Page 1
User's Manual
Version 6.8
Mediant™ 800B MSBR
Multi-Service Business Router
Session Border Controller
September 2014
Document # LTRT-12813
Page 2
Page 3
User's Manual Contents
Table of Contents
1 Overview ............................................................................................................ 23
2 Introduction ....................................................................................................... 27
3 Default OAMP IP Address ................................................................................. 29
4 Configuring VoIP LAN Interface for OAMP ..................................................... 31
4.1 Web Interface ......................................................................................................... 31
4.2 CLI .......................................................................................................................... 33
5 Configuring Data-Router's LAN and WAN ...................................................... 35
5.1 Configuring Data-Router's LAN Interface ............................................................... 35
5.2 Configuring the Device's DHCP Server ................................................................. 36
5.3 Configuring the WAN Interface .............................................................................. 36
6 Enabling Remote Management from WAN ...................................................... 39
6.1 Remote Web-based (HTTP/S) Management ......................................................... 39
6.2 Remote Telnet-based Management ....................................................................... 40
7 Introduction ....................................................................................................... 43
8 Web-Based Management .................................................................................. 45
8.1 Getting Acquainted with the Web Interface ............................................................ 45
8.1.1 Computer Requirements .......................................................................................... 45
8.1.2 Accessing the Web Interface ................................................................................... 46
8.1.3 Areas of the GUI ...................................................................................................... 47
8.1.4 Toolbar Description .................................................................................................. 48
8.1.5 Navigation Tree ....................................................................................................... 48
8.1.5.1 Displaying Navigation Tree in Basic and Full Vi ew ..................................49
8.1.5.2 Showing / Hiding the Navigation Pane .....................................................50
8.1.6 Working with Configuration Pages .......................................................................... 51
8.1.6.1 Accessing Pages ......................................................................................51
8.1.6.2 Viewing Parameters .................................................................................51
8.1.6.3 Modifying and Saving Parameters ...........................................................53
8.1.6.4 Working with Tables .................................................................................54
8.1.7 Searching for Configuration Parameters ................................................................. 55
8.1.8 Creating a Login Welcome Message ....................................................................... 57
8.1.9 Getting Help ............................................................................................................. 58
8.1.10 Logging Off the Web Interface ................................................................................. 59
8.2 Viewing the Home Page ......................................................................................... 60
8.2.1 Assigning a Port Name ............................................................................................ 63
8.3 Configuring Web User Accounts ............................................................................ 64
8.3.1 Basic User Accounts Configuration ......................................................................... 65
8.3.2 Advanced User Accounts Configuration .................................................................. 67
8.4 Displaying Login Information upon Login ............................................................... 70
8.5 Configuring Web Security Settings ........................................................................ 71
8.6 Limiting OAMP Access to a Specific WAN Interface .............................................. 72
8.7 Web Login Authentication using Smart Cards ....................................................... 72
8.8 Configuring Web and Telnet Access List ............................................................... 73
9 CLI-Based Management .................................................................................... 75
9.1 Getting Familiar with CLI ........................................................................................ 75
Version 6.8 3 Mediant 800B MSBR
Page 4
Mediant 800B MSBR
9.1.1 Understanding Configuration Modes ....................................................................... 75
9.1.2 Using CLI Shortcuts ................................................................................................. 76
9.1.3 Common CLI Commands ........................................................................................ 77
9.1.4 Configuring Tables in CLI ........................................................................................ 78
9.1.5 Understanding CLI Error Messages ........................................................................ 79
9.2 Enabling CLI ........................................................................................................... 79
9.2.1 Enabling Telnet for CLI ............................................................................................ 79
9.2.2 Enabling SSH with RSA Public Key for CLI ............................................................. 80
9.3 Establishing a CLI Session .................................................................................... 82
9.4 Configuring Maximum Telnet/SSH Sessions ......................................................... 82
9.5 Viewing Current CLI Sessions ............................................................................... 83
9.6 Terminating a User's CLI Session .......................................................................... 83
9.7 Configuring Displayed Output Lines in CLI Terminal Window ............................... 84
9.8 Configuring TACACS+ for CLI Login ..................................................................... 84
10 SNMP-Based Management ............................................................................... 87
10.1 Enabling SNMP and Configuring SNMP Community Strings ................................. 87
10.2 Configuring SNMP Trap Destinations .................................................................... 89
10.3 Configuring SNMP Trusted Managers ................................................................... 90
10.4 Configuring SNMP V3 Users .................................................................................. 91
11 TR-069 Based Management .............................................................................. 93
11.1 TR-069 ................................................................................................................... 93
11.2 TR-104 ................................................................................................................... 98
11.3 Configuring TR-069 ................................................................................................ 99
12 INI File-Based Management ............................................................................ 101
12.1 INI File Format .....................................................................................................
12.1.1 Configuring Individual ini File Parameters .............................................................101
12.1.2 Configuring Table ini File Parameters ...................................................................101
12.1.3 General ini File Formatting Rules ..........................................................................103
12.2 Configuring an ini File .......................................................................................... 103
12.3 Loading an ini File to the Device .......................................................................... 104
12.4 Secured Encoded ini File ..................................................................................... 104
12.5 Configuring Password Display in ini File .............................................................. 105
12.6 INI Viewer and Editor Utility ................................................................................. 106
101
13 Configuring SSL/TLS Certificates .................................................................. 109
13.1 Configuring TLS Certificate Contexts ................................................................... 109
13.2 Assigning CSR-based Certificates to TLS Contexts ............................................ 113
13.3 Assigning Externally Created Private Keys to TLS Contexts ............................... 114
13.4 Generating Private Keys for TLS Contexts .......................................................... 115
13.5 Creating Self-Signed Certificates for TLS Contexts ............................................. 116
13.6 Importing Certificates and Certificate Chain into Trusted Certificate Store .......... 117
13.7 Configuring Mutual TLS Authentication ................................................................ 118
13.7.1 TLS for SIP Clients ................................................................................................118
13.7.2 TLS for Remote Device Management ...................................................................119
13.8 Configuring TLS Server Certificate Expiry Check ................................................ 120
14 Date and Time .................................................................................................. 121
14.1 Configuring Date and Time Manually ................................................................... 121
User's Manual 4 Document #: LTRT-12813
Page 5
User's Manual Contents
14.2 Configuring Automatic Date and Time using SNTP ............................................. 121
14.3 Configuring Daylight Saving Time ........................................................................ 123
15 Configuring Power over Ethernet .................................................................. 125
16 Network ............................................................................................................ 129
16.1 Configuring Underlying Ethernet Devices ............................................................ 129
16.2 Configuring IP Network Interfaces ....................................................................... 130
16.2.1 Assigning NTP Services to Application Types ......................................................135
16.2.2 Multiple Interface Table Configuration S um m ary and Guidelines .........................135
16.2.3 Networking Configuration Examples .....................................................................136
16.2.3.1 One VoIP Interface for All Applications ................................................. 136
16.2.3.2 VoIP Interface per Application Type ...................................................... 136
16.2.3.3 VoIP Interfaces for Combined Application T ypes ................................. 137
16.2.3.4 VoIP Interfaces with Multiple Default Gateways ................................... 138
16.3 Configuring Static IP Routes ................................................................................ 139
16.3.1 Configuration Example of Static IP Routes ...........................................................140
16.3.2 Troubleshooting the Routing Table .......................................................................141
16.4 Configuring Quality of Service .............................................................................. 142
16.5 DNS ...................................................................................................................... 144
16.5.1 Configuring the Internal DNS Table .......................................................................144
16.5.2 Configuring the Internal SRV Table .......................................................................145
16.6 Open Solution Network (OSN) Server ................................................................. 147
16.6.1 Configuring Native VLAN for OSN Server .............................................................147
16.6.2 Disabling Internal Switch Port for OSN ..................................................................148
16.7 Configuring NFS Settings ..................................................................................... 148
16.8 Network Address Translation Support ................................................................. 149
16.8.1 Device Located behind NAT ..................................................................................150
16.8.1.1 Configuring a Static NAT IP Address for All Interfaces ......................... 151
16.8.1.2 Configuring NAT Translation per IP Interface ....................................... 151
16.8.2 Remote UA behind NAT ........................................................................................153
16.8.2.1 SIP Signaling Messages ....................................................................... 153
16.8.2.2 Media (RTP/RTCP/T.38) ....................................................................... 153
16.9 Robust Receipt of Media Streams by Media Latching ......................................... 156
16.10 Multiple Routers Support ...................................................................................... 158
17 Security ............................................................................................................ 159
17.1 Configuring Firewall Settings ............................................................................... 159
17.2 Configuring General Security Settings ................................................................. 163
17.3 Intrusion Detection System .................................................................................. 164
17.3.1 Enabling IDS ..........................................................................................................165
17.3.2 Configuring IDS Policies ........................................................................................165
17.3.3 Assigning IDS Policies ...........................................................................................169
17.3.4 Viewing IDS Alarms ...............................................................................................171
18 Media ................................................................................................................ 173
18.1 Configuring Voice Settings ................................................................................... 173
18.1.1 Configuring Voice Gain (Volume) Control .............................................................173
18.1.2 Silence Suppression (Compression) .....................................................................174
18.1.3 Echo Cancellation ..................................................................................................174
18.2 Fax and Modem Capabilities ................................................................................ 176
18.2.1 Fax/Modem Operating Modes ...............................................................................177
18.2.2 Fax/Modem Transport Modes ...............................................................................177
Version 6.8 5 Mediant 800B MSBR
Page 6
Mediant 800B MSBR
18.2.2.1 T.38 Fax Relay Mode ............................................................................ 177
18.2.2.2 G.711 Fax / Modem Transport Mode .................................................... 180
18.2.2.3 Fax Fallback .......................................................................................... 180
18.2.2.4 Fax/Modem Bypass Mode .................................................................... 181
18.2.2.5 Fax / Modem NSE Mode ....................................................................... 182
18.2.2.6 Fax / Modem Transparent with Events Mode ....................................... 183
18.2.2.7 Fax / Modem Transparent Mode ........................................................... 183
18.2.2.8 RFC 2833 ANS Report upon Fax/Modem Detection ............................ 184
18.2.3 V.34 Fax Support ...................................................................................................184
18.2.3.1 Bypass Mechanism for V.34 Fax Transmission .................................... 185
18.2.3.2 Relay Mode for T.30 and V.34 Faxes ................................................... 186
18.2.3.3 V.34 Fax Relay for SG3 Fax Machines ................................................. 186
18.2.4 V.150.1 Modem Relay ...........................................................................................187
18.2.5 Simultaneous Negotiation of Fax (T.38) and Modem (V.150.1) Relay ..................188
18.2.6 V.152 Support ........................................................................................................189
18.2.7 Fax Transmission behind NAT ..............................................................................190
18.3 Configuring RTP/RTCP Settings .......................................................................... 190
18.3.1 Configuring the Dynamic Jitter Buffer ....................................................................190
18.3.2 Comfort Noise Generation .....................................................................................191
18.3.3 Dual-Tone Multi-Frequency Signaling ...................................................................192
18.3.3.1 Configuring DTMF Transport Types ...................................................... 192
18.3.3.2 Configuring RFC 2833 Payload ............................................................ 193
18.3.4 Configuring RTP Base UDP Port ...........................................................................194
18.4 Configuring IP Media Settings .............................................................................. 195
18.4.1 Automatic Gain Control (AGC) ..............................................................................195
18.5 Configuring Various Codec Attributes .................................................................. 196
18.6 Configuring Analog Settings ................................................................................. 196
18.7 Configuring Media (SRTP) Security ..................................................................... 197
19 Services ........................................................................................................... 199
19.1 SIP-based Media Recording ................................................................................ 199
19.1.1 Enabling SIP-based Media Recording ...................................................................202
19.1.2 Configuring SIP Recording Routing Rules ............................................................203
19.1.3 Configuring SIP User Part for SRS ........................................................................204
19.1.4 Interworking SIP-based Media Recording with Third-Party Vendors ....................205
19.1.4.1 Genesys ................................................................................................ 205
19.1.4.2 Avaya UCID ........................................................................................... 205
19.2 RADIUS Authentication ........................................................................................ 206
19.2.1 Setting Up a Third-Party RADIUS Server ..............................................................206
19.2.2 Configuring RADIUS Authentication ......................................................................208
19.2.3 Securing RADIUS Communication ........................................................................209
19.2.4 Authenticating RADIUS in the URL .......................................................................210
19.3 LDAP-based Management and SIP Services ...................................................... 210
19.3.1 Enabling the LDAP Service ...................................................................................212
19.3.2 Enabling LDAP-based Web/CLI User Login Authentication and Authorization.....212
19.3.3 Configuring LDAP Servers.....................................................................................212
19.3.4 Configuring LDAP DNs (Base Paths) per LDAP Server ........................................216
19.3.5 Configuring the LDAP Search Filter Attribute ........................................................217
19.3.6 Configuring Access Level per Management Groups Attributes ............................217
19.3.7 Configuring LDAP Search Methods .......................................................................220
19.3.8 Configuring the Device's LDAP Cache ..................................................................220
19.3.9 Configuring Local Database for Management User Authentication ......................223
19.3.10 LDAP-based Login Authentication Example ..........................................................224
19.3.11 Activ e Di rectory-based Routing for Microsoft Lync ...............................................228
19.3.11.1 Querying the AD and Routing Priority ................................................... 228
19.3.11.2 Configuring AD-Based Routing Rules ................................................... 231
User's Manual 6 Document #: LTRT-12813
Page 7
User's Manual Contents
19.3.11.3 Querying the AD for Calling Name ........................................................ 233
19.4 Least Cost Routing ............................................................................................... 234
19.4.1 Overview ................................................................................................................234
19.4.2 Configuring LCR ....................................................................................................236
19.4.2.1 Enabling the LCR Feature ..................................................................... 236
19.4.2.2 Configuring Cost Groups ....................................................................... 238
19.4.2.3 Configuring Time Bands for Cost Groups ............................................. 239
19.4.2.4 Assigning Cost Groups to Routing Rules .............................................. 240
19.5 Configuring Call Setup Rules ............................................................................... 241
19.5.1 Call Setup Rule Examples .....................................................................................245
20 Quality of Experience ...................................................................................... 247
20.1 Reporting Voice Quality of Experience to SEM .................................................... 247
20.1.1 Configuring the SEM Server ..................................................................................247
20.1.2 Configuring Clock Synchronization between D evice and SEM .............................248
20.1.3 Enabling RTCP XR Reporting to SEM ..................................................................248
20.2 Configuring Quality of Experience Profiles ........................................................... 248
20.3 Configuring Bandwidth Profiles ............................................................................ 252
20.4 Configuring Media Enhancement Profiles ............................................................ 255
21 Control Network .............................................................................................. 259
21.1 Configuring Media Realms ................................................................................... 259
21.2 Configuring Remote Media Subnets .................................................................... 262
21.3 Configuring SRDs ................................................................................................ 264
21.4 Configuring SIP Interfaces ................................................................................... 267
21.5 Configuring IP Groups .......................................................................................... 270
21.6 Configuring Proxy Sets ........................................................................................ 282
21.7 Assign WAN Interface to VoIP Traffic ..................................................................
289
22 SIP Definitions ................................................................................................. 291
22.1 Configuring SIP Parameters ................................................................................ 291
22.2 Configuring Registration Accounts ....................................................................... 291
22.2.1 Regular Registration Mode ....................................................................................294
22.2.2 Single Registration for Multiple Phone Numbers using GIN ..................................294
22.3 Configuring Proxy and Registration Parameters .................................................. 296
22.3.1 SIP Message Authentication Example ..................................................................297
22.4 Configuring SIP Message Manipulation ............................................................... 299
22.5 Configuring SIP Message Policy Rules ................................................................ 304
23 Coders and Profiles ........................................................................................ 307
23.1 Configuring Default Coders .................................................................................. 307
23.2 Configuring Coder Groups ................................................................................... 310
23.3 Configuring Tel Profile .......................................................................................... 311
23.4 Configuring IP Profiles ......................................................................................... 314
24 Introduction ..................................................................................................... 345
25 Digital PSTN ..................................................................................................... 347
25.1 Configuring Trunk Settings ................................................................................... 347
25.2 TDM and Timing ................................................................................................... 350
25.2.1 Configuring TDM Bus Settings ..............................................................................350
Version 6.8 7 Mediant 800B MSBR
Page 8
Mediant 800B MSBR
25.2.2 Clock Settings ........................................................................................................350
25.2.2.1 Recovering Clock from PSTN Line Interface ........................................ 351
25.2.2.2 Configuring Internal Clock as Clock Source ......................................... 351
25.3 Configuring CAS State Machines ......................................................................... 352
25.4 Configuring Digital Gateway Parameters ............................................................. 354
25.5 Tunneling Applications ......................................................................................... 355
25.5.1 TDM Tunneling ......................................................................................................355
25.5.1.1 DSP Pattern Detector ............................................................................ 358
25.5.2 QSIG Tunneling .....................................................................................................358
25.6 ISDN Non-Facility Associated Signaling (NFAS) ................................................. 360
25.6.1 NFAS Interface ID ..................................................................................................360
25.6.2 Working with DMS-100 Switches ..........................................................................361
25.6.3 Creating an NFAS-Related Trunk Configuration ...................................................362
25.6.4 Performing Manual D-Channel Switchover in NFAS Group ..................................362
25.7 ISDN Overlap Dialing ........................................................................................... 362
