How it Works
TANDBERG
Loading...
Border Controller
User Manual
118 pgs2.02 Mb0

TANDBERG Border Controller User Manual

Download
TANDBERG Border Controller
User Guide
Software version Q6.0
D13691.08
February 2008
TANDBERG Border Controller User Guide
Page 2 of 118
Contents
1. Product Information 8
1.1. Trademarks and Copyright .........................................................................................................8
1.2. Disclaimer................................................................................................................................... 8
1.3. Environmental Issues ................................................................................................................. 8
1.3.1. TANDBERG's Environmental Policy ......................................................................................................8
1.3.2. European Environmental Directives.....................................................................................................9
1.3.3. Waste Handling ......................................................................................................................................9
1.3.4. Information for Recyclers......................................................................................................................9
1.3.5. Digital User Guides ................................................................................................................................9
1.4. Operator Safety Summary ........................................................................................................10
1.4.1. Water and Moisture ............................................................................................................................ 10
1.4.2. Cleaning ............................................................................................................................................... 10
1.4.3. Ventilation............................................................................................................................................ 10
1.4.4. Lightning .............................................................................................................................................. 10
1.4.5. Dust ...................................................................................................................................................... 10
1.4.6. Vibration............................................................................................................................................... 10
1.4.7. Power connection and Hazardous voltage ....................................................................................... 11
1.4.8. Servicing .............................................................................................................................................. 11
1.4.9. Accessories.......................................................................................................................................... 11
2. Introduction 12
2.1. Main Features...........................................................................................................................12
2.2. Hardware Overview...................................................................................................................12
3. Installation 14
3.1. Precautions............................................................................................................................... 14
3.2. Preparing the Installation Site .................................................................................................. 14
3.3. Unpacking................................................................................................................................. 15
3.4. Mounting...................................................................................................................................15
3.5. Connecting the Cables..............................................................................................................15
3.5.1. Power cable ......................................................................................................................................... 15
3.5.2. LAN cable............................................................................................................................................. 15
3.5.3. Null-modem RS-232 cable ................................................................................................................. 15
3.6. Switching on the System ..........................................................................................................15
4. Getting started 16
4.1. Initial Configuration ..................................................................................................................16
4.2. System Administration.............................................................................................................. 17
4.2.1. Web interface ......................................................................................................................................17
4.2.2. Command line interface ..................................................................................................................... 18
4.2.3. Session timeout .................................................................................................................................. 19
4.2.4. Administrator Account........................................................................................................................ 19
4.2.5. Root Account ....................................................................................................................................... 19
4.3. Backups....................................................................................................................................20
4.4. IP Configuration ........................................................................................................................ 20
4.5. Endpoint Registration...............................................................................................................21
4.6. Neighbor Gatekeepers..............................................................................................................22
4.6.1. Neighboring and dial plans ................................................................................................................22
4.6.2. Adding Neighbors and configuring zones ......................................................................................... 22
4.6.3. Search Order ....................................................................................................................................... 23
TANDBERG Border Controller User Guide
Page 3 of 118
4.7. Alternates..................................................................................................................................23
4.8. Call Processing Overview.......................................................................................................... 25
5. Transforming Destination Aliases 27
5.1. Alias Transforms.......................................................................................................................27
5.2. Zone Transforms.......................................................................................................................28
6. Unregistered Endpoints 29
6.1. Calling from an Unregistered Endpoint ....................................................................................29
6.2. Calling to an Unregistered Endpoint.........................................................................................29
7. Firewall Traversal 31
7.1. Traversal Protocols and Ports...................................................................................................31
7.2. Traversal Zones ........................................................................................................................32
8. Bandwidth Control 33
8.1. About Bandwidth Control.......................................................................................................... 33
8.2. Subzones.................................................................................................................................. 33
8.2.1. Subzone Bandwidths .......................................................................................................................... 34
8.2.2. Subzone links ...................................................................................................................................... 34
8.2.3. Pipes..................................................................................................................................................... 34
8.3. Insufficient Bandwidth.............................................................................................................. 35
8.3.1. Insufficient bandwidth........................................................................................................................ 35
8.4. Bandwidth Control and Firewall Traversal................................................................................36
8.5. Bandwidth Control Examples....................................................................................................37
8.5.1. Example without a firewall ................................................................................................................. 37
8.5.2. Example with a firewall....................................................................................................................... 37
9. Registration Control 39
9.1. Setting Registration Restriction Policy .....................................................................................39
9.1.1. Viewing the Allow and Deny lists ....................................................................................................... 39
9.1.2. Activating use of Allow or Deny lists.................................................................................................. 39
9.1.3. Managing entries in the Allow and Deny lists .................................................................................. 40
9.2. Authentication...........................................................................................................................41
9.2.1. Authentication and NTP ..................................................................................................................... 41
9.2.2. Authentication using a local database ............................................................................................. 41
9.2.3. Authentication using an LDAP server ............................................................................................... 41
9.2.4. Enforced dial plans .............................................................................................................................43
9.2.5. Securing the LDAP connection with TLS........................................................................................... 44
9.2.6. Setting the Border Controller’s own authentication credentials ....................................................44
10. URI Dialing 45
10.1. About URI Dialing...................................................................................................................... 45
10.2. Making a Call Using URI Dialing ...............................................................................................45
10.2.1. Enabling URI dialing............................................................................................................................ 45
10.2.2. Configuring DNS server(s) .................................................................................................................. 45
10.2.3. Configuring the domain name ........................................................................................................... 45
10.2.4. URI dialing and firewall traversal....................................................................................................... 45
10.3. Receiving a Call Using URI Dialing............................................................................................ 46
10.4. DNS Records.............................................................................................................................47
11. ENUM Dialing 48
11.1. About ENUM Dialing..................................................................................................................48
11.2. Configuring ENUM.....................................................................................................................48
11.2.1. Enabling ENUM support ..................................................................................................................... 48
11.2.2. Managing ENUM DNS zones.............................................................................................................. 48
TANDBERG Border Controller User Guide
Page 4 of 118
11.3. Configuring DNS NAPTR Records............................................................................................. 50
12. Example Traversal Deployments 51
12.1. Simple Enterprise Deployment................................................................................................. 51
12.2. Enterprise Gatekeepers............................................................................................................ 52
12.3. Dialing Public IP Addresses ...................................................................................................... 52
12.4. Neighbored Enterprises............................................................................................................ 53
12.4.1. Enabling outgoing URI calls ............................................................................................................... 53
