Page 1 User's Manual AudioCodes Family of Session Border Controllers (SBC) Mediant™ 4000 SBC Version 7.0...
Page 3: Table Of Contents
Viewing the Home Page ..................60 Configuring Web User Accounts ................63 6.3.1 Basic User Accounts Configuration .................64 6.3.2 Advanced User Accounts Configuration ..............66 Displaying Login Information upon Login .............. 70 Configuring Web Security Settings ............... 71 Version 7.0 Mediant 4000 SBC...
Page 4 Mediant 4000 SBC 6.5.1 Configuring Secured (HTTPS) Web ................71 6.5.2 Configuring Web Session and Access Settings ............71 Web Login Authentication using Smart Cards............72 Configuring Web and Telnet Access List .............. 73 CLI-Based Management ..................75 Getting Familiar with CLI ..................75 7.1.1...
Page 5 13.1 Configuring Firewall Settings ................163 13.2 Configuring General Security Settings ..............168 13.3 Intrusion Detection System ................. 169 13.3.1 Enabling IDS ......................170 13.3.2 Configuring IDS Policies ..................170 13.3.3 Assigning IDS Policies ...................174 13.3.4 Viewing IDS Alarms ....................175 Version 7.0 Mediant 4000 SBC...
Page 6 Mediant 4000 SBC 14 Media ........................ 179 14.1 Configuring Voice Settings ................. 179 14.1.1 Configuring Voice Gain (Volume) Control .............179 14.1.2 Silence Suppression (Compression) ..............180 14.1.3 Configuring Echo Cancellation ................180 14.2 Fax and Modem Capabilities ................182 14.2.1 Fax/Modem Operating Modes ................183 14.2.2 Fax/Modem Transport Modes ................183...
Page 7 15.9.2.2 Adding ELINs to the Location Information Server ........296 15.9.2.3 Passing Location Information to the PSTN Emergency Provider ..297 15.9.3 AudioCodes ELIN Device for Lync Server E9-1-1 Calls to PSTN ......299 15.9.3.1 Detecting and Handling E9-1-1 Calls .............299 15.9.3.2 Pre-empting Existing Calls for E9-1-1 Calls ...........301 15.9.3.3 PSAP Callback to Lync Clients for Dropped E9-1-1 Calls .....301...
Page 8 Mediant 4000 SBC 15.9.4.3 Configuring the SIP Release Cause Code for Failed E9-1-1 Calls ..303 15.9.4.4 Configuring SBC IP-to-IP Routing Rule for E9-1-1 ........304 15.9.4.5 Viewing the ELIN Table ................304 16 Quality of Experience ..................305 16.1 Reporting Voice Quality of Experience to SEM ........... 305 16.1.1 Configuring the SEM Server ..................305...
Page 9 22 Configuring General SBC Settings ..............451 22.1 Interworking Dialog Information in SIP NOTIFY Messages ......... 452 23 Configuring Admission Control ..............455 24 Configuring Coder Groups ................459 24.1 Configuring Allowed Audio Coder Groups ............459 Version 7.0 Mediant 4000 SBC...
Page 10 Mediant 4000 SBC 24.2 Configuring Allowed Video Coder Groups ............461 25 Routing SBC ....................463 25.1 Configuring Classification Rules ................. 463 25.1.1 Classification Based on URI of Selected Header Example ........469 25.2 Configuring Message Condition Rules ..............470 25.3 Configuring SBC IP-to-IP Routing ............... 472 25.4 Configuring SIP Response Codes for Alternative Routing Reasons ....
Page 11 37.1.1.1 Loading Auxiliary Files through Web Interface ........570 37.1.1.2 Loading Auxiliary Files through CLI ............571 37.1.1.3 Loading Auxiliary Files through ini File using TFTP .......571 37.1.2 Deleting Auxiliary Files ..................571 37.1.3 Call Progress Tones File ..................572 Version 7.0 Mediant 4000 SBC...
Page 12 39.1.1 DHCP-based Provisioning ..................597 39.1.2 HTTP-based Provisioning ..................598 39.1.3 FTP- based Provisioning ..................599 39.1.4 Provisioning using AudioCodes EMS ..............599 39.2 HTTP/S-Based Provisioning using the Automatic Update Feature ...... 600 39.2.1 Files Provisioned by Automatic Update ..............600 39.2.2 File Location for Automatic Update ...............600 39.2.3 Triggers for Automatic Update ................601...
Page 13 46.2 Configuring Syslog ..................... 664 46.2.1 Syslog Message Format ..................664 46.2.1.1 Event Representation in Syslog Messages..........666 46.2.1.2 Identifying AudioCodes Syslog Messages using Facility Levels....667 46.2.1.3 Syslog Fields for Answering Machine Detection (AMD) ......668 46.2.1.4 SNMP Alarms in Syslog Messages ............669 46.2.2 Configuring Web User Activities to Report to Syslog ..........669...
Page 14 Mediant 4000 SBC 47 Creating Core Dump and Debug Files upon Device Crash ......679 48 Testing SIP Signaling Calls ................681 48.1 Configuring Test Call Endpoints ................. 681 48.2 Starting and Stopping Test Calls ................ 686 48.3 Viewing Test Call Statistics ................. 687 48.4 Configuring DTMF Tones for Test Calls ..............
Page 15 52 SBC and DSP Channel Capacity ..............813 52.1 Signaling-Media Sessions & User Registrations ..........813 52.2 Mediant 4000 Channel Capacity and Capabilities ..........814 52.3 Mediant 4000B Channel Capacity and Capabilities ..........816 53 Technical Specifications ................819 Version 7.0 Mediant 4000 SBC...
Page 16 Mediant 4000 SBC This page is intentionally left blank. User's Manual Document #: LTRT-41730...
Page 17: Weee Eu Directive
Customer Support Customer technical support and services are provided by AudioCodes or by an authorized AudioCodes Service Partner. For more information on how to buy technical support for AudioCodes products and for contact information, please visit our Web site at www.audiocodes.com/support.
Page 18: Related Documentation
Some of the features listed in this document are available only if the relevant Software License Key has been purchased from AudioCodes and installed on the device. For a list of Software License Keys that can be purchased, please consult your AudioCodes sales representative.
Page 19 • By default, the device supports export-grade (40-bit and 56-bit) encryption due to US government restrictions on the export of security technologies. To enable 128- bit and 256-bit encryption on your device, contact your AudioCodes sales representative. • This device includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/).
Page 20 Mediant 4000 SBC LTRT Description Rules; Configuring Address of Debug Recording Server; Starting and Stopping Debug Recording (removed); Configuring Ethernet Port Groups. Maximum table rows of following tables were updated: TLS Contexts table; SBC Routing Policy table; SBC User Info table.
Page 21 Updated parameters: Password; TLSContexts_TLSVersion; CallSetupRules_ActionType (typo value); IpProfile_MediaIPVersionPreference; IPProfile_SBCIceMode (value name); CLIPrivPass; NATMode (values): SendAcSessionIDHeader (removed); QOEPort (removed); MaxGeneratedRegistersRate; SIPSessionExpires (removed); MinSE (removed); SessionExpiresMethod (removed); RTPOnlyMode (removed); SBCUserRegistrationGraceTime; MSLDAPOCSNumAttributeName;  New parameters: WebLoginBlockAutoComplete; EnforcePasswordComplexity; GeneratedRegistersInterval; PublicationIPGroupID. Version 7.0 Mediant 4000 SBC...
Page 22 Mediant 4000 SBC Documentation Feedback AudioCodes continually strives to produce high quality documentation. If you have any comments (suggestions or errors) regarding this document, please fill out the Documentation Feedback form on our Web site at http://www.audiocodes.com/downloads. User's Manual Document #: LTRT-41730...
Page 23: Introduction
Product Overview AudioCodes' Mediant 4000 E-SBC (hereafter referred to as device) is a member of AudioCodes family of Enterprise Session Border Controllers (E-SBC), enabling connectivity and security between small medium businesses (SMB) and service providers' VoIP networks.
Page 24: Typographical Conventions
Mediant 4000 SBC Typographical Conventions This document uses the following typographical conventions to convey information: Table 1-1: Typographical Conventions Convention Description Example  Buttons in the Web interface. Boldface font Click the Add button.  Optional parameter values in the Web interface.
Page 25 SRDs. For example, if all tenants route calls with the same SIP Trunking service provider, the SRD of the SIP Trunk would be configured as a Shared Sharing Policy. SRDs whose resources are not shared, would be configured with an Isolated Sharing Policy. Version 7.0 Mediant 4000 SBC...
Page 26 Mediant 4000 SBC Configuration Terms Description IP Profile The IP Profile is an optional configuration entity that defines a wide range of call settings for a specific SIP entity (IP Group). The IP Profile includes signaling and media related settings, for example, jitter buffer, silence suppression, voice coders, fax signaling method, SIP header support (local termination if not supported), and media security method.
Page 27 "serving" IP Group. Registration is for REGISTER messages, which are initiated by the device on behalf of the "serving" SIP entity. The associations between the configuration entities are summarized in the following figure: Figure 1-1: Association of Configuration Entities Version 7.0 Mediant 4000 SBC...
Page 28 Mediant 4000 SBC The main configuration entities and their involvement in the call processing is summarized in following figure. The figure is used only as an example to provide basic understanding of the configuration terminology. Depending on configuration and network topology, the call process may include additional stages or a different order of stages.
Page 29: Getting Started With Initial Connectivity
Part I Getting Started with Initial Connectivity...
Page 31: Introduction
User's Manual 2. Introduction Introduction This part describes how to initially access the device's management interface and change its default IP address to correspond with your networking scheme. Version 7.0 Mediant 4000 SBC...
Page 32 Mediant 4000 SBC This page is intentionally left blank. User's Manual Document #: LTRT-41730...
Page 33: Default Oamp Ip Address
OAMP + Media + Control IP Address 192.168.0.2 - this IP address is assigned to the first Ethernet Group (top-left ports 1 & 2) Prefix Length 255.255.255.0 (24) Default Gateway 192.168.0.1 Underlying Device vlan 1 Interface Name O+M+C Version 7.0 Mediant 4000 SBC...
Page 34 Mediant 4000 SBC This page is intentionally left blank. User's Manual Document #: LTRT-41730...
Page 35: Configuring Voip Lan Interface For Oamp
Access the Web interface: On your computer, start a Web browser and in the URL address field, enter the default IP address of the device; the Web interface's Web Login screen appears: Figure 4-1: Web Login Screen Version 7.0 Mediant 4000 SBC...
Page 36 Mediant 4000 SBC In the 'Username' and 'Password' fields, enter the case-sensitive, default login username ("Admin") and password ("Admin"). Click Login. Open the Physical Ports Settings page (Configuration tab > VoIP menu > Network > Physical Ports Table) and then configure the device's physical Ethernet port-pair (group) that you want to later assign to the OAMP interface.
Page 37: Cli
Access the VoIP configuration mode: # configure voip Access the Interface table: (config-voip)# interface network-if 0 Configure the IP address: (network-if-0)# ip-address <IP address> Configure the prefix length: (network-if-0)# prefix-length <prefix length / subnet mask, e.g., 16> Version 7.0 Mediant 4000 SBC...
Page 38 Mediant 4000 SBC Configure the Default Gateway address: (network-if-0)# gateway <IP address> Exit the Interface table: (network-if-0)# exit Exit the VoIP configuration mode: (config-voip)# exit Reset the device with a flash burn: # reload now Cable the device to your network. You can now access the device's management interface using this new OAMP IP address.
Page 39: Management Tools
Part II Management Tools...
Page 41: Introduction
Web, CLI, and ini file parameter is mentioned. The ini file parameters are enclosed in square brackets [...]. • For a list and description of all the configuration parameters, see ''Configuration Parameters Reference'' on page 701. Version 7.0 Mediant 4000 SBC...
Page 42 Mediant 4000 SBC This page is intentionally left blank. User's Manual Document #: LTRT-41730...
Page 43: Web-Based Management
Microsoft™ Internet Explorer™ (Version 11.0.13 and later) • ® Mozilla Firefox (Versions 5 through 9.0)  Recommended screen resolutions: 1024 x 768 pixels, or 1280 x 1024 pixels Note: Your Web browser must be JavaScript-enabled to access the Web interface. Version 7.0 Mediant 4000 SBC...
Page 44: Accessing The Web Interface
Mediant 4000 SBC 6.1.2 Accessing the Web Interface The following procedure describes how to access the Web interface.  To access the Web interface: Open a standard Web browser (see ''Computer Requirements'' on page 43). In the Web browser, specify the OAMP IP address of the device (e.g., http://10.1.10.10);...
Page 45: Areas Of The Gui
''Navigation Tree'' on page 47. Work pane, displaying the configuration page of the selected menu in the Navigation tree. This is where configuration is done. For more information, see ''Working with Configuration Pages'' on page 49. Version 7.0 Mediant 4000 SBC...
Page 46: Toolbar Description
Mediant 4000 SBC 6.1.4 Toolbar Description The toolbar provides frequently required command buttons, described in the table below: Table 6-2: Description of Toolbar Buttons Icon Button Description Name Submit Applies parameter settings to the device (see ''Saving Configuration'' on page 564).
Page 47: Navigation Tree
The expanded view displays all the menus pertaining to the selected configuration tab; the reduced view displays only commonly used menus.  To display a reduced menu tree, select the Basic option (default). Version 7.0 Mediant 4000 SBC...
