP addre ss of the OAMP interface.
However, you can allow access from all of the device's IP network interfaces, by
setting the EnableWebAccessFromAllInterfac es parameter to 1.
• By default, autocompletion of the login username is enabled whereby the
'Username' field offers previously entered usernam es. To disable autocompletion,
use the WebLoginBlockAutoComplete ini file parameter.
• Depending on your Web browser's settings, a sec urity warning box may be
displayed. The reason for this is that the device's certificate is not trusted by your
PC. The browser may allow you to install the certifi cat e, thus skipping the warning
box the next time you connect to the device. If you are using Windows Internet
Explorer, click View Certificate, and then Install Certificate. The browser also
warns you if the host name used in the URL is not identical to the one listed in the
certificate. To resolve this, add the IP address a nd host name (ACL_nnnnnn,
where nnnnnn is the serial number of the device) to your hosts file, located at
/etc/hosts on UNIX or C:\Windows\System32\Drivers\ETC\hosts on Windows; then
use the host name in the URL (e.g., https://ACL_2 80152). Below is an example of
a host file:
127.0.0.1 localhost
10.31.4.47 ACL_280152
6.1.3 Areas of the GUI
The areas of the Web interface's GUI are shown in the figure below and described in the
subsequent table.
Figure 6-2: Main Areas of the Web Interface GUI
Version 7.2 47 Mediant 4000 SBC
Page 48
Mediant 4000 SBC
on page 679.)
Table 6-1: Description of the Web GUI Areas
Item # Description
1
2
3
Company logo.
Menu bar containing the menus.
Toolbar providing frequently required command buttons.
Save: Saves configuration changes to the device's flash memory (without
resetting the device). If you make a configuration change, the button is
surrounded by a red-colored border as a reminder to save your settings to flash
memory, by clicking the button.
Reset: Opens the Maintenance Actions page, which is used f or performing
various maintenance procedures such as resett i ng the device (see ''Basic
Maintenance'' on page 621). If you make a configuration chang e that takes effect
only after a device reset, the button is surrounded by a red-colored border as a
reminder to save your settings to flash memory with a device reset; otherwise,
your changes revert to previous settings if the dev ice subsequently resets or
powers off.
Actions:
Configuration File: Opens the Configuration File page, which is used for
saving the ini file to a folder on your PC, or for loading an ini fi le to the device
(see ''Configuration File'' on page
Auxiliary Files: Opens the Auxiliary Fi les page, which is used for loading
659).
Auxiliary files to the device (see ''Loading Auxili ary F i les t hrough Web
Interface'' on page
License Key: Opens the License Key page, which i s used for installing a new
627).
License Key file (see ''Installing License Key through Web I nterface'' on page
642).
Software Upgrade: Starts the Software Upgrade Wizard for upgrading the
device's software (see ''Software Upgrade Wizard'' on pag e
Switchover: Opens the High Availability Mai ntenance page, which is used for
653).
switching between Active and Redundant devices (see High Availability
Maintenance on page 624).
Configuration Wizard: Opens the SBC Configuratio n Wizard, which is used
for quick-and-easy configuration of the device (
see SBC Configuration Wizard
4
Alarm bell icon, which displays the number of activ e alarms generated by the device.
The color of the number of alarms display indicates t he highest severity of an active
alarm. If you click the icon, the Active Alarms table is displayed. For more information
on the table, see Viewing Active Alarms.
5
Button displaying the username of the currently logged in user. If you click the button,
information of the logged-in user is displayed (see ''Vi ewing Logged-In User
Information'' on page 75) and the Log Out button is provided to log out the We b
session (see ''Logging Off the Web Interface'' on page 62).
6
7
Tab bar containing tabs pertaining to the selected m enu:
Setup menu:
IP Network
Signaling & Media
Administration
Monitor menu: Monitor
Troubleshoot menu: Troubleshoot
Back and Forward buttons that enable quick-and-easy navigation through previously
opened pages. This is especially useful when you find that you need to return to a
previously accessed page, and then need to go bac k t o the page you just left.
User's Manual 48 Document #: LTRT-40203
Page 49
User's Manual 6. Web-Based Management
Item # Description
Back button: Goes back to the previously accessed page.
Forward button: Opens the page that you initially l ef t using the back button.
The button is available only if you have used the Back button.
8
Navigation pane, which displays the Navigation tree containing the commands
(items) for opening the configuration pages (see ''Navigation Tree'' on page 49).
9
SRD filter. When your configuration includes multi pl e SRDs, you can filter tables in
the Web interface by a specific SRD. For more information, see ''Filtering Tables in
Web Interface by SRD'' on page 337.
10
Search box for searching parameter names and v al ues (see ''Searching for
Configuration Parameters'' on page 61).
11
Work pane where configuration pages are displayed.
6.1.4 Accessing Configuration Pages from Navigat ion Tree
Accessing configuration pages is a three-fold process that consists of selecting a menu on
the menu bar, a tab on the tab bar, and then a page item in the Navigation pane. The
Navigation pane provides the Navigation tree, which is a tree-like structure of folders and
page items that open configuration pages in the Work pane. The hierarchical structure and
organization of the items in the Navigation tree allow you to easily drill-down and locate the
required item.
The Navigation tree consists of the following areas:
Home : (Call out #1) First ("home") page displayed when a menu-tab combination is
initially selected. For example, the home page of the Setup menu - Administration
tab combination is the Time & Date page.
Folders: (Callout #2) Folders group items of similar functionality. To open and cl ose a
folder, simply click the folder name.
Items: (Callout #3) Items open configuration pages. In some cases, an i tem may be
listed under a sub-item. An item can open a page containing stand-alone parameters
or a table. If it opens a page with stand-alone parame ters, the item is displayed in
italics. If it opens a page with a table, the item is displayed in regular font, or bold font
to indicate an item that is commonly required.
Figure 6-3: Navigation Tree (Example)
The items of the Navigation tree depend on the menu-tab combination, selected from the
menu bar and tab bar, respectively. The menus and their respective tabs are listed below:
Version 7.2 49 Mediant 4000 SBC
Page 50
Mediant 4000 SBC
Setup menu:
• IP Network tab
• Signaling & Media tab
• Administration tab
Monitor menu: Monitor tab
Troubleshoot menu: Troubleshoot tab
When you open the Navigation tree, folders containing commonly required items are
opened by default, allowing quick access to t hei r pages.
Items that open pages containing tables provide the following indications in the Navigation
tree:
Number of configured rows. For example, the item below indicates that t wo rows have
been configured:
If you have filtered the Web interface display by S RD , the number reflects only the
rows that are associated with the filtered SRD.
Invalid row configuration. If you have configured a row with at least one invalid v al ue,
a red-colored icon is displayed next to the item, as sh own i n the following example:
If you hover your cursor over the icon, it displays the number of invalid rows (lines).
Association with an invalid row: If you have associated a parameter of a row with a
row of a different table that has an invalid configuration, the item appears with an
arrow and a red-colored icon, as shown in the following example:
If you hover your cursor over the icon, it displays t he number of rows in the table that
are associated with invalid rows.
Folder containing an item with an invalid row: If a folder contains an item wit h an
invalid row (or associated with an invalid row), the closed folder displays a red-colored
icon, as shown in the following example:
If you hover your cursor over the icon, it displays the names of the items that are
configured with invalid values. If you have filt ered t he Web interface display by SRD,
only items with invalid rows that are associated with t he f i l tered SRD are displayed.
To open a configuration page:
1. On the menu bar, click the required menu.
2. On the tab bar, click the required tab; the Navigation tree displays the items pertaining
to the selected menu-tab combination.
3. In the Navigation pane, open the folder in which the required item is located. The
folders are opened and closed by clicking the title of the folder. When opened, the
folder's arrow is displayed as ; when closed, the arrow is displayed as .
4. In the folder, click the required item; the page is displayed in the Work pane.
You can also easily navigate through previously accessed pages, using the Back and
Forward buttons located above the Navigation pane:
Back button: Click to go back to the previously accessed page or keep on clicking
until you reach any other previously accessed page.
Forward button: Click to open the page that you just lef t as a result of clicking the
Back button.
User's Manual 50 Document #: LTRT-40203
Page 51
User's Manual 6. Web-Based Management
These buttons are especially useful when you find that you need to return to a previously
accessed page, and then need to go back to the page you just left.
Note: Depending on the access level (e.g., Monitor level) of your Web user account,
certain pages may not be accessible or may be read-only (see ''Configuring
Management User Accounts'' on page 69). For read-only privileges:
• Read-only pages with stand-alone parameters: "Read Only Mode" i s displayed at
the bottom of the page.
• Read-only pages with tables: Configuration buttons (e.g., New and Edit) are
missing.
6.1.5 Configuring Stand-alone Parameters
Parameters that are not contained in a table are referred to as stand-alone parameters.
If you change the value of a parameter (before clicking Apply), the parameter' s f i eld is
highlighted, as shown in the example below:
If you change the value of a parameter from its default value and then click Apply, a
dot appears next to the parameter's field, as shown in the example below:
If you change the value of a parameter that is displayed with a lightning-bolt icon
(as shown in the example below), you must save your setti ngs to flash memory with a
device reset for your changes to take effect. Whe n you change such a parameter and
then click Apply, the Reset button on the toolbar is encircled by a red border. If you
click the button, the Maintenance Actions page opens , which provides commands for
doing this (see ''Basic Maintenance'' on page
621).
Typically required parameters are displayed in bold font.
If you enter an invalid value for a parameter and then click Apply, a message box
appears notifying you of the invalid value. Click OK to close the message. The
parameter reverts to its previous value and the field is surrounded by a colored border,
as shown in the figure below:
To get help on a parameter, simply hover your mouse over the parameter's field and a
pop-up help appears, displaying a brief descript i on of the parameter.
The following procedure describes how to configure stand-alone parameters.
To configure a stand-alone parameter:
1. Modify the parameter's value as desired.
2. Click Apply; the changes are saved to the device's volatile memory (RAM).
3. Save the changes to the device's non-volatile memory (flash):
• If a device reset is not required:
Version 7.2 51 Mediant 4000 SBC
Page 52
Mediant 4000 SBC
a. On the toolbar, click Save; a confirmation message box appears:
Figure 6-4: Save Configuration Confirmation Box
b. Click Yes to confirm; the changes are save to flash memory.
• If a device reset is required:
a. On the toolbar, click Reset; the Maintenance Actions page opens.
b. Click Reset; the device saves the changes to flash mem ory and then resets.
Warning: When you click Apply, your changes are saved only to the device's volatile
memory and thus, revert to their previous settings if the device later undergoes a
hardware reset, a software reset (without saving to flash) or powers down. Therefore,
make sure that you save your configuration to t he device's flash memory.