12.4.2. Enabling incoming URI calls .............................................................................................................. 54
13. Third Party Call Control 55
13.1. About Third Party Call Control...................................................................................................55
13.2. Placing a Call ............................................................................................................................55
13.3. Transferring a Call ....................................................................................................................55
13.3.1. Enabling call routed mode ................................................................................................................. 55
13.3.2. Enabling call transfer ......................................................................................................................... 56
13.4. Disconnecting a Call.................................................................................................................56
14. Multiway 57
14.1. About Multiway .........................................................................................................................57
14.2. Requirements ...........................................................................................................................57
14.3. Process ..................................................................................................................................... 57
14.4. Configuration ............................................................................................................................58
15. Call Policy 59
15.1. About Call Policy .......................................................................................................................59
15.1.1. Uploading the CPL script ....................................................................................................................59
15.1.2. Enabling use of the CPL script ........................................................................................................... 59
15.1.3. Call Policy and Authentication ........................................................................................................... 59
15.1.4. CPL Standard ...................................................................................................................................... 59
15.2. Making Decisions Based on Addresses ...................................................................................60
15.2.1. address-switch .................................................................................................................................... 60
15.3. CPL Script Actions.....................................................................................................................62
15.3.1. location ................................................................................................................................................ 62
15.3.2. proxy..................................................................................................................................................... 63
15.3.3. reject .................................................................................................................................................... 63
15.4. Unsupported CPL Elements......................................................................................................63
15.5. CPL Examples ...........................................................................................................................63
15.5.1. Call screening of authenticated users .............................................................................................. 63
15.5.2. Call screening based on domain ....................................................................................................... 64
15.5.3. Call redirection .................................................................................................................................... 64
15.5.4. Call screening based on alias ............................................................................................................ 64
15.5.5. Prevent external use of Gateway....................................................................................................... 65
16. Logging 66
16.1. About Logging ........................................................................................................................... 66
16.2. Viewing the event log................................................................................................................ 66
16.3. Controlling what is Logged........................................................................................................66
16.3.1. About Event levels............................................................................................................................... 66
16.3.2. Setting the log level ............................................................................................................................ 66
16.4. Event Log Format......................................................................................................................67
16.5. Logged Events ..........................................................................................................................68
16.6. Remote Logging........................................................................................................................ 72
16.6.1. Enabling remote logging .................................................................................................................... 72
TANDBERG Border Controller User Guide
Page 5 of 118
17. Software Upgrading 73
17.1. About Software Upgrading........................................................................................................ 73
17.2. Upgrading Using HTTP(S).......................................................................................................... 73
17.3. Upgrading Using SCP/PSCP......................................................................................................74
18. Command Reference 76
18.1. Status........................................................................................................................................76
18.1.1. Listing all status information ............................................................................................................. 76
18.1.2. Listing all status commands .............................................................................................................. 76
18.1.3. Calls...................................................................................................................................................... 76
18.1.4. Ethernet ............................................................................................................................................... 76
18.1.5. ExternalManager................................................................................................................................. 77
18.1.6. Feedback ............................................................................................................................................. 77
18.1.7. IP........................................................................................................................................................... 77
18.1.8. LDAP..................................................................................................................................................... 77
18.1.9. Links..................................................................................................................................................... 78
18.1.10. NTP ....................................................................................................................................................... 78
18.1.11. Options................................................................................................................................................. 78
18.1.12. Pipes..................................................................................................................................................... 78
18.1.13. Registrations ....................................................................................................................................... 78
18.1.14. ResourceUsage ................................................................................................................................... 79
18.1.15. SubZones............................................................................................................................................. 79
18.1.16. SystemUnit .......................................................................................................................................... 79
18.1.17. Zones ................................................................................................................................................... 80
18.2. Configuration ............................................................................................................................80
18.2.1. Authentication ..................................................................................................................................... 80
18.2.2. Ethernet ............................................................................................................................................... 81
18.2.3. ExternalManager................................................................................................................................. 81
18.2.4. Gatekeeper .......................................................................................................................................... 81
18.2.5. HTTP/HTTPS ........................................................................................................................................ 86
18.2.6. IP........................................................................................................................................................... 86
18.2.7. LDAP..................................................................................................................................................... 87
18.2.8. Links..................................................................................................................................................... 87
18.2.9. Log........................................................................................................................................................ 87
18.2.10. NTP ....................................................................................................................................................... 88
18.2.11. Option Key ........................................................................................................................................... 88
18.2.12. Pipes..................................................................................................................................................... 88
18.2.13. Services ............................................................................................................................................... 88
18.2.14. Session ................................................................................................................................................ 90
18.2.15. SNMP ................................................................................................................................................... 90
18.2.16. SSH....................................................................................................................................................... 90
18.2.17. Subzones ............................................................................................................................................. 90
18.2.18. SystemUnit .......................................................................................................................................... 92
18.2.19. Telnet ................................................................................................................................................... 92
18.2.20. TimeZone ............................................................................................................................................. 92
18.2.21. Traversal ..............................................................................................................................................92
18.2.22. Zones ................................................................................................................................................... 93
18.3. Command .................................................................................................................................96
18.3.1. AdHocConference ...............................................................................................................................96
18.3.2. AllowListAdd ........................................................................................................................................ 96
18.3.3. AllowListDelete.................................................................................................................................... 96
18.3.4. Boot ...................................................................................................................................................... 96
18.3.5. CallTransfer ......................................................................................................................................... 96
18.3.6. CheckBandwidth .................................................................................................................................96