Page 48: Showing / Hiding The Navigation Pane
Mediant 4000 SBC  To display all menus and submenus, select the Advanced option. Figure 6-4: Basic and Full View Options Note: After you reset the device, the Web GUI is displayed in Basic view. 6.1.5.2 Showing / Hiding the Navigation Pane You can hide the Navigation pane to provide more space for elements displayed in the Work pane.
Page 49: Working With Configuration
 Advanced Parameter List button with down-pointing arrow: click this button to display all parameters.  Basic Parameter List button with up-pointing arrow: click this button to show only common (basic) parameters. Version 7.0 Mediant 4000 SBC...
Page 50 Mediant 4000 SBC The figure below shows an example of a page displaying basic parameters only. If you click the Advanced Parameter List button (shown below), the page will also display the advanced parameters. Figure 6-6: Toggling between Basic and Advanced View Notes: •...
Page 51: Modifying And Saving Parameters
Thus, to ensure parameter changes (whether on-the-fly or not) are retained, save ('burn') them to the device's non-volatile memory, i.e., flash (see ''Saving Configuration'' on page 564). Version 7.0 Mediant 4000 SBC...
Page 52: Working With Tables
Mediant 4000 SBC If you enter an invalid value (e.g., not in the range of permitted values) and then click Submit, a message box appears notifying you of the invalid value. In addition, the parameter value reverts to its previous value and is highlighted in red, as shown in the...
Page 53: Table Toolbar Description
The button is available only if the table contains more than one row and is sorted according to 'Index' column; otherwise, the button is grayed out. For sorting tables, see ''Sorting Tables by Column'' on page 55.  The button appears only in certain tables. Version 7.0 Mediant 4000 SBC...
Page 54: Toggling Display Mode Of Table Dialog Boxes
Mediant 4000 SBC Button Name Moves a selected row one index up. The index number of the row changes according to its new position in the table. The row that previously occupied the index row and all rows below it are moved one index down in the table.
Page 55: Searching Table Entries
Index column in ascending order (e.g., 1, 2, and 3), you can sort the rows by Index column in descending order (e.g., 3, 2, and 1). By default, most tables are sorted by Index column in ascending order. Version 7.0 Mediant 4000 SBC...
Page 56: Searching For Configuration Parameters
Mediant 4000 SBC  To sort table rows by column: Click the heading name of the column that you want to sort the table rows by; the up- down arrows appear alongside the heading name and the up button is bolded (see...
Page 57 Figure 6-14: Searched Result Screen Table 6-6: Search Description Item # Description Search field for entering search key and Search button for activating the search process. Search results listed in Navigation pane. Found parameter, highlighted on relevant Web page Version 7.0 Mediant 4000 SBC...
Page 58: Creating A Login Welcome Message
Mediant 4000 SBC 6.1.9 Creating a Login Welcome Message You can create a Welcome message box that is displayed on the Web Login page. The figure below displays an example of a Welcome message: Figure 6-15: User-Defined Web Welcome Message after Login To enable and create a Welcome message, use the WelcomeMessage table ini file parameter, as described in the table below.
Page 59: Getting Help
Instead of clicking the Help button for each page you open, you can open it once for a page and then simply leave it open. Each time you open a different page, the Help topic pertaining to that page is automatically displayed. Version 7.0 Mediant 4000 SBC...
Page 60: Logging Off The Web Interface
Mediant 4000 SBC 6.1.11 Logging Off the Web Interface The following procedure describes how to log off the Web interface.  To log off the Web interface: On the toolbar, click the Log Off icon; the following confirmation message box...
Page 61 To view detailed information on the device's hardware components, click these icons to open the Components Status page (see Viewing Hardware Components Status on page 621). Power Supply Unit 1 status indicator. See Item #3 for a description. Chassis slot number. Version 7.0 Mediant 4000 SBC...
Page 62 Mediant 4000 SBC Item # Description Module status icon:  (green): Module has been inserted or is correctly configured  (gray): Module was removed. "Reserved" is displayed alongside the module's name  (red): Module failure. "Failure" is displayed instead of the module's name Media Processing Module (MPM).
Page 63: Configuring Web User Accounts
Users table. By default, the device is pre-configured with the following two Web user accounts: Table 6-10: Pre-configured Web User Accounts User Access Level Username Password (Case-Sensitive) (Case-Sensitive) Security Administrator Admin Admin Monitor User User Version 7.0 Mediant 4000 SBC...
Page 64: Basic User Accounts Configuration
Mediant 4000 SBC After you log in to the Web interface, the username is displayed on the toolbar. Notes: • For security, it's recommended that you change the default username and password of the pre-configured users (i.e., Security Administrator and Monitor users).
Page 65 To change the access level of the optional, second account: Under the Account Data for User: User group, from the 'Access Level' drop- down list, select a new access level user. Click Change Access Level; the new access level is applied immediately. Version 7.0 Mediant 4000 SBC...
Page 66: Advanced User Accounts Configuration
Mediant 4000 SBC 6.3.2 Advanced User Accounts Configuration The Web Users table lets you configure advanced Web user accounts. This configuration is relevant only if you need the following management schemes:  Enhanced security settings per Web user (e.g., limit session duration) ...
Page 67 Contain at least two symbols (non-alphanumeric characters) (e.g., $, #, %).  No spaces.  Contain at least four new characters that were not used in the previous password. Note: To enforce the password complexity requirements mentioned above, configure the EnforcePasswordComplexity to 1. Version 7.0 Mediant 4000 SBC...
Page 68 Mediant 4000 SBC Parameter Description Status Defines the status of the Web user.  status New = (Default) User is required to change its password on the next login. When the user logs in to the Web interface, the user is immediately prompted to change the current password.
Page 69 If only one Master user exists, it can be deleted only by itself.  Master users can add, edit, and delete Security Administrators (but cannot delete the last Security Administrator).  Only Security Administrator and Master users can add, edit, and delete Administrator and Monitor users. Version 7.0 Mediant 4000 SBC...
Page 70: Displaying Login Information Upon Login
Mediant 4000 SBC Displaying Login Information upon Login The device can display login information immediately upon Web login.  To enable display of user login information upon a successful login: Open the Web Security Settings page (Configuration tab > System menu >...
Page 71: Configuring Web Security Settings
To configure Web user sessions and access security: Open the Web Security Settings page (Configuration tab > System menu > Management > Web Security Settings). Figure 6-22: Configuring Security Related to Web User Sessions and Access Web user sessions: Version 7.0 Mediant 4000 SBC...
Page 72: Web Login Authentication Using Smart Cards
This feature is enabled using the EnableMgmtTwoFactorAuthentication parameter. Note: For specific integration requirements for implementing a third-party smart card for Web login authentication, contact your AudioCodes representative.  To log in to the Web interface using CAC: Insert the Common Access Card into the card reader.
Page 73: Configuring Web And Telnet Access List
IP addresses that you want to delete, and then click Delete Selected Addresses; the IP addresses are removed from the table and these IP addresses can no longer access the Web and Telnet interfaces. Version 7.0 Mediant 4000 SBC...
Page 74 Mediant 4000 SBC To save the changes to flash memory, see ''Saving Configuration'' on page 564. Notes: • The first authorized IP address in the list must be your PC's (terminal) IP address; otherwise, access from your PC is denied.
Page 75: Cli-Based Management
This mode allows you to view various information (using the show commands) and activate various debugging capabilities. Welcome to AudioCodes CLI Username: Admin Password: >...
Page 76: Using Cli Shortcuts
Mediant 4000 SBC The Enable mode groups the configuration commands under the following command sets: • config-system: Provides the general and system related configuration commands, for example, Syslog configuration. This set is accessed by typing the following command: # configure system (config-system)# •...
Page 77: Common Cli Commands
Displays a list of previously run commands. list Displays the available command list of the current command-set. | <filter> Applied to a command output. The filter should be typed after the command with a pipe mark (|). Version 7.0 Mediant 4000 SBC...
Page 78: Configuring Tables Through Cli
Mediant 4000 SBC Command Description Supported filters:  include <word> – filter (print) lines which contain <word>  exclude <word> – filter lines which does not contain <word>  grep <options> - filter lines according to grep common Unix utility options ...
Page 79: Understanding Cli Error Messages
Use "?" to determine your error.  "Incomplete command" message: You may not have entered all of the pertinent information required to make the command valid. Use "?" to determine your error. Version 7.0 Mediant 4000 SBC...
Page 80: Enabling Cli
Mediant 4000 SBC Enabling CLI By default, access to the device's CLI through Telnet and SSH is disabled. This section describes how to enable these protocols. 7.2.1 Enabling Telnet for CLI The following procedure describes how to enable Telnet. You can enable a secured Telnet that uses Secure Socket Layer (SSL) where information is not transmitted in the clear.
Page 81 For additional security, you can set the 'Require Public Key' to Enable. This ensures that SSH access is only possible by using the RSA key and not by using user name and password. Version 7.0 Mediant 4000 SBC...
Page 82 Mediant 4000 SBC Configure the other SSH parameters as required. For a description of these parameters, see ''SSH Parameters'' on page 742. Click Submit. Start the PuTTY Configuration program, and then do the following: In the 'Category' tree, drill down to Connection, then SSH, and then Auth; the 'Options controlling SSH authentication' pane appears.
Page 83: Configuring Maximum Telnet/Ssh Sessions
Log in to the session using the username and password assigned to the Admin user of the Web interface: At the Username prompt, type the username, and then press Enter: Username: Admin At the Password prompt, type the password, and then press Enter: Password: Admin Version 7.0 Mediant 4000 SBC...
Page 84: Viewing Current Cli Sessions
Mediant 4000 SBC At the prompt, type the following, and then press Enter: > enable At the prompt, type the password again, and then press Enter: Password: Admin Viewing Current CLI Sessions You can view users that are currently logged in to the device's CLI. This applies to users logged in to the CLI through RS-232 (console), Telnet, or SSH.
Page 85: Configuring Displayed Output Lines In Cli Terminal Window
When this mode is configured, each time you change the height of the terminal window using your mouse (i.e., dragging one of the window's borders or corners), the number of displayed output command lines is changed accordingly. Version 7.0 Mediant 4000 SBC...
Page 86 Mediant 4000 SBC This page is intentionally left blank. User's Manual Document #: LTRT-41730...
Page 87: Snmp-Based Management
SNMP Manager. All supported MIB files are supplied to customers as part of the release. AudioCodes EMS is an advanced solution for standards-based management that covers all areas vital for the efficient operation, administration, management and provisioning (OAM&P) of the device.
Page 88: Configuring Snmp Community Strings
Mediant 4000 SBC Configuring SNMP Community Strings The SNMP Community String page lets you configure up to five read-only and up to five read-write SNMP community strings and to configure the community string that is used for sending traps. The SNMP community string determines the access privileges (read-only or read-write) of SNMP clients to the device's SNMP.
Page 89 > community- the following: string  Upper- and lower-case letters (a to z, and A to Z) [SNMPTrapCommunityString]  Numbers (0 to 9)  Hyphen (-)  Underline (_) For example, "Trap-comm_string1". The default is "trapuser". Version 7.0 Mediant 4000 SBC...
Page 90: Configuring Snmp Trap Destinations
Mediant 4000 SBC Configuring SNMP Trap Destinations The SNMP Trap Destinations table lets you to configure up to five SNMP trap managers. You can associate a trap destination with SNMPv2 users and specific SNMPv3 users. Associating a trap destination with SNMPv3 users sends encrypted and authenticated traps to the SNMPv3 destination.
Page 91: Configuring Snmp Trusted Managers
Select the check box corresponding to the SNMP Trusted Manager that you want to enable and for whom you want to define an IP address. Define an IP address in dotted-decimal notation. Click Submit, and then save ("burn") your settings to flash memory. Version 7.0 Mediant 4000 SBC...
Page 92: Configuring Snmp V3 Users
Mediant 4000 SBC Configuring SNMP V3 Users The SNMPv3 Users table lets you configure up to 10 SNMP v3 users for authentication and privacy. The following procedure describes how to configure SNMP v3 users through the Web interface. You can also configure it through ini file (SNMPUsers) or CLI (configure system >...
Page 93 [SNMPUsers_PrivKey] Group The group with which the SNMP v3 user is associated.  group [0] Read-Only (default)  [1] Read-Write [SNMPUsers_Group]  [2] Trap Note: All groups can be used to send traps. Version 7.0 Mediant 4000 SBC...
Page 94 Mediant 4000 SBC This page is intentionally left blank. User's Manual Document #: LTRT-41730...
Page 95: Ini File-Based Management
(columns) and row entries (indices). When loading an ini file to the device, it's recommended to include only tables that belong to applications that are to be configured (dynamic tables of other applications are empty, but static tables are not). Version 7.0 Mediant 4000 SBC...
Page 96 Mediant 4000 SBC The table ini file parameter is composed of the following elements:  Title of the table: The name of the table in square brackets, e.g., [MY_TABLE_NAME].  Format line: Specifies the columns of the table (by their string names) that are to be configured.
Page 97: General Ini File Formatting Rules
Save and close the file. Load the file to the device.  Creating a new ini file that includes only updated configuration: Open a text file editor such as Notepad. Add only the required parameters and their settings. Version 7.0 Mediant 4000 SBC...