25.7.1 Collecting ISDN Digits and Sending Complete Number in SIP .............................363
25.7.2 Interworking ISDN Overlap Dialing with SIP According to RFC 3578 ...................364
25.8 Redirect Number and Calling Name (Display) ..................................................... 364
26 Trunk Group .................................................................................................... 365
26.1 Configuring Trunk Group Table ............................................................................ 365
26.2 Configuring Hunt Group Settings ......................................................................... 367
27 Manipulation .................................................................................................... 373
27.1 Configuring General Settings ............................................................................... 373
27.2 Configuring Source/Destination Number Manipulation Rules .............................. 373
27.3 Manipulating Number Prefix ................................................................................. 379
27.4 SIP Calling Name Manipulations ..........................................................................
380
27.5 Configuring Redirect Number IP to Tel ................................................................ 383
27.6 Manipulating Redirected and Diverted Numbers for Call Diversion ..................... 387
27.7 Mapping NPI/TON to SIP Phone-Context ............................................................ 388
27.8 Configuring Release Cause Mapping .................................................................. 390
27.8.1 Fixed Mapping of SIP Response to ISDN Release R eason ..................................391
27.8.2 Fixed Mapping of ISDN Release Reason to S IP Response ..................................392
27.8.3 Reason Header ......................................................................................................394
27.8.4 Mapping PSTN Release Cause to SIP Response ................................................395
27.9 Numbering Plans and Type of Number ................................................................ 395
28 Routing ............................................................................................................. 397
28.1 Configuring General Routing Parameters ............................................................ 397
28.2 Configuring Outbound IP Routing Table .............................................................. 397
28.3 Configuring Inbound IP Routing Table ................................................................. 406
28.4 IP Destinations Connectivity Feature ................................................................... 410
28.5 Alternative Routing for Tel-to-IP Calls .................................................................. 412
28.5.1 Alternative Routing Based on IP Connecti vity .......................................................412
28.5.2 Alternative Routing Based on SIP Responses ......................................................413
28.5.3 Alternative Routing upon SIP 3xx with Multiple Contacts ......................................415
28.5.4 PSTN Fallback .......................................................................................................416
28.6 Alternative Routing for IP-to-Tel Calls .................................................................. 417
28.6.1 Alternative Routing to Trunk upon Q.931 Call Release Cause Code ...................417
28.6.2 Alternative Routing to an IP Destination upon a Busy Trunk ................................418
28.6.3 Alternative Routing upon ISDN Disconnect ...........................................................420
User's Manual 8 Document #: LTRT-12813
Page 9
User's Manual Contents
29 Configuring DTMF and Dialing ....................................................................... 421
29.1 Dialing Plan Features ........................................................................................... 422
29.1.1 Digit Mapping .........................................................................................................422
29.1.2 External Dial Plan File ...........................................................................................424
30 Configuring Supplementary Services ........................................................... 425
30.1 Call Hold and Retrieve ......................................................................................... 427
30.2 Call Pickup ........................................................................................................... 429
30.3 BRI Suspend and Resume ................................................................................... 429
30.4 Consultation Feature ............................................................................................ 430
30.5 Call Transfer ......................................................................................................... 430
30.5.1 Consultation Call Transfer .....................................................................................430
30.5.2 Consultation Transfer for QSIG Path Replacement ..............................................431
30.5.3 Blind Call Transfer .................................................................................................431
30.6 Call Forward ......................................................................................................... 432
30.6.1 Call Forward Reminder Ring .................................................................................433
30.6.2 Call Forward Reminder (Off-Hook) Special Dial Tone ..........................................433
30.6.3 Call Forward Reminder Dial Tone (Off-Hook) upon S panish SIP Alert-Info ..........434
30.6.4 BRI Call Forwarding ...............................................................................................434
30.7 Call Waiting .......................................................................................................... 435
30.8 Message Waiting Indication ................................................................................. 436
30.9 Caller ID ............................................................................................................... 438
30.9.1 Caller ID Detection / Generation on the Tel S ide ..................................................438
30.9.2 Debugging a Caller ID Detection on FXO ..............................................................438
30.9.3 Caller ID on the IP Side .........................................................................................439
30.10 Three-Way Conferencing ..................................................................................... 440
30.11 Emergency E911 Phone Number Services ..........................................................
30.11.1 FXS Device Emulating PSAP using DID Loop-Start Lines ....................................442
30.11.2 FXO Device Interworking SIP E911 Calls from Service Provider's IP Network to
PSAP DID Lines .................................................................................................................445
30.11.3 Pre-empting Existing Calls for E911 IP-to-Tel Calls ..............................................448
30.11.4 Enhanced 9 -1-1 Support for Lync Server 2010 .....................................................449
30.11.4.1 About E9-1-1 Services .......................................................................... 449
30.11.4.2 Microsoft Lync Server 2010 and E9-1-1 ................................................ 450
30.11.4.3 AudioCodes ELIN Gateway for Lync Server 2010 E9-1-1 Calls to PSTN
454
30.11.4.4 Configuring AudioCodes ELIN Gateway ............................................... 459
30.12 Multilevel Precedence and Preemption ................................................................ 461
30.12.1 MLPP Preemption Events in SIP Reason Header ................................................464
30.12.2 Precedenc e Ring T one ..........................................................................................465
30.13 Denial of Collect Calls .......................................................................................... 465
30.14 Configuring Multi-Line Extensions and Supplementary Services ......................... 465
30.15 Detecting Collect Calls ......................................................................................... 468
30.16 Advice of Charge Services for Euro ISDN ........................................................... 468
30.17 Configuring Charge Codes ................................................................................... 470
30.18 Configuring Voice Mail ......................................................................................... 472
442
31 Analog Gateway .............................................................................................. 473
31.1 Configuring Keypad Features .............................................................................. 473
31.2 Configuring Metering Tones ................................................................................. 474
Version 6.8 9 Mediant 800B MSBR
Page 10
Mediant 800B MSBR
31.3 Configuring FXO Settings .................................................................................... 476
31.4 Configuring Authentication ................................................................................... 477
31.5 Configuring Automatic Dialing .............................................................................. 478
31.6 Configuring Caller Display Information ................................................................. 480
31.7 Configuring Call Forward ..................................................................................... 481
31.8 Configuring Caller ID Permissions ....................................................................... 483
31.9 Configuring Call Waiting ....................................................................................... 484
31.10 Rejecting Anonymous Calls ................................................................................. 485
31.11 Configuring FXS Distinctive Ringing and Call Waiting Tones per
Source/Destination Number .......................................................................................... 485
31.12 FXS/FXO Coefficient Types ................................................................................. 487
31.13 FXO Operating Modes ......................................................................................... 487
31.13.1 FXO Operat ions for IP-to-Tel Calls ........................................................................488
31.13.1.1 One-Stage Dialing ................................................................................. 488
31.13.1.2 Two-Stage Dialing ................................................................................. 489
31.13.1.3 DID Wink ............................................................................................... 489
31.13.2 FXO Operat ions for Tel-to-IP Calls ........................................................................490
31.13.2.1 Automatic Dialing .................................................................................. 490
31.13.2.2 Collecting Digits Mode........................................................................... 491
31.13.2.3 FXO Supplementary Services ............................................................... 491
31.13.3 Call Termination on FXO Devices .........................................................................492
31.13.3.1 Calls Termination by PBX ..................................................................... 492
31.13.3.2 Call Termination before Call Establi shment .......................................... 493
31.13.3.3 Ring Detection Timeout ......................................................................... 493
31.14 Remote PBX Extension between FXO and FXS Devices .................................... 493
31.14.1 Dialing from Remote Extension (Phone at FXS) ...................................................494
31.14.2 Dialing from PBX Line or PSTN .............................................................................494
31.14.3 Message Waiting Indication for Remote Extensions .............................................495
31.14.4 Call Waiti ng for Remote Extensions ......................................................................495
31.14.5 FXS Gateway Configuration ..................................................................................496
31.14.6 FXO Gatew ay Configuration ..................................................................................497
32 SBC Overview .................................................................................................. 501
32.1 SIP Network Definitions ....................................................................................... 502
32.2 SIP Dialog Initiation Process ................................................................................ 502
32.3 User Registration ................................................................................................. 504
32.3.1 Initial Registration Request Processing .................................................................505
32.3.2 SBC Users Registration Database ........................................................................505
32.3.3 Routing using Users Registration Database..........................................................506
32.3.4 Registration Refreshes ..........................................................................................506
32.3.5 Registration Restriction Control .............................................................................507
32.4 SBC Media Handling ............................................................................................ 507
32.4.1 Media Anchoring without Transcoding (Transparent) ...........................................508
32.4.2 Media Anchoring with Transcoding .......................................................................509
32.4.3 No Media Anchoring ..............................................................................................511
32.4.4 Transcoding Modes ...............................................................................................512
32.4.5 Restricting Coders .................................................................................................513
32.4.6 Coder Transcoding ................................................................................................513
32.4.7 Prioritizing Coder List in SDP Offer .......................................................................515
32.4.8 SRTP-RTP and SRTP-SRTP Transcoding ...........................................................515
32.4.9 Multiple RTP Media Streams per Call Session .....................................................516
32.4.10 Interwor king DTMF Meth o ds .................................................................................516
32.5 Fax Negotiation and Transcoding ........................................................................ 516
32.6 Limiting SBC Call Duration ................................................................................... 517
User's Manual 10 Document #: LTRT-12813
Page 11
User's Manual Contents
32.7 SBC Authentication .............................................................................................. 517
32.7.1 SIP Authentication Server Functionality ................................................................517
32.7.2 User Authentication based on RADIUS .................................................................518
32.8 Interworking SIP Signaling ................................................................................... 518
32.8.1 Interworking SIP 3xx Redirect Responses ............................................................519
32.8.1.1 Resultant INVITE Traversing Device .................................................... 519
32.8.1.2 Local Handling of SIP 3xx ..................................................................... 520
32.8.2 Interworking SIP Diversion and History-Info Headers ...........................................521
32.8.3 Interworking SIP REFER Messages ......................................................................521
32.8.4 Interworking SIP PRACK Messages .....................................................................522
32.8.5 Interworking SIP Session Timer ............................................................................522
32.8.6 Interworking SIP Early Media ................................................................................522
32.8.7 Interworking SIP re-INVITE Messages ..................................................................524
32.8.8 Interworking SIP UPDATE Messages ...................................................................525
32.8.9 Interworking SIP re-INVITE to UPDATE ................................................................525
32.8.10 Interwor king Delaye d Offer ....................................................................................525
32.8.11 Interwor king Call Hold ............................................................................................525
32.9 Call Survivability ................................................................................................... 526
32.9.1 Auto-Provisioning of Subscriber-Specific Information for BroadWorks Server for
Survivability.........................................................................................................................526
32.9.2 BroadSoft's Shared Phone Line Call Appearance for SBC Survivability...............526
32.9.3 Call Survivability for Call Centers ..........................................................................528
32.9.4 Survivability Mode Display on Aastra IP Phones ..................................................530
32.10 Call Forking .......................................................................................................... 531
32.10.1 Initiating SIP Call Forking ......................................................................................531
32.10.2 SIP Forking Initiated by SIP Proxy Server .............................................................531
32.10.3 Call Forking-based IP-to-IP Routing Ru les ............................................................532
32.11 Alternative Routing on Detection of Failed SIP Response ................................... 532
33 Enabling the SBC Application ........................................................................ 533
34 Configuring General Settings ........................................................................ 535
34.1 Interworking Dialog Information in SIP NOTIFY Messages ................................. 535
35 Configuring Admission Control ..................................................................... 539
36 Configuring Coder Groups ............................................................................. 543
36.1 Configuring Allowed Audio Coder Groups ........................................................... 543
36.2 Configuring Allowed Video Coder Groups ........................................................... 544
37 Routing SBC .................................................................................................... 545
37.1 Configuring Classification Rules .......................................................................... 545
37.1.1 Classification Based on URI of Selected Header Example ...................................550
37.2 Configuring Message Condition Rules ................................................................. 551
37.3 Configuring SBC IP-to-IP Routing ........................................................................ 552
37.4 Configuring SIP Response Codes for Alternative Routing Reasons .................... 561
38 SBC Manipulations .......................................................................................... 563
38.1 Configuring IP-to-IP Inbound Manipulations ........................................................ 565
38.2 Configuring IP-to-IP Outbound Manipulations ...................................................... 568
Version 6.8 11 Mediant 800B MSBR
Page 12
Mediant 800B MSBR
39 CRP Overview .................................................................................................. 575
40 CRP Configuration .......................................................................................... 577
40.1 Enabling the CRP Application .............................................................................. 577
40.2 Configuring Call Survivability Mode ..................................................................... 578
40.3 Pre-Configured IP Groups .................................................................................... 579
40.4 Pre-Configured IP-to-IP Routing Rules ................................................................ 580
40.4.1 Normal Mode .........................................................................................................580
40.4.2 Emergency Mode ...................................................................................................581
40.4.3 Auto Answer to Registrations ................................................................................581
40.5 Configuring PSTN Fallback .................................................................................. 582
41 Introduction ..................................................................................................... 585
42 Basic Maintenance .......................................................................................... 589
42.1 Resetting the Device ............................................................................................ 589
42.2 Remotely Resetting Device using SIP NOTIFY ................................................... 590
42.3 Locking and Unlocking the Device ....................................................................... 591
42.4 Saving Configuration ............................................................................................ 592
43 Disconnecting Active Calls ............................................................................ 593
44 Resetting Channels ......................................................................................... 595
44.1 Resetting an Analog Channel .............................................................................. 595
44.2 Restarting a B-Channel ........................................................................................ 595
45 Disabling Analog Ports ................................................................................... 597
46 Software Upgrade ............................................................................................ 599
46.1 Loading Auxiliary Files ......................................................................................... 599
46.1.1 Call Progress Tones File .......................................................................................600
46.1.1.1 Distinctive Ringing ................................................................................. 603
46.1.2 Prerecorded Tones File .........................................................................................604
46.1.3 CAS Files ...............................................................................................................605
46.1.4 Dial Plan File ..........................................................................................................606
46.1.4.1 Creating a Dial Plan File........................................................................ 606
46.1.4.2 External Dial Plan File ........................................................................... 606
46.1.4.3 Dial Plan Prefix Tags for Routing .......................................................... 608
46.1.4.4 Obtaining IP Destination from Dial Plan File ......................................... 612
46.1.4.5 Modifying ISDN-to-IP Calling Party Number ......................................... 613
46.1.5 User Information File .............................................................................................614
46.1.5.1 Enabling the User Info Table ................................................................. 614
46.1.5.2 Gateway User Information for PBX Ext ensions and "Global" Numbers 614
46.1.5.3 User Information File for SBC User Database ...................................... 618
46.2 Software License Key .......................................................................................... 621
46.2.1 Obtaining the Software License Key File ...............................................................621
46.2.2 Installing the Software License Key .......................................................................622
46.2.2.1 Installing Software License Key using Web Int erf ace ........................... 623
46.2.2.2 Installing Software License Key using CLI ............................................ 624
46.3 Software Upgrade Wizard .................................................................................... 625
46.4 Backing Up and Loading Configuration File ......................................................... 629
47 Automatic Provisioning Mechanisms ............................................................ 631
47.1 Automatic Configuration Methods ........................................................................ 631
47.1.1 DHCP-based Provisioning .....................................................................................631
User's Manual 12 Document #: LTRT-12813
Page 13
User's Manual Contents
47.1.2 HTTP-based Provisioning ......................................................................................632
47.1.3 FTP- or NFS-based Provisioning ...........................................................................633
47.1.4 Provisioning using AudioCodes EMS ....................................................................633
47.2 HTTP/S-Based Provisioning using the Automatic Update Feature ...................... 634
47.2.1 Files Provisioned by Automatic Update .................................................................634
47.2.2 File Location for Automatic Update .......................................................................635
47.2.3 Triggers for Automatic Update ...............................................................................636
47.2.4 Access Authentication with HTTP Server ..............................................................636
47.2.5 Querying Provisioning Server for Updated F il es ...................................................637
47.2.6 File Download Sequence .......................................................................................639
47.2.7 Cyclic Redundancy Check on Downloaded Configuration Files ...........................640
47.2.8 MAC Address Automatically Inserted in Confi guration File Name ........................640
47.2.9 Automatic Update Configuration Examples ...........................................................641
47.2.9.1 Automatic Update for Single Device ..................................................... 641
47.2.9.2 Automatic Update from NFS, FTP and HTTP S ervers ......................... 642
47.2.9.3 Automatic Update for Mass Deployment ............................................... 644
47.3 Zero Configuration ............................................................................................... 646
47.3.1 Zero Configuration Process ...................................................................................646
47.3.2 Configuring Zero Configuration .............................................................................648
47.3.3 Using Zero Configuration with Automatic Update .................................................649
47.4 Automatic Provisioning using USB Flash Drive ................................................... 651
48 Restoring Factory Defaults ............................................................................ 653
48.1 Restoring Defaults using CLI ............................................................................... 653
48.2 Restoring Defaults using Hardware Reset Button ................................................ 654
48.3 Restoring Defaults using an ini File ...................................................................... 654
49 Automatic Archiving of Confi gurati on File ................................................... 655
50 USB Storage Capabilities ............................................................................... 657
51 System Status ................................................................................................. 661
51.1 Viewing Device Information .................................................................................. 661
51.2 Viewing Ethernet Port Information ....................................................................... 662
52 Carrier-Grade Alarms ...................................................................................... 665
52.1 Viewing Active Alarms .......................................................................................... 665
52.2 Viewing Alarm History .......................................................................................... 666
53 Performance Monitoring ................................................................................. 667
53.1 Viewing MOS per Media Realm ........................................................................... 667
53.2 Viewing Trunk Utilization ...................................................................................... 668
53.3 Viewing Quality of Experience ............................................................................. 669
53.4 Viewing Average Call Duration ............................................................................ 671
53.5 Network Monitoring (Probing) Two Devices ......................................................... 672
54 VoIP Status ...................................................................................................... 677
54.1 Viewing Trunks & Channels Status ...................................................................... 677
54.2 Viewing Analog Port Information .......................................................................... 679
54.3 Viewing NFAS Groups and D-Channel Status ..................................................... 679
54.4 Viewing Active IP Interfaces ................................................................................. 680
54.5 Viewing Ethernet Device Status ........................................................................... 680
54.6 Viewing Static Routes Status ............................................................................... 681
Version 6.8 13 Mediant 800B MSBR
Page 14
Mediant 800B MSBR
54.7 Viewing Performance Statistics ............................................................................ 681
54.8 Viewing Call Counters .......................................................................................... 682
54.9 Viewing Registered Users .................................................................................... 684
54.10 Viewing Registration Status ................................................................................. 685
54.11 Viewing Call Routing Status ................................................................................. 686
54.12 Viewing IP Connectivity ........................................................................................ 687
55 Reporting Information to External Party ....................................................... 689
55.1 Configuring RTCP XR .......................................................................................... 689
55.2 Generating Call Detail Records ............................................................................ 692
55.2.1 Configuring CDR Reporting ...................................................................................693
55.2.2 CDR Field Description ...........................................................................................693