18.3.7. CredentialAdd...................................................................................................................................... 97
18.3.8. CredentialDelete ................................................................................................................................. 97
18.3.9. DefaultLinksAdd.................................................................................................................................. 97
18.3.10. DefaultValuesSet ................................................................................................................................ 97
TANDBERG Border Controller User Guide
Page 6 of 118
18.3.11. DenyListAdd......................................................................................................................................... 97
18.3.12. DenyListDelete ....................................................................................................................................98
18.3.13. Dial ....................................................................................................................................................... 99
18.3.14. DisconnectCall .................................................................................................................................... 99
18.3.15. FeedbackRegister ...............................................................................................................................99
18.3.16. FeedbackDeregister ......................................................................................................................... 100
18.3.17. FindRegistration................................................................................................................................100
18.3.18. LinkAdd .............................................................................................................................................. 100
18.3.19. LinkDelete.......................................................................................................................................... 100
18.3.20. Locate ................................................................................................................................................100
18.3.21. OptionKeyAdd.................................................................................................................................... 100
18.3.22. OptionKeyDelete ...............................................................................................................................100
18.3.23. PipeAdd..............................................................................................................................................100
18.3.24. PipeDelete .........................................................................................................................................101
18.3.25. RemoveRegistration .........................................................................................................................101
18.3.26. SubZoneAdd ...................................................................................................................................... 101
18.3.27. SubZoneDelete.................................................................................................................................. 101
18.3.28. TransformAdd.................................................................................................................................... 101
18.3.29. TransformDelete ...............................................................................................................................102
18.3.30. TraversalZoneAdd ............................................................................................................................. 102
18.3.31. TraversalZoneDelete......................................................................................................................... 102
18.3.32. ZoneAdd............................................................................................................................................. 102
18.3.33. ZoneDelete ........................................................................................................................................102
18.4. History.....................................................................................................................................103
18.4.1. calls .................................................................................................................................................... 103
18.4.2. registrations ......................................................................................................................................103
18.5. Feedback................................................................................................................................104
18.5.1. Register status ..................................................................................................................................104
18.5.2. Register History.................................................................................................................................104
18.5.3. Register event ...................................................................................................................................105
18.6. Other Commands....................................................................................................................106
18.6.1. about .................................................................................................................................................. 106
18.6.2. clear ...................................................................................................................................................106
18.6.3. eventlog .............................................................................................................................................106
18.6.4. license................................................................................................................................................106
18.6.5. relkey.................................................................................................................................................. 106
18.6.6. Syslog ................................................................................................................................................. 106
19. Appendix A: Configuring DNS Servers 107
19.1. Microsoft DNS Server.............................................................................................................107
19.2. BIND 8 & 9..............................................................................................................................107
19.3. Verifying the SRV Record........................................................................................................107
20. Appendix B: Configuring LDAP Servers 108
20.1. Microsoft Active Directory.......................................................................................................108
20.1.1. Prerequisites .....................................................................................................................................108
20.1.2. Adding H.350 objects ....................................................................................................................... 108
20.1.3. Securing with TLS .............................................................................................................................109
20.2. OpenLDAP...............................................................................................................................109
20.2.1. Prerequisites .....................................................................................................................................109
20.2.2. Installing the H.350 schemas.......................................................................................................... 109
20.2.3. Adding H.350 objects ....................................................................................................................... 110
20.2.4. Securing with TLS .............................................................................................................................111
TANDBERG Border Controller User Guide
Page 7 of 118
21. Appendix C: Regular Expression Reference 112
22. Appendix D - Technical data 113
22.1. Technical Specifications.........................................................................................................113
22.1.1. System Capacity................................................................................................................................ 113
22.1.2. Ethernet Interfaces ........................................................................................................................... 113
22.1.3. System Console Port.........................................................................................................................113
22.1.4. ITU Standards.................................................................................................................................... 113
22.1.5. Security Features .............................................................................................................................. 113
22.1.6. System Management........................................................................................................................ 113
22.1.7. Environmental Data .......................................................................................................................... 113
22.1.8. Physical Dimensions.........................................................................................................................113
22.1.9. Hardware MTBF ................................................................................................................................114
22.1.10. Power Supply.....................................................................................................................................114
22.1.11. Certification .......................................................................................................................................114
22.2. Approvals................................................................................................................................114
22.2.1. EMC Emission - Radiated Electromagnetic Interference ..............................................................114
22.2.2. EMC Immunity ...................................................................................................................................114
22.2.3. Electrical Safety ................................................................................................................................114
22.2.4. ICSA certification............................................................................................................................... 114
23. Bibliography 115
24. Glossary 116
25. Index 117
TANDBERG Border Controller User Guide
Page 8 of 118
1. Product Information
1.1. Trademarks and Copyright
Copyright 1993-2008 TANDBERG ASA. All rights reserved.
This document contains information that is proprietary to TANDBERG ASA. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form, or by any means, electronically, mechanically, by photocopying, or otherwise, without the prior written permission of TANDBERG ASA. Nationally and internationally recognized trademarks and tradenames are the property of their respective holders and are hereby acknowledged.
Portions of this software are licensed under 3rd party licenses. See the CD accompanying this product for details. 3rd party license information may also be obtained from the Border Controller itself -- see the license command in section 18.6.4 for details.
1.2. Disclaimer
The information in this document is furnished for informational purposes only, is subject to change without prior notice, and should not be construed as a commitment by TANDBERG ASA.
The information in this document is believed to be accurate and reliable, however TANDBERG ASA assumes no responsibility or liability for any errors or inaccuracies that may appear in this document, nor for any infringements of patents or other rights of third parties resulting from its use. No license is granted under any patents or patent rights of TANDBERG ASA.
COPYRIGHT ©2008, TANDBERG ASA
1.3. Environmental Issues
Thank you for buying a product which contributes to a reduction in pollution, and thereby helps save the environment. Our products reduce the need for travel and transport and thereby reduce pollution. Our products have either none or few consumable parts (chemicals, toner, gas, paper). Our products are low energy consuming products.
1.3.1. TANDBERG's Environmental Policy
Env
ironmental stewardship is important to TANDBERG's culture. As a global company with strong corporate values, TANDBERG is committed to being an environmental leader and embracing technologies that help companies, individuals and communities creatively address environmental challenges.
TANDBERG's environmental objectives are to:
Develop products that reduce energy consumption, CO emissions, and traffic congestion
Provide products and services that improve quality of life for our customers
Produce products that can be recycled or disposed of safely at the end of product life
Comply with all relevant environmental legislation.
TANDBERG Border Controller User Guide
Page 9 of 118
1.3.2. European Environmental Directives
As a manufacturer of electrical and electronic equipment TANDBERG is responsible for compliance with the requirements in the European Directives 2002/96/EC (WEEE) and 2002/95/EC (RoHS).