Page 98: Loading An Ini File To The Device
Mediant 4000 SBC Save the file with the ini file extension name (e.g., myconfiguration.ini). Load the file to the device. For loading the ini file to the device, see ''Loading an ini File to the Device'' on page 98. Notes: •...
Page 99: Secured Encoded Ini File
The file may be loaded to the device using HTTP. These protocols are not secure and are vulnerable to potential hackers. To overcome this security threat, the AudioCodes DConvert utility allows you to binary-encode (encrypt) the ini file before loading it to the device.
Page 100: Ini Viewer And Editor Utility
Mediant 4000 SBC INI Viewer and Editor Utility AudioCodes INI Viewer & Editor utility provides a user-friendly graphical user interface (GUI) that lets you easily view and modify the device's ini file. This utility is available from AudioCodes Web site at www.AudioCodes.com/downloads, and can be installed on any Windows-based PC.
Page 101: General System Settings
Part III General System Settings...
Page 103: Configuring Ssl/Tls Certificates
Private key - externally created and then uploaded to device  X.509 certificates - self-signed certificates or signed as a result of a certificate signing request (CSR)  Trusted root certificate authority (CA) store (for validating certificates) Version 7.0 Mediant 4000 SBC...
Page 104 Mediant 4000 SBC When the device establishes a TLS connection (handshake) with a SIP user agent (UA), the TLS Context is determined as follows:  Incoming calls: Proxy Set: If the incoming call is successfully classified to an IP Group based on Proxy Set (i.e., IP address of calling party) and the Proxy Set is configured for...
Page 105 [5] TLSv1.0 and TLSv1.2 = Only TLS 1.0 and TLS 1.2.  [6] TLSv1.1 and TLSv1.2 = Only TLS 1.1 and TLS 1.2.  [7] TLSv1.0 TLSv1.1 and TLSv1.2 = Only TLS 1.0, TLS 1.1 and TLS 1.2 (excludes SSL 3.0). Version 7.0 Mediant 4000 SBC...
Page 106 Mediant 4000 SBC Parameter Description Ciphers Server Defines the supported cipher suite for the TLS server (in OpenSSL cipher list format). ciphers-server For valid values, refer to URL [TLSContexts_Server http://www.openssl.org/docs/apps/ciphers.html. The default is "AES:RC4". CipherString] For example, use "ALL" for all ciphers suites (e.g., for ARIA encryption for TLS).
Page 107: Assigning Csr-Based Certificates To Tls Contexts
Fill in the rest of the request fields according to your security provider's instructions. Click the Create CSR button; a textual certificate signing request is displayed in the area below the button: Figure 10-2: Certificate Signing Request Group Version 7.0 Mediant 4000 SBC...
Page 108 Mediant 4000 SBC Copy the text and send it to your security provider (CA) to sign this request. When the CA sends you a server certificate, save the certificate to a file (e.g., cert.txt). Ensure that the file is a plain-text file containing the"‘BEGIN CERTIFICATE" header, as shown in the example of a Base64-Encoded X.509 Certificate below:...
Page 109: Assigning Externally Created Private Keys To Tls Contexts
After the files successfully load to the device, save the configuration with a device reset. Open the TLS Contexts page again, select the TLS Context index row, and then verify that under the Certificate Information group, the 'Private key' field displays "OK"; otherwise, consult your security administrator. Version 7.0 Mediant 4000 SBC...
Page 110: Generating Private Keys For Tls Contexts
Mediant 4000 SBC 10.4 Generating Private Keys for TLS Contexts The device can generate the private key for a TLS Context, as described in the following procedure. The private key can be generated for CSR or self-signed certificates.  To generate a new private key for a TLS Context: Open the TLS Contexts page (Configuration tab >...
Page 111: Creating Self-Signed Certificates For Tls Contexts
Figure 10-7: Generate new private key and self-signed certificate Group Click Generate Self-Signed Certificate; a message appears (after a few seconds) displaying the new subject name. Save the configuration with a device reset for the new certificate to take effect. Version 7.0 Mediant 4000 SBC...
Page 112: Importing Certificates And Certificate Chain Into Trusted Certificate Store
Mediant 4000 SBC 10.6 Importing Certificates and Certificate Chain into Trusted Certificate Store The device provides its own Trusted Root Certificate Store. This lets you manage certificate trust. You can add up to 20 certificates to the store per TLS Context (but this may be less depending on certificate file size).
Page 113: Configuring Mutual Tls Authentication
SIP mutual authentication can also be configured globally for all calls, using the 'TLS Mutual Authentication' parameter (SIPSRequireClientCertificate) in the General Security Settings page (Configuration tab > VoIP menu > Security > General Security Settings). Version 7.0 Mediant 4000 SBC...
Page 114: Tls For Remote Device Management
Mediant 4000 SBC  To configure mutual TLS authentication for SIP messaging: Enable two-way authentication on the specific SIP Interface: In the SIP Interface table (see ''Configuring SIP Interfaces'' on page 336), configure the 'TLS Mutual Authentication' parameter to Enable for the specific SIP Interface.
Page 115 The root certificate can also be loaded via the Automatic Update facility, using the HTTPSRootFileName ini file parameter. • You can enable the device to check whether a peer's certificate has been revoked by an OCSP server per TLS Context (see ''Configuring TLS Certificate Contexts'' on page 103). Version 7.0 Mediant 4000 SBC...
Page 116: Configuring Tls Server Certificate Expiry Check
Mediant 4000 SBC 10.8 Configuring TLS Server Certificate Expiry Check You can also configure the TLS Server Certificate Expiry Check feature, whereby the device periodically checks the validation date of the installed TLS server certificates. You also configure device send...
Page 117: Date And Time
Open the Application Settings page (Configuration tab > System menu > Application Settings), and then scroll down to the 'NTP Settings' group: Figure 11-2: NTP Authentication Parameters on Application Settings Page Version 7.0 Mediant 4000 SBC...
Page 118: Configuring Date And Time Manually
Mediant 4000 SBC Configure NTP message authentication: • In the 'NTP Authentication Key Identifier' field, configure the NTP authentication key identifier. • In the 'NTP Authentication Secret Key' field, configure the secret authentication key shared between the device and the NTP server.
Page 119: Configuring The Time Zone
UTC. For example, if your region is GMT +1 (an hour ahead), enter "1" in the 'Hours' field. Click Submit; the updated time is displayed in the 'UTC Time' read-only field and the 'Local Time' fields. Version 7.0 Mediant 4000 SBC...
Page 120: Configuring Daylight Saving Time
Mediant 4000 SBC 11.4 Configuring Daylight Saving Time You can apply daylight saving time (DST) to the date and time of the device. DST defines a date range in the year (summer) where the time is brought forward so that people can experience more daylight.
Page 121: General Voip Configuration
Part IV General VoIP Configuration...
Page 123: Network
Ethernet Groups and for assigning ports to Ethernet Groups, see ''Configuring Ethernet Port Groups'' on page 126. The device's management tools (e.g., Web interface) use hard-coded strings to represent the physical ports, as shown below: Version 7.0 Mediant 4000 SBC...
Page 124 Mediant 4000 SBC To view the mapping of the physical ports to these logical ports (strings) as well as view port status, use the CLI command, show voip ports. This displays the MAC address and port status (up or down) of the physical port and its corresponding logical port. Below...
Page 125  group-status "Active": Active port. When the Ethernet Group includes two ports and their transmit/receive mode is configured to 2RX 1TX or 2RX 2TX, both [PhysicalPortsTable_ ports show "Active". GroupStatus]  "Redundant": Standby (redundant) port. Version 7.0 Mediant 4000 SBC...
Page 126: Configuring Ethernet Port Groups
Mediant 4000 SBC 12.2 Configuring Ethernet Port Groups The Ethernet Group Settings table lets you configure Ethernet Groups. An Ethernet Group represents a physical Ethernet port(s) on the device. You can assign an Ethernet Group with one, two, or no ports (members). When two ports are assigned to an Ethernet Group, 1+1 Ethernet port redundancy can be implemented in your network.
Page 127 Configure the Ethernet Group according to the parameters described in the table below. Click Submit, and then save ("burn") your settings to flash memory. Table 12-2: Ethernet Group Settings Parameter Descriptions Parameter Description Group (Read-only) Displays the Ethernet Group number. group [EtherGroupTable_Gr oup] Version 7.0 Mediant 4000 SBC...
Page 128 Mediant 4000 SBC Parameter Description Mode Defines the mode of operation of the ports in the Ethernet Group. This applies only to Ethernet Groups containing two ports. mode  [2] 1RX/1TX = (Default) At any given time, only a single port in the [EtherGroupTable_Mo Ethernet Group can transmit and receive packets.
Page 129: Configuring Underlying Ethernet Devices
You can also configure it through ini file (DeviceTable) or CLI (config-voip > interface network-dev).  To configure an Ethernet Device: Open the Ethernet Device table (Configuration tab > VoIP menu > Network > Ethernet Device Table). Click Add; the following dialog box appears: Version 7.0 Mediant 4000 SBC...
Page 130 Mediant 4000 SBC Configure an Ethernet Device according to the parameters described in the table below. Click Add. User's Manual Document #: LTRT-41730...
Page 131 Ethernet Group (port group). In other words, if multiple Ethernet Devices are associated with the same Ethernet Group, only one of these Ethernet Devices can be set to Untagged; all the others must be set to Tagged.. Version 7.0 Mediant 4000 SBC...
Page 132: Configuring Ip Network Interfaces
Mediant 4000 SBC 12.4 Configuring IP Network Interfaces You can configure a single VoIP network interface for all applications, including OAMP (management traffic), call control (SIP signaling messages), and media (RTP traffic), or you can configure multiple logical, IP network interfaces for these applications. You may need to logically separated network segments for these applications for administration and security.
Page 133 Open the Interface table (Configuration tab > VoIP menu > Network > IP Interfaces Table). Click Add; a dialog box appears. Configure the IP network interface according to the parameters described in the table below. Click Add. Version 7.0 Mediant 4000 SBC...
Page 134 Mediant 4000 SBC Notes: • If you edit or delete an IP interface, current calls using the interface are immediately terminated. • If you delete an IP interface, row indices of other tables (e.g., Media Realm table) that are associated with the deleted IP interface, lose their association with the interface ('Interface Name' field displays "None") and the row indices become...
Page 135: Assigning Ntp Services To Application Types
129. yingDevice] 12.4.1 Assigning NTP Services to Application Types You can associate the Network Time Protocol (NTP) application with the OAMP or Control application type. This is done using the EnableNTPasOAM ini file parameter. Version 7.0 Mediant 4000 SBC...
Page 136: Multiple Interface Table Configuration Summary And Guidelines
Mediant 4000 SBC 12.4.2 Multiple Interface Table Configuration Summary and Guidelines The Interface table configuration must adhere to the following rules:  Multiple Control and Media interfaces can be configured with overlapping IP addresses and subnets.  The prefix length replaces the dotted-decimal subnet mask presentation and must have a value of 0-30 for IPv4 addresses and a value of 0-64 for IPv6 addresses.
Page 137: Networking Configuration Examples
Table 12-7: Example of VoIP Interfaces per Application Type in Interface Table Underl Application Interface Prefix Default Interface Index IP Address ying Type Mode Length Gateway Name Device OAMP IPv4 192.168.0.2 192.168.0.1 ManagementI Manual Control IPv4 200.200.85.14 200.200.85.1 myControlIF Manual Media IPv4 211.211.85.14 211.211.85.1 myMediaIF Manual Version 7.0 Mediant 4000 SBC...
Page 138: Voip Interfaces For Combined Application Types
Mediant 4000 SBC Static Route table: A routing rule is required to allow remote management from a host in 176.85.49.0 / 24: Table 12-8: Example Static Route Table Destination Prefix Length Gateway 176.85.49.0 192.168.11.1 All other parameters are set to their respective default values. The NTP application remains with its default application types.
Page 139: Voip Interfaces With Multiple Default Gateways
Media & Control applications to access peers on subnet 171.79.39.0 through the gateway 200.200.85.10 (which is not the default gateway of the interface). Table 12-12: Separate Static Route Table Example Underlying Destination Prefix Length Gateway Device 17.17.0.0 192.168.10.1 171.79.39.0 200.200.85.10 Version 7.0 Mediant 4000 SBC...
Page 140: Configuring Static Ip Routes
Mediant 4000 SBC 12.5 Configuring Static IP Routes The Static Route table lets you configure up to 30 static IP routing rules. Using static routes lets you communicate with LAN networks that are not located behind the Default Gateway specified for the IP network interface, configured in the Interface table, from which the packets are sent.
Page 141 IP address family (IPv4 or IPv6). Description Defines an arbitrary name to easily identify the static route rule. description The valid value is a string of up to 20 characters. [StaticRouteTable_Description] Version 7.0 Mediant 4000 SBC...
Page 142: Configuration Example Of Static Ip Routes
Mediant 4000 SBC 12.5.1 Configuration Example of Static IP Routes An example of the use for static routes is shown in the figure below. In the example scenario, the device needs to communicate with a softswitch at IP address 10.1.1.10.
Page 143: Configuring Quality Of Service
Telnet Management Bronze DHCP Management Network Web server (HTTP) Management Bronze SNMP GET/SET Management Bronze Web server (HTTPS) Management Bronze RTP traffic Media Premium media RTCP traffic Media Premium media T.38 traffic Media Premium media Version 7.0 Mediant 4000 SBC...