6.1.6 Configuring Table Parameters
A typical configuration table is shown below and subsequently described:
Figure 6-5: Description of Tables
Table 6-2: General Description of Configuration Tables
Item # Button
User's Manual 52 Document #: LTRT-40203
Page 53
User's Manual 6. Web-Based Management
Item # Button
1
2
3
4
5
- Page title (i.e., name of table). The page title also displays the number
of configured rows as well as the number of invalid rows. For more
information on invalid rows, see ''Invalid Value Indications'' on page
56.
Adds a new row to the table (see ''Adding Table Rows '' on page 53).
Modifies the selected row (see ''Modifying Table Rows'' on page 55).
Adds a new row with similar settings as the selected row (i.e., clones
the row). For more information, see ''Cloning SRDs '' on page 339.
Note: The button appears only in the SRDs table.
Deletes the selected row (see ''Deleting Table Row s'' on page 55).
Changes the index position of a selected row (se e ''C hanging Index
Position of Table Rows'' on page 59).
Action
Drop-down menu providing commands (e.g. , Register and Un-
Register).
Note: The button appears only in certain tables ( e. g., Accounts table).
- Added table rows displaying only some of the tabl e parameters
(columns).
- Detailed view of a selected row, displaying all parameters.
- Link to open the "child" table of the "parent" table. A link appears only
if the table has a "child" table. The "child" table is opened for the
selected row.
6
- Navigation bar for scrolling through the table's pages (see ''Viewing
Table Rows'' on page 58).
7
- Search tool for searching parameters and value s (see ''Searching
Table Entries'' on page 60).
8
Modifies the selected row (see ''Modifying Table Rows'' on page 55).
6.1.6.1 Adding Table Rows
The following procedure describes how to add table rows. Before adding rows, the
following GUI conventions are used:
Commonly required parameters are displayed in bold font.
If you change the value of a parameter (before clicking Apply), the parameter' s f i eld is
highlighted, as shown in the example below:
For indications of invalid values, see ''Invalid Value Indications'' on page 56.
To add a row:
1. Click the New button, located on the table's toolbar; a dialog box appears.
2. Configure the parameters of the row as desired. For information on configuring
parameters that are assigned a value which is a row referenced from another table,
see ''Assigning Rows from Other Tables'' on page 54.
Version 7.2 53 Mediant 4000 SBC
Page 54
Mediant 4000 SBC
3. Click Apply to add the row to the table or click Cancel to ignore your configuration.
4. If the Save button is surrounded by a red border, you must save your
settings to flash memory, otherwise they are discarded if the device resets (without a
save to flash) or powers off.
6.1.6.1.1 Assigning Rows from Other Tables
Some tables contain parameters whose value is an assigned row (referenced-row) from
another table (referenced-table). For example, the IP Groups table contains the 'Proxy Set'
parameter whose value is an assigned Proxy Set, configured in the Proxy Sets table.
These parameter types provide a drop-down list for selecting the value and a View button,
as shown in the example below:
Figure 6-6: Parameter with View Button (Example)
You can assign a referenced-row using one of the following methods:
Selecting a referenced-row from the drop-down list:
• Scroll down to the desired item and click it.
• Search for the item by entering in the field the first few characters of the desired
row, and then clicking it. The figure below shows an e xample of searched results
for items (Proxy Sets) that begin with the letter "i":
Figure 6-7: Searching a Row to Reference
Selecting an existing referenced-row directly from the referenced-table:
a. Click View; the table (e.g., IP Groups table) and dialog box in which the button
was clicked is minimized to the bottom-left corner of the Web interface and the
referenced-table (e.g., Proxy Sets table) opens.
b. Add a new row (e.g., Proxy Set), if required; otherwise, skip this step.
c. Select the desired row in the row-referenced table (e.g., Proxy Sets table), and
then click Use selected row located on the top-right of the tabl e, as shown in the
example below:
Figure 6-8: Selecting Referenced Row
Adding a new referenced-row:
User's Manual 54 Document #: LTRT-40203
Page 55
User's Manual 6. Web-Based Management
a. From the drop-down list, select the Add new option; as shown in the example
below:
Figure 6-9: Selecting Add new Option
The table (e.g., IP Groups table) and dialog box in which the Add new option was
selected is minimized to the bottom-left corner of t he Web interface and a dialog
box appears for adding a new row in the referenced-t able (e.g., Proxy Sets table).
b. Configure the referenced-row and click Apply; the referenced-table (e.g., Proxy
Sets table) closes and you are returned to the dialog box in which you selected
the Add new option (e.g., IP Groups table), where the newly added row now
appears selected.
You may want to access the referenced-table (e.g., Proxy Sets table) to simply view all its
configured rows and their settings, without selecting one. To do this, click the View button.
To return to the dialog box of the table (e.g., IP Groups table) in which you are making your
configuration, click the arrow icon on the minimized dialog box to restore it to its
previous size.
6.1.6.2 Modifying Table Rows
The following procedure describes how to modify (edit) the configuration of an existing
table row. Remember that a gray-colored dot icon displayed next to a parameter's value
(as shown in the example below), indicates that it was changed from its default value:
To edit a table row:
1. Select the row that you want to edit.
2. Click the Edit button, located on the table's toolbar; a dialog appears
displaying the current configuration settings of t he row.
3. Make your changes as desired, and then click Apply; the dialog box closes and your
new settings are applied.
4. If the Save button is surrounded by a red border, you must save your
settings to flash memory, otherwise they are discarded if the device resets (without a
save to flash) or powers off.
6.1.6.3 Deleting Table Rows
The following procedure describes how to delete a ro w f rom a table.
To delete a table row:
1. Select the row that you want to delete.
Version 7.2 55 Mediant 4000 SBC
Page 56
Mediant 4000 SBC
2. Click the delete icon, located on the table's toolbar; a confirmation message box
appears requesting you to confirm deletion, as s hown in the example below:
3. Click Yes, Delete; the row is removed from the table and the total number of
configured rows that is displayed next to the page title and page item in the Navigation
tree is updated to reflect the deletion.
Note: If the deleted row (e.g., a Proxy Set) was referenced in another table (e.g., IP
Group), the reference is removed and replaced with an empty field. In addition, if the
reference in the other table is for a mandatory parameter, the invalid icon is
displayed where relevant. For example, if you delete a SIP Interface that you have
assigned to a Proxy Set, the invalid icon appears alongside the Proxy Sets item in
the Navigation tree as well as on the Proxy Sets page.
6.1.6.4 Invalid Value Indications
The Web interface provides the following indications of invalid values when configuring
table rows:
Parameters configured with invalid values: An invalid value is a value that is not
permissible for the parameter. This can include incorrect syntax (string, numeral, or
character) or an out-of-range value. If you enter an invalid value and then click Apply,
the field is surrounded by a colored border, as shown i n the example below.
Figure 6-10: Invalid Value
If you hover your mouse over the field, a pop-up message appears providing the valid
values. If you enter a valid value, the colored border i s removed from the field. If you
leave the parameter at the invalid value and click Apply, the parameter reverts to its
previous value.
Mandatory parameters that reference rows of other configuration tables:
• Adding a row: If you do not configure the parameter and you cli ck Apply, an
error message is displayed at the bottom of the dialog box. If you click Cancel,
the dialog box closes and the row is not added to the table. For example, if you
do not configure the 'SIP Interface' field (mand atory) for a Proxy Set (in the Proxy
Sets table), the below message appears::
• Editing a row: If you modify the parameter so that it's no lon ger referencing a
row of another table (i.e., blank value), when you clos e the dialog box, the Invalid
Line icon appears in the following locations:
♦ 'Index' column of the row.
♦ Page title of the table. The total number of i nvalid rows in the table is also
displayed with the icon.
User's Manual 56 Document #: LTRT-40203
Page 57
User's Manual 6. Web-Based Management
♦ Item in the Navigation tree that opens the tabl e.
For example, if you do not configure the 'SIP Interface' field (mandatory) for Proxy
Set #0, the Invalid Line icons are displayed for the Proxy Sets table, as
shown below:
Figure 6-11: Invalid Line (Row) Icons
Parameters that reference rows of other configuration tables that are configured
with invalid values: If a row has a parameter that references a row of another table
that has a parameter with an invalid value, the Invalid Reference Line icon is
displayed in the following locations:
• 'Index' column of the row.
• Page title of the table. The total number of invalid rows in the table is also
displayed with the icon.
• Item in the Navigation tree that opens the table.
For example, if you configure IP Group #0 (in the IP Groups table) with a parameter
that references Proxy Set #0, which is configured with an invalid value, Invalid
Reference Line icons are displayed for the IP Groups table, as shown below:
Figure 6-12: Invalid Reference Line Icons
Invalid icon display in drop-down list items of parameters that can reference
rows of other tables:
• If the row has an invalid line (see description above ), t he Invalid Line icon
appears along side the item.
• If the row has an invalid reference line (see desc ription above), the Invalid
Reference Line icon appears along side it.
For example, when configuring an IP Group, the 'Proxy Set' parameter's drop-down
list displays items: Proxy Set #0 with indicating that it has an invalid parameter
value, and Proxy Set #1 with indicating that it has a parameter that is referenced to
a row of another table that has an invalid value:
Version 7.2 57 Mediant 4000 SBC
Page 58
Mediant 4000 SBC
delete the referenced row (in the table in which the row is configured), the
Figure 6-13: Invalid Icon Display in Drop-Down List of Parameter Referencing Other Rows
Note: If you assign a non-mandatory parameter with a referenced row and then later
parameter's value automatically changes to an empty field (i.e., no row assigned).
Therefore, make sure that you are aware of this and if necessary, assign a different
referenced row to the parameter. Only if the parameter is mandatory is the Invalid
Line icon displayed for the table in which the parameter is config ured.
6.1.6.5 Viewing Table Rows
Tables display a certain number of rows per page. If you have configured more than this
number, you can use the table's navigation bar to scroll through the table pages, as shown
below and described in the subsequent table:
Table 6-3: Table Navigation Bar Description
Item # Description
1
2
Navigation buttons to view previous table rows:
Displays the previous table page
Displays the first tabl e page (i.e., page with at least the first index row)
Navigation buttons to view the next table rows:
Displays the next table page
Displays the last table page (i.e., page with last index row)
3
Currently displayed table page. To open a specif ic t able page, enter the page number
and then press the Enter key.
4
Total number of table pages.
User's Manual 58 Document #: LTRT-40203
Page 59
User's Manual 6. Web-Based Management
6.1.6.6 Sorting Tables by Column
You can sort table rows by any column and in ascending order (e.g., 1, 2 and 3 / a, b, and
c) or descending order (e.g., 3, 2, and 1 / c, b, and a). By default, most tables are sorted by
the Index column and in ascending order.