The primary aim of the WEEE Directive and RoHS Directive is to reduce the impact of disposal of electrical and electronic equipment at end-of-life. The WEEE Directive aims to reduce the amount of WEEE sent for disposal to landfill or incineration by requiring producers to arrange for collection and recycling. The RoHS Directive bans the use of certain heavy metals and brominates flame retardants to reduce the environmental impact of WEEE which is land filled or incinerated.
TANDBERG has implemented necessary process changes to comply with the European RoHS Directive (2002/95/EC) and the European WEEE Directive (2002/96/EC).
1.3.3. Waste Handling
In order to avoi
d the dissemination of hazardous substances in our environment and to diminish the pressure on natural resources, we encourage you to use the appropriate take-back systems in your area. Those systems will reuse or recycle most of the materials of your end of life equipment in a sound way.
TANDBERG products put on the market after August 2005 are marked with a crossed-out wheelie bin symbol that invites you to use those take-back systems.
Please contact your local supplier, the regional waste administration or http://www.tandberg.net/recycling if you need more information on the collection and recycling system in your area.
1.3.4. Information for Recyclers
As part of comp
liance with the European WEEE Directive, TANDBERG provides recycling information on
request for all types of new equipment put on the market in Europe after August 13th 2005.
Please contact TANDBERG at recycling@tandberg.net and provide the following details for the product for which you would like to receive recycling information:
Model number of TANDBERG product
Your company's name
Contact name
Address
Telephone number
E-mail address
1.3.5. Digital User Guides
TA
NDBERG is pleased to announce that we have replaced the printed versions of our User Guides with a digital CD version. Instead of a range of different user manuals, there is now one CD -- which can be used with all TANDBERG products -- in a variety of languages. The environmental benefits of this are significant. The CDs are recyclable and the savings on paper are huge. A simple web-based search feature helps you directly access the information you need. The contents of the CD can still be printed locally, whenever needed.
TANDBERG Border Controller User Guide
Page 10 of 118
1.4. Operator Safety Summary
For your protection please read these safety instructions completely before you connect the equipment to the power source. Carefully observe all warnings, precautions and instructions both on the apparatus and in these operating instructions.
Keep this manual for future reference.
1.4.1. Water and Moisture
Do not operate the apparat
us under or near water - for example near a bathtub, kitchen sink, or
laundry tub, in a wet basement, near a swimming pool or in other areas with high humidity.
Never install jacks for communication cables in wet locations unless the jack is specifically
designed for wet locations.
Do not touch the product with wet hands.
1.4.2. Cleaning
Unplug the apparatus from communicati
on lines, mains power-outlet or any power source before cleaning or polishing. Do not use liquid cleaners or aerosol cleaners. Use a lint-free cloth lightly moistened with water for cleaning the exterior of the apparatus.
Unplug the apparatus from communication lines before cleaning or polishing. Do not use liquid
cleaners or aerosol cleaners. Use a lint-free cloth lightly moistened with water for cleaning the exterior of the apparatus.
1.4.3. Ventilation
Do not block an
y of the ventilation openings of the apparatus. Never cover the slots and openings with a cloth or other material. Never install the apparatus near heat sources such as radiators, heat registers, stoves, or other apparatus (including amplifiers) that produce heat.
Do not place the product in direct sunlight or close to a surface directly heated by the sun.
1.4.4. Lightning
Never use this apparatus, or connect/disconnect communication cables or power cables during
lightning storms.
1.4.5. Dust
Do not operate the apparat
us in areas with high concentration of dust.
1.4.6. Vibration
Do not operate the apparat
us in areas with vibration or place it on an unstable surface.
TANDBERG Border Controller User Guide
Page 11 of 118
1.4.7. Power connection and Hazardous voltage
The product may have hazardous voltage inside. Never attempt to open this product, or any
peripherals connected to the product, where this action requires a tool.
This product should always be powered from an earthed power outlet.
Never connect attached power supply cord to other products.
If any parts of the product have visual damage, do not attempt to connect mains power (or any
other power source) before consulting service personnel.
The plug connecting the power cord to the product/power supply serves as the main disconnect
device for this equipment. The power cord must always be easily accessible.
Route the power cord so as to avoid it being walked on or pinched by items placed upon or
against it. Pay particular attention to the plugs, receptacles and the point where the cord exits from the apparatus.
Do not tug the power cord.
If the provided plug does not fit into your outlet, consult an electrician. Never install cables, or
any peripherals, without first unplugging the device from its power source.
1.4.8. Servicing
Do not attempt to service the apparatus yourself as opening or removing covers may expose you
to dangerous voltages or other hazards, and will void the warranty. Refer all servicing to qualified service personnel.
Unplug the apparatus from its power source and refer servicing to qualified personnel under the
following conditions:
o If the power cord or plug is damaged or frayed. o If liquid has been spilled into the apparatus. o If objects have fallen into the apparatus. o If the apparatus has been exposed to rain or moisture. o If the apparatus has been subjected to excessive shock by being dropped. o If the cabinet has been damaged. o If the apparatus seems to be overheated. o If the apparatus emits smoke or abnormal odor. o If the apparatus fails to operate in accordance with the operating instructions.
1.4.9. Accessories
Use only accessories specified by the manufacturer, or sold with the apparatus.
TANDBERG Border Controller User Guide
Page 12 of 118
2. Introduction
This User Manual is provided to help you make the best use of your TANDBERG Border Controller.
A Border Controller is a key component of TANDBERG's Expressway
TM
firewall traversal solution. Used in conjunction with a TANDBERG Gatekeeper or TANDBERG traversal-enabled endpoints it allows calls to be made into and out of a secured private network.
2.1. Main Features
The main features of the TANDBERG Border Controller are:
IPv4 and IPv6 support.
Registration of traversal enabled endpoints.
Supports up to 500 registered TANDBERG traversal endpoints.
Supports up to 100 neighboring zones.
Flexible zone configuration with prefix and suffix support.
URI and ENUM dialing with DNS enabling global connectivity.
Can function as a standalone Border Controller or be neighbored with other Border Controllers
and Gatekeepers.
Secure firewall traversal of any firewall or NAT.
Up to 100 traversal calls.
Can be used to control the amount of bandwidth used both within the Border Controller zone and
to neighboring Border Controllers and Gatekeepers.