Page 144 Mediant 4000 SBC Application Traffic / Network Types Class-of-Service (Priority) Control Premium control SIP over TLS (SIPS) Control Premium control Syslog Management Bronze SNMP Traps Management Bronze DNS client Varies according to DNS settings: Depends on traffic type:  ...
Page 145 VLAN Priority Defines the VLAN priority level. The valid value is 0 to 7. vlan-priority [DiffServToVlanPriority_VlanPriori Under the Differentiated Services group, configure DiffServ (Layer-3 QoS) values per CoS. Figure 12-4: QoS Settings Page - Differentiated Services Version 7.0 Mediant 4000 SBC...
Page 146: Configuring Icmp Messages
Mediant 4000 SBC 12.7 Configuring ICMP Messages Internet Control Message Protocol (ICMP) is one of the core protocols of the Internet Protocol suite. It is used by network devices such as routers to send error messages indicating, for example, that a requested service is unavailable.
Page 147: Dns
Figure 12-6: Internal DNS Table - Add Row Dialog Box Configure the DNS rule, as required. For a description of the parameters, see the table below. Click Add; the DNS rule is added to the table. Version 7.0 Mediant 4000 SBC...
Page 148: Configuring The Internal Srv Table
Mediant 4000 SBC Table 12-16: Internal DNS Table Parameter Description Parameter Description Domain Name Defines the host name to be translated. domain-name The valid value is a string of up to 31 characters. [Dns2Ip_DomainName] First IP Address Defines the first IP address (in dotted-decimal format notation) to which the host name is translated.
Page 149 Defines the priority of the target host. A lower value means that it is more preferred. priority-1|2|3 By default, no value is defined. [Srv2Ip_Priority1/2/3] Weight (1-3) Defines a relative weight for records with the same priority. weight-1|2|3 By default, no value is defined. [Srv2Ip_Weight1/2/3] Version 7.0 Mediant 4000 SBC...
Page 150 Mediant 4000 SBC Parameter Description Port (1-3) Defines the TCP or UDP port on which the service is to be found. port-1|2|3 By default, no value is defined. [Srv2Ip_Port1/2/3] User's Manual Document #: LTRT-41730...
Page 151: Network Address Translation Support
Configuring NAT Translation per IP Interface on page 153. If NAT is not configured by any of the above-mentioned methods, the device sends the packet according to its IP address configured in the Interface table. Version 7.0 Mediant 4000 SBC...
Page 152: Configuring A Static Nat Ip Address For All Interfaces
Mediant 4000 SBC The figure below illustrates the NAT problem faced by the SIP networks where the device is located behind a NAT: Figure 12-8: Device behind NAT and NAT Issues 12.9.1.1 Configuring a Static NAT IP Address for All Interfaces You can configure a global (public) IP address of the router to enable static NAT between the device and the Internet for all network interfaces.
Page 153: Configuring Nat Translation Per Ip Interface
Click Add, and then save ("burn") your settings to flash memory. Table 12-18: NAT Translation Table Parameter Descriptions Parameter Description Index Defines an index number for the new table row. Note: Each row must be configured with a unique index. index [NATTranslation_Inde Version 7.0 Mediant 4000 SBC...
Page 154: Remote Ua Behind Nat
Mediant 4000 SBC Parameter Description Source Interface Assigns an IP network interface to the rule. Outgoing packets sent from the specified network interface are NAT'ed. src-interface- name By default, no value is defined (None). [NATTranslation_SrcI For configuring IP network interfaces, see ''Configuring IP Network PInterfaceName] Interfaces'' on page 132.
Page 155: Media (Rtp/Rtcp/T.38)
IP address and UDP port of the first received SIP message (INVITE) when the SIP session was started. This is done for each media type--RTP, RTCP and T.38--and therefore, they can have different destination IP addresses and UDP ports than one another. Version 7.0 Mediant 4000 SBC...
Page 156 Mediant 4000 SBC You can configure the device's NAT feature to operate in one of the following modes:  [0] Enable NAT Only if Necessary: NAT traversal is performed only if the UA is located behind NAT: • UA behind NAT: The device sends the media packets to the IP address:port obtained from the source address of the first media packet received from the UA.
Page 157 STUN binding requests sent on the RTP and RTCP ports. ICE tries each candidate and selects the one that works (i.e., media can flow between the clients). The following figure shows a simple illustration of ICE: Version 7.0 Mediant 4000 SBC...
Page 158 Mediant 4000 SBC The device's support for ICE-Lite means that it does not initiate the ICE process. Instead, it supports remote endpoints that initiate ICE to discover their workable public IP address with the device. Therefore, the device supports the receipt of STUN binding requests for connectivity checks of ICE candidates and responds to them with STUN responses.
Page 159: Robust Receipt Of Media Streams By Media Latching
12. Network 12.10 Robust Receipt of Media Streams by Media Latching The Robust Media mechanism (or media latching) is an AudioCodes proprietary mechanism to filter out unwanted media (RTP, RTCP, SRTP, SRTCP, and T.38) streams that are sent to the same port number of the device. Media ports may receive additional multiple unwanted media streams (from multiple sources of traffic) as result of traces of previous calls, call control errors, or deliberate malicious attacks (e.g., Denial of Service).
Page 160 Mediant 4000 SBC If you have set the InboundMediaLatchMode parameter to 1 or 2, scroll down to the Robust Settings group and do the following: • Define the minimum number of continuous media (RTP, RTCP, SRTP, and SRTCP) packets that need to be received by the channel before it can latch onto this new incoming stream: ♦...
Page 161: Multiple Routers Support
Using multiple router support, the device can utilize these router messages to change its next hop and establish the best path. Note: Multiple Routers support is an integral feature that doesn’t require configuration. Version 7.0 Mediant 4000 SBC...
Page 162 Mediant 4000 SBC This page is intentionally left blank. User's Manual Document #: LTRT-41730...
Page 163: Security
This rule can either permit (allow) or deny (block) the packet. Once a rule in the table is located, subsequent rules further down the table are ignored. If the end of the table is reached without a match, the packet is accepted. Version 7.0 Mediant 4000 SBC...
Page 164 Mediant 4000 SBC Notes: • This firewall applies to a very low-level network layer and overrides all your other security-related configuration. Thus, if you have configured higher-level security features (e.g., on the Application level), you must also configure firewall rules to permit this necessary traffic.
Page 165 The valid range is 0 to 65535. The default is 0. [AccessList_Source_Port] Note: When set to 0, this field is ignored and any source port matches the rule. Version 7.0 Mediant 4000 SBC...
Page 166 Mediant 4000 SBC Parameter Description Prefix Length (Mandatory) Defines the IP network mask - 32 for a single host or the appropriate value for the source IP addresses. prefixLen  A value of 8 corresponds to IPv4 subnet class A (network mask of [AccessList_PrefixLen] 255.0.0.0).
Page 167 0-65535 0-65535 0-65535 Port Protocol icmp Use Specific Enable Enable Disable Enable Disable Interface Interface Name None Voice-Lan None Byte Rate 40000 40000 Burst Bytes 50000 50000 Action Upon Match Allow Allow Allow Allow Block Version 7.0 Mediant 4000 SBC...
Page 168: Configuring General Security Settings
Mediant 4000 SBC The firewall rules in the above configuration example do the following:  Rules 1 and 2: Typical firewall rules that allow packets ONLY from specified IP addresses (e.g., proxy servers). Note that the prefix length is configured.
Page 169: Intrusion Detection System
IDS rules. Each rule defines a type of malicious attack to detect and the number of attacks during an interval (threshold) before an SNMP trap is sent. Each policy is then applied to a target under attack (SIP interface) and/or source of attack (Proxy Set and/or subnet address). Version 7.0 Mediant 4000 SBC...
Page 170: Enabling Ids
Mediant 4000 SBC 13.3.1 Enabling IDS The following procedure describes how to enable IDS.  To enable IDS: Open the IDS Global Parameters page (Configuration tab > VoIP menu > Security > Intrusion Detection and Prevention > Global Parameters). Figure 13-3: Enabling IDS on IDS Global Parameters Page From the 'Intrusion Detection System' drop-down list, select Enable.
Page 171 In the IDS Policy table, select the required IDS Policy row, and then click the IDS Rule Table link located below the table; the IDS Rule table opens: Figure 13-6: IDS Rule Table of Selected IDS Policy Version 7.0 Mediant 4000 SBC...
Page 172 Mediant 4000 SBC Click Add; the following dialog box appears: Figure 13-7: IDS Rule Table - Add Record The figure above shows a configuration example. If 15 malformed SIP messages are received within a period of 30 seconds, a minor alarm is sent. Every 30 seconds, the rule’s counters are cleared.
Page 173 IP or IP+Port. Deny Period Defines the duration (in sec) to keep the attacker on the blacklist. [IDSRule_DenyPeriod] The valid range is 0 to 1,000,000. The default is -1 (i.e., not configured). Version 7.0 Mediant 4000 SBC...
Page 174: Assigning Ids Policies
Mediant 4000 SBC 13.3.3 Assigning IDS Policies The IDS Match table lets you implement your configured IDS Policies. You do this by assigning IDS Policies to any, or a combination of, the following configuration entities:  SIP Interface: For detection of malicious attacks on specific SIP Interface(s). For configuring SIP Interfaces, see ''Configuring SIP Interfaces'' on page 336.
Page 175: Viewing Ids Alarms
The device sends this event for each scope (IP address) that crosses the threshold. In addition to the crossed severity threshold (Minor or Major) of the IDS Policy-Match index, this event shows the IP address (or IP address:port) of the malicious attacker. Version 7.0 Mediant 4000 SBC...
Page 176 Mediant 4000 SBC If the severity level is raised, the alarm of the former severity is cleared and the device sends a new alarm with the new severity. The alarm is cleared after a user-defined period (configured by the ini file parameter, IDSAlarmClearPeriod) during which no thresholds have been crossed.
Page 177 Remote rejects (prior to SIP 180 response) establish-remote- reject   Requests and responses without a matching flow-no-match-tu Abnormal Flow transaction user (except ACK requests)  flow-no-match-  Requests and responses without a matching transaction transaction (except ACK requests) Version 7.0 Mediant 4000 SBC...
Page 178 Mediant 4000 SBC This page is intentionally left blank. User's Manual Document #: LTRT-41730...
Page 179: Media
The following procedure describes how to configure gain control using the Web interface.  To configure gain control using the Web interface: Open the Voice Settings page (Configuration tab > VoIP menu > Media > Voice Settings). Figure 14-2: Voice Volume Parameters in Voice Settings Page Version 7.0 Mediant 4000 SBC...
Page 180: Silence Suppression (Compression)
Mediant 4000 SBC Configure the following parameters: • 'Voice Volume' (VoiceVolume) - Defines the voice gain control (in decibels) of the transmitted signal. • 'Input Gain' (InputGain) - Defines the PCM input gain control (in decibels) of the received signal.
Page 181 ECHybridLoss - defines the four-wire to two-wire worst-case Hybrid loss • ECNLPMode - defines the echo cancellation Non-Linear Processing (NLP) mode • EchoCancellerAggressiveNLP - enables Aggressive NLP at the first 0.5 second of the call Version 7.0 Mediant 4000 SBC...
Page 182: Fax And Modem Capabilities
Mediant 4000 SBC 14.2 Fax and Modem Capabilities This section describes the device's fax and modem capabilities and corresponding configuration. The fax and modem configuration is done in the Fax/Modem/CID Settings page. Notes: • Unless otherwise specified, the configuration parameters mentioned in this section are available on this page.
Page 183: Fax/Modem Operating Modes
You can change the fax rate declared in the SDP, using the 'Fax Relay Max Rate' parameter (FaxRelayMaxRate). The parameter does not affect the actual transmission rate. You can also enable or disable Error Correction Mode (ECM) fax mode using the 'Fax Relay ECM Enable' parameter (FaxRelayECMEnable). Version 7.0 Mediant 4000 SBC...
Page 184 Mediant 4000 SBC When using T.38 mode, you can define a redundancy feature to improve fax transmission over congested IP networks. This feature is activated using the 'Fax Relay Redundancy Depth' parameter (FaxRelayRedundancyDepth) 'Fax Relay Enhanced Redundancy Depth' parameter (FaxRelayEnhancedRedundancyDepth). Although this is a proprietary redundancy scheme, it should not create problems when working with other T.38 decoders.
Page 185 RTP method is used, whereby the device encapsulates the entire T.38 packet (payload with all its headers) in the sent RTP. For T.38 over RTP, AudioCodes devices use the proprietary identifier "AcUdptl" in the 'a=ftmp' line of the SDP. For example: o=AudiocodesGW 1357424688 1357424660 IN IP4 10.8.6.68...
Page 186: Fax / Modem Transport Mode
Device answers a call: If the SDP offer from the remote party contains the 'fmtp' attribute with "AcUdpTl", the device answers with the same attribute and employs AudioCodes proprietary T.38-over-RTP mode; otherwise, the standard mode is used. Note: If both T.38 (regular) and T.38 Over RTP coders are negotiated between the call parties, the device uses T.38 Over RTP.
Page 187: Fax/Modem Bypass Mode
Set the 'V.23 Modem Transport Type' parameter to Enable Bypass (V23ModemTransportType = 2). Set the 'V.32 Modem Transport Type' parameter to Enable Bypass (V32ModemTransportType = 2). Set the 'V.34 Modem Transport Type' parameter to Enable Bypass (V34ModemTransportType = 2). Version 7.0 Mediant 4000 SBC...