55.2.2.1 CDR Fields for SBC Signaling .............................................................. 693
55.2.2.2 CDR Fields for SBC Media ................................................................... 696
55.2.2.3 CDR Fields for Gateway/IP-to-IP Application ....................................... 697
55.2.2.4 Release Reasons in CDR ..................................................................... 701
55.3 Configuring RADIUS Accounting ......................................................................... 704
55.4 Event Notification using X-Detect Header ............................................................ 707
55.5 Querying Device Channel Resources using SIP OPTIONS ................................ 710
56 Obtaining Status and Performance using a USB Flash Drive ..................... 711
57 Syslog and Debug Recordings ...................................................................... 715
57.1 Syslog Message Format ...................................................................................... 715
57.1.1 Event Representation in Syslog Messages ...........................................................716
57.1.2 Unique Device Identification in Syslog Messages .................................................718
57.1.3 Identifying AudioCodes Syslog Messages using Facility Levels ...........................718
57.1.4 SNMP Alarms in Syslog Messages .......................................................................719
57.2 Enabling Syslog ...................................................................................................
719
57.3 Configuring Web Operations to Report to Syslog ................................................ 720
57.4 Configuring Debug Recording .............................................................................. 721
57.5 Filtering Syslog Messages and Debug Recordings ............................................. 722
57.5.1 Filtering IP Network Traces ...................................................................................724
57.6 Viewing Syslog Messages ................................................................................... 725
57.7 Collecting Debug Recording Messages ............................................................... 726
57.8 Debug Capturing VoIP and Data-Router Traffic ................................................... 728
57.9 Debug Capturing on Physical VoIP Interfaces ..................................................... 729
57.10 Configuring Termination of Debug Capture Upon Event ...................................... 730
58 Self-Testing ...................................................................................................... 731
59 Creating Core Dump and Debug Files upon Device Crash ......................... 733
60 Re-initializing Device with "Purif i ed" Conf iguration .................................... 735
61 Analog Line Testing ........................................................................................ 737
61.1 FXO Line Testing ................................................................................................. 737
61.2 FXS Line Testing .................................................................................................. 737
62 Testing SIP Signaling Calls ............................................................................ 739
62.1 Configuring Test Call Endpoints ........................................................................... 739
62.2 Starting and Stopping Test Calls .......................................................................... 744
62.3 Viewing Test Call Statistics .................................................................................. 744
User's Manual 14 Document #: LTRT-12813
Page 15
User's Manual Contents
62.4 Configuring DTMF Tones for Test Calls ............................................................... 746
62.5 Configuring Basic Test Call .................................................................................. 747
62.6 Configuring SBC Test Call with External Proxy ................................................... 748
62.7 Test Call Configuration Examples ........................................................................ 749
63 Data-Router Debugging .................................................................................. 753
63.1 Loopback on WAN Interface Debugging .............................................................. 753
63.2 Performing a Traceroute ...................................................................................... 754
64 Pinging a Remote Host or IP Address ........................................................... 755
65 Troubleshooting using a USB Flash Drive .................................................... 757
66 Dialing Plan Notation for Routing and Manipulation .................................... 761
67 Configuration Parameters Ref er ence ............................................................ 763
67.1 Management Parameters ..................................................................................... 763
67.1.1 General Parameters ..............................................................................................763
67.1.2 Web Parameters ....................................................................................................764
67.1.3 Telnet Parameters .................................................................................................767
67.1.4 ini File Parameters .................................................................................................767
67.1.5 SNMP Parameters .................................................................................................768
67.1.6 TR-069 Parameters ...............................................................................................771
67.1.7 Serial Parameters ..................................................................................................772
67.1.8 Auxiliary and Configuration File Name Parameters ..............................................773
67.1.9 Automatic Update Parameters ..............................................................................774
67.2 Networking Parameters ........................................................................................ 778
67.2.1 Multiple VoIP Network Interfaces and VLAN Parameters .....................................778
67.2.2 Routing Parameters ...............................................................................................778
67.2.3 Open Solution Network (OSN) Parameters ...........................................................779
67.2.4 Quality of Service Parameters ...............................................................................779
67.2.5 NAT and STUN Parameters ..................................................................................780
67.2.6 NFS Parameters ....................................................................................................781
67.2.7 DNS Parameters ....................................................................................................782
67.2.8 DHCP Parameters .................................................................................................782
67.2.9 NTP and Daylight Saving Time Parameters ..........................................................783
67.2.10 Power over Ethernet Parameters ..........................................................................785
67.3 Debugging and Diagnostics Parameters .............................................................. 785
67.3.1 General Parameters ..............................................................................................785
67.3.2 SIP Test Call Parameters ......................................................................................787
67.3.3 Syslog, CDR and Debug Parameters ....................................................................788
67.3.4 Resource Allocation Indication Parameters...........................................................793
67.4 Security Parameters ............................................................................................. 794
67.4.1 General Security Parameters ................................................................................794
67.4.2 HTTPS Parameters ...............................................................................................796
67.4.3 SRTP Parameters ..................................................................................................797
67.4.4 TLS Parameters .....................................................................................................800
67.4.5 SSH Parameters ....................................................................................................802
67.4.6 TAACS+ Parameters .............................................................................................803
67.4.7 IDS Parameters .....................................................................................................803
67.4.8 OCSP Parameters .................................................................................................804
67.5 Quality of Experience Parameters ....................................................................... 805
67.6 Control Network Parameters ................................................................................ 807
67.6.1 IP Group, Proxy, Registration and Authenti cat i on Parameters .............................807
67.6.2 Network Application Parameters ...........................................................................819
Version 6.8 15 Mediant 800B MSBR
Page 16
Mediant 800B MSBR
67.7 General SIP Parameters ...................................................................................... 821
67.8 Coders and Profile Parameters ............................................................................ 849
67.9 Channel Parameters ............................................................................................ 851
67.9.1 Voice Parameters ..................................................................................................851
67.9.2 Coder Parameters .................................................................................................854
67.9.3 DTMF Parameters .................................................................................................855
67.9.4 RTP, RTCP and T.38 Parameters .........................................................................856
67.10 Gateway and IP-to-IP Parameters ....................................................................... 861
67.10.1 Fax and Mod em Parameters .................................................................................861
67.10.2 DTMF and H ook-Flash Parameters .......................................................................867
67.10.3 Digit Collect i on and Dial Plan Parameters .............................................................872
67.10.4 Voice Mail Parameters ...........................................................................................874
67.10.5 Supplementary Services Parameters ....................................................................880
67.10.5.1 Caller ID Parameters ............................................................................. 880
67.10.5.2 Call Waiting Parameters ........................................................................ 885
67.10.5.3 Call Forwarding Parameters ................................................................. 887
67.10.5.4 Message Waiting Indication Parameters ............................................... 888
67.10.5.5 Call Hold Parameters ............................................................................ 890
67.10.5.6 Call Transfer Parameters ...................................................................... 891
67.10.5.7 Multi-Line Extensions and Supplementa ry S ervices Parameters ......... 894
67.10.5.8 Three-Way Conferencing Parameters .................................................. 894
67.10.5.9 MLPP and Emergency Call Paramete rs ............................................... 896
67.10.5.10 Call Cut-Through Parameters .......................................................... 902
67.10.5.11 Automatic Dialing Parameters ......................................................... 903
67.10.5.12 Direct Inward Dialing Parameters .................................................... 904
67.10.5.13 ISDN BRI Parameters ..................................................................... 906
67.10.6 PSTN Parameters ..................................................................................................907
67.10.6.1 General Parameters .............................................................................. 907
67.10.6.2 TDM Bus and Clock Timing Parameters ............................................... 912
67.10.6.3 CAS Parameters ................................................................................... 914
67.10.6.4 ISDN Parameters .................................................................................. 917
67.10.7 ISDN and CAS Interworking Parameters ..............................................................925
67.10.8 Answer and Disconnect Supervision Parameters .................................................941
67.10.9 Tone Parameters ...................................................................................................946
67.10.9.1 Telephony Tone Parameters ................................................................. 946
67.10.9.2 Tone Detection Parameters .................................................................. 953
67.10.9.3 Metering Tone Parameters ................................................................... 954
67.10.10 Telephone Keypad Sequence Parameters ......................................................956
67.10.11 FXO and FXS Parameters ...............................................................................959
67.10.12 Trunk Groups and Routing Parameters ...........................................................963
67.10.13 IP Connectivity Parameters ..............................................................................970
67.10.14 Alternative Routing Parameters .......................................................................971
67.10.15 Number Manipulation Parameters ....................................................................974
67.11 SBC Parameters .................................................................................................. 983
67.12 Standalone Survivability Parameters ................................................................... 997
67.13 IP Media Parameters ......................................................................................... 1002
67.14 Services ............................................................................................................. 1005
67.14.1 SIP-based Media Recording Parameters ........................................................... 1005
67.14.2 RADIUS and LDAP Parameters ......................................................................... 1007
67.14.2.1 General Parameters ............................................................................ 1007
67.14.2.2 RADIUS Parameters ........................................................................... 1007
67.14.2.3 LDAP Parameters ............................................................................... 1009
67.14.3 Least Cost Routing Parameters ......................................................................... 1012
67.14.4 Call Setup R ul es P arameters ............................................................................. 1014
68 SBC and DSP Channel Capacity .................................................................. 1015
68.1 Signaling-Media Sessions & User Registrations ................................................ 1015
User's Manual 16 Document #: LTRT-12813
Page 17
User's Manual Contents
68.2 Channel Capacity and Capabilities .................................................................... 1017
69 Technical Specifications .............................................................................. 1021
Version 6.8 17 Mediant 800B MSBR
Page 18
Mediant 800B MSBR
This page is intentionallt left blank.
User's Manual 18 Document #: LTRT-12813
Page 19
User's Manual Notices
Notice
This document describes AudioCodes Mediant 800 Multi-Service Business Router (MSBR).
Information contained in this document is believed to be accurate and reliable at the time of
printing. However, due to ongoing product improvements and revisions, AudioCodes cannot
guarantee accuracy of printed material after the Date Published nor can it accept responsibility
for errors or omissions. Before consulting this document, check the corresponding Release
Notes regarding feature preconditions and/or specific support in this release. In cases where
there are discrepancies between this document and the Release Notes, the information in the
Release Notes supersedes that in this document. Updates to this document and other
documents as well as software files can be downloaded by registered customers at
http://www.audiocodes.com/downloads.
© Copyright 2014 AudioCodes Ltd. All rights reserved.
This document is subject to change without notic e.
Date Published: September-07-2014
Trademarks
AudioCodes, AC, AudioCoded, Ardito, CTI2, CTI², CTI Squared, HD VoIP, HD VoIP
Sounds Better, InTouch, IPmedia, Mediant, MediaPack, NetCoder, Netrake, Nuera, Open
Solutions Network, OSN, Stretto, TrunkPack, VMAS, VoicePacketizer, VoIPerfect,
VoIPerfectHD, What’s Inside Matters, Your Gateway To VoIP and 3GX are trademarks or
registered trademarks of AudioCodes Limited. All other products or trademarks are
property of their respective owners. Product specifications are subject to change without
notice.
WEEE EU Directive
Pursuant to the WEEE EU Directive, electronic and electrical waste must not be disposed
of with unsorted waste. Please contact your local recycling authority for disposal of this
product.
Customer Support
Customer technical support and service are generally provided by AudioCodes’
Distributors, Partners, and Resellers from whom the product was purchased. For technical
support for products purchased directly from AudioCodes, or for customers subscribed to
AudioCodes Customer Technical Support (A CTS), contact support@audiocodes.com
Abbreviations and Terminology
.
Each abbreviation, unless widely used, is spell ed out in full when first used.
Version 6.8 19 Mediant 800B MSBR
Page 20
Mediant 800B MSBR
with your organization’s security policies. For basic security guidelines, refer to
Related Documentation
Manual Name
SIP CPE Release Notes
Mediant 800 MSBR Hardware Installation Manual
Complementary Guides
CLI Reference Guide
CPE Configuration Guide for IP Voice Mail
SNMP User's Guide
CWMP TR-069 & TR-104 Reference Guide
SBC Design Guide
Recommended Security Guidelines Configuration Note
SIP Message Manipulations Quick Reference Guide
SAS Application Configuration Guide
CAS Protocol Table Configuration Note
IP-to-IP Application Configuration Guide Ver. 6 8
Utility Guides
INI Viewer & Editor Utility User's Guide
DConvert User's Guide
AcBootP Utility User's Guide
CLI Wizard User's Guide
Notes and Warnings
Note: The device is an indoor unit and therefore, must be installed only INDOORS. In
addition, FXS and Ethernet port interface cabling must be routed only indoors and
must not exit the building.
Note: The scope of this document does not fully cover security aspects for deploying
the device in your environment. Security measures should be done in accordance
AudioCodes Recommended Security Guidelines document.
Note: Throughout this manual, unless otherwise specified, the term device refers to
your AudioCodes products.
User's Manual 20 Document #: LTRT-12813
Page 21
User's Manual Notices
located at:
code by contacting AudioCodes, by following the instructions available on
Note: Before configuring the device, ensure that it is installed correctly as instructed
in the Hardware Installation Manual.
Note: The device's installed Software License Key does not include the MSFT feature
key, which enables the device to operate in a Microsoft Lync Server environment. If
necessary, you can order this feature key separately from your AudioCodes sales
representative.
Notes:
• For data-router configuration, refer to t he CLI Reference Guide.
• Web-based management for data-router function al i ty is not supported. Instead,
CLI is used to configure this functionality. However, AudioCodes recommends
using CLI scripting to configure all other functionality as well (i.e., VoIP and
System) through the CLI.
Notes:
• By default, the device supports export-grade (40-bit and 56-bit) encryption due to
US government restrictions on the export of security technologies. To enable 128bit and 256-bit encryption on your device, contact your AudioCodes sales
representative.
• This device includes software developed by the OpenSSL Project for use in the
OpenSSL Toolkit (http://www.openssl.org/).
• This device includes cryptographic software w ritten by Eric Young
(eay@cryptsoft.com).
Note: Some of the features listed in this document are available only if the relevant
Software License Key has been purchased from AudioCodes and installed on the
device. For a list of Software License Keys that can be purchased, please consult
your AudioCodes sales representative.
Note: OPEN SOURCE SOFTWARE. Portions of the software may be open source
software and may be governed by and distributed under open source licenses, such
as the terms of the GNU General Public License (GPL), the terms of the Lesser
General Public License (LGPL), BSD and LDAP, which terms are
http://www.audiocodes.com/support and all are incorporated herein by reference. If
any open source software is provided in object code, and its accompanying license
requires that it be provided in source code as well, Buyer may receive such source
AudioCodes website.
Version 6.8 21 Mediant 800B MSBR
Page 22
Mediant 800B MSBR
Documentation Feedback
AudioCodes continually strives to produce high quality documentation. If you have any
comments (suggestions or errors) regarding this document, please fill out the
Documentation Feedback form on our Web site at http://www.audiocodes.com/downloads.
User's Manual 22 Document #: LTRT-12813
Page 23
User's Manual 1. Overview
1 Overview
The Mediant 800B Multi-Service Business Router (MSBR) is a networking device that
combines multiple service functions such as a Media Gateway, Session Border Controller
(SBC), Data Router and Firewall, LAN switch, WAN access, Stand Alone Survivability
(SAS) and an integrated general-purpose server. The device offers enhanced dialing plans
and voice routing capabilities along with SIP-to-SIP mediation, allowing enterprises to
implement SIP Trunking services (IP-to-IP call routing) and IP-based Unified
Communications, as well as flexible PSTN and legacy PBX connectivity.
The device is designed as a secured Voice-over-IP (VoIP) and data platform. Enhanced
media gateway security features include, for example, SRTP for media, TLS for SIP
control, and IPSec for management. Data security functions include integrated Stateful
Firewall, IDS/IPS, SSL for remote user access, and site-to-site VPN. A fully featured
enterprise class SBC provides a secured voice network deployment based on a Back-toBack User Agent (B2BUA) implementation.
The device's SAS functionality offers service continuity to enterprises served by a
centralized SIP-based IP-Centrex server or branch offices of distributed enterprises. SAS
enables internal office communication between SIP clients, along with PSTN fallback in the
case of disconnection from the centralized SIP IP-Centrex server or IP-PBX.
The device provides Foreign Exchange Station (FXS) and/or Foreign Exchange Office
(FXO) telephony module interfaces, depending on ordered hardware configuration. The
device supports either a combination of FXS and FXO port interfaces, or only FXS or only
FXO interfaces. The device can support up to 12 simultaneous VoIP calls. Each FXS or
FXO module provides four analog RJ-11 ports. The FXO module can be used to connect
analog lines of an enterprise's PBX or the PSTN, to the IP network. The FXS module can
be used to connect legacy telephones, fax machines, and modems to the IP network.
Optionally, the FXS module can be connected to the external trunk lines of a PBX. When
deployed with a combination of FXO and FXS modules, the device can be used as a PBX
for Small Office Home Office (SOHO) users, and businesses not equipped with a PBX. The
FXS modules also support the Analog Lifeline feature, enabling an FXS port to connect
directly to the PSTN upon power and/or network failure.
The device supports up to 8 ISDN Basic Rate Interface (BRI) S/T interfaces (RJ-45 ports),
supporting up to 16 voice channels. These connect ISDN terminal equipment such as
ISDN telephones. The device also provides an optional, single or dual E1/T1 interface
port(s), supporting Transparent, CAS and ISDN protocols. The device supports various
ISDN PRI protocols such as Euro ISDN, North American NI-2, Lucent™ 4/5ESS, Nortel™
DMS-100 and others. It also supports various ISDN BRI protocols such as ETSI 5ESS and
QSIG over BRI. It also supports different variants of CAS protocols for E1 and T1 spans,
including MFC R2, E&M immediate start, E &M delay dial / start, loop start and ground start.
Note: For maximum call capacity figures, see ''SBC and DSP Channel Capacity'' on
page 1015.
The device provides two USB ports that can be used for an optional, 3G cellular WAN
modem and/or USB storage services.
The device's data routing capabilities support static and dynamic routing protocols such as
RIP/OSPF and BGP, Virtual Routing and Forwarding (VRF-Lite) where interfaces can be
clustered into a VRF to provide segregated routing domains. The device supports various
optional WAN interfaces, providing flexibility in connecting to Service Providers:
1000Base-T Gigabit Ethernet copper.
Symmetric High-Speed Digital Subscriber Line (SHDSL) - supports up to four copper
wire pairs according to G.991.2, acting as a remot e-terminal CPE device. Both ATM
and EFM modes are supported. In the ATM mode, a variety of protocols are
Version 6.8 23 Mediant 800B MSBR
Page 24
Mediant 800B MSBR
supported, including PPPoE, PPPoA, and RFC 2684 in both bridged (Ethernet-overATM) and routed (IP-over-ATM) variants. In the EFM mode, the SHDSL port functions
as a logical Ethernet device.