Can limit total bandwidth usage and set maximum per call bandwidth usage with automatic
downspeeding if call exceeds per-call maximum.
Can be managed with TANDBERG Management Suite 11.0 or newer, or as a standalone system
with RS-232, Telnet, SSH, HTTP and HTTPS.
Embedded setup wizard on serial port for initial configuration.
Note: features may vary depending on software package.
2.2. Hardware Overview
On the front of the Border Controller (see Figure 1) there are:
three LAN interfaces
a serial port (Data 1)
a Light Emitting Diode (LED) showing the power status of the system.
The LAN 1 interface is used for connecting the system to your network. LAN interface 2 and 3 are disabled.
The serial port (Data 1) is for connection to a PC.
The LED, when lit, indicates that power is on.
TANDBERG Border Controller User Guide
Page 13 of 118
Figure 1: Front panel of Border Controller
On the back of the Border Controller (see Figure 2) there are:
a power connector
a power switch
a serial port (Data 2) for connecting to a PC.
Figure 2: Rear panel of Border Controller
TANDBERG Border Controller User Guide
Page 14 of 118
3. Installation
3.1. Precautions
Never install communication equipment during a lightning storm.
Never install jacks for communication cables in wet locations unless the jack is specifically
designed for wet locations.
Never touch uninstalled communication wires or terminals unless the communication line has
been disconnected at the network interface.
Use caution when installing or modifying communication lines.
Avoid using communication equipment (other than a cordless type) during an electrical storm.
There may be a remote risk of electrical shock from lightning.
Do not use communication equipment to report a gas leak in the vicinity of the leak.
The socket outlet shall be installed near to the equipment and shall be easily accessible.
Never install cables without first switching the power OFF.
This product complies with directives: LVD 73/23/EC and EMC 89/366/EEC.
Power must be switched off before power supplies can be removed from or installed into the
unit.
3.2. Preparing the Installation Site
Make sure that the Border Controller is accessible and that all cables can be easily connected.
For ventilation: Leave a space of at least 10cm (4 inches) behind the Border Controller's rear and
5cm (2 inches) on the sides.
The room in which you install the Border Controller should have an ambient temperature
between 0C and 35C (32F and 95F) and between 10% and 90% non-condensing relative humidity.
Do not place hot objects directly on top of or directly beneath the Border Controller.
Use a grounded AC power outlet for the Border Controller.
TANDBERG Border Controller User Guide
Page 15 of 118
3.3. Unpacking
The TANDBERG Border Controller is delivered in a special shipping box which should contain the following components:
Border Controller unit
Installation sheet
User manual and other documentation on CD
Rack-ears and screws
Kit with 4 rubber feet
Cables:
o Power cables o One Ethernet cable o One null-modem RS-232 cable
3.4. Mounting
The Border Controller comes with brackets for mounting in standard 19" racks.
Before starting the rack mounting, please make sure the TANDBERG Border Controller is placed securely on a hard, flat surface.
1. Disconnect the AC power cable.
2. Make sure that the mounting space is according to the Installation site preparations in section
3.2.
3.
Attach the brackets to the chassis on both sides of the unit.
4. Insert the unit into a 19" rack, and secure it with screws.
3.5. Connecting the Cables
3.5.1. Power cable
Connect the system power cable to an electrical distribution socket.
3.5.2. LAN cable
Connect a LAN cable from the LAN 1 connector on the front of the unit to your network.
3.5.3. Null-modem RS-232 cable
Connect the supplied null-modem RS-232 cable between the Border Controller's Data 1 connector and the COM port on a PC.
3.6. Switching on the System
To start the TANDBERG Border Controller:
1. Ensure the power cable is connected.
2. Ensure the LAN cable is connected.
3. Switch the power switch button on the back of the unit to '1'.
On the front of the chassis you will see the Power LED being lit.
TANDBERG Border Controller User Guide
Page 16 of 118
4. Getting started
4.1. Initial Configuration
The TANDBERG Border Controller requires some configuration before it can be used. This must be done using a PC connected to the serial port (Data 1) or by connecting to the system's default IP address:
192.168.0.100.
The IP address, subnet mask and gateway must be configured before use. The Border Controller has to be configured with a static IP address. Consult your network administrator for information on which addresses to use.
To set the initial configuration:
1. Connect the supplied null-modem RS-232 cable from Data 1 to a PC running a terminal program.
2. Start a terminal program and configure it to use the serial port with baud rate 115200, 8 data
bits, no parity, 1 stop bit, no flow control.
3. Power on the unit if it is not already on.
You should see the unit display start up information.
After approximately 2 minutes you will get a login prompt:
(none) login: admin Password:
4. Enter the username admin and your password. The default password is TANDBERG.
You will be prompted if you want to run the install wizard:
Run install wizard [n]: y
5. Type y and press Enter.
6. Specify the following:
a. The password you want to use for your system. See Administrator Account (section
4.2.4)
for account details.
b. The IP
address of the system.
c. The IP subnet mask of the system. d. The IP default gateway of the system. e. The Ethernet speed. f. The local zone prefix, if any, you want to use for the zone controlled by this system. (You
should use a local zone prefix if you have a structured dial plan using E.164 aliases. See Neighboring and dial plans (section 4.6.1) for more information.
g. Whether you want to use SSH to administer the system. h. Whether you want to use Telnet
to administer the system.
7. You will be prompted to log in again. You should see a welcome message like this:
Welcome to TANDBERG Border Controller Release Q6.0 SW Release Date: 2008-03-11 OK
8. Login with the username admin and your password.
TANDBERG Border Controller User Guide
Page 17 of 118
9. Review other system settings. You may want to set the following:
a. The name of the Border Controller. This is used by the TANDBERG Management Suite
(TMS) to identify the Border Controller. See the xConfiguration SystemUnit command (section 18.2.18) for more information on setting the name.
b. A
utomatic discovery. If you have multiple Border Controllers in the same network you may
want to disable automatic discovery on some of them. See the xConfiguration Gatekeeper AutoDiscovery command (section 18.2.4).
c. The DNS
server address and the domain name (if the Border Controller will be configured
with hostnames instead of IP address or if URI dialing is required). See the xConfiguration IP DNS Server Address command (section 18.2.6) for more informa
tion.