To sort table rows by column:
1. Click the name of the column by which you want to sort the table rows; the up-down
arrows appear alongside the column name and the up button is displayed in a darker
shade of color, indicating that the column is sorted in ascending order:
Figure 6-14: Table Sorted by Index in Ascending Order
2. To sort the column in descending order, click the column name again; only the down
arrow is displayed in a darker shade of color, indicating that the column is sorted in
descending order:
Figure 6-15: Table Sorted by Index in Descending Order
6.1.6.7 Changing Index Position of Table Rows
You can change the position (index) of rows in tables. This is done by using the up-down
arrows located on the table's toolbar.
Note:
• Changing row position can only done when the table is sorted by the 'Index'
column and in ascending order; otherwise, the butt ons are grayed out. For sorting
table columns, see 'Sorting Tables by Column' on p age 59.
• Changing row position is supported only by certain tables (e.g., IP-to-IP Routing
table).
To change the position of a row:
1. Click the 'Index' column header so that the rows are sorted in ascending order (e.g., 0.
Version 7.2 59 Mediant 4000 SBC
Page 60
Mediant 4000 SBC
1, 2, and so on).
2. Select the row that you want to move.
3. Do one of the following:
• To move one index up (e.g., from Index 3 to 2): Click the up arrow; the row
moves one index up in the table (e.g., to 2) and the row t hat originally occupied
the index is moved one index down (e.g., to 3). I n other w ords, the rows have
swapped positions.
• To move one index down (e.g., from Index 3 to Index 4): Click the down arrow;
the row moves one index down in the table (e.g., t o 4) and the row that originally
occupied the index is moved one index up (e.g., to 3). In other words, the rows
have swapped positions.
4. Continue clicking the required arrow until the row has moved to the desired location in
the table.
6.1.6.8 Searching Table Entries
You can search for any parameter value (alphanumerics) in configuration tables, using the
Search tool. The Search tool, located above each table, is shown below and described in
the subsequent table:
Figure 6-16: Table Search Tool
Table 6-4: Table Search Tool Description
Item # Description
1
'Specify Columns' drop-down list for selecting t he table column (parameter) in which to
do the search. By default, the search is done in all colum ns.
2
3
Search box to enter your search key (parameter value).
Magnifying-glass icon which when clicked performs the search.
To search for a table value:
1. If you want to perform the search on all table columns, skip this step; otherwise, from
the 'Specify Columns' drop-down list, select the table column in which you want to
perform the search; the name of the drop-down list changes to the name of the
selected column.
2. In the Search box, enter the value for which you want to search.
3. Click the magnifying-glass icon to run the search. If the device finds the value, the
table displays only the rows in which the value was found. You can then select any
row and modify it by clicking the Edit button. If the search is unsuccessful, no rows are
displayed.
4. To quit the Search tool and continue configuring rows, click the icon located in the
Search box.
User's Manual 60 Document #: LTRT-40203
Page 61
User's Manual 6. Web-Based Management
6.1.7 Searching for Configuration Parameters
You can search in the Web interface for parameter names (standalone or table
parameters) and values. The search key can include the full parameter name (Web or ini
file name) or a substring of it. If you search for a substring, all parameters containing the
substring in their names are listed in the search result. For example, to search for the
parameter 'Telnet Server TCP Port', you can use a ny of the following search keys:
"Telnet Server TCP Port" (Web name)
"TelnetServerPort" (ini file name)
"Telnet"
"Port"
When the device completes the search, it displays a list of found results based on the
search key. Each possible result, when clicked, opens the page on which the parameter or
value is located. You need to click the most appropriate result.
To search for a parameter:
1. In the search box, enter the search key (parameter name or value).
2. Click the search icon; the Search Result window appears, listing found parameters
based on your search key. Each searched result displays the following:
• Navigation path (link) to the page on which the parameter appears
• Parameter's name
• Parameter's value
• Brief description of parameter
Figure 6-17: Search Result Window
3. Click the link of the navigation path corresponding to the required found parameter to
open the page on which the parameter appears.
Version 7.2 61 Mediant 4000 SBC
Page 62
Mediant 4000 SBC
6.1.8 Getting Help
The Web interface provides you with context-sensitive pop-up help of standalone
parameters. When you hover your mouse over a parameter's field, a pop-up appears with a
short description of the parameter, as shown in the following example:
Figure 6-18: Viewing Context-Sensitive Help for a Parameter
6.1.9 Logging Off the Web Interface
The following procedure describes how to log off t he Web interface.
To log off the Web interface:
1. On the menu bar, from the 'Admin' drop-down list, click Log Out; the following
confirmation message box appears:
Figure 6-19: Log Out Confirmation Box
2. Click Yes; you are logged off the Web session and the Web Login window appears
enabling you to re-login, if required.
6.2 Customizing the Web Interface
You can customize the following elements of the device's Web interface (GUI):
Corporate logo (see Replacing the Corporate Logo on page 62)
Device's (product) name (see Customizing the Product Name on page 65)
Favicon (see Customizing the Favicon on page 65)
Login welcome message (see Creating a Login Welcome Message on pag e 61)
Note:
• The product name also affects other management interf aces.
• In addition to Web-interface customization, you can customize the following to
reference your company instead of AudioCodes:
√ SNMP Interface: Product system OID (see the SNMPSysOid parameter) and
trap Enterprise OID (see the SNMPTrapEnt erpriseOid parameter).
√ SIP Messages: User-Agent header (see the UserAgentDisplayInf o parameter),
SDP "o" line (see the SIPSDPSessionOwner parameter), and Subject header
(see the SIPSubject parameter).
6.2.1 Replacing the Corporate Logo
You can replace the default corporate logo image (i.e., AudioCodes logo) that is displayed
in the Web interface. The logo appears in the following Web areas:
User's Manual 62 Document #: LTRT-40203
Page 63
User's Manual 6. Web-Based Management
Web Login screen:
Figure 6-20: Corporate Logo on Web Login Screen
Menu bar:
Figure 6-21: Corporate Logo on Menu Bar
You can replace the logo with one of the following:
A different image (see Replacing the Corporate Logo with an Image on page 63)
Text (see Replacing the Corporate Logo with Text on page 64)
6.2.1.1 Replacing the Corporate Logo with an Image
You can replace the logo with a different image. The following figure displays an example
where the default logo (top) is replaced with a different image (bottom):
Figure 6-22: Customizing Web Logo Image
To customize the logo:
1. Save your new logo image file in a folder on the same PC that you are using to access
the device's Web interface.
2. In your browser's URL address field, append the case-sensitive suffix "/AdminPage" to
the device's IP address (e.g., http:// 10. 1.229. 17/AdminPage).
3. Log in with your credentials; the Admin page appears.
Version 7.2 63 Mediant 4000 SBC
Page 64
Mediant 4000 SBC
4. On the left pane, click Image Load to Device; the right pane displays the following:
Figure 6-23: Customizing Web Logo
5. Use the Browse button to select your logo file, and then click Send File; the device
loads the file.
6. If you want to modify the width of the image, in the 'Logo Width' field, enter the new
width (in pixels) and then click the Set Logo Width button.
7. On the left pane, click Back to Main to exit the Admin page.
8. Reset the device with a save-to-flash for your settings to take effect.
Note:
• The logo image file type can be GIF, PNG, JPG, or JPEG.
• The logo image must have a fixed height of 24 pixel s. T he width can be up to 199
pixels (default is 145).
• The maximum size of the image file can be 64 Kbytes.
• Ignore the ini Parameters option, which is located on the left pane of the Admin
page.
6.2.1.2 Replacing the Corporate Logo with Text
You can replace the logo with text. The following figure displays an example where the
logo (top) is replaced with the text, "My Logo Text" (bottom):
Figure 6-24: Replacing Logo with Text
To replace the logo with text:
1. Create an ini file that includes the following parameter settings:
UseWebLogo = 1
WebLogoText = < your text >
2. Load the ini file using the Auxiliary Files page (see Loading Auxiliary Files on page
627).
3. Reset the device with a save-to-flash for your settings to take effect.
User's Manual 64 Document #: LTRT-40203
Page 65
User's Manual 6. Web-Based Management
6.2.2 Customizing the Product Name
You can customize the device's product name. The name is displayed in various places in
the management interfaces, as shown below using the customized name, "My Product
Name":
Web Login screen:
Figure 6-25: Customizing Product Name (Example)
Ini file "Board" field:
Board: My Product Name
CLI prompt:
My Product Name(config-system)#
To customize the device's product name:
1. Create an ini file that includes the following parameter settings:
UseProductName = 1
UserProductName = < name >
2. Load the ini file using the Auxiliary Files page (see Loading Auxiliary Files on page
627).
3. Reset the device with a save-to-flash for your settings to take effect.
6.2.3 Customizing the Favicon
You can replace the default favicon (i.e., AudioCodes) with your own personalized favicon.
Depending on the browser, the favicon is displayed in various areas of your browser, for
example, in the URL address bar, on the page tab, and wh en bookmarked:
Version 7.2 65 Mediant 4000 SBC
Page 66
Mediant 4000 SBC
Figure 6-26: Favicon Display in Browser
To customize the favicon:
1. Save your new favicon file (.ico) in a folder on the same PC that you are using to
access the device's Web interface.
2. In your browser's URL address field, append the case-sensitive suffix "/AdminPage" to
the device's IP address (e.g., http://10.1.229.17/AdminPage).
3. Log in with your credentials; the Admin page appears.
4. On the left pane, click Image Load to Device; the right pane displays the following:
Figure 6-27: Customizing Favicon
5. Use the Browse button to select your favicon file, and then click Send File; the device
loads the image file.
6. On the left pane, click Back to Main to exit the Admin page.
7. Reset the device with a save-to-flash for your settings to take effect.
Note:
• The logo image file type can be ICO, GIF, or PNG.
• The maximum size of the image file can be 16 Kbytes.
• Ignore the ini Parameters option, which is located on the left pane of the Admin
page.
User's Manual 66 Document #: LTRT-40203
Page 67
User's Manual 6. Web-Based Management
6.2.4 Creating a Login Welcome Message
You can create a personalized welcome message that is displayed on the Web Login
screen. The message always begins with the title "Note" and has a color background, as
shown in the example below:
Figure 6-28: Creating Login Welcome Message
To create a login welcome message:
1. Create an ini file that includes the WelcomeMessage table parameter. Use the
parameter to configure your message, where each index row is a line in your
message, for example:
[WelcomeMessage ]
FORMAT WelcomeMessage_Index = WelcomeMessage_Text;
WelcomeMessage 1 = "*********************************";
WelcomeMessage 2 = "** This is a Welcome message! **";
WelcomeMessage 3 = "*********************************";
[\WelcomeMessage]
2. Load the ini file using the Auxiliary Files page (see Loading Auxiliary Files on page
627).