ADSL2+ / VDSL2 (RJ-11 port interfaces)
Optical Fiber, supporting 100 and 1000 Mbps Ethernet
Four E1/T1 WANs
3G Cellular modem using a USB connection - this can be used as the primary WAN
interface or as a WAN backup in case of failure i n the WAN connection (provided by
any of the above).
The device is optimized for wire-speed delivery of data, providing up to 12 Ethernet LAN
ports for connecting equipment such as computers and IP phones. These ports are divided
into Gigabit Ethernet and Fast Ethernet interfaces (the number depends on the ordered
configuration), and provide power-over-Ethernet (PoE) capabilities. The device also
supports an optional, Wi-Fi interface, providing wireless LAN 802.11n access point at 2.4
GHz, 3Tx/3Rx enabling data rates of up to 300 Mbps. The Wi-Fi interface also supports
802.11b/802.11g backward compatibility, allowing interoperability of multiple devices with
different types of Wi-Fi
The device also provides an integrated Open Solution Network (OSN) Server module. The
OSN can host a variety of third-party applications such as IP-PBX, Call Center, and
Conferencing.
Figure 1-1: Typical Application
The device allows full management through its command line interface (CLI) as well as its
HTTP/S-based embedded Web server. The user-friendly Web interface allows remote
configuration using any standard Web browser (s uch as Microsoft™ Internet Explorer™).
User's Manual 24 Document #: LTRT-12813
Page 25
Part I
Getting Started with Initial
Connectivity
Page 26
Page 27
User's Manual 2. Introduction
By default, the device's embedded DHCP server is enabled. For more
2 Introduction
This part describes how to initially access the device's management interface and change
its default IP address to correspond with your networking scheme. Device management
can be done though the VoIP-LAN OAMP, WAN, and/or LAN interface.
Note:
information, see Configuring the Device's DHCP Server on page 36.
Version 6.8 27 Mediant 800B MSBR
Page 28
Mediant 800B MSBR
This page is intentionally left blank.
User's Manual 28 Document #: LTRT-12813
Page 29
User's Manual 3. Default OAMP IP Address
3 Default OAMP IP Address
The device is shipped with a factory default IP address for operations, administration,
maintenance, and provisioning (OAMP), through its VoIP LAN interface. You can use this
address to initially access the device from any of its management tools (embedded Web
server, EMS, or Telnet/SSH). You can also access the device through the console CLI, by
connecting the device's serial (RS-232) port to a PC.
The table below lists the device's default I P addres s.
Table 3-1: Default VoIP LAN IP Address for OAMP
IP Address Value
Application Type OAMP + Media + Control
IP Address 192.168.0.2
Prefix Length 255.255.255.0 (24)
Default Gateway 192.168.0.1
Underlying Device 1
Interface Name "Voice"
Version 6.8 29 Mediant 800B MSBR
Page 30
Mediant 800B MSBR
This page is intentionally left blank.
User's Manual 30 Document #: LTRT-12813
Page 31
User's Manual 4. Configuring VoIP LAN Interface for OAMP
4 Configuring VoIP LAN Interface fo r OAMP
You can change the IP address of the VoIP-LAN interface for OAMP, using any of the
following methods:
Embedded HTTP/S-based Web server - see ''Web Interface'' on page 31
Embedded command line interface (CLI) - see ''CLI'' on page 33
4.1 Web Interface
The following procedure describes how to change the IP address of the OAMP on the
VoIP-LAN interface, using the Web-based management tool (Web interface). The default
IP address is used to initially access the device.
To configure the VoIP-LAN IP Address for OAMP, using the Web interface:
1. Connect Port 1 (left-most LAN port) located on the front panel directly to the network
interface of your computer, using a straight-thr oug h Ethernet cable.
2. Make sure that your computer is configured to automatically obtain an IP address. The
device has an embedded DHCP server, which by default allocates IP addresses to
connected computers.
3. Access the Web interface:
a. On your computer, start a Web browser and in the URL address field, enter the
default IP address of the device; the Web interface's Web Login screen appears:
Figure 4-1: Web Login Screen
b. In the 'Username' and 'Password' fields, enter the case-sensitive, default login
username ("Admin") and password ("Adm i n" ).
c. Click Login.
Version 6.8 31 Mediant 800B MSBR
Page 32
Mediant 800B MSBR
4. Open the Interface Table page (Configuration tab > VoIP menu > Network > IP
Interfaces Table).
5. Select the 'Index' radio button corresponding to the OAMP + Media + Control
application type, and then click Edit.
6. Change the IP address to correspond with your network IP addressing scheme, for
example:
• IP Address: 10.8.6.86
• Prefix Length: 24 (for 255.255.255.0)
• Gateway: 10.8.6.85
7. Click Submit.
8. Save your settings by resetting the device with a flash burn (see ''Resetting the
Device'' on page 589).
9. Disconnect the device from the PC and cable the device to your network. You can
now access the management interface using t he new OAMP IP address.
Note: When you complete the above procedure, change your PC's IP address to
correspond with your network requirements.
User's Manual 32 Document #: LTRT-12813
Page 33
User's Manual 4. Configuring VoIP LAN Interface for OAMP
4.2 CLI
This procedure describes how to configure the VoIP-LAN IP address for OAMP using the
device's CLI. The procedure uses the regular CLI commands. Alternatively, you can use
the CLI Wizard utility to set up your device with the initial OAMP settings. The utility
provides a fast-and-easy method for initial configuration of the device through CLI. For
more information, refer to the CLI Wizard User's Guide.
To configure the OAMP IP address in the CLI:
1. Connect the RS-232 port of the device to the serial communication port on your
computer. For more information, refer to the Hardware Installation Manual.
2. Establish serial communication with the device using a terminal emulator program
such as HyperTerminal, with the following communication port settings:
• Baud Rate: 115,200 bps
• Data Bits: 8
• Parity: None
• Stop Bits: 1
• Flow Control: None
3. At the CLI prompt, type the username (default is "Admin" - case sensitive):
Username: Admin
4. At the prompt, type the password (default is "Admin" - case sensitive):
Password: Admin
5. At the prompt, type the following:
enable
6. At the prompt, type the password again:
Password: Admin
7. Access the VoIP configuration mode:
# configure voip
8. Access the Interface table:
(config-voip)# interface network-if 0
9. Configure the IP address:
(network-if-0)# ip-address <IP address>
10. Configure the prefix length:
(network-if-0)# prefix-length <prefix lengt h / subnet mask, e.g., 16>
Version 6.8 33 Mediant 800B MSBR
Page 34
Mediant 800B MSBR
11. Configure the Default Gateway address:
(network-if-0)# gateway <IP address>
12. Exit t he Interface table:
(network-if-0)# exit
13. Exit t he V oIP configuration mode:
(config-voip)# exit
14. Reset the device with a flash burn:
# reload now
15. Cable the device to your network. You can now access the device's management
interface using this new OAMP IP address.
User's Manual 34 Document #: LTRT-12813
Page 35
User's Manual 5. Configuring Data-Router's LAN and WAN
5 Configuring Data-Router's L AN and WAN
This section describes how to configure the device's data-router LAN and/or WAN
interfaces.
Notes:
• Make sure that you configure the LAN IP address of the data-router in the same
subnet as the VoIP-LAN IP address for OAMP.
• After you access the device through the default VoIP-LAN interface, you can
configure Web management access from one of the following interfaces:
√ Any of the configured data-router LAN interfaces: The default LAN data
interface is 192.168.0.1. This interface can b e in a different subnet to the VoIPLAN IP address and with a different VLAN ID. This is useful, for example, if you
want to separate management from the VoIP traffic.
√ WAN port interface: In this setup, you need to enable remote access to the
WAN port interface, as described in ''Enabling Remote Management from
WAN'' on page 39.
5.1 Configuring Data-Router's LAN Interface
The device's default LAN IP address of the data-router is listed below:
IP Address: 192.168.0.1
Subnet Mask: 255.255.255.0
Default Gateway: 0.0.0.0
To configure LAN IP address of data-router:
1. Establish serial communication with the device.
2. At the prompt, type the following command to access the Data-router configuration
mode:
# configure data
3. Access the VLAN 1 LAN switch interface:
(config-data)# interface vlan 1
4. Configure the IP address and subnet:
(conf-if-VLAN 1)# ip address <IP address> <subnet>
For example:
(conf-if-VLAN 1)# ip address 10.8.6.85 255.255.255.0
5. Save your settings with a flash burn:
(conf-if-VLAN 1)# do write
Version 6.8 35 Mediant 800B MSBR
Page 36
Mediant 800B MSBR
5.2 Configuring the Device's DHCP Server
By default, the device's embedded DHCP server is enabled for the LAN, and with default IP
pool addresses relating to the default subnet LAN. You can disable the DHCP server, or
modify the IP address pool. The DHCP server allocates this spool of IP addresses to the
computers connected to its LAN interfa ce.
To enable / disable the device's DHCP server:
1. Establish serial communication with the device.
2. At the prompt, type the following command to access the Data-router configuration
mode:
# configure data
3. Access the data LAN switch interface:
(config-data)# interface vlan 1
4. To disable the DHCP server:
(conf-if-VLAN 1)# no service dhcp
5. To enable DHCP server:
a. Configure the pool of IP addresses:
(conf-if-VLAN 1)# ip dhcp-server network 10.8.6.84 10.8.6.89
255.255.255.0
b. Enable DHCP server functionality:
(conf-if-VLAN 1)# service dhcp
6. Save your settings with a flash burn:
(conf-if-VLAN 1)# do write
5.3 Configuring the WAN Interface
This procedure describes how to configure the WAN interface and uses Gigabit Ethernet
as an example. If you are using a different WAN interface, refer to the MSBR Series CLI
Reference Guide for Data.
Note: Before you configure the WAN interface, make sure that you have all the
required information from your Internet Telephony Service Provider (ITSP).
To configure a WAN IP address:
1. Connect the WAN port to the WAN network. For information on cabling the WAN port,
refer to the Hardware Installation Manual.
2. Establish serial communication with the device.
3. At the prompt, type the following command to access the Data-router configuration
mode:
# configure data
4. Access the WAN interface:
(config-data)# interface GigabitEthernet 0/0
5. Configure the IP address and subnet mask:
(config-if-GE 0/0)# ip address 100.33.2.105 255.255.255.0
User's Manual 36 Document #: LTRT-12813
Page 37
User's Manual 5. Configuring Data-Router's LAN and WAN
6. Enable Network Address Port Translation (NAPT) on the WAN interface:
(config-if-GE 0/0)# napt
7. Enable the WAN interface:
(config-if-GE 0/0)# no shutdown
8. Exit the interface:
(config-if-GE 0/0)# exit
9. Configure the default route:
(config-data)# ip route 0.0.0.0 0.0.0.0 100.33.2.106
GigabitEthernet 0/0
10. Exit the data-router configuration m ode:
(config-data)# exit
11. Save the configuration to flash:
# write
Version 6.8 37 Mediant 800B MSBR
Page 38
Mediant 800B MSBR
This page is intentionally left blank.
User's Manual 38 Document #: LTRT-12813
Page 39
User's Manual 6. Enabling Remote Management from WAN
6 Enabling Remote Manageme nt fr o m WA N
This section describes how to configure remote d evice management from the WAN.
6.1 Remote Web-based (HTTP/S) Management
This procedure describes how to enable remote Web-based management (HTTP/S) from
the WAN.
To enable remote Web (HTTP/S) management from WAN:
CLI:
1. Access the System configuration mode:
# configure system
2. Enable HTTP management from the WAN:
<config-system># web
<web># wan-http on
3. Reset the device with a burn to flash:
<web># do reload now
Web:
1. Open the WEB Security Settings page (Configuration tab > System menu >
Management > Web Security Settings).
Table 6-1: Enabling Web Management from WAN
Figure 6-1: Defining WAN HTTP Port
2. From the 'Allow WAN access to HTTPS’ or 'Allow WAN access to HTTP' drop-
down list, select Enable.
3. Click Submit, and then reset the device with a flash burn for your settings to take
effect.
Version 6.8 39 Mediant 800B MSBR
Page 40
Mediant 800B MSBR
6.2 Remote Telnet-based Management
This procedure describes how to enable remote Telnet-based management from the WAN.
To enable remote Telnet management from WAN:
CLI:
1. Access the System configuration mode:
# configure system
2. Type the following command:
<config-system># cli-terminal
3. Enable Telnet:
<cli-terminal># telnet
4. Enable Telnet from WAN:
<cli-terminal># wan-telnet-allow on
5. Reset the device with a burn to flash:
<cli-terminal># do reload now
Web:
1. Open the Telnet/SSH Settings page (Configuration tab > System menu >
Management > Telnet/SSH Settings).
Table 6-2: Enabling Telnet Management from WAN
Figure 6-2: Telnet Settings on Telnet/SSH Settings Page
2. From the 'Embedded Telnet Server' drop-down list, select Enable Secured.
3. From the 'Allow WAN access to Telnet' drop-down list, select Enable.
4. Click Submit.
5. Save your settings with a flash burn.
User's Manual 40 Document #: LTRT-12813
Page 41
Management Tools
Part II
Page 42
Page 43
User's Manual 7. Introduction
7 Introduction
This part provides an overview of the various management tools that can be used to
configure the device. It also provides step-by-step procedures on how to configure these
management tools.
The device provides the following management tools:
Embedded HTTP/S-based Web server - see ''Web-based Management'' on page 45
Command Line Interface (CLI) - see ''CLI-Based Management'' on page 75
Simple Network Management Protocol (SNMP) - see ''SNMP-Based Management'' on
87
page
TR-069 - see TR-069 Based Management on page 93
Configuration ini file - see ''INI File-Based Management'' on page 101
Notes:
• Some configuration settings can only be done using a specific management tool.
For example, some configuration can only be done using the Configuration ini file
method.
• Throughout this manual, whenever a parameter is mentioned, its corresponding
Web, CLI, and ini file parameter is mentioned. The ini file parameters are enclosed
in square brackets [...].
• For a list and description of all the configuration parameters, see ''Configuration
Parameters Reference'' on page 763.
Version 6.8 43 Mediant 800B MSBR
Page 44
Mediant 800B MSBR
This page is intentionally left blank.
User's Manual 44 Document #: LTRT-12813
Page 45
User's Manual 8. Web-Based Management
8 Web-Based Management
The device provides an embedded Web server (hereafter referred to as Web interface),
supporting fault management, configuration, accounting, performance, and security
(FCAPS), including the following:
Full configuration
Software and configuration upgrades
Loading auxiliary files, for example, the Call Progress Tones file
Real-time, online monitoring of the device, including display of alarm s and their
severity
Performance monitoring of voice calls, data routing, and various traff i c parameters
The Web interface provides a user-friendly, graphical user interface (GUI), which can be
accessed using any standard Web browser (e.g., Microsoft™ Internet Explorer).
Access to the Web interface is controlled by various security mechanisms such as login
user name and password, read-write privileges, and limiting access to specific IP
addresses.
Notes:
• The Web interface allows you to configure most of the device's settings. However,
additional configuration parameters may ex ist that are not available in the Web
interface and which can only be configured using other management tools.
• Some Web interface pages and/or parameter s are available only for certain
hardware configurations or software features. The software features are
determined by the installed Software Licens e Key (see ''Software License Key'' on
page 621).
8.1 Getting Acquainted with the Web Interface
8.1.1 Computer Requirements
This section provides a description of the Web inte rface.
The client computer requires the following to work with the Web interface of the device:
A network connection to the device
One of the following Web browsers:
• Microsoft™ Internet Explorer™ (Version 6.0 and later)
®
• Mozilla Firefox
Recommended screen resolutions: 1024 x 768 pixels, or 1280 x 1024 pixels
(Versions 5 through 9.0)
Note: Your Web browser must be JavaScri pt-enabled to access the Web interface.
Version 6.8 45 Mediant 800B MSBR
Page 46
Mediant 800B MSBR
8.1.2 Accessing the Web Interface
The following procedure describes how to acces s the Web interface.
To access the Web interface:
1. Open a standard Web browser (see ''Computer Requirements'' on page 45).
2. In the Web browser, specify the OAMP IP address of the device (e.g.,
http://10.1.10.10); the Web interface's Login window appears, as shown below:
Figure 8-1: Web Login Screen
3. In the 'Username' and 'Password' fields, enter the case-sensitive, user name and
password respectively.
4. Click Login; the Web interface is accessed, displaying the Home page. For a detailed
description of the Home page, see ''Viewing the Hom e Page'' on page 60.
Notes:
• The default login username and password is "Adm i n". To change the login
credentials, see ''Configuring the Web User Acc ounts'' on page 64.
• If you want the Web browser to remember your password, select the 'Remember
Me' check box and then agree to the browser's prom pt (depending on your
browser) to save the password for future logi ns. On your next login attempt, simply
press the Tab or Enter keys to auto-fill the 'Usernam e' and 'P assword' fields, and
then click Login.
• Depending on your Web browser's settings, a security warning box may be
displayed. The reason for this is that the dev i ce's certificate is not trusted by your
PC. The browser may allow you to install the certificate, thus skipping the warning
box the next time you connect to the device. If you are using Windows Internet
Explorer, click View Certificate, and then Install Certificate. The browser also
warns you if the host name used in the URL is not identical to the one listed in the
certificate. To resolve this, add the IP address and host name (ACL_nnnnnn,
where nnnnnn is the serial number of the device ) to your hosts file, located at
/etc/hosts on UNIX or C:\Windows\System32\Drivers\ETC\hosts on Windows; then
use the host name in the URL (e.g., https://ACL_280152). Below is an example of
a host file:
127.0.0.1 localhost
10.31.4.47 ACL_280152
User's Manual 46 Document #: LTRT-12813
Page 47
User's Manual 8. Web-Based Management
8.1.3 Areas of the GUI
The areas of the Web interface's GUI are shown in the figure below and described in the
subsequent table.
Figure 8-2: Main Areas of the Web Interface GUI
Table 8-1: Description of the Web GUI Areas
Item # Description
1
2
3
AudioCodes company logo.
Product name.
Toolbar, providing frequently required com m and buttons. For more information, see
''Toolbar Description'' on page 48.
4
5
Displays the username of the Web user that is currently logged in.
Navigation bar, providing the following tabs f or accessing various functionalities in
the Navigation tree:
Configuration, Maintenance, and Status & Diagnostics tabs: Access the
configuration menus (see ''Working with Configuration Pages'' on page 51)
Search tab: Enables a search engine for searching configuration parameters (see
''Searching for Configuration Parameter s '' on page 55)
6
Navigation tree, displaying a tree-like structure of elements (configuration menus or
search engine) pertaining to the selected tab on the Navigation bar. For more
information, see ''Navigation Tree'' on page 48.