10. To make your new settings take effect, reboot the Border Controller by typing the command
xCommand boot.
11. Disconnect the serial cable.
Note: To securely manage the Border Controller you should disable HTTP and Telnet, using the
encrypted HTTPS and SSH protocols instead. For increased security, disable HTTPS and SSH as well, using the serial port to manage the system.
Note: If you do not have an IP gateway, configure the Border Controller with an unused IP address
that is valid in your subnet.
4.2. System Administration
To configure and monitor the TANDBERG Border Controller you can either use the web interface or a command line interface.
4.2.1. Web interface
To use the web interface, open a browser window and in the address line type either:
the IP address of the system
the system’s host name (if configured in the local DNS server).
You will be presented with the following screen:
Enter the User Name admin and your system password and select OK.
TANDBERG Border Controller User Guide
Page 18 of 118
You will be presented with the Overview screen:
Note: HTTP and HTTPS must be enabled in order to use the web interface. This is done using the
following commands:
xConfiguration HTTP Mode: <On/Off> xconfiguration HTTPS Mode: <On/Off>
Note: If web access is required, you are recommended to enable HTTPS and disable HTTP for
improved security.
Uploading an HTTPS Server Certificate
For added secu
rity, you can upload a PEM file that contains the server certificate used for HTTPS connections to the Border Controller from administrator web browsers. You can also upload a PEM file that identifies the private key used to encrypt the server certificate used by the Border Controller. This private key must not be password protected.
To upload the HTTPS server certificate files, navigate to Border Controller Configuration > Files. In the Server Certificate section, browse to the appropriate file(s) and then select Upload.
Note: Installation of the HTTPS server certificate files cannot be done via the command line
interface.
4.2.2. Command line interface
The command line interf
ace is available over SSH, Telnet and through the serial port.
To use the command line interface, start a session and login with user name admin and your password.
To obtain Help for a particular command, type “?” after the command.
To complete a word typed into the CLI, or to obtain a list of sub-commands for a particular
command, press the TAB key.
The interface groups information in different commands:
xstatus
Provides a read only interface to determine the current status of the system. Information such as current calls and registrations is available through this command group.
TANDBERG Border Controller User Guide
Page 19 of 118
xconfiguration
A read/write interface to set system configuration data such as IP address and subnet.
xcommand
A miscellaneous group of commands for setting information or obtaining it.
xhistory
Provides historical information about calls and registrations.
xfeedback
An event interface, providing information about calls and registrations.
See the Command Reference (section 18) for a full list of commands.
Note: SSH and/or Telnet access must be enabled in order to use the command line interface. This
is done using the following commands:
xConfiguration SSH Mode: <On/Off> xconfiguration Telnet Mode: <On/Off>
Note: For secure operation you should use SSH in preference to Telnet.
4.2.3. Session timeout
By defaul
t, administration sessions remain active until you logout. Session timeouts may be enabled
using the command:
xConfiguration Session TimeOut
or using the web interface via System Configuration > System and in the Services section entering a value in the Session time out (minutes) field.
4.2.4. Administrator Account
All admi
nistration requires you to log in to the administration account with the user name admin and a password. The default password is TANDBERG, which you are recommended to change as soon as possible. Choose a strong password, particularly if administration over IP is enabled.
The password can be changed on the web interface via System Configuration > System or through the command line interface using the command:
xconfiguration systemunit password: new_password
If you forget your password, it is possible to set a new password using the following procedure:
1. Reboot the Border Controller.
2. Connect to the Border Controller over the serial interface once it has restarted.
3. Login with the user name pwrec. No password is required.
4. You will be prompted for a new password.
Note: The pwrec account is only active for one minute following a restart. Beyond that time you will
have to restart the system again to change the password. Because access to the serial port allows the password to be reset, it is recommended that you install the Border Controller in a physically secure environment.
4.2.5. Root Account
The Border Con
troller provides a root account with the same password as the admin account. This account should not be used in normal operation, and in particular system configuration should not be conducted using this account. Use the admin account instead.
TANDBERG Border Controller User Guide
Page 20 of 118
4.3. Backups
You are recommended to maintain a backup of your Border Controller configuration. Using the command line interface, log on to the Border Controller as admin and type xConfiguration. Save the resulting output to a file, using cut-and-paste or some other means provided by your terminal emulator. Pasting this information back in to the command line shell will restore your configuration.
4.4. IP Configuration
The Border Controller may be configured to use IPv4, IPv6 or both protocols. If using both protocols, the Border Controller will act as a gateway if necessary, allowing calls to be made between an IPv4-only endpoint and an IPv6-only endpoint. This behavior will use a traversal license for each call gatewayed between IPv4 and IPv6.
IPv4 and IPv6 dual stack behavior is controlled by the command:
xConfiguration IPProtocol: <Both/IPv4/IPv6>
or using the web interface via System Configuration > IP Configuration shown in Figure 3 below:
Figure 3: Selecting IP Protocol
TANDBERG Border Controller User Guide
Page 21 of 118
4.5. Endpoint Registration
Before an endpoint can use the Border Controller it must first register with it. The Border Controller behaves as the endpoint's Gatekeeper.
There are two ways an endpoint can register:
Automatically
Manually by specifying the IP address of the Border Controller.
Note: You can disable automatic registration on the Border Controller. See the Auto Discovery
command (section 18.2.4) for more information.
When registering, the endpoint registers with one or more of the following:
One or more H.323 IDs
One or more E.164 aliases.
Users of other registered endpoints can then call the endpoint by using either the H.323 ID, a URI, an E.164 alias, or one of the services.
By default, if you attempt to register an alias which has already been registered with the system, your registration will be rejected. This helps you to identify when two users have a conflicting alias.
In some deployments an endpoint may frequently receive a new IP address, causing unwanted registration rejections. When it tries to register, it may be rejected because the Border Controller still has a registration from its old IP address. The Border Controller may be configured to allow an endpoint to overwrite the old IP address. To do this, either issue the command:
xConfiguration Gatekeeper Registration ConflictMode: <Overwrite/Reject>
or go to Border Controller Configuration > Restrictions and in the Policy section, from the Registration
conflict policy drop-down menu select Overwrite.
Consult the endpoint documentation for information on how to configure it with a Gatekeeper.