Page 188: Fax / Modem Nse Mode
INVITE messages are sent. The voice channel is optimized for fax/modem transmission (same as for usual bypass mode). The parameters defining payload type for AudioCodes proprietary Bypass mode -- 'Fax Bypass Payload Type' (RTP/RTCP Settings page) and ModemBypassPayloadType (ini file) -- are not used with NSE Bypass.
Page 189: Fax / Modem Transparent With Events Mode
In this mode, fax and modem signals are transferred using the current voice coder without notifications to the user and without automatic adaptations. It's possible to use Profiles (see ''Coders and Profiles'' on page 379) to apply certain adaptations to the channel used for fax Version 7.0 Mediant 4000 SBC...
Page 190: Rfc 2833 Ans Report Upon Fax/Modem Detection
Mediant 4000 SBC / modem. For example, to use the coder G.711, to set the jitter buffer optimization factor to 13, and to enable echo cancellation for fax and disable it for modem.  To configure fax / modem transparent mode: In the SIP General Parameters page (Configuration tab >...
Page 191: Fax Support
In this scenario, V.34 fax machines are forced to use their backward compatibility with T.30 faxes and operate in the slower T.30 mode.  To use T.38 mode for V.34 and T.30 faxes: In the Fax/Modem/CID Settings page, do the following: Version 7.0 Mediant 4000 SBC...
Page 192: Support
Mediant 4000 SBC Set the 'Fax Transport Mode' parameter to T.38 Relay (FaxTransportMode = 1). Set the 'V.22 Modem Transport Type' parameter to Disable (V22ModemTransportType = 0). Set the 'V.23 Modem Transport Type' parameter to Disable (V23ModemTransportType = 0). Set the 'V.32 Modem Transport Type' parameter to Disable (V32ModemTransportType = 0).
Page 193: Configuring Rtp/Rtcp Settings
- only when the Jitter Buffer is completely empty or completely full. When such condition occurs, the correction is performed by dropping several voice packets simultaneously or by adding several BFI packets simultaneously, so that the Jitter Buffer returns to its normal condition. Version 7.0 Mediant 4000 SBC...
Page 194: Configuring Rfc 2833 Payload
Mediant 4000 SBC The following procedure describes how to configure the jitter buffer using the Web interface.  To configure jitter buffer using the Web interface: Open the RTP/RTCP Settings page (Configuration tab > VoIP menu > Media > RTP/RTCP Settings). The relevant parameters are listed under the 'General Settings'...
Page 195: Configuring Rtp Base Udp Port
(default is 6000) and number of channels is the maximum number of channels purchased from AudioCodes (included in the installed Software License Key). For example, if the base UDP port is set to 6000, the port range is 6000 to 65,535.
Page 196: Event Detection And Notification Using X-Detect Header
Mediant 4000 SBC 14.4 Event Detection and Notification using X-Detect Header The device can detect certain events in the media stream and notify of their detection to a remote application server, using the SIP X-Detect header. The request for event notification is done by the application server when establishing a SIP dialog (i.e., INVITE...
Page 197: Detecting Answering Machine Beeps
The device reports beep detections to application servers, by sending a SIP INFO message that contains a body with one of the following values, depending on the method used for detecting the beep:  AMD-detected Beep: Type= AMD SubType= Beep  CPT-detected Beep: Type= CPT SubType=Beep Version 7.0 Mediant 4000 SBC...
Page 198: Sip Call Flow Examples Of Event Detection And Notification
Mediant 4000 SBC 14.4.2 SIP Call Flow Examples of Event Detection and Notification Two SIP call flow examples are provided below of event detection and notification:  The following example shows a SIP call flow of the device's AMD and event detection...
Page 199 INFO sip:101@10.33.2.53;user=phone SIP/2.0 Via: SIP/2.0/UDP 10.33.2.53;branch=z9hG4bKac5906 Max-Forwards: 70 From: "anonymous" <sip:anonymous@anonymous.invalid>;tag=1c25298 To: <sip:101@10.33.2.53;user=phone> Call-ID: 11923@10.33.2.53 CSeq: 1 INVITE Contact: <sip:100@10.33.2.53> X- Detect: Response=AMD,CPT Content-Type: Application/X-Detect Content-Length: xxx Type = CPT Subtype = Beep Version 7.0 Mediant 4000 SBC...
Page 200: Answering Machine Detection (Amd)
AudioCodes sales representative for more information on this service. You will be typically required to provide AudioCodes with a database of recorded voices (calls) in the language on which the device's AMD feature can base its voice detector algorithms.
Page 201 ''Configuring AMD'' on page 203. The tables below show the success rates of the default, pre-installed AMD Sensitivity file (based on North American English) for correctly detecting "live" human voice and answering machine: Version 7.0 Mediant 4000 SBC...
Page 202 Mediant 4000 SBC Table 14-2: Approximate AMD Normal Detection Sensitivity - Parameter Suite 0 (Based on North American English) Performance AMD Detection Sensitivity Success Rate for Live Calls Success Rate for Answering Machine 0 (Best for Answering Machine) 82.56% 97.10% 85.87%...
Page 203: Configuring Amd
(AMDBeepDetectionSensitivity), enter the AMD beep detection sensitivity level. Click Submit, and then reset the device with a burn-to-flash for your settings to take effect. For a complete list of AMD-related parameters, see ''IP Media Parameters'' on page 799. Version 7.0 Mediant 4000 SBC...
Page 204: Automatic Gain Control (Agc)
Mediant 4000 SBC 14.6 Automatic Gain Control (AGC) Automatic Gain Control (AGC) adjusts the energy of the output signal to a required level (volume). This feature compensates for near-far gain differences. AGC estimates the energy of the incoming signal from the IP, determined by the 'AGC Redirection' parameter, calculates the essential gain, and then performs amplification.
Page 205: Configuring Various Codec Attributes
General Media Settings). Figure 14-10: Codec Settings in General Media Settings Page Configure the parameters as required, and then click click Submit. To save the changes to flash memory, see ''Saving Configuration'' on page 564. Version 7.0 Mediant 4000 SBC...
Page 206: Configuring Media (Srtp) Security
Mediant 4000 SBC 14.8 Configuring Media (SRTP) Security The device supports Secured RTP (SRTP) according to RFC 3711. SRTP is used to encrypt RTP and RTCP transport for protecting VoIP traffic. SRTP requires a cryptographic key exchange mechanism to negotiate the keys. To negotiate the keys, the device...
Page 207: Srtp Using Dtls Protocol
Descriptions (SDES) or even non-secure RTP. The device supports DTLS negotiation for RTP-to-SRTP and SRTP-to-SRTP calls. DTLS support is important for deployments with WebRTC. WebRTC requires that media channels be encrypted through DTLS for SRTP key exchange. Negotiation of SRTP keys Version 7.0 Mediant 4000 SBC...
Page 208 Mediant 4000 SBC through DTLS is done during the DTLS handshake between WebRTC client and peer. For more information on WebRTC, see ''WebRTC'' on page 515. In contrast to SDES, DTLS key encryption is done over the media channel (UDP), not signaling.
Page 209: Services
DHCP Server Identifier Option 51 IP Address Lease Time Option 1 Subnet Mask Option 3 Router Option 6 Domain Name Server Option 44 NetBIOS Name Server Option 46 NetBIOS Node Type Option 42 Network Time Protocol Server Version 7.0 Mediant 4000 SBC...
Page 210 Mediant 4000 SBC DHCP Option Code DHCP Option Name Option 2 Time Offset Option 66 TFTP Server Name Option 67 Boot file Name Option 120 SIP Server Once you have configured the DHCP server, you can configure the following: ...
Page 211 IP address pool range used by the DHCP server to allocate start-address addresses. [DhcpServer_StartIPAddre The default value is 192.168.0.100. Note: The IP address must belong to the same subnet as the associated interface’s IP address. Version 7.0 Mediant 4000 SBC...
Page 212 Mediant 4000 SBC Parameter Description End IP Address Defines the ending IP address (IPv4 address in dotted-decimal format) of the IP address pool range used by the DHCP server to allocate end-address addresses. [DhcpServer_EndIPAddre The default value is 192.168.0.149. Note: The IP address must belong to the same subnet as the associated interface’s IP address and must be "greater or equal"...
Page 213 Server). After defining the parameter, use the 'SIP server type' parameter (see below) to define the type of address (FQDN or IP address). The valid value is a string of up to 256 characters. The default is 0.0.0.0. Version 7.0 Mediant 4000 SBC...
Page 214: Configuring The Vendor Class Identifier
The VCI is a string that identifies the vendor and functionality of a DHCP client to the DHCP server. For example, Option 60 can show the unique type of hardware (e.g., "AudioCodes 440HD IP Phone") or firmware of the DHCP client. The DHCP server can then differentiate between DHCP clients and process their requests accordingly.
Page 215: Configuring Additional Dhcp Options
In the table, select the row of the desired DHCP server for which you want to configure additional DHCP Options, and then click the DHCP Option Table link, located below the table; the DHCP Option table opens. Version 7.0 Mediant 4000 SBC...
Page 216 Mediant 4000 SBC Click Add; the following dialog box appears: Figure 15-3: DHCP Option Table - Add Row Dialog Box Configure additional DHCP Options for the DHCP server according to the parameters described in the table below. Click Submit. Table 15-4: DHCP Option Table Parameter Descriptions...
Page 217: Configuring Static Ip Addresses For Dhcp Clients
In the table, select the row of the desired DHCP server for which you want to configure static IP addresses for DHCP clients, and then click the DHCP Static IP Table link, located below the table; the DHCP Static IP table opens. Version 7.0 Mediant 4000 SBC...
Page 218: Viewing And Deleting Dhcp Clients
Mediant 4000 SBC Click Add; the following dialog box appears: Figure 15-4: DHCP Static IP Table - Add Row Dialog Box Configure a static IP address for a specific DHCP client according to the parameters described in the table below.
Page 219 Select the table row index of the DHCP client that you want to delete. Click the Action button, and then from the drop-down menu, choose Delete; a confirmation message appears. Click OK to confirm deletion. Version 7.0 Mediant 4000 SBC...
Page 220: Sip-Based Media Recording
• For the maximum number of concurrent sessions that the device can record, contact your AudioCodes sales representative. Session recording is a critical requirement in many business communications environments such as call centers and financial trading floors. In some of these environments, all calls must be recorded for regulatory and compliance reasons.
Page 221 Two 'm=' lines that represent the two RTP/SRTP streams (Rx and Tx).  Two 'a=label:' lines that identify the streams.  XML body (also referred to as metadata) that provides information on the participants of the call session: Version 7.0 Mediant 4000 SBC...
Page 222 Mediant 4000 SBC • <group id>: Logging Session ID (displayed as [SID:nnnnn] in Syslog), converted from decimal to hex. This number remains the same even if the call is forwarded or transferred. This is important for recorded calls. • <session id>: Originally recorded Call-ID, converted from decimal to hex.
Page 223: Enabling Sip-Based Media Recording
Open the SIP Recording page (Configuration tab > VoIP menu > Services > SIP Recording). From the 'SIP Recording Application' drop-down list, select Enable. Click Submit, and then reset the device with a burn-to-flash for your settings to take effect. Version 7.0 Mediant 4000 SBC...
Page 224: Configuring Sip Recording Rules
Mediant 4000 SBC 15.2.2 Configuring SIP Recording Rules The SIP Recording table lets you configure up to 30 SIP-based media recording rules. A SIP Recording rule defines calls that you want to record. For an overview of this feature, see ''SIP-based Media Recording'' on page 220.
Page 225: Configuring Sip User Part For Srs
Open the SIP Recording page (Configuration tab > VoIP menu > Services > SIP Recording). In the 'Recording Server (SRS) Destination Username' field, enter a user part value (string of up to 50 characters). Click Submit, and then save ("burn") your settings to flash memory. Version 7.0 Mediant 4000 SBC...
Page 226: Interworking Sip-Based Media Recording With Third-Party Vendors
SIP message, typically in the INVITE and the first 18x response. If the device receives a SIP message with Genesys SIP header, it adds the header's information to AudioCodes' proprietary tag in the XML metadata of the SIP INVITE that it sends to the recording server, as shown below: <ac:GenesysUUID...
Page 227: Radius-Based Services
All servers configured with non-zero Accounting ports form an Accounting redundancy group and the device sends accounting CDRs to one of them, depending on their availability. Below are example configurations: Version 7.0 Mediant 4000 SBC...
Page 228 Mediant 4000 SBC  Only one RADIUS server is configured and used for authorization and accounting purposes (no redundancy). Therefore, both the Authorization and Accounting ports are defined.  Three RADIUS servers are configured: • Two servers are used for authorization purposes only, providing redundancy.
Page 229 RADIUS server to verify the [RadiusServers_SharedS authentication of the RADIUS messages sent by the device (i.e., message ecret] integrity). The valid value is up to 48 characters. By default, no value is defined. Version 7.0 Mediant 4000 SBC...
Page 230: Configuring Interface For Radius Communication
Mediant 4000 SBC 15.3.3 Configuring Interface for RADIUS Communication The device can communicate with the RADIUS server through its' OAMP (default) or SIP Control network interface. To change the interface used for RADIUS traffic, use the RadiusTrafficType parameter. Note: If set to Control, only one Control interface must be configured in the Interface table (see ''Configuring IP Network Interfaces'' on page 132);...