7
Work pane, displaying the configuration page of the selected menu in the Navigation
tree. This is where configuration is done. For more information, see ''Working with
Configuration Pages'' on page 51.
Version 6.8 47 Mediant 800B MSBR
Page 48
Mediant 800B MSBR
8.1.4 Toolbar Description
The toolbar provides frequently required comm and buttons, described in the table below:
Table 8-2: Description of Toolbar Buttons
Icon Button
Name
Submit
Burn
Device
Actions
Home
Help
Description
Applies parameter settings to the device (se e ''Sav i ng Configuration''
on page 592).
Note: This icon is grayed out when not applicable to the currently
opened page.
Saves parameter settings to flash memo ry (see ''Saving
Configuration'' on page 592).
Opens a drop-down list with frequently needed commands:
Load Configuration File: Opens the Configuration File page for
loading an ini file to the device (see ''Backing Up and Loading
Configuration File'' on page 629).
Save Configuration File: Opens the Configuration File page for
saving the ini file to a folder on your PC (see ''Backing Up and
Loading Configuration File'' on page 629).
Reset: Opens the Maintenance Actions page for performing
various maintenance procedures such as reset ting the device
(see ''Resetting the Device'' on page 589).
Software Upgrade Wizard: Starts the Software Upgrade Wizard
for upgrading the device's software (see ''Sof tware U pgrade
Wizard'' on page 625).
Opens the Home page (see ''Viewing the Home Page'' on page 60).
Opens the Online Help topic of the currently opened configuration
page (see ''Getting Help'' on page 58).
Log off
-
Reset
Logs off a session with the Web interface (see ''Loggi ng Off the Web
Interface'' on page 59).
If you modify a parameter on a page that takes ef fect only after a
device reset, after you click the Submit button, the toolbar displays
"Reset". This is a reminder that you need t o l ater save your settings
to flash memory and reset the device.
8.1.5 Navigation Tree
The Navigation tree is located in the Navigation pane and displays a tree-like structure of
menus pertaining to the selected tab on the Navigation bar. You can drill-down to the
required page item level to open its corresponding page in the Work pane.
The terminology used throughout this manual for referring to the hierarchical structure of
the tree is as follows:
Menu: first level (highest level)
Submenu: second level - contained within a menu
User's Manual 48 Document #: LTRT-12813
Page 49
User's Manual 8. Web-Based Management
Page item: last level (lowest level in a menu) - contained within a menu or submenu
Figure 8-3: Navigating in Hierarchical Menu Tree (Example)
Note: The figure above is used only as an example. The displayed menus depend on
supported features based on the Software License Key installed on your device.
8.1.5.1 Displaying Navigation Tree in Basic and Full View
You can view an expanded or reduced display of the Navigation tree. This affects the
number of displayed menus and submenus in the tree. The expanded view displays all the
menus pertaining to the selected configuration tab; the reduced view displays only
commonly used menus.
To display a reduced menu tree, select the Basic option (default).
Version 6.8 49 Mediant 800B MSBR
Page 50
Mediant 800B MSBR
To display all menus and submenus, select the Advanced option.
Figure 8-4: Basic and Full View Options
Note: After you reset the device, the Web G UI is displayed in Basic view.
8.1.5.2 Showing / Hiding the Navigation Pane
You can hide the Navigation pane to provide more space for elements displayed in the
Work pane. This is especially useful when the Work pane displays a wide table. The arrow
button located below the Navigation bar is used to hide and show the pane.
To hide the Navigation pane, click the left-pointing arrow ; the pane is hidden and
the button is replaced by the right-pointing arrow button.
To show the Navigation pane, click the right-pointing arrow ; the pane is
displayed and the button is replaced by the left-pointing arrow button.
Figure 8-5: Show and Hide Button (Navigation Pane in Hide View)
User's Manual 50 Document #: LTRT-12813
Page 51
User's Manual 8. Web-Based Management
8.1.6 Working with Configuration Pages
The configuration pages contain the parameters for configuring the device and are
8.1.6.1 Accessing Pages
displayed in the Work pane.
The configuration pages are accessed by clicking the required page item in the Navigation
tree.
To open a configuration page:
1. On the Navigation bar, click the required tab (Configuration, Maintenance, or Status
& Diagnostics); the menus pertaining to the selected tab appear in the Navigation
tree.
2. Navigate to the required page item, by performing the following:
• Drill-down using the plus
• Drill-up using the minus
3. Click the required page item; the page opens in the Work p ane.
You can also access previously opened pages by clicking the Web browser's Back button
until you have reached the required page. This is useful if you want to view pages in which
you have performed configurations in the current Web session.
sign to expand the menu and submenus.
sign to collapse the menu and submenus.
Note: Depending on the access level of your Web user account, certain pages may
not be accessible or may be read-only (see ''Configuring Web User Accounts'' on
page 64). If a page is read-only, "Read-Only Mode" is displayed at the bottom of the
page.
8.1.6.2 Viewing Parameters
Some pages allow you to view a reduced or expanded display of parameters. The Web
interface provides two methods for displaying page parameters:
Displaying "basic" and "advanced" parameters - see ''Displaying Basic and Advanced
Parameters'' on page
Displaying parameter groups - see ''Showing / Hiding Parameter Groups'' on page 52
8.1.6.2.1 Displaying Basic and Advanced Parameters
Some pages provide a toggle button that allows you to show and hide parameters. This
button is located on the top-right corner of the page and has two display states:
Advanced Parameter List button with down-pointing arrow: click this button to
display all parameters.
Basic Parameter List button with up-pointing arrow: click this button to show only
common (basic) parameters.
51
Version 6.8 51 Mediant 800B MSBR
Page 52
Mediant 800B MSBR
The figure below shows an example of a page displaying basic parameters only. If you
click the Advanced Parameter List button (shown below), the page will also display the
advanced parameters.
Figure 8-6: Toggling between Basic and Advanced View
Notes:
• When the Navigation tree is in Advanced display mo de (see ''Navigation Tree'' on
page 48), configuration pages display all their parameters.
• If you reset the device, the Web pages display only the basic parameters.
• The basic parameters are displayed in a different background color to the
advanced parameters.
8.1.6.2.2 Showing / Hiding Parameter Groups
Some pages group parameters under sections, which can be hidden or shown. To toggle
between hiding and showing a group, simply click the group title name that appears above
each group. The button appears with a down-pointing or up-pointing arrow, indicating that it
can be collapsed or expanded when clicked, respectively.
Figure 8-7: Expanding and Collapsing Parameter Groups
User's Manual 52 Document #: LTRT-12813
Page 53
User's Manual 8. Web-Based Management
8.1.6.3 Modifying and Saving Parameters
When you modify a parameter value on a page, the Edit icon appears to the right of the
parameter. This indicates that the parameter has been modified, but has yet to be applied
(submitted). After you click Submit the
Figure 8-8: Edit Symbol after Modifying Parameter Value
icon disappears.
To save configuration changes on a page to the device's volatile memory
(RAM):
On the toolbar, click the Submit button.
At the bottom of the page, click the Submit button.
When you click Submit, modifications to parameters with on-the-fly capabilities are
immediately applied to the device and take effect. Parameters displayed on the page with
the lightning
''Resetting the Device'' on page 589.
Note: Parameters saved to the volatile memory (by clicking Submit), revert to their
previous settings after a hardware or software reset, or if the device is powered down.
Thus, to ensure parameter changes (whether on-the-fly or not) are retained, save
('burn') them to the device's non-volatile memory, i.e., flash (see ''Saving
Configuration'' on page 592).
icon take effect only after a device reset. For resetting the device, see
Version 6.8 53 Mediant 800B MSBR
Page 54
Mediant 800B MSBR
If you enter an invalid parameter value (e.g., not in the range of permitted values) and then
click Submit, a message box appears notifying you of the invalid value. In addition, the
parameter value reverts to its previous value and is highlighted in red, as shown in the
figure below:
Figure 8-9: Value Reverts to Previous Valid Value
8.1.6.4 Working with Tables
Many of the Web configuration pages provide tables for configuring various functionalities
of the device. The figure below and subsequent table describe the areas of a typical
configuration table:
Figure 8-10: Displayed Details Pane
Table 8-3: Enhanced Table Design Description
Item # Button
1 Add
Adds a new index entry row to the table. When you click this button, a
dialog box appears with parameters for configuring the new entry.
When you have completed configuration, cli ck the Submit button in
the dialog box to add it to the table.
2 Edit
3 Delete
Edits the selected row.
Removes the selected row from the table. When you click this button,
a confirmation box appears requesting you to confirm deletion. Click
Delete to accept deletion.
User's Manual 54 Document #: LTRT-12813
Page 55
User's Manual 8. Web-Based Management
Item # Button
4 Show/Hide
5
6
7
Some tables also provide the Up and Down buttons for changing the position (index
number) of a selected table row. These buttons become available only if the table contains
more than one row.
You can also define the number of rows to display on the page and to navigate between
pages displaying multiple rows. This is done using the page navigation area located below
the table, as shown in the figure below:
Toggles between displaying and hiding the full conf i guration of a
selected row. This configuration is displayed below the table (see Item
#6) and is useful for large tables that cannot display all its columns in
the work pane.
- Selected index row entry for editing, deleting and showing
configuration.
- Displays the full configuration of the selected row when you click the
Show/Hide button.
- Links to access additional configuration tables related to the current
configuration.
Figure 8-11: Viewing Table Rows per Page
Table 8-4: Row Display and Page Navigation
Item # Description
1
Defines the page that you want to view. Enter the required page number or use the
following page navigation buttons:
- Displays the next page
- Displays the last page
- Displays the previous page
- Displays the first page
2
Defines the number of rows to display per page. Y ou can select 5 or 10, where the
default is 10.
3
Displays the currently displayed page number.
8.1.7 Searching for Configuration Parameters
You can locate the exact Web page on which a specific parameter appears, by using the
Search feature. To search for a Web parameter, you must use the ini file parameter name
as the search key. The search key can include the full parameter name (e.g.,
"EnableSyslog") or a substring of it (e.g., "sys"). If you search for a substring, all
parameters containing the specified substring in their names are listed in the search result.
Version 6.8 55 Mediant 800B MSBR
Page 56
Mediant 800B MSBR
To search for a parameter:
1. On the Navigation bar, click the Search tab; the Search engine appears in the
Navigation pane.
2. In the field alongside the Search button, enter the parameter name or a substring of
the name for which you want to search. If you have done a previous search for such a
parameter, instead of entering the required string, you can use the 'Search History'
drop-down list to select the string saved f rom a previous search.
3. Click Search; a list of found parameters based on your search key appears in the
Navigation pane. Each searched result displays the following:
• ini file parameter name
• Link (in green) to the Web page on which the param eter appears
• Brief description of the parameter
• Menu navigation path to the Web page on which the parameter appears
4. In the searched list, click the required parameter (green link) to open the page on
which the parameter appears; the relevant page opens in the Work pane and the
searched parameter is highlighted in the page for easy identification, as shown in the
figure below:
Figure 8-12: Searched Result Screen
Table 8-5: Search Description
Item # Description
1
Search field for entering search key and Search butt on for activating the search
process.
2
3
Search results listed in Navigation pane.
Found parameter, highlighted on relevant Web page
User's Manual 56 Document #: LTRT-12813
Page 57
User's Manual 8. Web-Based Management
8.1.8 Creating a Login Welcome Message
You can create a Welcome message box that is displayed on the Web Login page. The
figure below displays an example of a Welcome me ss age:
Figure 8-13: User-Defined Web Welcome Message after Login
To enable and create a Welcome message, use the WelcomeMessage table ini file
parameter, as described in the table below. If this parameter is not configured, no Welcome
message is displayed.
Parameter Description
[WelcomeMessage]
Table 8-6: ini File Parameter for Welcome Login Message
Enables and defines a Welcome message that appe ars on the Web Login
page for logging in to the Web interface.
The format of this parameter is as follows:
[WelcomeMessage]
FORMAT WelcomeMessage_Index = WelcomeMessage_Text;
[\WelcomeMessage]
For Example:
[WelcomeMessage ]
FORMAT WelcomeMessage_Index = WelcomeMessage_Text;
WelcomeMessage 1 = "*********************************";
WelcomeMessage 2 = "********* This is a Welc om e m essage **";
WelcomeMessage 3 = "*********************************";
[\WelcomeMessage]
Each index row represents a line of text in the Welcome message box. Up
to 20 lines (or rows) of text can be defined.
Version 6.8 57 Mediant 800B MSBR
Page 58
Mediant 800B MSBR
8.1.9 Getting Help
The Web interface provides you with context-sensitive Online Help. The Online Help
provides brief descriptions of parameter s pert aining to the currently opened page.
To view the Help topic of a currently opened page:
1. On the toolbar, click the Help
button; the Help topic pertaining to the opened
page appears, as shown below:
Figure 8-14: Help Topic for Current Page
2. To view a description of a parameter, click the plus
To collapse the description, click the minus
3. To close the Help topic, click the close
sign.
button located on the top-right corner of
the Help topic window or simply click the Help
sign to expand the parameter.
button.
Note: Instead of clicking the Help button for each page you open, you can open it
once for a page and then simply leave it open. Each time you open a different page,
the Help topic pertaining to that page is automatically displayed.
User's Manual 58 Document #: LTRT-12813
Page 59
User's Manual 8. Web-Based Management
8.1.10 Logging Off the Web Interface
The following procedure describes how to log of f the Web interface.
To log off the Web interface:
1. On the toolbar, click the Log Off
icon; the following confirmation message box
appears:
Figure 8-15: Log Off Confirmation Box
2. Click OK; you are logged off the Web session and the Web Login dialog box appears
enabling you to re-login, if required.
Version 6.8 59 Mediant 800B MSBR
Page 60
Mediant 800B MSBR
8.2 Viewing the Home Page
The Home page is displayed when you access the device's Web interface. The Home page
provides you with a graphical display of the device's front panel, showing color-coded
status icons for various operations device.
To access the Home page:
On the toolbar, click the Home icon.
Note: The displayed number and type of telephony interfaces, LAN interfaces and
WAN interfaces depends on the ordered hardware configuration.
In addition to the color-coded status information depicted on the graphical display of the
device, the Home page displays various read-only information in the General Information
pane:
IP Address: IP address of the device
Subnet Mask: Subnet mask address of the device
Default Gateway Address: Default gateway used by the device
Digital Port Number: Number of digital PRI ports (depending on ordered hardware
configuration)
BRI Port Number: Number of BRI ports (depending on ordered hardware
configuration))
Analog Port Number: Number of analog (FXS and FXO) ports (depending on ordered
hardware configuration)
Firmware Version: Software version running on the device
Protocol Type: Signaling protocol currently used by the device (i.e. SIP)
Gateway Operational State:
• "LOCKED": device is locked (i.e. no new calls are acc epted)
• "UNLOCKED": device is not locked
• "SHUTTING DOWN": device is currently shut ting down
To perform these operations, see ''Basic Maintena nce'' on page 589.
User's Manual 60 Document #: LTRT-12813
Page 61
User's Manual 8. Web-Based Management
The table below describes the areas of the Home page.
Table 8-7: Home Page Description
Item # Description
1 Displays the highest severity of an active alarm raised (if any) by the device:
Green = No alarms
Red = Critical alarm
Orange = Major alarm
Yellow = Minor alarm
To view active alarms, click the Alarms area to open t he A ct i ve Alarms page (see
Viewing Active Alarms on page 665).
2 Module slot number.
3 Module interface type (e.g., FXS, FX O, and DIGI T A L).
4 Module status icon:
(green): Module has been inserted or is corre ct ly configured
(gray): Module was removed and "Reserved" i s displayed
(red): Module failure and "Failure" is displayed
5 Port (trunk or channel) status icon.
Icon Trunk Description
(Digital Module)
(gray)
(green)
(yellow)
Disable: Trunk not
configured (not in use)
Active - OK: Trunk
synchronized
RAI Alarm: Remote Alarm
Indication (RAI), also known
as the Yellow Alarm
(red)
LOS/LOF Alarm: Loss due to
LOS (Loss of Signal) or LOF
(Loss of Frame)
(blue)
AIS Alarm: Alarm Indication
Signal (AIS), also known as
the Blue Alarm
Channel Description
(Analog Modules)
Idle: Channel is currently on-hook
Call Connected: Active RTP stream
-
Not Connected: No FXO line is
connected to this port or port out of
service due to Serial Peripheral
Interface (SPI) failure (applicable
only to FXO interfaces)
Handset Offhook: Channel is offhook, but there is no active RTP
session
(orange)
D-Channel Alarm: D-channel
alarm
NFAS Alarm -
-
(dark orange)
Version 6.8 61 Mediant 800B MSBR
Page 62
Mediant 800B MSBR
Item # Description
If you click a port, a short cut menu appears with commands allowing you to do the
following:
Reset channel (Analog ports only): Resets the analog port (see Resetting an
Analog Channel on page 595)
Port Settings: Displays trunk status (see ''Viewing Trunk and Channel Status'' on
page 677) and analog port status (see ''Viewing Analog Port Information'' on page
679)
Update Port Info: Assigns a name to the port (see ''Assigning a Port Name'' on
page 63)
6 USB port for 3G cellular WAN modem for prima ry or backup WAN:
Gray - USB 3G cellular modem is not configured.
Blue - USB 3G cellular modem is in standby mode (backup mode).
Green - USB 3G cellular modem is active.
Red - USB 3G cellular modem is not active
7 WAN port status icons:
(green): Link is working
(gray): Link is not configured
(red): Link error
Depending on ordered hardware configuration, the WAN port can be Gigabit Ethernet
copper, SHDSL, or ADSL2+ / VDSL2:
Gigabit Ethernet SHDSL ADSL2+ / VDSL2
One Port
One Port
Four Ports
8 Gigabit Ethernet LAN port status icons:
(green): Link is working
(gray): Link is not configured
(red): Link error
To view detailed port information, click t he port i con (see Viewing Ethernet Port
Information on page 662).
9 Fast Ethernet LAN port status icons. See I tem 8 for a description.
8 & 9 Power-over-Ethernet status for LAN ports:
(gray with dark gray frame): Link is not conne ct ed
(green with dark gray frame): Ethernet delivered
(gray with orange frame): Power delivered
(green with orange frame): Ethernet and powe r del i vered
User's Manual 62 Document #: LTRT-12813
Page 63
User's Manual 8. Web-Based Management
8.2.1 Assigning a Port Name
You can configure an arbitrary name or a brief description for each telephony port
displayed on the Home page. This description is displayed as a tooltip when you hover
your mouse over the port.