Note: Only traversal-enabled endpoints can register with a TANDBERG Border Controller. All other
registration requests will be rejected. Traversal-enabled endpoints include all TANDBERG Expressway endpoints and third party endpoints which support the ITU H.460.18 and H.460.19 standards.
Note: When URI dialing is used to discover an endpoint, the URI used is based on either the H.323
ID or the E.164 alias that the endpoint registered with. The local domain is then added to this. For more information see URI Dialing (section 10).
TANDBERG Border Controller User Guide
Page 22 of 118
4.6. Neighbor Gatekeepers
4.6.1. Neighboring and dial plans
As you start deploying more than one Gatekeeper or Border Controller, it is useful to neighbor the systems together so that they can exchange information about registered endpoints. Each Gatekeeper or Border Controller forms an H.323 zone and is responsible for the endpoints within that zone. There are a number of ways this can be done, depending on the complexity of your system.
Flat dial plan
The si
mplest approach is to assign each endpoint a unique alias and divide the endpoint registrations between the Gatekeepers and Border Controllers. Each Gatekeeper or Border Controller is then configured with the addresses of all other Gatekeepers and Border Controllers. When a system receives a call for an endpoint which is not registered with it, it will send out a Location Request to all the other Gatekeepers and Border Controllers on the system. Whilst conceptually simple, this sort of flat dial plan does not scale very well: adding or moving a Gatekeeper requires changing the configuration of every Gatekeeper and Border Controller; one call attempt can result in a large number of location requests.
Structured dial plan
An alte
rnative deployment would use a structured dial plan whereby endpoints are assigned an alias based on the system they are registering with. Using E.164 aliases, each Gatekeeper or Border Controller would be assigned an area code. When the Gatekeepers and Border Controllers are neighbored together, each neighbor is configured with its corresponding area code as a prefix. That neighbor will now only be queried for calls to numbers which begin with its prefix. In a URI based dial plan, similar behavior may be obtained by configuring neighbors with a suffix to match the desired domain name.
It may be desirable to have endpoints register with just the subscriber number -- the last part of the E.164 number. In that case, the Border Controller should be configured to strip prefixes before placing the Location Request.
A structured dial plan will minimize the number of location requests issued when a call is attempted, but, as described above, still requires a fully connected mesh of all Gatekeepers and Border Controllers in your deployment. A hierarchical dial plan (see below) can simplify this.
Hierarchical dial plan
One Gatekeepe
r is nominated as the directory gatekeeper for the deployment. All Border Controllers and public Gatekeepers are neighbored with it and vice versa. There is no need to neighbor the Border Controllers and public Gatekeepers with each other. Adding a new Border Controller or public Gatekeeper now only requires changing configuration on that system and the Directory Gatekeeper.
Failure of the directory gatekeeper could cause significant disruption to communications. Consideration should be given to the use of Alternate Gatekeepers (see section 4.7) for increased resilience.
4.6.2. Adding Neighbors and configuring zones
Neighbors are a
dded and zones configured through the command line interface using the
xconfiguration zones family of commands and xCommand ZoneAdd or through the web interface via Border Controller Configuration > Zones - either select Add New Zone, or highlight an existing zone and select Edit, to access the screen shown in Figure 4.
The prefixes and suffixes described above
are formed using patterns: each zone may have up to 5
patterns assigned, each of which may be defined as a prefix or a suffix.
Patterns are not used, and not displayed on the web interface, if the pattern match mode is set to always or disabled.
TANDBERG Border Controller User Guide
Page 23 of 118
Figure 4: Adding a new zone
4.6.3. Search Order
I
f a called alias matches a prefix or suffix zone a strong match is achieved. A weak match is achieved if a
zone is to be queried only because it has no pattern matching configured.
When an incoming call request is received a Border Controller will first search all of its registered endpoints. If no match is found, all strongly matching neighbor and traversal zones will be queried concurrently. If the target is not found in any of the strongly matching zones, all weakly matching neighbor zones will be queried, then all weakly matching traversal zones. Finally, if a match has still not been found, a DNS query may be attempted (see section 10).
4.7. Alternates
Alternate Border Controller support is provided to increase the reliability of your deployment. If one Border Controller becomes unavailable, perhaps due to a network or power outage, another will be used as an Alternate. Alternates share responsibility for their endpoint community: an individual endpoint may be registered with any one of the Alternates. You should configure Alternates identically for all registration and call features such as authentication, bandwidth control and policy. If you do not do this, endpoint behavior will vary unpredictably depending on which Alternate it is currently registered with. Alternates should also be deployed on the same LAN as each other so that they may be configured with the same routing information such as local domain names and local domain subnet masks.
Each Border Controller may be configured with the IP addresses of up to five Alternates. When an endpoint registers with the Border Controller, it is presented with the IP addresses of all the Alternates. If the endpoint loses contact with its initial Border Controller, it will seek to register with one of the Alternates. This may result in your endpoint community's registrations being spread over all the Alternates.
Enterprise Gatekeepers which register with the Border Controller may also be given a list of Alternate Border Controllers to use.
When a Border Controller receives a Location Request, if it cannot respond from its own registration database, it will query all of its Alternates before responding. This allows the pool of registrations to be treated as if they were registered with a single Border Controller.
The Alternate Border Controllers can be configured within the web interface via Border Controller
Configuration > Gatekeeper within the Alternate Gatekeepers section (see
Figure 5).
TANDBERG Border Controller User Guide
Page 24 of 118
Figure 5: Alternate Border Controller configuration
TANDBERG Border Controller User Guide
Page 25 of 118
4.8. Call Processing Overview
Figure 6 illustrates the process the Border Controller performs when receiving call requests.
Figure 6: Location decision flow diagram
TANDBERG Border Controller User Guide
Page 26 of 118
When an endpoint wants to call another endpoint it presents the address it wants to call to the Border Controller using a protocol knows as RAS. The Border Controller applies any transforms (see section 5), tr
ies to resolve the address, and if successful supplies the calling endpoint with information about the
called endpoint.
The destination address can take several forms: IP address, H.323 ID, E.164 alias or a full H.323 URI.
When an H.323 ID or E.164 alias is used, the Border Controller looks for a match between the dialed address and the aliases registered by its endpoints. If no match is found, it may query other Gatekeepers and Border Controllers.