3. Reset the device with a save-to-flash for your settings to take effect.
To remove the welcome message:
1. Load an empty ini file, using the Auxiliary Files page.
2. Reset the device with a save-to-flash for your settings to take effect.
6.3 Configuring Additional Management Interfaces
The Additional Management Interfaces table lets you configure up to 16 management
interfaces, in addition to the OAMP management interface in the IP Interfaces table.
Version 7.2 67 Mediant 4000 SBC
Page 68
Mediant 4000 SBC
For more information on IP network interface s, see Configuring IP
Multiple management interfaces lets you access the device's management interfaces (e.g.,
Web interface and CLI) remotely through different IP addresses. Each additional
management interface can be configured to use a specific network interface (Control
and/or Media type) and TLS Context, and can be configured to restrict access through
HTTPS only.
Note:
• To allow access to the device's management interfaces through all network
interfaces in the IP Interfaces table, see the E nabl eWebAccessFromAllInterfaces
The following procedure describes how to configure additional management interfaces
through the Web interface. You can also configure it through ini file
(AdditionalManagementInterfaces) or CLI (configure system > additional-mgmt-if).
parameter. This parameter does not specify a TLS Context nor a connectivity
protocol (HTTP or HTTPS).
• Currently, additional management interface s ar e not supported for REST API
(ARM).
To configure additional management interfaces:
1. Open the Additional Management Interfaces table (Setup menu > Administration tab
> Web & CLI folder > Additional Management Interfaces).
2. Click New; the following dialog box is displayed:
General
Figure 6-29: Additional Management Interfaces Table - Add Dialog Box
3. Configure an additional management interface according to the parameters described
in the table below.
4. Click Apply, and then save your settings to flash memory.
Additional Management Interfaces Tabl e Parameter Descriptions
Parameter Description
Index
[AdditionalManagementInt
erfaces_Index]
Interface Name
interface-name
User's Manual 68 Document #: LTRT-40203
Defines an index number for the new table row.
Note: Each row must be configured with a unique i ndex.
Assigns an IP network interface (from the IP Interfaces table) to the
management interface.
Page 69
User's Manual 6. Web-Based Management
[AdditionalManagementInt
Network Interfaces on page 129.
Read/write privileges for all Web pages, except security-
Parameter Description
erfaces_InterfaceName]
TLS Context Name
tls-context-name
[AdditionalManagementInt
erfaces_TLSContextName]
HTTPS Only
https-only-val
[AdditionalManagementInt
erfaces_HTTPSOnly]
Note:
Only Control- and/or Media-type IP network interfaces can be
associated with additional management interfaces.
An IP network interface can be associated with only one additional
management interface.
Assigns a TLS Context (from the TLS Contexts table) to the
management interface. A TLS Context provides secure TLS-based
management access.
For more information on TLS Contexts, see Config uring TLS
Certificate Contexts on page 103.
Defines the protocol required for accessing the management
interface.
[0] HTTP and HTTPS = The management interface can be
accessed over a secured (HTTPS) and an unsecured (HTTP)
connection.
[1] HTTPS Only = The management interface can be accessed
only over a secured (HTTPS) connection.
[2] Use global definition = The type of management connection
(HTTP and HTTPS, or HTTPS Only) depends on the conf i guration
of the global parameter, HTTPSOnly (see Configuring Secured
(HTTPS) Web on page 77).
6.4 Configuring Management User Accounts
The Local Users table lets you configure up to 10 management user accounts for the
device's Web interface and CLI. You configure each user account with login credentials
(username and password) and with a management user level which defines the level of
read and write privileges. The table below describes the different types of user levels:
Table 6-5: Description of Management User Levels
Numeric
User Level
Security
Administrator
Master
Administrator
Representation in
RADIUS
200 Read/write privileges for all Web pages. This user l evel
220 Read/write privileges for all Web pages. This use r level
100
Privileges
can create all other user levels and is the only one that
can create the first Master user.
Note: At least one Security Administrator user must exist.
can create all user levels, including additional Master
users and Security Administrators. It can delete al l users
except the last Security Administrator.
Note: Only Master users can delete Master users. If only
one Master user exists, it can be deleted only by itself.
Version 7.2 69 Mediant 4000 SBC
Page 70
User Level
related pages and the Local Users table where this us er
Mediant 4000 SBC
Numeric
Representation in
Privileges
RADIUS
has read-only privileges.
Monitor
Note: Only Security Administrator and Master users can configure users in the Local
Users table. Administrator users have read-only privileges and Monitor users are
denied access to the table. However, Administrator and Monitor users can change
their login credentials in the Web Settings page (see ''Configuring Web Session and
Access Settings'' on page 75).
By default, the device is pre-configured with the foll owing two user accounts:
User Level Username
Security Administrator
Monitor
Note:
• For security, it's recommended that you change the default username and
password of the default users.
• To restore the device to the default users (and with their default usernames and
passwords), configure the ini file ResetWebPassword parameter to 1. If you have
configured any other accounts, they are deleted.
• If you delete a user who is currently in an active We b session, the user is
immediately logged off the device.
• Up to five users can be concurrently logged in to the Web interface; they can all be
the same user.
• You can set the entire Web interface to read-only (re gardless of Web user access
levels), using the ini file parameter DisableWebConfig (see ''Web and Telnet
Parameters'' on page 803).
• You can define additional Web user accounts using a RADIUS server (see
''RADIUS Authentication'' on page 233).
The following procedure describes how to configure user accounts through the Web
interface. You can also configure it through ini file (WebUsers) or CLI (configure system >
user).
50 Read-only privileges and access to security-related pages
is blocked.
Table 6-6: Default User Accounts
Password
(Case-Sensitive)
(Case-Sensitive)
"Admin" "Admin"
"User" "User"
User's Manual 70 Document #: LTRT-40203
Page 71
User's Manual 6. Web-Based Management
To configure management user accounts:
1. Open the Local Users table (Setup menu > Administration tab > Web & CLI folder >
Local Users).
2. Click New; the following dialog box is displayed:
Figure 6-30: Local Users Table - Dialog Box
3. Configure a user account according to the parameters described in the table below.
4. Click Apply, and then save your settings to flash memory.
Parameter Description
General
Index
[WebUsers_Index]
Username
user
[WebUsers_Username]
Password
password
[WebUsers_Password]
Table 6-7: Local Users Table Parameter Descriptions
Defines an index number for the new table row.
Note: Each row must be configured with a unique i ndex.
Defines the Web user's username.
The valid value is a string of up to 40 alphanumeric chara ct ers,
including the period ".", underscore "_", and hyphen "-" signs.
Defines the Web user's password.
The valid value is a string of 8 to 40 ASCII characters. To ensure
strong passwords, adhere to the following pass wor d complexity
requirements:
Contain at least eight characters.
Contain at least two letters that are upper case (e.g., A).
Contain at least two letters that are lower case (e.g., a).
Contain at least two numbers (e.g., 4).
Contain at least two symbols (non-alphanumeric characters) (e.g.,
$, #, %).
No spaces.
Contain at least four new characters that were not used in the
previous password.
Note:
To enforce the password complexity requirements mentioned
above, configure the EnforcePasswordComplexity to 1.
Version 7.2 71 Mediant 4000 SBC
Page 72
Mediant 4000 SBC
For security, password characters are not shown in the Web
The valid value is a string of up to 512 characters. By def aul t, no value
Parameter Description
interface and ini file. In the Web interface, they are display ed as
dots when you enter the password and then once appli ed, the
password is displayed as an asterisk (*) in the table. I n t he ini file,
they are displayed as an encrypted string.
User Level
privilege
[WebUsers_UserLevel]
SSH Public Key
public-key
[WebUsers_SSHPublicKey]
Defines the user's access level.
Monitor = (Default) Read-only user. This user can only view Web
pages and access to security-related pages is denied.
Administrator = Read/write privileges for all pages except security-
related pages including the Local Users table where this user has
read-only privileges.
Security Administrator = Full read/write privileges for all pages.
Master = Read/write privileges for all pages. This user also
functions as a security administrator.
Note:
At least one Security Administrator must exist. You cannot delete
the last remaining Security Administrator.
The first Master user can be added only by a Security
Administrator user.
Additional Master users can be added, edited and deleted only by
Master users.
If only one Master user exists, it can be deleted only by itself.
Master users can add, edit, and delete Security Administrators
(except the last Security Administrator).
Only Security Administrator and Master users can add, edit, and
delete Administrator and Monitor users.
Defines a Secure Socket Shell (SSH) public key for RS A public-key
authentication (PKI) of the remote user when loggin g into the device's
CLI through SSH. Connection to the CLI is establi shed only when a
successful handshake with the user’s private key occurs.
is defined.
Note:
For more information on SSH and for enabling SSH, see Enabling
SSH with RSA Public Key for CLI on page 82.
To configure whether SSH public keys are optional or mandatory,
use the SSHRequirePublicKey parameter.
If not configured, the settings of the global parameter,
SSHAdminKey is used.
Status
status
[WebUsers_Status]
Defines the status of the user.
New = (Default) User is required to change its password on the
next login. When the user logs in to the Web interfac e, the user is
immediately prompted to change the current password.
Valid = User can log in to the Web interface as normal.
Failed Login = The state is automatically set for users that exceed
a user-defined number of failed login attempts, set by the 'Deny
Access on Fail Count' parameter (see 'Configuring W eb Session
and Access Settings' on page 75). These users can log in only
after a user-defined timeout configured by the 'Block Duration'
parameter (see below) or if their status is changed (t o New or
Valid) by a Security Administrator or Master.
User's Manual 72 Document #: LTRT-40203
Page 73
User's Manual 6. Web-Based Management
Inactivity = The state is automatically set for users that have not
The default value is according to the settings of the
Parameter Description
accessed the Web interface for a user-defined number of days, set
by the 'User Inactivity Timer' (see 'Configuring Web Session and
Access Settings' on page
75). These users can only log in to the
Web interface if their status is changed (to New or Valid) by a
System Administrator or Master.
Note:
The Inactivity status is applicable only to Administrator and Monitor
users; Security Administrator and Master user s ca n be inactive
indefinitely.
For security, it is recommended to set the status of a newly added
user to New in order to enforce password change.
Security
Password Age
password-age
[WebUsers_PwAgeInterval]
Web Session Limit
session-limit
[WebUsers_SessionLimit]
CLI Session Limit
cli-session-limit
[WebUsers_CliSessionLimit]
Defines the duration (in days) of the validity of the password. When
the duration elapses, the user is prompted to change the password;
otherwise, access to the Web interface is blocked.
The valid value is 0 to 10000, where 0 means that the pass wor d is
always valid. The default is 90.
Defines the maximum number of concurrent We b i nterface and REST
sessions allowed for the specific user account. For example, if
configured to 2, the user account can be logged into the device’s Web
interface (i.e., same username-password combination) from two
different management stations (i.e., IP addresse s) or Web browsers at
the same time.