Note: Only alphanumerical characters can be used in the port description.
To add a port description:
1. Open the Home page.
2. Click the required port icon; a shortcut menu appears:
3. From the shortcut menu, choose Update Port Info; a text box appears:
Figure 8-16: Text Box for Entering Port Name
4. Type a brief description for the port, and then click Apply Port Info.
Version 6.8 63 Mediant 800B MSBR
Page 64
Mediant 800B MSBR
8.3 Configuring Web User Accounts
Web user accounts define users for the Web interface and CLI. User accounts permit login
access to these interfaces as well as different levels of read and write privileges. Thus,
user accounts prevent unauthorized access to these interfaces, permitting access only to
users with correct credentials (i.e., username and password).
Each user account is based on the following:
Username and password: Credentials that enable authorized login ac cess to the
Web interface.
User level (user type): Access privileges specifying what the user can view in the
Web interface and its read/write privileges. The t abl e below describes the different
types of Web user account access levels:
Table 8-8: Web User Access Levels and Privileges
Numeric
User Level
Representation in
RADIUS
Privileges
Security
Administrator
Master
Administrator
Monitor
No Access
By default, the device is pre-configured with the following two Web user accounts:
User Access Level Username
200 Read / writ e privileges for all pages. It can create all user
220 Read / writ e privileges for all pages. Can create all user
100 Read / writ e privileges for all pages, except security-
50 No access to security-related and file-loading pages;
0 No access to any page.
Table 8-9: Pre-configured Web User Accounts
(Case-Sensitive)
types and is the only one that can create the first M aster
user.
Note: At least one Security Administrator user must exits.
types, including additional Master users and Security
Administrators. It can delete all users except the last
Security Administrator.
related pages (read-only).
read-only access to all other pages.
Note: This access level is not applicable when using
advanced Web user account configuration in the Web
Users table.
Password
(Case-Sensitive)
Security Administrator
Monitor
After you log in to the Web interface, the username is displayed on the toolbar.
If the Web session is idle (i.e., no actions are performed) for more than five minutes, the
Web session expires and you are once again requested to login with your username and
password. Users can be blocked for a period of time upon a user-defined number of
unsuccessful login attempts. Login information (such as how many login attempts were
made and the last successful login time) can b e presented to the user.
User's Manual 64 Document #: LTRT-12813
Admin Admin
User User
Page 65
User's Manual 8. Web-Based Management
To prevent user access after a specific number of failed logins:
1. From the 'Deny Access On Fail Count' drop-down list, select the number of failed
logins after which the user is prevented access to the device for a user-defined time
(see next step).
2. In the 'Deny Authentication Timer' field, enter the interval (in seconds) that the user
needs to wait before a new login attempt from the same IP address can be done after
reaching the number of failed login attempts (d efined in the previous step).
Notes:
• For security, it's recommended that you change the default username and
password of the pre-configured users (i.e., Security Administrator and Monitor
users).
• The Security Administrator user can change all attributes of all Web user
accounts. Web users with access levels other than Security Administrator can
change only their username and password.
• To restore the two Web user accounts to default set tings (usernames and
passwords), set the ini file parameter ResetWebPassword to 1.
• To log in to the Web interface with a different W eb user, click the Log off button
and then login with with a different username and password.
• You can set the entire Web interface to read-only (re gardless of Web user access
levels), by using the ini file parameter DisableWebConfig (see ''Web and Telnet
Parameters'' on page 763).
• You can define additional Web user accounts usin g a RADIUS server (see
''RADIUS Authentication'' on page 206).
8.3.1 Basic User Accounts Configuration
This section describes basic Web user account configuration. This is relevant only if the
two default, pre-configured Web user accounts--Security Administrator ("Admin") and
Monitor ("User")--are sufficient for your manag em ent scheme.
The Web user account parameters that can be modified depends on the access level of the
currently logged-in Web user:
Table 8-10: Allowed Modifications per Web User Level
Logged-in User Web User Level Allowed Modifications
Security
Administrator
Monitor
Notes:
• The username and password can be a string of up to 19 characters and are case-
• When only the basic user accounts are being used, up to two users can be
(Default) Security Administrator Username and password
Monitor Username, password, and access level
(Default) Security Administrator None
Monitor Username and password
sensitive.
concurrently logged in to the Web interface, and they can be the same user.
Version 6.8 65 Mediant 800B MSBR
Page 66
Mediant 800B MSBR
To configure the two pre-configured Web user accounts:
1. Open the Web User Accounts page (Configuration tab > System menu > Web User
Accounts). If you are logged in as Security Administrator, both Web user accounts
are displayed (as shown below). If you are logged in with the second user account,
only the details of this user account are display ed.
Figure 8-17: WEB User Accounts Page (for Users with 'Security Administrator' Privileges)
2. To change the username of an account:
a. In the 'User Name' field, enter the new user name.
b. Click Change User Name; if you are currently logged in to the Web interface with
this account, the 'Web Login' dialog box appears.
c. Log in with your new user name.
3. To change the password of an account:
a. In the 'Current Password' field, enter the current password.
b. In the 'New Password' and 'Confirm New Password' fields, enter the new
password.
c. Click Change Password; if you are currently logged in to the Web interface with
this account, the 'Web Login' dialog box appear s.
d. Log in with your new password.
4. To change the access level of the optional, second account:
a. Under the Account Data for User: User group, from the 'Access Level' drop-
down list, select a new access level user.
b. Click Change Access Level; the new access level is appl i ed i m mediately.
User's Manual 66 Document #: LTRT-12813
Page 67
User's Manual 8. Web-Based Management
8.3.2 Advanced User Accounts Configuration
The Web Users table lets you configure advanced Web user accounts. This configuration
is relevant only if you need the following manag em ent schemes:
Enhanced security settings per Web user (e.g., limit session duration)
More than two Web user accounts (up to 10 Web user accounts)
Master users
Notes:
• Only the Security Administrator user can initially access the Web Users table.
Admin users have read-only privileges in the Web Users table. Monitor users have
no access to this table.
• Only Security Administrator and Master users can add, edit, or delete users.
• For advanced user accounts, up to five users can be concurrently logged in to the
Web interface, and they can be the same user.
• If you delete a user who is currently in an active Web session, the user is
immediately logged off by the device.
• All user types can change their own passwords. This is done in the WEB Security
The following procedure describes how to configure Web users in the Web interface. You
can also configure this using the CLI command web-users.
Settings page (see ''Configuring Web Security Settings'' on page 71).
• To remove the Web Users table and revert to the Web User Accounts page with
the pre-configured, default Web user accounts, set the ResetWebPassword ini file
parameter to 1. This also deletes all other Web users.
• Once the Web Users table is accessed, Monitor users and Admin users can
change only their passwords in the Web Security S ettings page (see ''Configuring
Web Security Settings'' on page 71). The new password must have at least four
different characters than the previous passwo rd. (The Security Administrator users
and Master users can change their passwords in the Web Users table and in the
Web Security Settings page.)
To add Web user accounts with advanced settings:
1. Open the Web Users Table page:
• Upon initial access:
a. Open the Web User Accounts page (Configuration tab > System menu >
Web User Accounts).
b. Under the Web Users Table group, click the Create Table button.
• Subsequent access: Configuration tab > System menu > Web User Accounts.
The Web Users table appears, listing the two default, pre-configured Web use
accounts - Security Administrator ("Admin") and Monitor ("User"):
Figure 8-18: Web Users Table Page
Version 6.8 67 Mediant 800B MSBR
Page 68
Mediant 800B MSBR
2. Click Add; the following dialog box is displayed:
Figure 8-19: Web Users Table - Add Record Dialog Box
3. Configure a Web user according to the parameters described in the table below.
4. Click Submit, and then save ("burn") your settings t o flash memory.
Table 8-11: Web User Table Parameter Descriptions
Parameter Description
Index Defines an index number for the new table record.
Note: Each table row must be configured wit h a uni que index.
Web: Username
CLI: user-name
Defines the Web user's username.
The valid value is a string of up to 40 alphanumeric characters,
including the period ".", underscore "_", and hyphen "-" signs.
Web: Password
CLI: password
Defines the Web user's password.
The valid value is a string of 8 to 40 ASCII character s, which must
include the following:
At least eight characters
At least two letters that are upper case (e.g., "AA")
At least two letters that are lower case (e.g., "aa")
At least two numbers
At least two signs (e.g., the dollar "$" sign)
No spaces in the string
At least four characters different to the previous password
User's Manual 68 Document #: LTRT-12813
Page 69
User's Manual 8. Web-Based Management
defined number of failed login attempts. Thi s i s
Parameter Description
Web: Status
CLI: status
Defines the status of the Web user.
New = (Default) User is required to change its password on the next
login. When the user logs in to the Web interfac e, the user is
immediately prompted to change the current password.
Valid = User can log in to the Web interface as normal.
Failed Access = This state is automatically set for users that exceed
a user-defined number of failed login attempts, set by the 'Deny
Access on Fail Count' parameter (see ''Configuring Web Security
Settings'' on page 71). These users can log in only after a userdefined timeout configured by the 'Block Durat ion' parameter (see
below) or if their status is changed (to New or Valid) by a System
Administrator or Master.
Old Account = This state is automatically set for users that have not
accessed the Web interface for a user-defined number of days, set
by the 'User Inactivity Timer' (see ''Configuring We b Security
Settings'' on page 71). These users can only log in to the Web
interface if their status is changed (to New or Val id) by a System
Administrator or Master.
Notes:
The Old Account status is applicable only to Admin and Monitor
users; System Administrator and Master users can be inactive
indefinitely.
For security, it is recommended to set the status of a newly added
user to New in order to enforce password change.
Web: Password Age
CLI: pw-age-interval
Web: Session Limit
CLI: session-limit
Web: Session Timeout
CLI: session-timeout
Web: Block Duration
CLI: block-time
Defines the duration (in days) of the validity of the password. When this
duration elapses, the user is prompted to cha nge the password;
otherwise, access to the Web interface is blo ck ed.
The valid value is 0 to 10000, where 0 means that the password is
always valid. The default is 90.
Defines the maximum number of Web interf ace sessions allowed for
the user. In other words, this allows the s am e user account to log in to
the device from different sources (i.e., IP addre sses).
The valid value is 0 to 5. The default is 2.
Note: Up to 5 users can be concurrently logged in to the Web int erface.
Defines the duration (in minutes) of Web inact i vity of a logged-in user,
after which the user is automatically logged off the Web interface.
The valid value is 0 to 100000. The default value is according to the
settings of the 'Session Timeout' global parameter (see ''Configuring
Web Security Settings'' on page 71).
Defines the duration (in seconds) for wh i ch t he user is blocked when
the user exceeds a userconfigured by the 'Deny Access On Fail Count' parameter (see
''Configuring Web Security Settings'' on page
71).
The valid value is 0 to 100000, where 0 means that the user can do as
many login failures without getting blocked. T he default is according to
the settings of the 'Deny Authentication T im er' parameter (see
''Configuring Web Security Settings'' on page 71).
Note: The 'Deny Authentication Timer' parameter relates to failed Web
logins from specific IP addresses.
Version 6.8 69 Mediant 800B MSBR
Page 70
Mediant 800B MSBR
Master = Read/write privileges for all pa ges. T his user also functions
Parameter Description
Web: User Level
CLI: user-level
Defines the user's access level.
Monitor = (Default) Read-only user. This user can only view Web
pages and access to security-related pages is deni ed.
Administrator = Read/write privileges for all pages, except security-
related pages including the Web Users table w here this user has
only read-only privileges.
Security Administrator = Read/write privileges for all pages. This
user is the Security Administrator.
as a security administrator.
Notes:
At least one Security Administrator must exist. The last remaining
Security Administrator cannot be deleted.
The first Master user can be added only by a Security Administrator
user.
Additional Master users can be added, edited and deleted only by
Master users.
If only one Master user exists, it can be deleted only by itself.
Master users can add, edit, and delete Security Administrators (but
cannot delete the last Security Administrat or).
Only Security Administrator and Master users can add, edit, and
delete Administrator and Monitor users.
8.4 Displaying Login Information upon Login
The device can display login information im m edi ately upon Web login.
To enable display of user login information upon a successful login:
1. Open the WEB Security Settings page (Configuration tab > System menu >
Management > WEB Security Settings).
2. From the 'Display Login Information' drop-down list, select Yes.
3. Click Submit.
Once enabled, the Login Information window is displayed upon a successful login, as
shown in the example below:
Figure 8-20: Login Information Window
User's Manual 70 Document #: LTRT-12813
Page 71
User's Manual 8. Web-Based Management
8.5 Configuring Web Security Settings
The WEB Security Settings page is used to configure security for the device's Web
interface.
By default, the device accepts HTTP and HTTPS access. However, you can enforce
secure Web access communication method by configuring the device to accept only
HTTPS.
For a description of these parameters, see ''Web and T el net Parameters'' on page 763.
To define Web access security:
1. Open the WEB Security Settings page (Configuration tab > System menu >
Management > WEB Security Settings).
Figure 8-21: Web Security Settings Page
2. Set the 'Secured Web Connection (HTTPS)' parameter to HTTPS Only.
3. Configure the parameters as required.
4. Click Submit.
5. To save the changes to flash memory, see ''Saving Configuration'' on page 592.
Version 6.8 71 Mediant 800B MSBR
Page 72
Mediant 800B MSBR
8.6 Limiting OAMP Access to a Specific WAN Interface
You can limit the access of OAMP applications (such as HTTP, HTTPS, Telnet, and SSH)
to a specific WAN interface. This OAMP-interface binding can then be associated with a
Virtual Routing and Forwarding (VRF).
To limit OAMP access on a specific WAN interface, using CLI.
1. Enable WAN management access for specific OAMP applications, using any of the
following commands:
(config-system)# cli-terminal
(cli-terminal)# wan-ssh-allow | wan-telnet-allow | wan-snmp-
allow | wan-http-allow | wan-https-allow
2. Define the WAN interface for the OAMP applications, using the
OAMPWanInterfaceName ini file parame ter or the following CLI command:
(config-system)# bind interface <interface> <slot/port.vlanId>
oamp
(config-system)# bind vlan <vlanId> oamp
The following example enables WAN access for Telnet on interface GigabitEthernet 0/0.4
(GigabitEthernet 0/0.4 may be associated with a VRF):
(config-system)# cli-terminal
(cli-terminal)# wan-telnet-allow on
(cli-terminal)# exit
(config-system)# bind interface GigabitEthernet 0/0.5 oamp
To define the WAN OAMP interface using the Web interface:
1. Open the WEB Security Settings page (see ''Configuring Web Security Settings'' on
page 71).
2. From the 'WAN OAMP Interface' drop-down list, select the required WAN interface.
3. Click Submit.
8.7 Web Login Authentication using Smart Cards
You can enable Web login authentication using certificates from a third-party, common
access card (CAC) with user identification. When a user attempts to access the device
through the Web browser (HTTPS), the device retrieves the Web user’s login username
(and other information, if required) from the CAC. The user attempting to access the device
is only required to provide the login password. Typically, a TLS connection is established
between the CAC and the device’s Web interface, and a RADIUS server is implemented to
authenticate the password with the username. Therefore, this feature implements a twofactor authentication - what the user has (i.e., the physical card) and what the user knows
(i.e., the login password).
This feature is enabled using the EnableMgmtTwoFactorAuthentication parameter.
Note: For specific integration requirements for implementing a third-party smart card
for Web login authentication, contact your A udi oCodes representative.
User's Manual 72 Document #: LTRT-12813
Page 73
User's Manual 8. Web-Based Management
To log in to the Web interface using CAC:
1. Insert the Common Access Card into the card reader.
2. Access the device using the following URL: https://<host name or IP address>; the
device prompts for a username and password.
3. Enter the password only. As some browsers require that the username be provided,
it’s recommended to enter the username with an ar bitrary value.
8.8 Configuring Web and Telnet Access List
The Web & Telnet Access List page is used to define IP addresses (up to ten) that are
permitted to access the device's Web, Telnet, and SSH interfaces. Access from an
undefined IP address is denied. If no IP addresses are defined, this security feature is
inactive and the device can be accessed from any IP address. The Web and Telnet Access
List can also be defined using the ini file parameter WebAccessList_x (see ''Web and
Telnet Parameters'' on page 763).
To add authorized IP addresses for Web, Telnet, and SSH interfaces access:
1. Open the Web & Telnet Access List page (Configuration tab > System menu >
Management > Web & Telnet Access List).
Figure 8-22: Web & Telnet Access List Page - Add New Entry
2. To add an authorized IP address, in the 'Add an authorized IP address' field, enter the
required IP address, and then click Add New Entry; the IP address you entered is
added as a new entry to the Web & Telnet Access Lis t table.
Figure 8-23: Web & Telnet Access List Table
Version 6.8 73 Mediant 800B MSBR
Page 74
Mediant 800B MSBR
3. To delete authorized IP addresses, select the Delete Row check boxes corresponding
to the IP addresses that you want to delete, and then click Delete Selected
Addresses; the IP addresses are removed from the table and these IP addresses can
no longer access the Web and Telnet interfaces.
4. To save the changes to flash memory, see ''Saving Configuration'' on page 592.
Notes:
• The first authorized IP address in the list must be your PC's (terminal) IP address;
otherwise, access from your PC is denied.
• Delete your PC's IP address last from the 'Web & Tel net Access List page. If it is
deleted before the last, subsequent acces s t o the device from your PC is denied.
User's Manual 74 Document #: LTRT-12813
Page 75
User's Manual 9. CLI-Based Management
9 CLI-Based Management
This chapter provides an overview of the CLI-based management and provides
configuration relating to CLI management.
Notes:
• For security, CLI is disabled by default.
• For a description of the CLI commands, ref er to the CLI Reference Guide.
9.1 Getting Familiar with CLI
This section describes the basic structure of the device's CLI, which you may need to know
9.1.1 Understanding Configuration Modes
before configuring the device through CLI.
Before you begin your CLI session, you should familiarize yourself with the CLI command
modes. Each command mode provides different levels of access to commands, as
described below:
Basic command mode: This is the initial mode that is accessed upon a successful
CLI login authentication. Any user level can access this mode and thus, the
commands supported by this command tier are lim i ted, as is interaction with the
device itself. This mode allows you to view v ari ous information (using the show
commands) and activate various debugging capabi li ties.
Welcome to AudioCodes CLI
Username: Admin
Password:
>
The Basic mode prompt is ">".