Page 231: Setting Up A Third-Party Radius Server
Predefined shared secret (password used to secure communication between the device and the RADIUS server) • Vendor ID Below is an example of the clients.conf file (FreeRADIUS client configuration): # clients.conf - client configuration directives client 10.31.4.47 { secret = FutureRADIUS shortname = audc_device Version 7.0 Mediant 4000 SBC...
Page 232: Configuring Radius-Based User Authentication
RADIUS servers, see ''Configuring Web User Accounts'' on page 63. # AudioCodes VSA dictionary VENDOR AudioCodes 5003 ATTRIBUTE ACL-Auth-Level 35 integer AudioCodes VALUE ACL-Auth-Level ACL-Auth-UserLevel 50 VALUE ACL-Auth-Level ACL-Auth-AdminLevel 100 VALUE ACL-Auth-Level ACL-Auth-SecurityAdminLevel 200 Define the list of users authorized to use the device, using one of the password authentication methods supported by the server implementation.
Page 233 Reset Timer Upon Access: upon each access to a Web page, the timer resets (reverts to the initial value configured in the previous step). ♦ Absolute Expiry Timer: when you access a Web page, the timer doesn’t reset, but continues its count down. Version 7.0 Mediant 4000 SBC...
Page 234: Securing Radius Communication
Mediant 4000 SBC Configure when the Web Users table must be used to authenticate login users. From the 'Use Local Users Database' drop-down list, select one of the following: • When No Auth Server Defined (default): When no RADIUS server is configured or if a server is configured but connectivity with the server is down (if the server is up, the device authenticates the user with the server).
Page 235: Ldap-Based Management And Sip Services
(Operator, Admin, or Security Admin). This is known as the user authorization stage. To determine the access level, the device searches the LDAP directory for groups of which the user is a member, for example: CN=\# Support Dept,OU=R&D Groups,OU=Groups,OU=APC,OU=Japan,OU=ABC,DC=corp,DC=abc,DC=com CN=\#AllCellular,OU=Groups,OU=APC,OU=Japan,OU=ABC,DC=corp,DC=a bc,DC=com Version 7.0 Mediant 4000 SBC...
Page 236: Enabling The Ldap Service
Mediant 4000 SBC The device then assigns the user the access level configured for that group (in ''Configuring Access Level per Management Groups Attributes'' on page 246). The location in the directory where you want to search for the user's member group(s) is configured using the following: •...
Page 237: Enabling Ldap-Based Web/Cli User Login Authentication And Authorization
Web interface. You can also configure it through ini file (LDAPServersGroup) or CLI (configure voip/ldap/ldap-servers-group).  To configure an LDAP Server Group: Open the LDAP Server Groups table (Configuration tab > VoIP menu > Services > LDAP > LDAP Server Groups). Version 7.0 Mediant 4000 SBC...
Page 238 Mediant 4000 SBC Click Add; the following dialog box appears: Figure 15-14: LDAP Server Groups Table - Add Row Dialog Box Configure an LDAP Server Group according to the parameters described in the table below. Click Add. Table 15-8: LDAP Server Groups Table Parameter Descriptions...
Page 239: Configuring Ldap Servers
LDAP Server Group in the LDAP Server Groups table (see ''Configuring LDAP Server Groups'' on page 237).  To configure an LDAP server: Open the LDAP Configuration Table (Configuration tab > VoIP menu > Services > LDAP > LDAP Configuration Table). Version 7.0 Mediant 4000 SBC...
Page 240 Mediant 4000 SBC Click Add; the following dialog box appears: Figure 15-15: LDAP Configuration Table - Add Row Dialog Box Configure an LDAP server according to the parameters described in the table below. Click Add. User's Manual Document #: LTRT-41730...
Page 241 LDAP server with the next IP address in the DNS query list. ConfServerDomainName Note: If the 'LDAP Server IP' parameter is configured, the 'LDAP Server Domain Name' parameter is ignored. Thus, if you want to use an FQDN, leave the 'LDAP Server IP' parameter undefined. Version 7.0 Mediant 4000 SBC...
Page 242 Mediant 4000 SBC Parameter Description LDAP Password Defines the user password for accessing the LDAP server during connection and binding operations. password  LDAP-based SIP queries: The parameter is the password used by the [LdapConfiguration_Ldap device to authenticate itself, as a client, to obtain LDAP service from ConfPassword] the LDAP server.
Page 243 (Read-only) Displays the connection status with the LDAP server.  connection-status "Not Applicable"  "LDAP Connection Broken" [LdapConfiguration_Con nectionStatus]  "Connecting"  "Connected" Note: For more information about a disconnected LDAP connection, see your Syslog messages generated by the device. Version 7.0 Mediant 4000 SBC...
Page 244: Configuring Ldap Dns (Base Paths) Per Ldap Server
Mediant 4000 SBC 15.4.5 Configuring LDAP DNs (Base Paths) per LDAP Server The LDAP Search DN table lets you configure LDAP base paths. The table is a "child" of the LDAP Configuration table (see ''Configuring LDAP Servers'' on page 239) and configuration is done per LDAP server.
Page 245: Configuring The Ldap Search Filter Attribute
Figure 15-17: LDAP Settings Page - LDAP Search Filter Make sure that the 'LDAP Service' parameter is configured to Enable. In the 'LDAP Authentication Filter' parameter, enter the LDAP search filter attribute for searching the login username for user authentication. Click Submit. Version 7.0 Mediant 4000 SBC...
Page 246: Configuring Access Level Per Management Groups Attributes
Mediant 4000 SBC 15.4.7 Configuring Access Level per Management Groups Attributes The Management LDAP Groups table lets you configure LDAP group objects and their corresponding management user access level. The table is a "child" of the LDAP Configuration table (see ''Configuring LDAP Servers'' on page 239) and configuration is done per LDAP server.
Page 247 Figure 15-18: Management LDAP Groups Table - Add Row Dialog Box Configure a group name(s) with a corresponding access level according to the parameters described in the table below. Click Add, and then save ("burn") your settings to flash memory. Version 7.0 Mediant 4000 SBC...
Page 248: Configuring The Device's Ldap Cache
Mediant 4000 SBC Table 15-11: Management LDAP Groups Table Parameter Descriptions Parameter Description Index Defines an index number for the new table row. [MgmntLDAPGroups_Gr Note: Each row must be configured with a unique index. oupIndex] Level Defines the access level of the group(s).
Page 249 Version 7.0 Mediant 4000 SBC...
Page 250: Refreshing The Ldap Cache
Mediant 4000 SBC Note: • The LDAP Cache feature is applicable only to LDAP-based SIP queries (Control). • The maximum LDAP cache size is 10,000 bytes. • The device can save up to six LDAP Attributes in the cache per user (search LDAP key).
Page 251 (e.g., telephoneNumber=1004). Click Refresh; if a request with the specified key exists in the cache, a request is sent to the LDAP server for the Attributes associated in the cache with the search key. Version 7.0 Mediant 4000 SBC...
Page 252: Clearing The Ldap Cache
Mediant 4000 SBC 15.4.8.2 Clearing the LDAP Cache You can remove (clear) all LDAP entries in the device's LDAP cache for a specific LDAP Server Group, as described in the following procedure.  To clear the LDAP cache: Open the LDAP Settings page (Configuration tab > VoIP menu > Services > LDAP >...
Page 253: Ldap-Based Login Authentication Example
The example applies to LDAP-based user login authentication and authorization (access level), and assumes that you are familiar with other aspects of LDAP configuration (e.g., LDAP server's address). The LDAP server's entry data structure schema in the example is as follows: Version 7.0 Mediant 4000 SBC...
Page 254 Mediant 4000 SBC  DN (base path): OU=testMgmt,OU=QA,DC=testqa,DC=local. The DN path to search for the username in the directory is shown below: Figure 15-24: Base Path (DN) in LDAP Server User's Manual Document #: LTRT-41730...
Page 255 (where the attribute's value equals the username): Figure 15-25: Username Found using sAMAccount Attribute Search Filter  Management Attribute: memberOf. The attribute contains the member groups of the user: Figure 15-26: User's memberOf Attribute Version 7.0 Mediant 4000 SBC...
Page 256 Mediant 4000 SBC  Management Group: mySecAdmin. The group to which the user belongs, as listed under the memberOf attribute: Figure 15-27: User's mySecAdmin Group in memberOf Management Attribute The configuration to match the above LDAP data structure schema is as follows: ...
Page 257 The management group and its corresponding access level is configured in the Management LDAP Groups table (see ''Configuring Access Level per Management Groups Attributes'' on page 246): Figure 15-32: Configuring Management Group Attributes for Determining Access Level Version 7.0 Mediant 4000 SBC...
Page 258: Enabling Ldap Searches For Numbers With Characters
Mediant 4000 SBC 15.4.11 Enabling LDAP Searches for Numbers with Characters Typically, the device performs LDAP searches in the AD for complete numbers where the digits are adjacent to one another (e.g., 5038234567). However, if the number is defined in the AD with characters (such as spaces, hyphens and periods) separating the digits (e.g.,...
Page 259: Active Directory-Based Routing For Microsoft Lync
Primary or Secondary key. MSLDAPPrimaryKey Primary Key query search instead of PBX msRTCSIP-PrivateLine= key - can be any AD attribute +3233554480 MSLDAPSecondaryKey Secondary Key query key search if Primary Key fails - can be any attribute Version 7.0 Mediant 4000 SBC...
Page 260 Mediant 4000 SBC The process for querying the AD and subsequent routing based on the query results is as follows: If the Primary Key is configured, it uses the defined string as a primary key instead of the one defined in MSLDAPPBXNumAttributeName. It requests the attributes which are described below.
Page 261: Configuring Ad-Based Routing Rules
If you are using the device's local LDAP cache, see ''Configuring the Device's LDAP Cache'' on page 248 for the LDAP query process. 15.4.12.2 Configuring AD-Based Routing Rules The following procedure describes how to configure outbound IP routing based on LDAP queries. Version 7.0 Mediant 4000 SBC...
Page 262 Mediant 4000 SBC  To configure LDAP-based IP routing for Lync Server: Configure the LDAP server parameters, as described in ''Configuring LDAP Servers'' on page 239. Configure the AD attribute names used in the LDAP query: Open the Advanced Parameters page (Configuration tab > VoIP menu > SIP Definitions >...
Page 263 AD server. When the AD replies, the device searches the table, from the first rule down, for the matching destination phone prefix (i.e., "PRIVATE:, "PBX:", "OCS:", "MOBILE:", and "LDAP_ERR:"), and then sends the call to the appropriate destination. Version 7.0 Mediant 4000 SBC...
Page 264: Least Cost Routing
Mediant 4000 SBC 15.5 Least Cost Routing This section provides a description of the device's least cost routing (LCR) feature and how to configure it. 15.5.1 Overview The LCR feature enables the device to choose the outbound IP destination routing rule based on lowest call cost.
Page 265 Lowest Cost, it is selected as the cheapest route • Index 4 - Cost Group "B" is only second-matched rule (Index 1 is the first)  Example 3: This example shows how the cost of a call is calculated if the call spans Version 7.0 Mediant 4000 SBC...
Page 266: Configuring Lcr
Mediant 4000 SBC over multiple time bands: Assume a Cost Group, "CG Local" is configured with two time bands, as shown below: Connection Cost Group Time Band Start Time End Time Minute Cost Cost 16:00 17:00 CG Local 17:00 18:00 Assume that the call duration is 10 minutes, occurring between 16:55 and 17:05.
Page 267: Configuring Time Bands For Cost Groups
You can configure up to 70 Time Bands, where up to 21 Time Bands can be assigned to each Cost Group. Note: You cannot configure overlapping Time Bands. Version 7.0 Mediant 4000 SBC...
Page 268 Mediant 4000 SBC The following procedure describes how to configure Time Bands per Cost Group through the Web interface. You can also configure it through ini file (CostGroupTimebands) or CLI (configure voip >services least-cost-routing cost-group-time-bands).  To configure a Time Band per Cost Group: Open the Cost Group table (Configuration tab >...
Page 269: Assigning Cost Groups To Routing Rules
15.5.2.3 Assigning Cost Groups to Routing Rules To use your configured Cost Groups, you need to assign them to routing rules:   IP-to-IP Routing table - see Configuring SBC IP-to-IP Routing Rules on page 472 Version 7.0 Mediant 4000 SBC...
Page 270: Http-Based Remote Services
 Capture: Recording of signaling and RTP packets, and Syslog. The remote host can be, for example, a Syslog server or AudioCodes SEM. Notes: • You can configure only one HTTP Remote Service entry for Routing, for Call Status, and for Topology.
Page 271 Each row must be configured with a unique name.  The parameter is mandatory. Path Defines the path (prefix) to the REST APIs. [HTTPRemoteServices_Pat The valid value is a string of up to 80 characters. The default is "api". Version 7.0 Mediant 4000 SBC...
Page 272 Mediant 4000 SBC Parameter Description Type Defines the type of service provided by the HTTP remote host:  [HTTPRemoteServices_HT [0] Routing (default) = Routing service (also includes Call Status and TPType] Topology Status).  [1] Call Status = Call status service.