When dialing by H.323 URI, the destination address resembles an email address. The Border Controller first follows the procedure for matching H.323 IDs. If that fails it looks for a Gatekeeper or Border Controller responsible for the domain (the part of the URI following the @ symbol) and queries that device.
Dialing by IP address is necessary when the destination endpoint is not registered with a Gatekeeper or Border Controller. If it is registered, then one of the other addressing schemes should be used instead as they are more flexible. From your registered endpoint, dial the IP address of the endpoint you wish to call. This requires that the Border Controller has xConfiguration Gatekeeper CallsToUnknownIPAddresses correctly configured (see section 18.2.4).
Most ca
lls to an endpoint registered with a Border Controller will be routed through the Border Controller rather than going directly between the two endpoints. This allows the calls to successfully pass through any firewalls between the called endpoint and the Border Controller.
If an unregistered endpoint calls the IP address of an endpoint registered with the Border Controller the call may succeed if there are no firewalls in the way. Such a call may be forced to pass through the Border Controller by setting Call Routed Mode to On.
Note: You are recommended not to dial an endpoint’s IP address from an unregistered endpoint.
The presence of a firewall may disrupt the call. Instead place the call to the Border Controller as described in section 6.1.
TANDBERG Border Controller User Guide
Page 27 of 118
5. Transforming Destination Aliases
5.1. Alias Transforms
The Alias Transforms function takes any aliases present in ARQ and LRQ messages and runs a set of transformations on them. The resulting aliases will then be used in the normal Gatekeeper logic, exactly as if those aliases were unchanged. Alias transforms will be applied prior to possible CPL modification and Zone transforms. The Alias transforms will not have any effect on aliases presented in GRQ or RRQ messages.
Alias transform rules are created either:
using the xconfiguration Gatekeeper Transform commands, or
using the web interface via Border Controller Configuration > Transforms and selecting Add New
Transform.
Alias transforms support the use of Regular Expressions. See Appendix C for further information.
Example
We have t
wo gateways registered with the Gatekeeper with prefixes of 7 and 8 respectively.
We want to allow the users to dial 9 for an “outside line”, but use GW1 for local calls, and GW2 for international calls. We should allow an alias manipulation that takes a destination alias of 90047… and replaces it with 80047… and an alias of 90118… with 70118…. This is achieved by configuring alias transforms as shown in Figure 7:
Figure 7: Example configuration of alias transforms
TANDBERG Border Controller User Guide
Page 28 of 118
5.2. Zone Transforms
It is possible to direct an incoming location request to a different alias by replacing either the prefix or the suffix of the alias with a new string, or by using regular expressions to specify the way in which the alias is to be transformed.
Zone transform rules are created either:
using the xconfiguration zones set of commands, or
using the web interface when adding or editing a zone via Border Controller Configuration >
Zones. You must first select from the Match 1, Match 2, etc. sections a Mode of PatternMatch in
order to access the options (see Figure 4).
Zone transform
s support the use of Regular Expressions. See Appendix C for more information.
Example
Endpoints might be registered t
o a Gatekeeper with aliases of the form user@example.com. If someone were to dial user@exampleusa.com we might want to try and find that user as user@example.com, hence we need a rule that replaces the suffix exampleusa.com with example.com before searching off the box. This can be achieved by configuring the zone transforms as shown in Figure 8:
Figure 8: Example configuration of zone transforms
TANDBERG Border Controller User Guide
Page 29 of 118
6. Unregistered Endpoints
Although most calls are made between endpoints registered with a Gatekeeper or Border Controller, it is sometimes necessary to place a call to or from an unregistered endpoint.
6.1. Calling from an Unregistered Endpoint
An unregistered endpoint can call an endpoint registered with the Border Controller. If there are no firewalls between the unregistered endpoint and the called endpoint, it is possible (though not recommended) to place the call by dialing the target endpoint's IP address. A better way of placing the call from an unregistered endpoint is to pass the alias of the called endpoint to the Border Controller. The Border Controller will then resolve the alias and place the call as normal.
Not all endpoints allow you to enter an alias and an IP address to which the call should be placed. In that case you can simply place the call to the IP address of the Border Controller, with no alias information. The Border Controller may be configured to associate all such anonymous calls with a single destination alias. This is achieved with the command:
xConfiguration Gatekeeper Unregistered Caller Fallback: <destination>
or using the web interface via Border Controller Configuration > Gatekeeper Configuration and entering the alias in the Fallback alias for unregistered caller destination field.
6.2. Calling to an Unregistered Endpoint
Calls can be placed to an unregistered endpoint by dialing its IP address or (if the DNS system has been appropriately configured) using an H.323 URI.
If URI dialing is used, DNS is queried for a call signaling address and, if found, the call is placed to that address. See URI Dialing (section 10) for details of how to configure the Call Signaling SRV Record.
It i
s sometimes undesirable for a system to place a call to an IP address directly. Instead, you may want a neighbor to place the call on behalf of the Border Controller. You can configure this on the Border Controller using the command:
xConfiguration Gatekeeper CallsToUnknownIPAddresses: <Off/Indirect/Direct>
or using the web interface via Border Controller Configuration > Gatekeeper and from within the
Configuration section selecting the desired option from the Calls to unknown IP addresses drop-down
menu.
There are three possible settings:
Direct
This setting will allow the endpoint to make the call to the unknown IP address without querying any neighbors. The call setup would occur just as it would if the far end were registered directly to the local system.
Indirect
Upon receiving the call the Border Controller will check to see if the address belongs to one of its local subzones. If so, it will allow the call. If not, it will query its neighbors for the remote address, relying on the response from the neighbor to allow the ability for the call to be completed; connecting through the routing rules as it would through the neighbor relationship.
Off
This will not allow any endpoint registered directly to the Border Controller to call an IP address of any system not also registered directly to that Border Controller.
The default is Indirect.
TANDBERG Border Controller User Guide
Page 30 of 118
When the Border Controller is used with a Gatekeeper for firewall traversal, you will typically set CallsToUnknownIPAddresses to Indirect on the Gatekeeper and Direct on the Border Controller. This will allow endpoints registered to the gatekeeper to successfully traverse the firewall in order to call public endpoints on the Internet. This is described in more detail in Dialing Public IP Addresses (section 12.3).
Loading...
+ 88 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use