Enable command mode: This mode is the high-level tier in the command hierarchy,
one step up from the Basic Mode. A password ("Admin", by default) is required to
access this mode after you have accessed the Basic mode. This mode allows you to
configure all the device's settings. The E nable m ode is accessed by typing the
following commands:
> enable
Password: <Enable mode password>
#
The Enable mode prompt is "#".
Notes:
The enable command and subsequent password prompt is required only for users
with Administrator or Monitor access levels; S ecurity Administrator and Master
access levels automatically enter Enable m ode upon initial login. For configuring
user access levels, see ''Configuring Web User Accounts'' on page 64.
The default password for accessing the Enable mode is "Admin" (case-sensitive).
To change this password, use the CLIPrivPass ini f i le parameter.
Version 6.8 75 Mediant 800B MSBR
Page 76
Mediant 800B MSBR
automatically completes the command, displays it on the command prompt
(config)# logging host 10.1.1.1 ?
The Enable mode groups the configuration comm ands under the following command
sets:
• config-system: Provides the general and system related configuration
commands, for example, Syslog configurati on. This set is accessed by typing the
following command:
# configure system
(config-system)#
• config-voip: Provides the VoIP-related configuration commands, for example,
SIP and media parameters, and VoIP network int erf ace configuration. This set is
accessed by typing the following command:
# configure voip
(config-voip)#
• configure-data: Provides the data-router related config uration comm and s. This
set is accessed by typing the following command:
# configure data
(config-data)#
9.1.2 Using CLI Shortcuts
The CLI provides several editing shortcut keys to help you configure your device more
easily, as listed in the table below.
Table 9-1: CLI Editing Shortcut keys
Shortcut Key Description
Up arrow key Retypes the previously entered c om m and. Continuing to press the Up
arrow key cycles through all commands entered, st arting with the most
recent command.
<Tab> key Pressing the <Tab> key after entering a part i al (but unique) command
line, and waits for further input.
Pressing the <Tab> key after entering a part i al and not unique command
displays all completing options.
? (question mark)
Displays a list of all subcommands in the current mode, for example:
(config-voip)# voip-network ?
dns Enter voip-network dns
ip-group IP Group table
nat-translation NATTranslationtable
...
Displays a list of available commands beginnin g with certain letter(s),
for example:
(config)# voip-network d?
dns Enter voip-network dns
Displays syntax help for a specific command by entering the command,
a space, and then a question mark (?). This includes the range of valid
values and a brief description of the next parameter expected for that
particular command. For example:
(config)# voip-network dns srv2ip ?
[0-9] index
If a command can be invoked (i.e., all its argument s have been entered),
the question mark at its end displays "<cr>" to indicate that a carriage
return (Enter) can now be entered to run the command, for example:
User's Manual 76 Document #: LTRT-12813
Page 77
User's Manual 9. CLI-Based Management
<cr>
auto finish
You need only enter enough letters to identify a command as unique. For
not necessary.
Space Bar at the --More-
Displays the next screen of output. You can config ure the size of the
CLI Terminal Window'' on page 84.
(conf-if-VLAN 1)# do show interfaces GigabitEthernet 0/0
# no debug log
by an asterisk (*) before the command prompt.
(session closed)
Shortcut Key Description
<Ctrl + A> Moves the cursor to the beginning of the command line.
<Ctrl + E> Moves the cursor to the end of the command line.
<Ctrl + U> Deletes all the characters on the command line.
example, entering "int G 0/0" at the configuration prompt provides you
access to the configuration parameters for the specified Gigabit-Ethernet
interface. Entering "interface GigabitEthernet 0/0" would work as well, but is
-prompt
displayed output, as described in ''Configurin g Displayed Output Lines in
9.1.3 Common CLI Commands
The following table contains descriptions of common CLI commands.
Table 9-2: Common CLI Commands
Command Description
do
no
activate
Provides a way to execute commands in other command sets without taking the
time to exit the current command set. The foll owing example shows the do
command, used to view the GigabitEthernet interf ace configuration while in the
virtual-LAN interface command set:
(config)# interface vlan 1
Undoes an issued command or disables a featur e. Enter no before the
command:
Activates a command. When you enter a configurat i on command in the CLI, the
command is not applied until you enter the activate and exit commands.
Note: Offline configuration changes require a reset of the devi ce. A reset can be
performed at the end of the configuration changes. A required reset is indicated
exit
Leaves the current command-set and return s one level up. If issued on the top
level, the session ends.
For online parameters, if the configuration was changed and no activate
command was entered, the exit command applies the activate command
automatically. If issued on the top level, the session will end:
(config)# exit
# exit
display
help
history
list
Displays the configuration of current configuration set .
Displays a short help how-to string.
Displays a list of previously run commands.
Displays the available command list of the current command-set.
Version 6.8 77 Mediant 800B MSBR
Page 78
Mediant 800B MSBR
should be typed after the command with
;Serial Number: 2239835;Slot Number: 1
Command Description
| <filter>
Applied to a command output. The filter
a pipe mark (|).
Supported filters:
include <word> – filter (print) lines which contain <word>
exclude <word> – filter lines which does not contain <word>
grep <options> - filter lines according to grep common Unix utility options
egrep <options> - filter lines according to egrep common Unix utility options
begin <word> – filter (print) lines which begins with <word>
between <word1> <word2> – filter (print) lines which are placed between
<word1> and <word2>
count – show the output’s line count
Example:
# show system version | grep Number
9.1.4 Configuring Tables in CLI
Throughout the CLI, many configuration elements are in table format, where each table row
is represented by an index number. When you add a new row to a table, the device
automatically assigns it the next consecutive, available index number. You can also specify
an index number, if required. When you add a new table row, the device accesses the
row's configuration mode.
Table rows are added using the new command:
# <table name> new
For example, if three rows are configured in the Account table (account-0, account-1, and
account-2) and a new entry is subsequently added, account-3 is automatically created and
its configuration mode is accessed:
(config-voip)# sip-definition account new
(account-3)#
You can also add a new table row to any specific index number, even if a row has already
been configured for that index number. The row that was previously assigned that index
number is subsequently incremented to the next index number, as well as all the index
rows listed further down in the table.
To add a new table row to a specific index number, use the insert command:
# <table name> <index> insert
For example, if three rows are configured in the Account table (account-0, account-1, and
account-2) and a new row is subsequently added with index 1, the previous account-1
becomes account-2 and the previous account-2 becomes account-3, and so on. The
following command is run for this example:
(config-voip)# sip-definition account 1 insert
Note: This behavior when inserting table rows is applicable only to tables that do not
have "child" tables (sub-tables).
User's Manual 78 Document #: LTRT-12813
Page 79
User's Manual 9. CLI-Based Management
9.1.5 Understanding CLI Error Messages
The CLI provides feedback on commands by di splaying informative messages:
Failure reason of a run command. The failure message is identical to the notification
failure message sent by Syslog. For example, an invalid Syslog server IP address is
displayed in the CLI as follows:
(logging)# syslog-ip 1111.1.1.1
Parameter 'SyslogServerIP' does NOT accept the IP-Address:
1111.1.1.1, illegal IPAddress.
Configuration failed
Command Failed!
"Invalid command" message: The command may not be valid in the current command
mode, or you may not have entered sufficient characters for the command to be
recognized. Use "?" to determine your error.
"Incomplete command" message: You may not have entered all of the pertinent
information required to make the command v al i d. Use "?" to determine your error.
9.2 Enabling CLI
Access to the device's CLI through Telnet and SSH is disabled by default. This section
describes how to enable these protocols.
9.2.1 Enabling Telnet for CLI
The following procedure describes how to enable Telnet. You can enable a secured Telnet
that uses Secure Socket Layer (SSL) where information is not transmitted in the clear. If
SSL is used, a special Telnet client is required on your PC to connect to the Telnet
interface over a secured connection; examples include C-Kermit for UNIX and Kermit-95
for Windows.
For security, some organizations require the display of a proprietary notice upon starting a
Telnet session. You can use the configuration ini file parameter, WelcomeMessage to
configure such a message (see ''Creating a Login Welcome Message'' on page 57).
To enable Telnet:
1. Open the Telnet/SSH Settings page (Configuration tab > System menu >
Management > Telnet/SSH Settings).
Figure 9-1: Telnet Settings on Telnet/SSH Settings Page
2. Set the ‘Embedded Telnet Server’ parameter to Enable Unsecured or Enable
Secured (i.e, SSL).
3. To enable Telnet from the WAN, set the 'Allow WAN access to Telnet' parameter to
Enable.
4. Configure the other Tenet parameters as required. For a description of these
parameters, see ''Telnet Parameters'' on page 767.
5. Click Submit, and then reset the device with a burn-to-flash for your settings to take
effect.
Version 6.8 79 Mediant 800B MSBR
Page 80
Mediant 800B MSBR
9.2.2 Enabling SSH with RSA Public Key for CLI
Unless configured for TLS, Telnet is not secure as it requires passwords to be transmitted
in clear text. To overcome this, Secure SHell (SSH) is used, which is the de-facto standar d
for secure CLI. SSH 2.0 is a protocol built above TCP, providing methods for key
exchange, authentication, encryption, and authorization.
SSH requires appropriate client software for the management PC. Most Linux distributions
have OpenSSH pre-installed; Windows-based PCs require an SSH client software such as
PuTTY, which can be downloaded from
http://www.chiark.greenend.org.uk/~sgtatham/putty/.
By default, SSH uses the same username and password as the Telnet and Web server.
SSH supports 1024/2048-bit RSA public keys, providing carrier-grade security. Fo llow the
instructions below to configure the device with an administrator RSA key as a means of
strong authentication.
To enable SSH and configure RSA public keys for Windows (using PuTTY SSH
software):
1. Start the PuTTY Key Generator program, and then do the following:
a. Under the 'Parameters' group, do the following:
♦ Select the SSH-2 RSA option.
♦ In the 'Number of bits in a generated ke y' field, enter "1024" bits.
b. Under the 'Actions' group, click Generate and then follow the on-screen
instructions.
c. Under the 'Actions' group, click Save private key to save the new private key to a
file (*.ppk) on your PC.
d. Under the 'Key' group, select the displayed encoded text between "ssh-rsa" and
"rsa-key-….", as shown in the example below:
Figure 9-2: Selecting Public RSA Key in PuTTY
2. Open the Telnet/SSH Settings page (Configuration tab > System menu >
Management > Telnet/SSH Settings), and then do the following:
a. Set the 'Enable SSH Server' parameter to Enable.
User's Manual 80 Document #: LTRT-12813
Page 81
User's Manual 9. CLI-Based Management
b. Paste the public key that you copied in Step 1.d into t he 'Admin Key' field, as
shown below:
Figure 9-3: SSH Settings - Pasting Public RSA Key in 'Admin Key' Field
c. For additional security, you can set the 'Require Public Key' to Enable. This
ensures that SSH access is only possible by using the RSA key and not by using
user name and password.
d. To enable SSH from the WAN, set 'Allow WAN acces s to SSH' to Enable.
e. Configure the other SSH parameters as required. For a description of these
parameters, see ''SSH Parameters'' on page 802.
f. Click Submit.
3. Start the PuTTY Configuration program, and then do the following:
a. In the 'Category' tree, drill down to Connection, then SSH, and then Auth; the
'Options controlling SSH authentication' p ane appears.
b. Under the 'Authentication parameters' gr oup, click Browse and then locate the
private key file that you created and saved in Step 4.
4. Connect to the device with SSH using the username "Admin"; RSA key negotiation
occurs automatically and no password is required.
To configure RSA public keys for Linux (using OpenSSH 4.3):
1. Run the following command to create a new key in the admin.key file and to save the
public portion to the admin.key.pub file:
ssh-keygen -f admin.key -N "" -b 1024
2. Open the admin.key.pub file, and then copy the encoded string from "ssh-rsa" to the
white space.
3. Open the Telnet/SSH Settings page (Configuration tab > System menu >
Management > Telnet/SSH Settings), and then paste the value copied in Step 2 into
the 'Admin Key' field.
4. Click Submit.
5. Connect to the device with SSH, using the following command:
ssh -i admin.key xx.xx.xx.xx
where xx.xx.xx.xx is the device's IP address. RSA-key negotiation occ urs
automatically and no password is required.
Version 6.8 81 Mediant 800B MSBR
Page 82
Mediant 800B MSBR
ive), respectively. For configuring login credentials, see
9.3 Establishing a CLI Session
The device's CLI can be accessed using any of the following methods:
RS-232: The device can be accessed through its RS-232 serial port, by conne cting a
VT100 terminal to it or using a terminal emulati on program (e.g., HyperTerminal) with
a PC. For connecting to the CLI through RS-232, see ''CLI'' on page
Secure SHell (SSH): The device can be accessed through its Ethernet interface by
the SSH protocol using SSH client software. A popular and freeware SSH client
software is Putty, which can be downloaded from
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
Telnet: The device can be accessed through its Ethernet interface by the Telnet
protocol using Telnet client software.
The following procedure describes how to acces s the CLI through Telnet/SSH.
Note: The CLI login credentials are the same as all the device's other management
interfaces (such as Web interface). The default username and password is "Admin"
and "Admin" (case-sensit
''Configuring Web User Accounts'' on page 64.
33.
To establish a CLI session with the device:
1. Connect the device to the network.
2. Establish a Telnet or SSH session using the device's OAMP IP address.
3. Log in to the session using the username and password assigned to the Admin user of
the Web interface:
a. At the Username prompt, type the username, and then press Enter:
Username: Admin
b. At the Password prompt, type the password, and then press Enter:
Password: Admin
c. At the prompt, type the following, and then press Enter:
> enable
d. At the prompt, type the password again, and then press Enter:
Password: Admin
9.4 Configuring Maximum Telnet/SSH Sessions
You can set the maximum (up to five) number of concurrent Telnet/SSH sessions permitted
on the device.
Note: Before changing this setting, make sure that not more than this number of
sessions are currently active; otherwise, the new setting will not take effect.
To configure the maximum number of concurrent Telnet/SSH sessions:
1. Open the Telnet/SSH Settings page (Configuration tab > System menu >
Management > Telnet/SSH Settings).
2. In the 'Maximum Telnet Sessions' field, enter the maximum number of concurrent
sessions.
User's Manual 82 Document #: LTRT-12813
3. Click Submit.
Page 83
User's Manual 9. CLI-Based Management
9.5 Viewing Current CLI Sessions
You can view users that are currently logged in to the device's CLI. This applies to users
logged in to the CLI through RS-232 (console), Telnet, or SSH. For each logged-in user,
the following is displayed: the type of interface (console, Telnet, or SSH), user's username,
remote IP address from where the user logged in, and the duration (days and time) of the
session. Each user is displayed with a unique index (session ID).
To view currently logged-in CLI users:
# show users
[0] console Admin local 0d00h03m15s
[1] telnet John 10.4.2.1 0d01h03m47s
[2]* ssh Alex 192.168.121.234 12d00h02m34s
The current session from which this show command was run is displayed with an asterisk
(*).
Note: The device can display managem ent sessions of up to 24 hours. After this time,
the duration counter is reset.
9.6 Terminating a User's CLI Session
You can terminate users that are currently logged in to the device's CLI. This applies to
users logged in to the CLI through RS-232 (c onsole), Telnet, or SSH.
To terminate the CLI session of a specific CLI user:
# clear user <session ID>
The session ID is a unique identification of each currently logged in user. You can view the
session ID by running the show users command (see ''Viewing Current CLI Sessions'' on
page 83).
Note: The session from which the command is run cannot be terminated.
Version 6.8 83 Mediant 800B MSBR
Page 84
Mediant 800B MSBR
9.7 Configuring Displayed Output Lines in CLI Terminal Window
You can configure the maximum number of lines (height) displayed in the terminal window
for the output of CLI commands (Telnet and SSH). The number of displayed lines can be
specified from 0 to 65,535, or determined by re-sizing the terminal window by mousedragging the window's border.
To configure a specific number of output lines:
(config-system)# cli-terminal
<cli-terminal># window-height [0-65535]
If window-height is set to 0, the entire command output is displayed. In other words, even if
the output extends beyond the visible terminal window length, the --MORE-- prompt is not
displayed.
To configure the number of lines according to dragged terminal window:
(config-system)# cli-terminal
<cli-terminal># window-height automatic
When this mode is configured, each time you change the height of the terminal window
using your mouse (i.e., dragging one of the window's borders or corners), the number of
displayed output command lines is changed a cc ordingly.
9.8 Configuring TACACS+ for CLI Login
This section describes how to enable and configure Terminal Access Controller AccessControl System (TACACS+). TACACS+ is a security protocol for centralized username and
password verification. TACACS+ can be used for validating users attempting to gain
access to the device through CLI. TACACS+ services are maintained on a database on a
TACACS+ daemon.
You must have access to and must configure a TACACS+ server before configuring
TACACS+ on your device.
TACACS+ can provide the following services:
Authentication: provides authentication through login and password di alog
Authorization: manages user capabilities for the duration of the user's session by
placing restrictions on what commands a user may execute
Accounting: collects and sends information for auditing and reporting to the TACACS+
daemon
The TACACS+ protocol provides authentication between the device and the TACACS+
daemon, and it ensures confidentiality as all protocol exchanges between a network
access server and a TACACS+ daemon are encrypted. You need a system running
TACACS+ daemon software to use the TACACS+ functionality on your network access
server.
User's Manual 84 Document #: LTRT-12813
Page 85
User's Manual 9. CLI-Based Management
When a user attempts a simple ASCII login by authenticating to a network access server
using TACACS+, the following typically occ urs:
1. When the connection is established, the network access server contacts the
TACACS+ daemon to obtain a username prompt, which is then displayed to the user.
The user enters a username and the network access server then contacts the
TACACS+ daemon to obtain a password prompt. The network access server displays
the password prompt to the user, the user enters a password, and the password is
then sent to the TACACS+ daemon.
2. The network access server eventually receives one of the following responses from
the TACACS+ daemon:
• ACCEPT: The user is authenticated and service may begin. If the network access
server is configured to require authorization, authorization will begin at this time.
• REJECT: The user has failed to authenticate. The user may be denied further
access.
• ERROR: An error occurred at some time during authentication. This can be at the
daemon or in the network connection between the daemon and the network
access server. If an ERROR response is receive d, the device typically attempts
to use an alternative method for authenticating the user.
3. If TACACS+ authorization is needed, the TACACS+ daemon is again contacted for
each CLI command entered by the user, and it returns an ACCEPT or REJECT
authorization response. If an ACCEPT response is returned, the CLI command is
allowed; otherwise, it is rejected.