Once the user logs in, the session is active unti l the user logs off or
until the session expires if the user is inactive for a user-defined
duration (see the 'Web Session Timeout' paramet er below).
The valid value is 0 to 5. The default is 2.
Note: If the number of concurrently logged-in users is at the
configured maximum, the device allows an additional user to log in
through REST.
Defines the maximum number of concurrent CLI sessions allowed for
the specific user. For example, if configured to 2, t he same user
account can be logged into the device’s CLI (i.e., same usernamepassword combination) from two different management stations (i.e.,
IP addresses) at any one time. Once the user logs in, the session is
active until the user logs off or until the session expires if t he user is
inactive for a user-defined duration (see the 'Web S ession Timeout'
parameter below).
The valid value is -1, or 0 to 100. The default is -1, which means that
the limit is according to the global parameters, 'Maximum Telnet
Sessions' (TelnetMaxSessions) or 'Maximum SSH Sessions'
(SSHMaxSessions).
Web Session Timeout
session-timeout
[WebUsers_SessionTimeout]
Defines the duration (in minutes) of inactivity of a logged-in user in the
Web interface, after which the user is automatically logged off the
Web session. In other words, the session expires when the user has
not performed any operations (activities) in the Web interface for the
configured timeout duration.
The valid value is 0, or 2 to 100000. A value of 0 means no timeout.
Version 7.2 73 Mediant 4000 SBC
Page 74
Mediant 4000 SBC
WebSessionTimeout global parameter (see 'Configu ring Web Session
The valid value is 0 to 100000, where 0 means that the user can do as
Parameter Description
and Access Settings' on page 75).
Block Duration
block-duration
Defines the duration (in seconds) for which the user is blocked when
the user exceeds a user-defined number of failed logi n attempts.
[WebUsers_BlockTime]
many login failures without getting blocked. The def ault is according to
the settings of the 'Deny Authentication Timer' parameter (see
'Configuring Web Session and Access Settings' on page
Note:
To enable this feature, see the 'Deny Access On Fail Count'
parameter in 'Configuring Web Session and Access S ettings' on
page 75.
The 'Deny Authentication Timer' parameter relates to failed Web
logins from specific IP addresses.
6.5 Displaying Login Information upon Login
You can enable the device to display login information immediately upon Web login.
To enable display of user login information upon login:
1. Open the Web Settings page (Setup menu > Administration tab > Web & CLI folder
> Web Settings).
2. Under the Security group, from the 'Display Last Login Information' drop-down list,
select Enable.
3. Click Apply.
Once enabled, each time you login to the device, the Login Information window is
displayed, as shown in the example below:
75).
Figure 6-31: Login Information Window
To close the window, click Close.
User's Manual 74 Document #: LTRT-40203
Page 75
User's Manual 6. Web-Based Management
management user with Security Administrator level or Master level. For more
6.6 Viewing Logged-In User Information
The username of the currently logged in user is displayed in the top-right corner of the Web
interface. If you click the username (e.g., "A dm i n" ), a pop-up callout appears:
Figure 6-32: Logged-in User Information
The following information is displayed:
'Access Level': User level of the currently logged in user (e.g., Security Administrator).
'Session Time': Duration of the current Web session (starting from login).
The Log Out button is also provided for logging out of the Web session (see ''Logging Off
the Web Interface'' on page 62).
6.7 Configuring Web Session and Access Settings
The following procedure describes how to configure security features related to Web user
sessions and access.
Note: You can only perform the configuration described in this section if you are a
information, see ''Configuring Management Us er Accounts'' on page 69.
To configure Web user sessions and access security:
1. Open the Web Settings page (Setup menu > Administration tab > Web & CLI folder
> Web Settings).
2. Under the Session group, configure the following parameters:
Figure 6-33: Configuring Web User Sessions
• 'Password Change Interval': Duration (in minutes) of the validity of the Web login
passwords. When the duration expires, the user m ust change the password in
order to log in again.
Version 7.2 75 Mediant 4000 SBC
Page 76
Mediant 4000 SBC
• 'User Inactivity Timeout': If the user has not logged i nto the Web interface within
this duration, the status of the user becomes inactive and the user can no longer
access the Web interface. The user can only log in to the Web interface if its
status is changed (to New or Valid) by a Security Administrator or Master user
(see ''Configuring Management User Accounts'' on page 69).
• 'Session Timeout': Duration (in minutes) of inactivity (i.e., no actions are
performed in the Web interface) of a logged-in user, after which the Web session
expires and the user is automatically logged off the Web interface and needs to
log in again to continue the session. You can also configure the functionality per
user in the Local Users table (see ''Configuring Management User Accounts'' on
page 69), which overrides this global setting.
3. Under the Security group, configure the following parameters:
Figure 6-34: Configuring Web User Security
• 'Deny Authentication Timer': Interval (in se conds) that the user needs to wait
before logging in from the same IP address after reachi ng the maximum number
of failed login attempts (see next step).
• 'Deny Access On Fail Count': Number of failed logi n attempts (e.g., incorrect
username or password) after which the device blocks access to the user for a
user-defined duration (previous step).
4. Click Apply.
For a detailed description of the above parameter s, see ''Web Parameters'' on page 804.
6.8 Changing Login Password for Administrator and Monitor Users
If you are logged in as a user with Administrator level or Monitor level, you can change
your login password by performing the following procedure.
Note:
• Users with Security Administrator level or Master level can change passwords for
themselves and for other users in the Local Users tabl e (se e ''Configuring
Management User Accounts'' on page 69).
• You can only change the password if the duration configured in the 'Password
Change Interval' has elapsed (see ''Configuring Web S ession and Access
Settings'' on page 75).
User's Manual 76 Document #: LTRT-40203
Page 77
User's Manual 6. Web-Based Management
To change the login password:
1. Open the Web Settings page (Setup menu > Administration tab > Web & CLI folder
> Web Settings).
Figure 6-35: Changing Login Password for Administrator and Monitor User Levels
2. In the 'Current Password' field, type in your current login password.
3. In the 'New Password' field, type in your new password.
4. In the 'Confirm New Password' field, type in your new password again.
5. Click Change; you are logged off the Web session and prompted to login in again with
your new login password.
6.9 Configuring Secured (HTTPS) Web
By default, the device allows remote management (client) through HTTP and HTTPS.
However, you can enforce secure Web access communication by configuring the device to
accept only HTTPS.
To configure secure (HTTPS) Web access:
1. Open the Web Settings page (Setup menu > Administration tab > Web & CLI folder
> Web Settings).
2. Under the General group, configure the following:
3. From the 'Secured Web Connection (HTTPS)' drop-down list, select HTTPS Only.
4. To enable two-way authentication whereby both management client and server are
authenticated using X.509 certificates, from the 'Require Client Certificates for HTTPS
connection' drop-down list, select Enable.
5. In the 'HTTPS Cipher String' field, enter the cipher string for HTTPS (in OpenSSL
cipher list format).
6. Click Apply, and then reset the device with a save-to-flash for your settings to take
effect.
For more information on secure Web-based management including TLS certificates, see
''TLS for Remote Device Management'' on page 116.
Version 7.2 77 Mediant 4000 SBC
Page 78
Mediant 4000 SBC
6.10 Web Login Authentication using Smart Cards
You can enable Web login authentication using certificates from a third-party, common
access card (CAC) with user identification. When a user attempts to access the device
through the Web browser (HTTPS), the device retrieves the Web user’s login username
(and other information, if required) from the CAC. The user attempting to access the device
is only required to provide the login password. Typically, a TLS connection is established
between the CAC and the device’s Web interface, and a RADIUS server is implemented to
authenticate the password with the username. Therefore, this feature implements a twofactor authentication - what the user has (i.e., the physical card) and what the user knows
(i.e., the login password).
This feature is enabled using the EnableMgmtTwoFactorAuthentication parameter.
Note: For specific integration requirements for implementing a third-party smart card
for Web login authentication, contact your AudioCodes representative.
To log in to the Web interface using CAC:
1. Insert the Common Access Card into the card reader.
2. Access the device using the following URL: https://<host name or IP address>; the
device prompts for a username and password.
3. Enter the password only. As some browsers require that the username be provided,
it’s recommended to enter the username with an arbitrary value.
User's Manual 78 Document #: LTRT-40203
Page 79
User's Manual 6. Web-Based Management
6.11 Configuring Web and Telnet Access List
The Access List table lets you restrict access to the device's management interfaces (Web,
Telnet and SSH) by specifying IP addresses (up to ten) of management clients that are
permitted to access the device. Access to the device's management interfaces from
undefined IP addresses is denied. If you don't specify any IP addresses, this security
feature is inactive and the device can be accessed f rom any IP address.
The following procedure describes how to configure the Access List through the Web
interface. You can also configure it through ini file (W ebA ccessList_x).
Note:
• Configure the IP address of the computer from which you are currently logged into
the device as the first authorized IP address in the A ccess List. If you configure
any other IP address, access from your computer will be immediately denied.
• If you configure network firewall rules in the Fire wall table (see ''Configuring
Firewall Rules'' on page 165), you must configure a firewall rule that permits traffic
from IP addresses configured in the Access List table.
To add IP addresses to the Access List:
1. Open the Access List table (Setup menu > Administration tab > Web & CL I folder >
Access List).
Figure 6-36: Access List - Adding IP Address
2. In the 'Add an authorized IP address' field, configure an IP address, and then click
Add New Entry; the IP address is added to the table.
Figure 6-37: Web & Telnet Access List Table
If you have configured IP addresses in the Access List and you no longer want to restrict
access to the management interface based on the Access List, delete all the IP addresses
in the table, as described in the following procedure.
Note: When deleting all the IP addresses, make sure that you delete the IP address
of the computer from which you are currently logged into the device, last; otherwise,
access from your computer will be immediately denied.
Version 7.2 79 Mediant 4000 SBC
Page 80
Mediant 4000 SBC
To delete an IP address from the Access List:
1. Select the Delete Row check box corresponding to the IP address that you want to
delete.
2. Click Delete Selected Addresses.
User's Manual 80 Document #: LTRT-40203
Page 81
User's Manual 7. CLI-Based Management
7 CLI-Based Management
This chapter provides an overview of the CLI-based management and provides
configuration relating to CLI management.
Note:
• By default, CLI is disabled (for security purposes).
• The CLI can only be accessed by management users with the following user
levels:
7.1 Enabling CLI
√ Administrator
√ Security Administrator
√ Master
• For more information on the CLI and CLI commands, refer to the CLI Reference
Guide.
By default, access to the device's CLI through Telnet and SSH is disabled. This section
describes how to enable these protocols.