Page 273: Configuring Remote Http Hosts
Remote Service. The HTTP Remote Hosts table is a "child" of the HTTP Remote Services table (configured in ''Configuring HTTP Services'' on page 270). The following procedure describes how to configure HTTP Remote hosts through the Web interface. You can also configure it through ini file (HTTPRemoteServices). Version 7.0 Mediant 4000 SBC...
Page 274 Mediant 4000 SBC  To configure an HTTP-based service Open the HTTP Remote Services table (Configuration tab > VoIP menu > Services > HTTP Services > HTTP Remote Services). In the table, select the required HTTP Remote Service index row, and then click the HTTP Remote Hosts button, located below the table;...
Page 275: Centralized Third-Party Routing Server Or Arm
You can employ a remote, third-party Routing server or AudioCodes Routing Manager (ARM) routing server to handle call routing decisions in deployments consisting of multiple AudioCodes devices. Employing a routing server replaces the need for the device's routing tables (IP-to-IP Routing table) to determine call destination.
Page 276 Mediant 4000 SBC This HTTP request-response transaction for the routing path occurs between routing server and each device in the route path (hops) as the call traverses the devices to its final destination. Each device in the call path connects to the routing server, which responds with the next hop in the route path.
Page 277 Remote Web Service and HTTP remote host. You must configure the 'Type' parameter of the Remote Web Service to Routing. In the IP-to-IP Routing table, configure the 'Destination Type' parameter of the routing rule to Routing Server (see Configuring SBC IP-to-IP Routing Rules on page 472). Version 7.0 Mediant 4000 SBC...
Page 278: Http-Based Proxy Services
 HTTP-based EMS Services for AudioCodes Equipment behind NAT: You can configure the device to act as an HTTP Proxy that enables AudioCodes EMS to manage AudioCodes equipment (such as IP Phones) over HTTP when the equipment is located behind NAT (e.g., in the LAN) and EMS is located in a public domain (e.g., in the WAN).
Page 279: Enabling The Http Proxy Application
Open the HTTP Interfaces table (Configuration tab > VoIP menu > Services > HTTP Proxy > HTTP Interfaces). Click Add; the following dialog box appears: Figure 15-39: HTTP Interfaces Table - Add Row Dialog Box Version 7.0 Mediant 4000 SBC...
Page 280 Mediant 4000 SBC Configure an HTTP Interface according to the parameters described in the table below. Click Add, and then save ("burn") your settings to flash memory. Table 15-20: HTTP Interfaces Table Parameter Descriptions Parameter Description Index Defines an index number for the new table row.
Page 281 Online Certificate Status Protocol (OCSP) server whether the certificate has been revoked. This is also configured for the associated TLS Context.  Note: The parameter is applicable only if the connection protocol is HTTPS (defined using the 'Protocol' parameter, above). Version 7.0 Mediant 4000 SBC...
Page 282: Configuring Http Proxy Services
Mediant 4000 SBC 15.7.3 Configuring HTTP Proxy Services The HTTP Proxy Services table lets you configure up to 10 HTTP Proxy Services. The following procedure describes how to configure HTTP Proxy Services through the Web interface. You can also configure it through ini file (HTTPProxyService) or CLI (configure system >...
Page 283: Configuring Http Proxy Hosts
HTTP Proxy > HTTP Proxy Services). In the table, select the required HTTP Proxy Service index row, and then click the HTTP Proxy Hosts link, located below the table; the HTTP Proxy Hosts table appears. Version 7.0 Mediant 4000 SBC...
Page 284 Mediant 4000 SBC Click Add; the following dialog box appears: Figure 15-41: HTTP Proxy Hosts Table - Add Row Dialog Box Configure an HTTP Proxy Host according to the parameters described in the table below. Click Add, and then save ("burn") your settings to flash memory.
Page 285: Configuring An Http-Based Ems Service
You can also configure it through ini file (EMSService) or CLI (configure system > http-proxy > ems-serv).  To configure an EMS Service: Open the EMS Services table (Configuration tab > VoIP menu > Services > HTTP Proxy > EMS Services). Version 7.0 Mediant 4000 SBC...
Page 286 Mediant 4000 SBC Click Add; the following dialog box appears: Figure 15-42: EMS Services Table - Add Row Dialog Box Configure an EMS Service according to the parameters described in the table below. Click Add, and then save ("burn") your settings to flash memory.
Page 287 Assigns an HTTP Interface (local, listening HTTP interface:port) for communication with the EMS. To configure HTTP Interfaces, see ems-int 'Configuring HTTP Interfaces' on page 279. [EMSService_EMSInterfac By default, no value is defined (None). Note: The parameter is mandatory. Version 7.0 Mediant 4000 SBC...
Page 288: Configuring Call Setup Rules
Mediant 4000 SBC 15.8 Configuring Call Setup Rules The Call Setup Rules table lets you configure up to 40 Call Setup rules. Call Setup rules define various sequences that are run upon the receipt of an incoming call (dialog) at call setup, before the device routes the call to its destination.
Page 289 IDs, where each Set ID can include up to 10 rules. The Set ID is used to [CallSetupRules_RulesSetI assign the Call Setup rules to a routing rule in the routing table. The valid value is 0 to 9. The default is 0. Version 7.0 Mediant 4000 SBC...
Page 290 Mediant 4000 SBC Parameter Description Attributes To Query Defines the query string that the device sends to the LDAP server. attr-to-query The valid value is a string of up to 100 characters. Combined strings and values can be configured like in the Message Manipulations table, [CallSetupRules_Attributes using the '+' operator.
Page 291: Call Setup Rule Examples
'Attributes to Query': ‘telephoneNumber=’ + param.call.src.user ♦ 'Attributes to Get': alternateNumber ♦ 'Row Role': Use Current Condition ♦ 'Condition': ldap.attr. alternateNumber exists ♦ 'Action Subject': param.call.src.user ♦ 'Action Type': Modify ♦ 'Action Value': ldap.attr. alternateNumber Version 7.0 Mediant 4000 SBC...
Page 292 Mediant 4000 SBC • Routing table configuration: A single routing rule is assigned the Call Setup Rule Set ID. ♦ Index 1:  'Call Setup Rules Set Id': 1  Example 2: This example configures the device to replace (manipulate) the incoming call's calling name (caller ID) with a name retrieved from the AD by an LDAP query.
Page 293: Enhanced 9-1-1 Support For Lync Server
E9-1-1 due to the difficulty in accurately locating the E9-1-1 caller. This section describes the E9-1-1 solution provided by Microsoft Lync Server (hereafter referred to as Lync Server) and AudioCodes' device's ELIN interworking capabilities, which provides the SIP Trunk to the E9-1-1 emergency service provider. This section also describes the configuration of the device for interoperating between the Lync Server environment and the E9-1-1 emergency provider.
Page 294: Microsoft Lync Server And E9-1-1
Mediant 4000 SBC The VoIP user dials 9-1-1. AudioCodes' ELIN device eventually sends the call to the emergency service provider over the SIP Trunk (PSAP server). The emergency service provider identifies the call is an emergency call and sends it to an E9-1-1 Selective Router in the Emergency Services provider's network.
Page 295: Gathering Location Information Of Lync Clients For 911 Calls
The LIS queries the published locations for a location and if a match is found, returns the location information to the client. The matching order is as follows: • WAP BSSID • LLDP switch / port • LLDP switch • Subnet • MAC address Version 7.0 Mediant 4000 SBC...
Page 296: Adding Elins To The Location Information Server
Mediant 4000 SBC This logic ensures that for any client that is connected by a wireless connection, a match is first attempted based on the hardware address of its connected access point. The logic is for the match to be based on the most detailed location. The subnet generally provides the least detail.
Page 297: Passing Location Information To The Pstn Emergency Provider
(for example, less than 7000 square feet per ERL). Typically, you would have an ERL for each floor of the building. The ELIN is used as the phone number for 911 callers within this ERL. Version 7.0 Mediant 4000 SBC...
Page 298 Mediant 4000 SBC The figure below illustrates the use of ERLs and ELINs, with an E9-1-1 call from floor 2 at the branch office: Figure 15-44: Implementing ERLs and ELINs for E9-1-1 in Lync The table below shows an example of designating ERLs to physical areas (floors) in a building and associating each ERL with a unique ELIN.
Page 299: Audiocodes Elin Device For Lync Server E9-1-1 Calls To Pstn
ELIN. This ensures that the call is routed to an appropriate PSAP, based on ELIN-address match lookup in the emergency service provider's ALI database. The figure below illustrates an AudioCodes ELIN device deployed in the Lync Server environment for handling E9-1-1 calls between the Enterprise and the emergency service provider.
Page 300 Mediant 4000 SBC • Time: Time at which the original E9-1-1 call was terminated with the PSAP • Count: Number of E9-1-1 calls currently using the ELIN An example of the ELIN database table is shown below: ELIN Time Count...
Page 301: Pre-Empting Existing Calls For E9-1-1 Calls
ELIN number back into the E9-1-1 caller's extension number. In the ELIN table of the device, the temporarily stored From header value of the SIP INVITE message originally received from the E9-1-1 caller is used for PSAP callback. Version 7.0 Mediant 4000 SBC...
Page 302: Selecting Elin For Multiple Calls Within Same Erl
Mediant 4000 SBC When the PSAP makes a callback to the E9-1-1 caller, the device translates the called number (i.e., ELIN) received from the PSAP to the corresponding E9-1-1 caller's extension number as matched in the ELIN table. The handling of PSAP callbacks by the device is as follows:...
Page 303: Configuring Audiocodes Elin Device
11:03, then the device selects ELIN 4257275678. In this scenario, multiple E9-1-1 calls are sent with the same ELIN. 15.9.4 Configuring AudioCodes ELIN Device This section describes E9-1-1 configuration of the AudioCodes ELIN Gateway deployed in the Lync Server environment. 15.9.4.1 Enabling the E9-1-1 Feature By default, the ELIN device feature for E9-1-1 emergency call handling in a Lync environment is disabled.
Page 304: Configuring Sbc Ip-To-Ip Routing Rule For E9-1-1
Mediant 4000 SBC To support this requirement, you can configure the ELIN device to send a 503 "Service Unavailable" release cause code instead of SIP 4xx if an emergency call cannot be established:  To enable SIP response 503 upon failed E911: Open the Advanced Parameters page (Configuration tab >...
Page 305: Quality Of Experience
The device can be configured to report voice (media) Quality of Experience (QoE) to AudioCodes' Session Experience Manager (SEM) server, a plug-in for AudioCodes EMS. The reports include real-time metrics of the quality of the actual call experience, which are then processed by the SEM.
Page 306: Configuring Clock Synchronization Between Device And Sem
In other words, you need to configure them with the same NTP server. The NTP server can be one of the following:  AudioCodes EMS server (also acting as an NTP server)  Third-party, external NTP server Once you have determined the NTP server, all the elements--device, SEM, and EMS--must be configured with the same NTP server address.
Page 307: Configuring Quality Of Experience Profiles
 Report the change in the measured metrics to AudioCodes' Session Experience Manager (SEM) server. The SEM displays this call quality status for the associated SEM link (IP Group, Media Realm, or Remote Media Subnet). For configuring the SEM server's address, see ''Configuring the SEM Server'' on page 305.
Page 308 Mediant 4000 SBC Note: For your convenience, the device provides pre-configured Quality of Experience Profiles. One of these pre-configured profiles is the default Quality of Experience Profile. Therefore, if you do not configure a Quality of Experience Profile, this default is used.
Page 309 [0] MOS (default) monitored-parameter  [1] Delay [QOEColorRules_monitoredPara  [2] Packet Loss  [3] Jitter  [4] RERL [Echo] Direction Defines the monitoring direction.  direction [0] Device Side (default)  [1] Remote Side [QOEColorRules_direction] Version 7.0 Mediant 4000 SBC...
Page 310 Mediant 4000 SBC Parameter Description Sensitivity Level Defines the sensitivity level of the thresholds.  sensitivity-level [0] User Defined = Need to define the thresholds in the parameters described below. [QOEColorRules_profile]  [1] Low = Pre-configured low sensitivity threshold values.
Page 311: Configuring Bandwidth Profiles
You can also configure it through ini file (BWProfile) or CLI (configure voip > qoe bw-profile).  To configure Bandwidth Profiles: Open the Bandwidth Profile page (Configuration tab > VoIP menu > Quality of Experience > Bandwidth Profile). Version 7.0 Mediant 4000 SBC...
Page 312 Mediant 4000 SBC Click Add; the following dialog box appears: Figure 16-4: Bandwidth Profile Table - Add Row Dialog Box The figure above shows a configuration example where if the outgoing voice traffic threshold of 64,000 increases by 80% (70% warning threshold plus 10% hysteresis) to 115,200 (64,000 plus 51,200), a Yellow state occurs and an alarm is sent.
Page 313 If enabled, an alarm is sent if one of the following scenarios occurs:  Warning threshold is exceeded (Warning severity - Yellow threshold).  Any configured bandwidth threshold is exceeded (Major severity - Red threshold). Version 7.0 Mediant 4000 SBC...
Page 314: Configuring Media Enhancement Profiles
Mediant 4000 SBC 16.4 Configuring Media Enhancement Profiles Media Enhancement Profiles provides support for access control and media quality enhancements based on call quality measurements (configured in ''Configuring Quality of Experience Profiles'' on page 307) and bandwidth utilization (configured in ''Configuring Bandwidth Profiles'' on page 311).