To configure TACACS+ in the CLI, use the following commands:
To enable TACACS+:
(config-data)# aaa authentication login tacacs+
To configure the IP address of the TACACS+ server (up to two servers can be
configured):
(config-data)# tacacs-server host <IP address>
To configure the TCP port number for the TACACS+ service:
(config-data)# tacacs-server port <port>
To configure the shared secret between the TACACS+ server and the device:
(config-data)# tacacs-server key <password>
To configure how much time to wait for a TACACS+ response before failing the
authentication:
(config-data)# tacacs-server timeout <in seconds>
To configure the device's data-router WAN interface through which commu ni cation
with the TACACS+ server is done:
(config-data)# tacacs-server source data source-address
interface <interface name>
Version 6.8 85 Mediant 800B MSBR
Page 86
Mediant 800B MSBR
This page is intentionally left blank.
User's Manual 86 Document #: LTRT-12813
Page 87
User's Manual 10. SNMP-Based Management
10 SNMP-Based Management
The device provides an embedded SNMP Agent that allows it to be managed by
AudioCodes Element Management System (EMS) or a third-party SNMP Manager (e.g.,
element management system). The SNMP Agent supports standard Management
Information Base (MIBs) and proprietary MIBs, enabling a deeper probe into the
interworking of the device. The SNMP Agent can also send unsolicited events (SNMP
traps) towards the SNMP Manager. All supported MIB files are supplied to customers as
part of the release.
AudioCodes EMS is an advanced solution for standards-based management that covers all
areas vital for the efficient operation, administration, management and provisioning
(OAM&P) of the device. The standards-compliant EMS uses distributed SNMP-based
management software, optimized to support day-to-day Network Operation Center (NOC)
activities, offering a feature-rich management framework. It supports fault management,
configuration and security.
This section provides configuration relating to SNMP management.
Notes:
• SNMP-based management is enabled by default. For di sabling it, see ''Enabling
SNMP and Configuring SNMP Community Strings'' on page 87.
• For more information on the device's SNMP support (e.g., SNMP traps), refer to
the SNMP User's Guide.
• EMS support is available only if the device is installed with a Software License Key
that includes this feature. For installing a Software License Key, see ''Software
License Key'' on page 621.
• For more information on using the EMS tool, ref er to the EMS User's Manual and
EMS Server IOM Manual.
10.1 Enabling SNMP and Configuring SNMP Community Strings
The SNMP Community String page lets you configure up to five read-only and up to five
read-write SNMP community strings and to configure the community string that is used for
sending traps.
Notes:
• SNMP community strings are used only for SNMP v1 and SNMPv2c; SNMPv3
uses username-password authentication along with an encryption key (see
''Configuring SNMP V3 Users'' on page 91).
• You can assign data-router Access Control Li st rules (ACL) to SNMP community
strings. By associating an ACL rule with an S NMP community string, the source
and/or destination address of the packet, received from the management station
and in which the community string is received, can be specified. This adds
enhanced security by reducing the likelihood of malicious attacks on the device if
the community string is discovered by an attacker. To assign an ACL rule, use the
following CLI command:
(config-system)# snmp
<snmp># snmp-acl community-string <Community string> rw|ro <ACL rule string
name>
Version 6.8 87 Mediant 800B MSBR
Page 88
Mediant 800B MSBR
For detailed descriptions of the SNMP paramet ers, see ''SNMP Parameters'' on page 768.
To configure SNMP community strings:
1. Open the SNMP Community String page (Configuration tab > System menu >
Management > SNMP > SNMP Community String).
Figure 10-1: SNMP Community String Page
2. Configure SNMP community strings according to the table below.
3. Click Submit, and then save ("burn") your settings t o flash memory.
To delete a community string, select the Delete check box corresponding to the community
string that you want to delete, and then click Submit.
Table 10-1: SNMP Community String Parameter Descriptions
Parameter Description
Community String
Trap Community String
CLI: configure system > snmp
trap > community-string
[SNMPTrapCommunityString]
Read Only [SNMPReadOnlyCommunityString_x]: Up to five
read-only community strings (up to 19 characters each). The
default string is 'public'.
Read / Write [SNMPReadWriteCommunityString_x]: Up to
five read / write community strings (up to 19 cha racters each).
The default string is 'private'.
Community string used in traps (up to 19 charact ers).
The default string is 'trapuser'.
User's Manual 88 Document #: LTRT-12813
Page 89
User's Manual 10. SNMP-Based Management
10.2 Configuring SNMP Trap Destinations
The SNMP Trap Destinations page allows you to configure up to five SNMP trap
managers. You can associate a trap destination with SNMPv2 users and specific SNMPv3
users. Associating a trap destination with SNMPv3 users sends encrypted and
authenticated traps to the SNMPv3 destination. By default, traps are sent unencrypted
using SNMPv2.
To configure SNMP trap destinations:
1. Open the SNMP Trap Destinations page (Configuration tab > System menu >
Management > SNMP > SNMP Trap Destinations).
Figure 10-2: SNMP Trap Destinations Page
2. Configure the SNMP trap manager parameters according to the table below.
3. Select the check box corresponding to the SNMP Manager that you wish to enable.
4. Click Submit.
Note: Only row entries whose corresponding check boxes are selected are applied
when clicking Submit; otherwise, settings revert to t heir defaults.
Table 10-2: SNMP Trap Destinations Parameters Description
Parameter Description
Web: SNMP Manager
[SNMPManagerIsUsed_x]
Web: IP Address
[SNMPManagerTableIP_x]
Enables the SNMP Manager to receive traps and chec ks
the validity of the configured destination (IP address and
port number).
[0] (check box cleared) = (Default) Disables SNMP
Manager
[1] (check box selected) = Enables SNMP Manager
Defines the IP address (in dotted-decimal notation, e.g.,
108.10.1.255) of the remote host used as the S NMP
Manager. The device sends SNMP traps to this IP
address.
Trap Port
[SNMPManagerTrapPort_x]
Web: Trap User
[SNMPManagerTrapUser]
Version 6.8 89 Mediant 800B MSBR
Defines the port number of the remote SNMP M anager.
The device sends SNMP traps to this port.
The valid value range is 100 to 4000. The default is 162.
Associates a trap user with the trap destinat i on. This
determines the trap format, authentication level, and
Page 90
Mediant 800B MSBR
encryption level.
Parameter Description
v2cParams (default) = SNMPv2 user community string
SNMPv3 user configured in ''Configuring SNMP V3
Users'' on page 91
Trap Enable
[SNMPManagerTrapSendingEnable_x]
Activates the sending of traps to the SNMP Manager.
[0] Disable
[1] Enable (Default)
10.3 Configuring SNMP Trusted Managers
The SNMP Trusted Managers table lets you configure up to five SNMP Trusted Managers
based on IP addresses. By default, the SNMP agent accepts SNMP Get and Set requests
from any IP address as long as the correct community string is used in the request.
Security can be enhanced by using Trusted Managers, which is an IP address from which
the SNMP agent accepts and processes S NMP requests.
The following procedure describes how to configure SNMP trusted managers in the Web
interface. You can also configure this using the table ini file parameter,
SNMPTrustedMgr_x or CLI command, configure system > snmp > trusted-managers.
To configure SNMP Trusted Managers:
1. Open the SNMP Trusted Managers page (Configuration tab > System menu >
Management > SNMP > SNMP Trusted Managers).
Figure 10-3: SNMP Trusted Managers
User's Manual 90 Document #: LTRT-12813
2. Select the check box corresponding to the SNMP Trusted Manager that you want to
enable and for whom you want to define an IP addre ss.
3. Define an IP address in dotted-decimal notation.
4. Click Submit, and then save ("burn") your settings to flash memory.
Page 91
User's Manual 10. SNMP-Based Management
10.4 Configuring SNMP V3 Users
The SNMP v3 Users table lets you configure up to 10 SNMP v3 users for authentication
and privacy.
The following procedure describes how to configure SNMP v3 users in the Web interface.
You can also configure this using the table ini file parameter, SNMPUsers or CLI
command, configure system > snmp v3-users.
To configure an SNMP v3 user:
1. Open the SNMP v3 Users page (Configuration tab > System menu > Management
> SNMP > SNMP V3 Users).
2. Click Add; the following dialog box appears:
Figure 10-4: SNMP V3 Setting Page - Add Record Dialog Box
3. Configure the SNMP V3 Setting parameters according to the table below.
4. Click Submit, and then save ("burn") your settings t o flash memory.
Note: If you delete a user that is associated with a trap destination (see ''Configuring
SNMP Trap Destinations'' on page 89), the configured trap destination becomes
disabled and the trap user reverts to default (i.e., SNMPv2).
Parameter Description
Index
[SNMPUsers_Index]
User Name
CLI: username
[SNMPUsers_Username]
Authentication Protocol
CLI: auth-protocol
[SNMPUsers_AuthProtocol]
Table 10-3: SNMP V3 Users Parameters
Defines an index number for the new table record.
Note: Each table row must be configured wit h a uni que index.
Name of the SNMP v3 user. This name must be unique.
Authentication protocol of the SNMP v3 user.
[0] None (default)
[1] MD5
[2] SHA-1
Privacy Protocol Privacy protocol of the SNMP v3 user.
Version 6.8 91 Mediant 800B MSBR
Page 92
Mediant 800B MSBR
CLI: priv-protocol
[0] None (default)
Parameter Description
[SNMPUsers_PrivProtocol]
[1] DES
[2] 3DES
[3] AES-128
[4] AES-192
[5] AES-256
Authentication Key
CLI: auth-key
[SNMPUsers_AuthKey]
Privacy Key
CLI: priv-key
[SNMPUsers_PrivKey]
Group
CLI: group
[SNMPUsers_Group]
Authentication key. Keys can be entered in the form of a text
password or long hex string. Keys are always p ersisted as long hex
strings and keys are localized.
Privacy key. Keys can be entered in the form of a text password or
long hex string. Keys are always persisted as lon g hex strings and
keys are localized.
The group with which the SNMP v3 user is associated.
[0] Read-Only (default)
[1] Read-Write
[2] Trap
Note: All groups can be used to send traps.
User's Manual 92 Document #: LTRT-12813
Page 93
User's Manual 11. TR-069 Based Management
11 TR-069 Based Management
The device supports TR-069 CPE WAN Management Protocol (CWMP) based
management, which is used for remote management of CPE devices. This allows the
device to be configured and monitored from a management application running on a
11.1 TR-069
remote Auto-Configuration Server (ACS).
TR-069 (Technical Report 069) is a specification published by Broadband Forum
(www.broadband-forum.org) entitled CPE WAN Management Protocol (CWMP). It defines
an application layer protocol for remote managem ent of end-user devices.
TR-069 uses a bi-directional SOAP/HTTP protocol for communication between the
customer premises equipment (CPE) and the Auto Configuration Servers (ACS). The TR069 connection to the ACS can be done on the LAN or WAN interface.
The protocol stack looks as follows:
Table 11-1: TR-069 Protocol Stack
CPE/ACS Management Application
RPC Methods
SOAP
HTTP
SSL/TLS
TCP/IP
Version 6.8 93 Mediant 800B MSBR
Page 94
Mediant 800B MSBR
Communication is typically established by the CPE; hence, messages from CPE to ACS
are typically carried in HTTP requests, and messages from ACS to CPE in HTTP
responses.
Figure 11-1: TR-069 Session Example
Communication between ACS and CPE is defined via Remote Procedure Call (RPC)
methods. TR-069 defines a generic mechanism by which an ACS can read or write
parameters to configure a CPE and monitor CPE status and statistics. It also defines the
mechanism for file transfer and firmware/software management. However, it does not
define individual parameters; these are defined in separate documents, as described
below. Some of the RPC methods are Configuration File Download, Firmware upgrade,
Get Parameter Value, Set Parameter Value, Reboot, and the upload and download files.
User's Manual 94 Document #: LTRT-12813
Page 95
User's Manual 11. TR-069 Based Management
TR-106 defines the “data model” template for TR-069 enabled devices. The Data Model
consists of objects and parameters hierarchically organized in a tree with a single Root
Object, typically named Device. Arrays of objects are supported by appending a numeric
index to the object name (e.g. ABCService.1 in the example below); such objects are
called “multi-instance objects”.
Figure 11-2: TR-069 Model Data Example
Below is a list of some of the TR-069 methods:
CPE Methods:
• GetRPCMethods: Used by the CPE or ACS to dis cov er the set of methods
supported by the Server or CPE it is in communication with.
• SetParameterValues: Used by the ACS to modify the value of CPE parameter(s).
• GetParameterValues: Used by the ACS to obtain the value of CPE parameter(s).
• GetParameterNames: Used by the ACS to discover the parameters accessible on
a particular CPE.
• SetParameterAttributes: Used by the ACS to modify at tributes associated with
CPE parameter(s).
• GetParameterAttributes: Used by the ACS to read the attributes associated with
CPE parameter(s).
• AddObject: Used by the ACS to create a new inst ance of a multi-instance
object—a collection of parameters and/or ot her objects for which multiple
instances are defined.
• DeleteObject: Removes a particular instanc e of an object.
• Download: Used by the ACS to cause the CPE to download the following file(s)
from a designated location:
♦ Firmware Upgrade Image (File Type = 1) - cmp file.
♦ Vendor Configuration File (File Type = 3) - output of show running-
config CLI command, which includes Data and Voice confi guration.
Version 6.8 95 Mediant 800B MSBR
Page 96
Mediant 800B MSBR
The CPE responds to the Download method, indic ating successful or
unsuccessful completion via one of the following:
♦ A DownloadResponse with the Stat us argument set to zero (indicating
success), or a fault response to the Download request (indicating failure).
♦ A TransferComplete message sent lat er in the same session as the
Download request (indicating either succe ss or failure). In this case, the
Status argument in the corresponding Downl oadResponse has a value of
one.
♦ A TransferComplete message sent in a subsequent session (indicating
success or failure). In this case, the Status argument in the corresponding
DownloadResponse has a value of one.
Figure 11-3: Download Method Executuion Example
• Upload: Used by the ACS to cause the CPE to uploa d (to the ACS) the following
files to a designated location:
♦ Vendor Configuration File (File Type = 1 or 3): Output of show running-
config CLI command, which includes Data and Voice confi guration. For
File Type 3 (where index is included – see below) only one instance of the
file is supported.
User's Manual 96 Document #: LTRT-12813
Page 97
User's Manual 11. TR-069 Based Management
♦ Vendor Log File (File Type = 2 or 4): “Ag gregated” log file. For File Type 2,
the last file is supported. For File Type 4 (where in dex is included – see
below), multiple files is supported.
The CPE responds to the Upload method, indicati ng successful or unsuccessful
completion via the UploadResponse or TransferComplete method.
For a complete description of the Upload m ethod, refer to TR-069 Amendment 3
section A.4.1.5.
• Reboot: Reboots the CPE. The CPE sends the method response and completes
the remainder of the session prior to rebooting.
• X_0090F8_CommandResponse: Runs CLI com m ands.
ACS Methods:
• Inform: A CPE must call this method to initi ate a transaction sequence whenever
a connection to an ACS is established.
• TransferComplete: Informs the ACS of the completion (either successful or
unsuccessful) of a file transfer initiated by an earlier Download or Upload method
call.
Version 6.8 97 Mediant 800B MSBR
Page 98
11.2 TR-104
The device supports TR-104 for configuration. This support is for the SIP (VoIP) application
layer and applies to FXS interfaces (lines) only. TR-104 defines a "data model" template for
TR-069 enabled devices. The "data model" that is applicable to the AudioCodes device is
defined in the DSL Forum TR-104 – "DSLHome™ Provisioning Parameters for VoIP CPE"
at http://www.broadband-forum.org/technical/download/TR-104.pdf.
The hierarchical tree structure of the support ed TR-104 objects is shown below:
Figure 11-4: Hierarchical Tree Structure of TR-104 Objects
Mediant 800B MSBR
InternetGatewayDevice.Services.VoiceService: Top-level obj ect.
InternetGatewayDevice.Services.VoiceService.1.Capabilit i es: (Read-Only) Displays
the overall capabilities of the device.
• InternetGatewayDevice.Services.VoiceService.1.Capabilities.Codecs: (Read-
Only) Lists supported codecs (according to devices installed Software Feature
Key).
• InternetGatewayDevice.Services.VoiceService.1.Capabilities.SIP: (Read-Only)
Displays various SIP settings such as SIP transpo rt type.
InternetGatewayDevice.Services.VoiceService.1.VoiceProf i l e.1: Corresponds to one
or more FXS lines that share the same basic conf i guration:
• InternetGatewayDevice.Services.VoiceService.1.VoiceProfile.1.FaxT38:
Configures fax T.38 relay.
• InternetGatewayDevice.Services.VoiceService.1.VoiceProfile.1.Line:
Corresponds to an FXS line (as configured in the Trunk Group table). It enables
and configures each FXS line (number).
♦ InternetGatewayDevice.Services.VoiceService.1.VoiceProfile.1.Line.{i}.Code
User's Manual 98 Document #: LTRT-12813
Page 99
User's Manual 11. TR-069 Based Management
c.List.{i}: Configures voice coder used by specif ic FXS line.
♦ InternetGatewayDevice.Services.VoiceService.1.VoiceProfile.1.Line.{i}.Callin
gFeatures: Configures voice parameters per FX S line such as caller ID.
♦ InternetGatewayDevice.Services.VoiceService.1.VoiceProfile.1.Line.{i}.SIP:
Configures username/password per FXS l ine. AudioCodes maps this object
to the corresponding entry in the Authenticat ion table
• InternetGatewayDevice.Services.VoiceService.1.VoiceProfile.1.SIP: Configures
SIP parameters specific to the UA such as Proxy se rver.
• InternetGatewayDevice.Services.VoiceService.1.VoiceProfile.1.RTP: Configures
various RTP parameters for the FXS lines such as RTCP and SRTP.
11.3 Configuring TR-069
The CWMP/TR-069 Settings page is used to enable and configure TR-069.
To configure TR-069:
1. Open the CWMP/TR-069 Settings page (Configuration tab > System menu >
Management > CWMP).
Figure 11-5: CWMP/TR-069 Settings Page
2. Configure the parameters as required. For a description of the TR-069 parameters,
see ''TR-069 Parameters'' on page 771.
3. Click Submit.
4. To save the changes to flash memory, see ''Saving Configuration'' on page 592.
Version 6.8 99 Mediant 800B MSBR
Page 100
Mediant 800B MSBR
This page is intentionally left blank.
User's Manual 100 Document #: LTRT-12813
Loading...