7.1.1 Enabling Telnet for CLI
The following procedure describes how to enable Telnet. You can enable a secured Telnet
that uses Secure Socket Layer (SSL) where information is not transmitted in clear text. If
SSL is used, a special Telnet client is required on your PC to connect to the Telnet
interface over a secured connection; examples include C-Kermit for UNIX and Kermit-95
for Windows.
For security, some organizations require the display of a proprietary notice upon starting a
Telnet session. To configure such a message, see ''Creating a Login Welcome Message''
on page 61.
To enable Telnet:
1. Open the CLI Settings page (Setup menu > Administration tab > Web & CLI folder >
CLI Settings).
2. Configure the following parameters:
• 'Embedded Telnet Server': Select Enable Unsecured or Enable Secured (i.e,
SSL) to enable Telnet.
• 'Telnet Server TCP Port': Enter the port number of the em bedded Telnet server.
Version 7.2 81 Mediant 4000 SBC
Page 82
Mediant 4000 SBC
• 'Telnet Server Idle Timeout': Enter the duration of ina ct i vity in the Telnet session
after which the session automatically ends.
3. Click Apply, and then reset the device with a save-to-flash for your settings to take
effect.
For a detailed description of the Telnet parameters, see ''Telnet Parameters'' on page 809.
7.1.2 Enabling SSH with RSA Public Key for CLI
Unless configured for TLS, Telnet is not secure as it requires passwords to be transmitted
in clear text. To overcome this, you can use Secure SHell (SSH) which is the de-facto
standard for secure CLI. SSH 2.0 is a protocol built above TCP providing methods for key
exchange, authentication, encryption, and authorization. SSH requires appropriate client
software for the management PC. Most Linux distributions have OpenSSH pre-installed;
Windows-based PCs require an SSH client software such as PuTTY, which can be
downloaded from http://www.chiark.greenend.org.uk/~sgtatham/putty/. By default, SSH
uses the same username and password as the device's Telnet and Web server. SSH
supports 1024/2048-bit RSA public keys, providi ng carrier-grade security.
Follow the instructions below to configure the device with an administrator RSA key as a
means of strong authentication.
To enable SSH and configure RSA public keys for Windows (using PuTTY SSH
software):
1. Start the PuTTY Key Generator program, and then do the following:
a. Under the 'Parameters' group, do the following:
♦ Select the SSH-2 RSA option.
♦ In the 'Number of bits in a generated key' field, enter "1024" bits.
b. Under the 'Actions' group, click Generate and then follow the on-screen
instructions.
c. Under the 'Actions' group, click Save private key to save the new private key to a
file (*.ppk) on your PC.
d. Under the 'Key' group, select the displayed encoded text (pubic key) between
"ssh-rsa" and "rsa-key-….", as shown in the example below:
Figure 7-1: Selecting Public RSA Key in PuTTY
2. You can use the public key per management user or for all management users:
User's Manual 82 Document #: LTRT-40203
Page 83
User's Manual 7. CLI-Based Management
• Per user: Open the Local Users table (see Configuring Management User
Accounts on page 69), and then for the required user, paste the public key that
you copied in Step 1.d into the 'SSH Public Key' fiel d, as shown below:
Figure 7-2: Pasting Public RSA Key per User in Local Users Table
• For all users: Open the CLI Settings page (Setup menu > Administration tab >
Web & CLI folder > CLI Settings), and then paste the public key that you copied
in Step 1.d into the 'Admin Key' field, as shown below:
Figure 7-3: Pasting Public RSA Key in 'Admin Key' Field
3. On the CLI Settings page, do the following:
a. From the 'Enable SSH Server' drop-down list, select Enable.
b. For additional security, you can configure the 'Req ui re Public Key' field to Enable.
This ensures that SSH access is only possible by using the RSA key and not by
username and password.
c. Configure the other SSH parameters as required. For a description of these
parameters, see SSH Parameters on page 845.
d. Click Apply.
4. Start the PuTTY Configuration program, and then do the following:
a. In the 'Category' tree, drill down to Connection, then SSH, and then Auth; the
'Options controlling SSH authentication' pane appears.
b. Under the 'Authentication parameters' group, click Browse and then locate the
private key file that you created and saved in Step 4.
5. Connect to the device with SSH using the username "Admin"; RSA key negotiation
Version 7.2 83 Mediant 4000 SBC
Page 84
Mediant 4000 SBC
occurs automatically and no password is required.
To configure RSA public keys for Linux (using OpenSSH 4.3):
1. Run the following command to create a new key in the admin.key file and to save the
public portion to the admin.key.pub file:
ssh-keygen -f admin.key -N "" -b 1024
2. Open the admin.key.pub file, and then copy the encoded string from "ssh-rsa" to the
white space.
3. You can use the public key per management user or for all users:
• Per user: Open the Local Users table (see Configuring Management User
Accounts on page 69), and then for the required user, paste the public key that
you copied in Step 2 into the 'SSH Public Key' field.
• For all users: Open the CLI Settings page, and then paste the public key that you
copied in Step 2 into the 'Admin Key' field.
4. Connect to the device with SSH, using the following command (where xx.xx.xx.xx is
the device's IP address):
ssh -i admin.key xx.xx.xx.xx
RSA-key negotiation occurs automatically and no pas sword is required.
7.2 Configuring Maximum Telnet/SSH Sessions
You can configure the maximum number of concurrent Telnet and SSH sessions (up to
five) permitted on the device.
Note: Before changing the setting, make sure that not more than the number of
sessions that you want to configure are currently active; otherwise, the new setting
will not take effect.
To configure the maximum number of concurrent Telnet and SSH sessions:
1. Open the CLI Settings page (Setup menu > Administration tab > Web & CLI folder >
CLI Settings).
2. For Telnet: Under the Telnet group, in the 'Maximum Telnet Sessions' field, enter the
maximum number of concurrent sessions.
3. For SSH: Under the SSH group, in the 'Maximum SSH Sessions' field, enter the
maximum number of concurrent sessions.
4. Click Apply.
7.3 Establishing a CLI Session
You can access the device's CLI using any of the following m ethods:
RS-232: The device can be accessed through its RS-232 serial port, by connecting a
VT100 terminal to it or using a terminal emulation p rogram (e.g., HyperTerminal) with
a PC. For connecting to the CLI through RS-232, see CLI on page
Secure SHell (SSH): The device can be accessed through its Ethernet interface by
the SSH protocol using SSH client software. A popular and freeware SSH client
software is Putty, which can be downloaded from
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
39.
User's Manual 84 Document #: LTRT-40203
Page 85
User's Manual 7. CLI-Based Management
sensitive), respectively. To configure login credentials and
Telnet: The device can be accessed through its Ethernet interface by the Telnet
protocol using Telnet client software.
The following procedure describes how to access the CLI through Telnet/SSH.
Note: The CLI login credentials are the same as all the device's other management
interfaces (such as Web interface). The default username and password is "Admin"
and "Admin" (casemanagement user accounts, see ''Configuring Management User Accounts'' on page
69.
To establish a CLI session with the device:
1. Connect the device to the network.
2. Establish a Telnet or SSH session using the device's OAMP IP address.
3. Log in to the session using the username and password assigned to the Admin user of
the Web interface:
a. At the Username prompt, type the username, and then press Enter:
Username: Admin
b. At the Password prompt, type the password, and the n press Enter:
Password: Admin
c. At the prompt, type the following, and then press Enter:
> enable
d. At the prompt, type the password again, and then p ress Enter:
Password: Admin
7.4 Viewing Current CLI Sessions
You can view users that are currently logged in to the device's CLI. This applies to users
logged in to the CLI through RS-232 (console), Telnet, or SSH. For each logged-in user,
the following is displayed: the type of interface (console, Telnet, or SSH), username,
remote IP address fr om where the user logged in, and the duration (days and time) of the
session. Each user is displayed with a unique index (session ID).
To view currently logged-in CLI users:
1. Establish a CLI session with the device.
2. Run the following command:
# show users
[0] console Admin local 0d00h03m15s
[1] telnet John 10.4.2.1 0d01h03m47s
[2]* ssh Alex 192.168.121.234 12d00h02m34s
The current session from which this show command was run is displayed with an asterisk
(*).
Note: The device can display management sessions of up to 24 hours. After this
time, the duration counter is reset.
Version 7.2 85 Mediant 4000 SBC
Page 86
Mediant 4000 SBC
7.5 Terminating a User's CLI Session
You can terminate users that are currently logged in to the device's CLI. This applies to
users logged in to the CLI through RS-232 (console), T el net , or SSH.
To terminate the CLI session of a specific CLI user:
1. Establish a CLI session with the device.
2. Run the following command:
# clear user <session ID>
Where <session ID> is a unique identification of eac h currently logged in user. You
can view the session ID by running the sho w users command (see ''Vi ewing Cur rent
CLI Sessions'' on page 85).
Note: The session from which the command is run cannot be terminated.
7.6 Configuring Displayed Output Lines in CLI Terminal Window
You can configure the maximum number of lines (height) displayed in the terminal window
for the output of CLI commands (Telnet and SSH). The number of displayed lines can be
from 0 to 65,535, or determined by re-sizing the terminal window by mouse-dragging the
window's border.
To specify the number of displayed output lines:
1. Establish a CLI session with the device.
2. Access the System menu:
# configure system
3. At the prompt, type the following command:
(config-system)# cli-terminal
4. At the prompt, type the following command:
<cli-terminal># window-height [0-65535]
If window-height is set to 0, the entire command output is displayed. In other words,
even if the output extends beyond the visible termi nal window length, the --MORE-prompt is not displayed.
To configure the number of displayed output lines by dragging terminal
window:
1. Establish a CLI session with the device.
2. Access the System menu:
# configure system
3. At the prompt, type the following command:
(config-system)# cli-terminal
4. At the prompt, type the following command:
<cli-terminal># window-height automatic
When this mode is configured, each time you change the height of the terminal window
using your mouse (i.e., dragging one of the window's borders or corners), the number of
displayed output command lines is changed accordingly.
User's Manual 86 Document #: LTRT-40203
Page 87
User's Manual 8. SNMP-Based Management
8 SNMP-Based Management
The device provides an embedded SNMP agent that lets you manage it using AudioCodes
One Voice Operations Center (OVOC) or a third-party SNMP manager. The SNMP agent
supports standard and proprietary Management Information Base (MIBs). All supported
MIB files are supplied to customers as part of the release. The SNMP agent can send
unsolicited SNMP trap events to the SNMP manager.
Note:
• By default, SNMP-based management is enabled.
• For more information on the device's SNMP support s uch as SNMP trap alarms
8.1 Disabling SNMP
By default, SNMP is enabled. You can disable SNMP as described in the following
procedure.
and events, refer to the SNMP Reference Guide.
• For more information on AudioCodes OVOC, refer to the OVOC User's Manual.
To disable SNMP:
1. Open the SNMP Community Settings page (Setup menu > Administration tab >
SNMP folder > SNMP Community Settings).
2. From the 'Disable SNMP' drop-down list (DisableSNMP parameter), select Yes:
3. Click Apply.
8.2 Configuring SNMP Community Strings
SNMP community strings determine the access privileges (read-only and read-write) of
SNMP clients with the device's SNMP agent. You can configure up to five read-only SNMP
community strings and up to five read-write SNMP community strings. The device's SNMP
agent accepts SNMP Get (read-only) and Set (read-write) requests only if the correct
community string is used in the request.
You can also configure a unique password-like community string used for sending SNMP
traps. The device sends the traps with the community string.
Note:
• SNMP community strings are applicable only t o S NM P v1 and SNMPv2c; SNMPv3
uses username-password authentication along with an encryption key (see
Version 7.2 87 Mediant 4000 SBC
''Configuring SNMP V3 Users'' on page 92).
• You can enhance security by configuring Trusted Managers (see ''Configuring
SNMP Trusted Managers'' on page 91). A Trusted Manager is an IP addre ss from
which the SNMP agent accepts Get and Set requests.
Page 88
Mediant 4000 SBC
For detailed descriptions of the SNMP parameter s, see ''SNMP Parameters'' on page 810.
To configure SNMP community strings:
1. Open the SNMP Community Settings page (Setup menu > Administration tab >
SNMP folder > SNMP Community Settings).
2. Configure SNMP community strings for access privileges:
• Under the Read Only Community Strings group, configure read -only
community strings (see the table below).
• Under the Read/Write Community Strings group, configure read-write
community strings (see the table below).
3. Configure a community string for SNMP traps: Under the Misc. Settings group, in the
'Trap Community String' field, configure a community string (see the table below).
Figure 8-1: Configuring SNMP Trap Community String
4. Click Apply, and then reset the device with a save-to-flash for your settings to take
effect.
To delete a community string, delete the configured string, click Apply., and then reset the
device with a save-to-flash for your settings to take effect.
Table 8-1: SNMP Community String Parameter Descriptions
Parameter Description
User's Manual 88 Document #: LTRT-40203
Page 89
User's Manual 8. SNMP-Based Management
Parameter Description
Read Only Community Strings
configure system > snmp settings >
ro-community-string
[SNMPReadOnlyCommunityString_x]
Read/Write Community Strings
configure system > snmp settings >
rw-community-string
[SNMPReadWriteCommunityString_x]
Trap Community String
configure system > snmp trap >
community-string
[SNMPTrapCommunityString]
Defines read-only SNMP community strings. Up to five readonly community strings can be configured.
The valid value is a string of up to 30 characters that can
include only the following:
Upper- and lower-case letters (a to z, and A to Z)
Numbers (0 to 9)
Hyphen (-)
Underline (_)
For example, "Public-comm_string1".
The default is "public".
Defines read-write SNMP community strings. Up to five readwrite community strings can be configured.
The valid value is a string of up to 30 characters that can
include only the following:
Upper- and lower-case letters (a to z, and A to Z)
Numbers (0 to 9)
Hyphen (-)
Underline (_)
For example, "Private-comm_string1".
The default is "private".
Defines the community string for SNMP traps.
The valid value is a string of up to 30 characters that can
include only the following:
Upper- and lower-case letters (a to z, and A to Z)
Numbers (0 to 9)
Hyphen (-)
Underline (_)
For example, "Trap-comm_string1".
The default is "trapuser".
8.3 Configuring SNMP Trap Destinations with IP Addresses
The SNMP Trap Destinations table lets you to configure up to five SNMP trap managers to
receive traps sent by the device. The SNMP manager is defined by IP address and port.
You can associate a trap destination with SNMPv2 users and specific SNMPv3 users.
Associating a trap destination with SNMPv3 users sends encrypted and authenticated
traps to the SNMPv3 destination. By default, t raps are sent unencrypted using SNMPv2.
The following procedure describes how to configure SNMP trap destinations through the
Web interface. You can also configure it through ini file (SNMPManager) or CLI (configure
system > snmp trap-destination).
Version 7.2 89 Mediant 4000 SBC
Page 90
Mediant 4000 SBC
Enables the SNMP manager to receive traps and checks the
[1]
To configure SNMP trap destinations:
1. Open the SNMP Trap Destinations table (Setup menu > Administration tab > SNMP
folder > SNMP Trap Destinations).
Figure 8-2: SNMP Trap Destinations Table
2. Configure the SNMP trap manager according to the table below.
3. Select the check boxes corresponding to the configured SNMP managers that you
want to enable.
4. Click Apply.
Note:
• Rows whose corresponding check boxes are cleare d revert to default settings
when you click Apply.
• To enable the sending of the trap event,
acPerformanceMonitoringThresholdCrossing, which is sent every time a threshold
(high or low) of a performance monitored SNMP object is crossed, configure the
ini file parameter PM_EnableThresholdAlarms to 1.
• Instead of configuring SNMP trap managers with an IP address in dotted-decimal
notation, you can configure a single SNMP trap manager with an FQDN (see
''Configuring an SNMP Trap Destination with FQDN'' on page 91.
Table 8-2: SNMP Trap Destinations Table Parameters Description
Parameter Description
(check box)
[SNMPManagerIsUsed_x]
IP Address
[SNMPManagerTableIP_x]
Trap Port
[SNMPManagerTrapPort_x]
Trap User
[SNMPManagerTrapUser]
validity of the configured destination (IP address and port
number).
[0] (check box cleared) = (Default) Disables SNMP
manager
(check box selected) = Enables SNMP manage r
Defines the IP address (in dotted-decimal notation, e.g.,
108.10.1.255) of the remote host used as the SNMP
manager. The device sends SNMP traps to this IP address.
Defines the port number of the remote SNMP mana ger. The
device sends SNMP traps to this port.
The valid value range is 100 to 4000. The default is 162.
Associates a trap user with the trap destination. T hi s
determines the trap format, authentication level, and
encryption level.
v2cParams (default) = SNMPv2 user community string
SNMPv3 user configured in ''Configuring SNMP V3
Users'' on page 92
User's Manual 90 Document #: LTRT-40203
Page 91
User's Manual 8. SNMP-Based Management
[1]
Parameter Description
Trap Enable
[SNMPManagerTrapSendingEnable_x]
Activates the sending of traps to the SNMP Manager.
[0] Disable
Enable (Default)
8.4 Configuring an SNMP Trap Destination with FQDN
Instead of configuring SNMP trap destinations (managers) with IP addresses in dotteddecimal notation in the SNMP Trap Destinations table (see ''Configuring SNMP Trap
Destination with IP Addresses'' on page 89), you can configure a single SNMP trap
manager with an FQDN (e.g., mngr.corp.mycompany.com). The device sends the traps to
the DNS-resolved IP address. The resolved IP address replaces the IP address of the last
row (SNMP Manager 5) in the SNMP Trap Destinations table (and the last trap manager
entry in the snmpTargetAddrTable in the snmpTargetMIB).
Note: If you configure an FQDN for an SNMP trap manager:
• The device ignores your configuration in the SNMP Trap Destinations table.
• Only one SNMP trap manager can be configured.
To configure an SNMP trap destination with an FQDN:
1. Open the SNMP Community Settings page (Setup menu > Administration tab >
SNMP folder > SNMP Community Settings).
2. Under the Misc. Settings group, in the 'Trap Manager Host Name' field
(SNMPTrapManagerHostName parameter), enter the FQDN.
3. Click Apply.
8.5 Configuring SNMP Trusted Managers
The SNMP Trusted Managers table lets you configure up to five SNMP Trusted Managers.
By default, the SNMP agent accepts SNMP Get and Set requests from any IP address as
long as the correct community string is used in the request (see ''Configuring SNMP
Community Strings'' on page 87). You can enhance security by configuring Trusted
Managers, which is an IP address from which the device's SNMP agent accepts and
processes SNMP requests. If no SNMP Trusted Manager is configured, any SNMP
manager can access the device (as long as the community string is correct).
The following procedure describes how to configure SNMP Trusted Managers through the
Web interface. You can also configure it through ini file (SNMPTrustedMgr_x) or CLI
(configure system > snmp settings > trusted-managers).
Version 7.2 91 Mediant 4000 SBC
Page 92
Mediant 4000 SBC
), the trap destination
To configure SNMP Trusted Managers:
1. Open the SNMP Trusted Managers table (Setup menu > Administration tab > SNMP
folder > SNMP Trusted Managers).
Figure 8-3: SNMP Trusted Managers Table
2. Configure an IP address (in dotted-decimal notation) for one or more SNMP Trusted
Managers.
3. Select the check boxes corresponding to the configured SNMP Trusted Managers that
you want to enable.
4. Click Apply, and then reset the device with a save-to-flash for your settings to take
effect.
8.6 Enabling SNMP Traps for Web Activity
You can enable the device to send SNMP traps to notify of management users' activities in
the Web interface. A trap is sent each time an activity is done by a user. To configure the
types of Web activities that you want reported, see ''Configuring Reporting of Management
User Activities'' on page 771.
To enable traps to SNMP manager for Web activity:
1. Open the SNMP Community Settings page (Setup menu > Administration tab >
SNMP folder > SNMP Community Settings).
2. Under the Misc. Settings group, from the 'Activity Trap' drop-down list
(EnableActivityTrap), select Enable.
Figure 8-4: Enabling Trap for Web User Activities
3. Click Apply.
8.7 Configuring SNMP V3 Users
The SNMPv3 Users table lets you configure up to 10 SNMP v3 users for authentication
and privacy.
The following procedure describes how to configure SNMP v3 users through the Web
interface. You can also configure it through ini file (SNMPUsers) or CLI (configure system >
snmp v3-users).
Note: If you delete a user that is associated with a trap destination (see ''Configuring
SNMP Trap Destinations with IP Addresses'' on page 89
becomes disabled and the trap user reverts to default (i.e., SNMPv2).
User's Manual 92 Document #: LTRT-40203
Page 93
User's Manual 8. SNMP-Based Management
[2]
Authentication key. Keys can be entered in the form of a t ext password
To configure an SNMP v3 user:
1. Open the SNMPv3 Users table (Setup menu > Administration tab > SNMP folder >
SNMP V3 Users).
2. Click New; the following dialog box appears:
Figure 8-5: SNMPv3 Users Table - Dialog Box
3. Configure the SNMP V3 parameters according to the table below.
4. Click Apply, and then reset the device with a save-to-flash for your settings to take
effect.
Table 8-3: SNMPv3 Users Table Parameters Description
Parameter Description
Index
[SNMPUsers_Index]
User Name
username
[SNMPUsers_Username]
Authentication Protocol
auth-protocol
[SNMPUsers_AuthProtocol]
Privacy Protocol
priv-protocol
[SNMPUsers_PrivProtocol]
Defines an index number for the new table row.
Note: Each row must be configured with a unique i ndex.
Name of the SNMP v3 user. The name must be unique.
Authentication protocol of the SNMP v3 user.
[0] None (default)
[1] MD5
SHA-1
Privacy protocol of the SNMP v3 user.
[0] None (default)
[1] DES
[2] 3DES
[3] AES-128
[4] AES-192
[5] AES-256
Authentication Key
Version 7.2 93 Mediant 4000 SBC
Page 94
Mediant 4000 SBC
auth-key
or long hex string. Keys are always persisted as long hex strings and
Parameter Description
[SNMPUsers_AuthKey]
Privacy Key
priv-key
[SNMPUsers_PrivKey]
Group
group
[SNMPUsers_Group]
keys are localized.
Privacy key. Keys can be entered in the form of a text pas sw ord or
long hex string. Keys are always persisted as long hex strings and
keys are localized.
The group with which the SNMP v3 user is associated.
[0] Read-Only
[1] Read-Write (default)
[2] Trap
Note: All groups can be used to send traps.
User's Manual 94 Document #: LTRT-40203
Page 95
User's Manual 9. INI File-Based Management
9 INI File-Based Management
You can configure the device through an ini file, which is a text-based file with an *.ini file
extension name, created using any standard text-based editor such as Notepad. Once you
have created an ini file with all your configuration settings, you need to install (load) it to the
device to apply the configuration. For a list of the ini file parameters, see ''Configuration
9.1 INI File Format
9.1.1 Configuring Individual ini File Parameters
Parameters Reference'' on page 803.
There are two types of ini file parameters:
Individual parameters - see ''Configuring Individual ini File Parameters'' on page 95
Table parameters - see ''Configuring Table ini File Parameters'' on page 95
The syntax for configuring individual ini file param eters in the ini file is as follows:
An optional, subsection name (or group name) enclosed in square brackets "[...]". This
is used to conveniently group similar parameters by their functionality.
Parameter name, followed by an equal "=" sign and then its value.
Comments must be preceded by a semicolon ";".
[optional subsection name]
parameter name = value
parameter name = value
; this is a comment line
; for example:
[System Parameters]
SyslogServerIP = 10.13.2.69
EnableSyslog = 1
For general ini file formatting rules, see ''General ini Fil e F ormatting Rules'' on page 97.
9.1.2 Configuring Table ini File Parameters
Table ini file parameters allow you to configure tables, which include multiple parameters
(columns) and row entries (indices). The table ini file parameter is composed of the
following elements:
Table title: The name of the table in square brackets, e.g., [MY_TABLE_NAME].
Format line: Specifies the columns of the table (by their string names) that are to be
configured.
• The first word of the Format line must be "FORMAT", followed by the Index field
name and then an equal "=" sign. After the equal sign, the names of the columns
are listed.
• Columns must be separated by a comma ",".
• The Format line must only include columns that can be modified (i.e., parameters
that are not specified as read-only). An exception i s I ndex fields, which are
mandatory.
• The Format line must end with a semicolon ";".
Data line(s): Contain the actual values of the columns (paramet ers). The values are
interpreted according to the Format line.
Version 7.2 95 Mediant 4000 SBC
Page 96
Mediant 4000 SBC
• The first word of the Data line must be the table’s string name followed by the
Index field.
• Columns must be separated by a comma ",".
• A Data line must end with a semicolon ";".
End-of-Table Mark: Indicates the end of the table. The same string used for the
table’s title, preceded by a backslash "\", e.g., [\MY_TABLE_NAME].
The following displays an example of the structure of a table ini file parameter:
[Table_Title]
; This is the title of the table.
FORMAT Index = Column_Name1, Column_Name2, Column_Name3;
; This is the Format line.
Index 0 = value1, value2, value3;
Index 1 = value1, $$, value3;
; These are the Data lines.
[\Table_Title]
; This is the end-of-the-table-mark.
The table ini file parameter formatting rules are listed bel ow:
Indices (in both the Format and the Data lines) must appear in the same order. The
Index field must never be omitted.
The Format line can include a subset of the configurable fields in a table. In this case,
all other fields are assigned with the pre-defined default values for each configured
line.
The order of the fields in the Format line isn’t significant (as opposed to the I ndex
fields). The fields in the Data lines are interpreted according to the order specified in
the Format line.
The double dollar sign ($$) in a Data line indicates the default value for the param eter.
The order of the Data lines is insignificant.
Data lines must match the Format line, i.e., it must contain exactly the same number
of Indices and Data fields and must be in exactly the same order.
A row in a table is identified by its table name and Index field. Each such row may
appear only once in the ini file.
Table dependencies: Certain tables may depend on other tables. For exampl e, one
table may include a field that specifies an entry in another table. This method is used
to specify additional attributes of an entity, or t o spec ify that a given entity is part of a
larger entity. The tables must appear in the order of their dependency (i.e., if Table X
is referred to by Table Y, Table X must appear in the ini fi le bef ore Table Y).
The table below displays an example of a table ini file parameter:
[ CodersGroup0 ]
FORMAT CodersGroup0_Index = CodersGroup0_Name, CodersGroup0_pTime,
CodersGroup0_rate, CodersGroup0_PayloadType, CodersGroup0_Sce,
CodersGroup0_CoderSpecific;
CodersGroup0 0 = g711Alaw64k, 20, 0, 255, 0, 0;
CodersGroup0 1 = eg711Ulaw, 10, 0, 71, 0, 0;
[ \CodersGroup0 ]
Note: Do not include read-only parameters in the table ini file parameter as this can
cause an error when attempting to load the file to t he device.
User's Manual 96 Document #: LTRT-40203
Page 97
User's Manual 9. INI File-Based Management
9.1.3 General ini File Formatting Rules
The ini file must adhere to the following formatting rul es:
The ini file name must not include hyphens "-" or spaces; if necessary, use an
underscore "_" instead.
Lines beginning with a semi-colon ";" are ignored. These can be used for addi ng
remarks in the ini file.
A carriage return (i.e., Enter) must be done at the end of each line.
The number of spaces before and after the equals sign "=" is irrelevant.
Subsection names for grouping parameters are optional.
If there is a syntax error in the parameter name, the value is ignored.
Syntax errors in the parameter's value can cause unexpected errors (paramet ers may
be set to the incorrect values).
Parameter string values that denote file names (e.g., CallProgressTone sFil eName)
must be enclosed with inverted commas, e.g., Call P rogressTonesFileName =
'cpt_usa.dat'.
The parameter name is not case-sensitive.
The parameter value is not case-sensitive, except for coder names.
The ini file must end with at least one carriage return.
9.2 Configuring an ini File
There are different methods that you can use for configuring an ini file before you load it to
the device.
Modifying the device's current ini file: This method is recommended if you mainly need
to change the settings of parameters that you have previ ously configured.
1. Save the device's current configuration as an ini file on your computer, using the
Web interface (see ''Saving Configuration'' on page 624).
2. Open the file using a text file editor, and then modify the ini file as required.
3. Save and close the file.
4. Load the file to the device.
Creating a new ini file that includes only updated configuration:
1. Open a text file editor such as Notepad.
2. Add only the required parameters and their settings.
3. Save the file with the ini file extension name (e.g., myconfiguration.ini).
4. Load the file to the device.
For loading ini files to the device, see ''Loading an ini F i le t o t he Device'' on page 98.
Note:
• If you save an ini file from the device and a table row is configured with invalid
values, the ini file displays the row prefixed with an exclamation mark (!), for
example:
!CpMediaRealm 1 = "ITSP", "Voice", "", 60210, 2, 6030, 0, "",
"";
• To restore the device to default settings through the i ni file, see ''Restoring Factory
Defaults'' on page 693.
Version 7.2 97 Mediant 4000 SBC
Page 98
Mediant 4000 SBC
9.3 Loading an ini File to the Device
You can load an ini file to the device using the following methods:
CLI:
• Voice Configuration: # copy voice-configuration f rom <URL>
Web interface:
• Auxiliary Files page (see ''Loading Auxiliary Files'' on page 627): The device
updates its configuration according to the loaded ini file while preserving the
remaining current configuration.
• Configuration File page (see ''Configuration File'' on page 659): The device
updates its configuration according to the loaded ini file and applies default
values to parameters that were not included in the loaded ini file.
When you load an ini file to the device, its configuration settings are saved to the device's
non-volatile memory.
Note: Before you load an ini file to the device, make sure that the file extension
name is *.ini.
9.4 Secured Encoded ini File
The ini file contains sensitive information that is required for the functioning of the device.
The file may be loaded to the device using HTTP. These protocols are not secure and are
vulnerable to potential hackers. To overcome this security threat, the AudioCodes
DConvert utility allows you to binary-encode (encrypt) the ini file before loading it to the
device. For more information, refer to the DCo nvert Utility User's Guide.
Note: If you save an ini file from the device to a folder on your PC, an ini file that was
loaded to the device encoded is saved as a regular ini file (i.e. , unencoded).
9.5 Configuring Password Display in ini File
Passwords can be displayed in the ini file in one of the following formats, configured by the
INIPasswordsDisplayType ini file parameter:
Obscured: The password characters are concealed and displayed as encoded. The
password is displayed using the syntax, $1$<obscured password>, for example,
$1$S3p+fno=.
Hidden: the password is replaced with an asterisk (*).
When you save an ini file from the device to a PC, the passwords are displayed according
to the enabled format. When you load an ini file to the device, obscured passwords are
parsed and applied to the device; hidden passwords are ignored.
By default, the enabled format is obscured passwords, thus enabling their full recovery in
case of configuration restore or copy to another devic e.
User's Manual 98 Document #: LTRT-40203
Page 99
User's Manual 9. INI File-Based Management
When obscured password mode is enabled, you can enter a password in the ini file using
any of the following formats:
$1$<obscured password>: Password in obscured format as generat ed by the device;
useful for restoring device configuration and copying configuration from one device to
another.
$0$<plain text>: Password can be entered in plain text; useful for configuring a new
password. When the ini file is loaded to the devi ce and then later saved from the
device to a PC, the password is displayed obscured (i .e., $1$<obscured password>).
Version 7.2 99 Mediant 4000 SBC
Page 100
Mediant 4000 SBC
9.6 INI Viewer and Editor Utility
AudioCodes INI Viewer & Editor utility provides a user-friendly graphical user interface
(GUI) that lets you easily view and modify the device's ini file. This utility is available from
AudioCodes Web site at www.AudioCodes.com/downloads, and can be installed on any
Windows-based PC.
For more information, refer to the INI Viewer & Editor User's Guide.
User's Manual 100 Document #: LTRT-40203
Loading...