Page 315 Media Enhancement Rules page appears. Click Add; the following dialog box appears: Figure 16-6: Media Enhancement Rules Table - Add Row Dialog Box Configure a Media Enhancement Rule according to the parameters described in the table below. Version 7.0 Mediant 4000 SBC...
Page 316 Mediant 4000 SBC Click Add, and then reset the device with a save ("burn") to flash memory. Table 16-5: Media Enhancement Rules Table Parameter Descriptions Parameter Description Index Defines the index of the table row entry. rule-index [MediaEnhancementRules_RuleI ndex] Trigger Defines the monitored metrics parameter or bandwidth associated with this rule.
Page 317: Control Network
You can also configure it through ini file (CpMediaRealm) or CLI (configure voip > voip-network realm).  To configure a Media Realm: Open the Media Realm table (Configuration tab > VoIP menu > VoIP Network > Media Realm Table). Version 7.0 Mediant 4000 SBC...
Page 318 Mediant 4000 SBC Click Add; the following dialog box appears: Figure 17-1: Media Realm Table - Add Row Dialog Box Configure the Media Realm according to the parameters described in the table below. Click Add. Table 17-1: Media Realm Table Parameter Descriptions...
Page 319 QoE Profile Assigns a QoE Profile to the Media Realm. qoe-profile By default, no value is defined (None). [CpMediaRealm_QoeP For configuring QoE Profiles, see ''Configuring Quality of Experience rofile] Profiles'' on page 307. Version 7.0 Mediant 4000 SBC...
Page 320: Configuring Remote Media Subnets
Mediant 4000 SBC Parameter Description BW Profile Assigns a Bandwidth Profile to the Media Realm. bw-profile By default, no value is defined (None). [CpMediaRealm_BWPr For configuring Bandwidth Profiles, see ''Configuring Bandwidth Profiles'' on ofile] page 311. 17.1.1 Configuring Remote Media Subnets Remote Media Subnets define destination subnets for media (RTP/SRTP) traffic on a specific Media Realm.
Page 321 Defines the subnet mask in Classless Inter-Domain Routing (CIDR) notation. For example, 16 denotes 255.255.0.0. prefix-length The default is 16. [RemoteMediaSubnet_ PrefixLength] Address Family Defines the IP address protocol.  [2] IPv4 (default) address-family  [10] IPv6 [RemoteMediaSubnet_ AddressFamily] Version 7.0 Mediant 4000 SBC...
Page 322: Configuring Media Realm Extensions
Mediant 4000 SBC Parameter Description Destination IP Defines the IP address of the destination. dst-ip-address The default is 0.0.0.0. [RemoteMediaSubnet_ DstIPAddress] QOE Profile Name Assigns a Quality of Experience Profile to the Remote Media Subnet. By default, no value is defined (None).
Page 323 You must either configure all your Media Realms with port ranges or all without; not some with and some without.  The available UDP port range is according to the BaseUDPport parameter. For more information, see ''Configuring RTP Base UDP Port'' on page 195. Version 7.0 Mediant 4000 SBC...
Page 324 Mediant 4000 SBC Parameter Description Port Range End Defines the last (upper) port in the range of media UDP ports for the Media Realm Extension. [MediaRealmExtension _PortRangeEnd] Note: It is unnecessary to configure the parameter. The device automatically populates the parameter with a value, calculated by the summation of the 'Number of Media Session Legs' parameter (multiplied by the port chunk size) and the 'Port Range Start' parameter.
Page 325: Configuring Srds
Admission Control rule - see Configuring Admission Control Table on page 455  Classification rule - see Configuring Classification Rules on page 463 As mentioned previously, if you use only a single SRD, the device automatically assigns it to the above-listed configuration entities. Version 7.0 Mediant 4000 SBC...
Page 326 Mediant 4000 SBC As each SIP Interface defines a different Layer-3 network (see ''Configuring SIP Interfaces'' on page 336 for more information) on which to route or receive calls and as you can assign multiple SIP Interfaces to the same SRD, for most deployment scenarios (even for multiple Layer-3 network environments), you only need to employ a single SRD to represent your VoIP network (Layer 5).
Page 327 (SRD) or CLI (configure voip > voip-network srd).  To configure an SRD: Open the SRD table (Configuration tab > VoIP menu > VoIP Network > SRD Table). Version 7.0 Mediant 4000 SBC...
Page 328 Mediant 4000 SBC Click Add; the following dialog box appears: Figure 17-7: SRD Table - Add Row Dialog Box Configure an SRD according to the parameters described in the table below. Click Add. Table 17-4: SRD Table Parameter Descriptions Parameter...
Page 329 When the device blocks a call, it sends a SIP 500 "Server Internal Error" response to the remote end.  The parameter applies to calls belonging to a User-type IP Group.  When the corresponding parameter in the SIP Interface table Version 7.0 Mediant 4000 SBC...
Page 330 Mediant 4000 SBC Parameter Description (SIPInterface_BlockUnRegUsers) is configured to Yes or No for a SIP Interface that is associated with the SRD, the parameter in the SRD table is ignored for calls belonging to the SIP Interface. Enable Un-Authenticated Enables the device to accept REGISTER requests and register them in its...
Page 331: Filtering Tables In Web Interface By Srd
SRD. As related configuration entities (SIP Interfaces, IP Groups, Proxy Sets, Classification rules, and IP-to-IP Routing rules) are associated with the specific SRD, each SRD has its own logically separated configuration tables (although configured in the same Version 7.0 Mediant 4000 SBC...
Page 332 Mediant 4000 SBC tables). Therefore, full logical separation (on the SIP application layer) between tenants is achieved by SRD. To create a multi-tenant configuration topology that is as non-bleeding as possible, you can configure an SRD (tenant) as Isolated and Shared: ...
Page 333 To access a specific tenant view: # srd-view <SRD name> Once accessed, the tenant's name (i.e., SRD name) forms part of the CLI prompt, for example: # srd-view datacenter (srd-datacenter)#  To exit the tenant view: # no srd-view Version 7.0 Mediant 4000 SBC...
Page 334: Cloning Srds
Mediant 4000 SBC 17.2.3 Cloning SRDs You can clone (duplicate) existing SRDs. This is especially useful when operating in a multi-tenant environment and you need to add new tenants (SRDs). The new tenants can quickly and easily be added by simply cloning one of the existing SRDs. Once cloned, all you need to do is tweak configuration entities associated with the SRD clone.
Page 335: Color-Coding Of Srds In Web Interface
If your configuration setup includes only a single SRD, the device automatically selects the SRD when adding related configuration entities. For example, when adding an IP Group, the single SRD is automatically selected in the Add Row dialog box. Version 7.0 Mediant 4000 SBC...
Page 336: Configuring Sip Interfaces
Mediant 4000 SBC 17.3 Configuring SIP Interfaces The SIP Interface table lets you configure up to 500 SIP Interfaces. A SIP Interface represents a Layer-3 network in your deployment environment, by defining a local, listening port number and type (e.g., UDP), and assigning an IP network interface for SIP signaling traffic.
Page 337 The valid value is a string of up to 21 characters. By default, if you do not interface-name configure a name, the device automatically assigns the name [SIPInterface_InterfaceN "SIPInterface_<row index>" (e.g., "SIPInterface_1" when added to Index ame] Version 7.0 Mediant 4000 SBC...
Page 338 Mediant 4000 SBC Parameter Description Network Interface Assigns a Control-type IP network interface to the SIP Interface. network-interface By default, no value is defined (None). [SIPInterface_NetworkInt erface] For configuring network interfaces, see ''Configuring IP Network Interfaces'' on page 132. Note: The parameter is mandatory.
Page 339 SBCDirectMedia. If enabled, even if the SIP Interface is disabled for direct media, direct media is employed for calls belonging to the SIP Interface.  For more information on direct media, see Direct Media on page 428. Version 7.0 Mediant 4000 SBC...
Page 340 Mediant 4000 SBC Parameter Description TLS Context Name Assigns a TLS Context (SSL/TLS certificate) to the SIP Interface. tls-context-name The default TLS Context ("default" at Index 0) is assigned to the SIP Interface by default. [SIPInterface_TLSContex Notes:  For incoming calls: The assigned TLS Context is used if no TLS Context is configured for the Proxy Set associated with the call or classification to an IP Group based on Proxy Set fails.
Page 341 Note: The parameter is applicable only if the device is set to reject unclassified calls. This is configured using the 'Unclassified Calls' parameter on the General Settings page (Configuration tab > VoIP menu > SBC > General Settings). Version 7.0 Mediant 4000 SBC...
Page 342: Configuring Ip Groups
Mediant 4000 SBC Parameter Description Pre Classification Assigns a Message Manipulation Set ID to the SIP Interface. This lets you Manipulation Set ID apply SIP message manipulation rules on incoming SIP initiating-dialog request messages (not in-dialog), received on this SIP Interface, prior to preclassification- the Classification process.
Page 343 Open the IP Group table (Configuration tab > VoIP menu > VoIP Network > IP Group Table). Click Add; the following dialog box appears: Configure an IP Group according to to the parameters described in the table below. Click Add. Version 7.0 Mediant 4000 SBC...
Page 344 Mediant 4000 SBC Table 17-6: IP Group Table Parameter Descriptions Parameter Description Common Parameters Index Defines an index for the new table row. [IPGroup_Index] Note: Each row must be configured with a unique index. Assigns an SRD to the IP Group.
Page 345 Defines the SIP Request-URI host name in INVITE and REGISTER messages sent to this IP Group, or the host name in the From header of sip-group-name INVITE messages received from this IP Group. In other words, it [IPGroup_SIPGroupName Version 7.0 Mediant 4000 SBC...
Page 346 Mediant 4000 SBC Parameter Description replaces the original host name. The valid value is a string of up to 100 characters. By default, no value is defined. Note:  If the parameter is not configured, the value of the global parameter, ProxyName is used instead (see ''Configuring Proxy and Registration Parameters'' on page 366).
Page 347 (Read-only) Indicates whether the IP Group was created by a third-party Server routing server:  [IPGroup_CreatedByRouti [0] No ngServer]  [1] Yes For more information on the third-party routing server feature, see Centralized Third-Party Routing Server or ARM on page 275. Version 7.0 Mediant 4000 SBC...
Page 348 Mediant 4000 SBC Parameter Description SBC Tab (SBC Application) SBC Operation Mode Defines the device's operational mode for the IP Group.  sbc-operation-mode [-1] Not Configured = (Default)  [0] B2BUA = Device operates as a back-to-back user agent (B2BUA),...
Page 349 Message Manipulation on page 369. [IPGroup_OutboundManS Note: If you assign a Message Manipulation Set ID that includes rules for manipulating the host name in the Request-URI, To, and/or From SIP headers, the parameter overrides the IPGroup_SIPGroupName parameter. Version 7.0 Mediant 4000 SBC...
Page 350 Mediant 4000 SBC Parameter Description Msg Man User Defined Defines a value for the SIP user part that can be used in Message String1 Manipulation rules configured in the Message Manipulations table. The Message Manipulation rule obtains this value from the IP Group, by msg-man-user- using the following syntax: param.ipg.<src|dst>.user-defined.<0>.
Page 351 [5] P-Preferred  [6] Route  [7] Diversion  [8] P-Associated-URI  [9] P-Called-Party-ID  [10] Contact  [11] Referred-by Notes:  The parameter is applicable only when classification is done according to the Classification table. Version 7.0 Mediant 4000 SBC...
Page 352 Mediant 4000 SBC Parameter Description  If the configured SIP header does not exist in the incoming INVITE message, the classification of the message to a source IP Group fails.  If the device receives an INVITE as a result of a REFER request or a 3xx response, then the incoming INVITE is routed according to the Request-URI.
Page 353 (Read-only field) Displays whether the IP Group entity (gateway) is Status registered with the device ("Registered" or "Not Registered"). Note: The field is applicable only to Gateway-type IP Groups (i.e., the 'Type' parameter is configured to Gateway). Version 7.0 Mediant 4000 SBC...
Page 354: Configuring Proxy Sets
Mediant 4000 SBC 17.5 Configuring Proxy Sets The Proxy Sets table lets you configure up to 625 Proxy Sets. A Proxy Set defines the address and transport type (e.g., UDP or TCP) of a SIP server (e.g., SIP proxy and SIP registrar server).
Page 355 Click Add; the following dialog box appears: Figure 17-11: Proxy Address Table - Add Row Dialog Box Configure the address of the Proxy Set according to the parameters described in the table below. Click Add. Version 7.0 Mediant 4000 SBC...
Page 356 Mediant 4000 SBC Table 17-7: Proxy Sets Table and Proxy Address Table Parameter Description Parameter Description Proxy Sets Table Index Defines an index number for the new table row. Note: Each row must be configured with a unique index. configure voip >...
Page 357 Proxies. The weights are received from the DNS server, using SRV records. The device sends the requests in such a fashion that each proxy receives a percentage of the requests according to its' assigned Version 7.0 Mediant 4000 SBC...
Page 358 Mediant 4000 SBC Parameter Description weight. A single FQDN should be configured as a proxy IP address. Random Weights Load Balancing is not used in the following scenarios:  More than one IP address has been configured for the Proxy Set.
Page 359 Context is used. For configuring TLS Contexts, see ''Configuring TLS Certificate Contexts'' on page 103. Proxy Address Table configure voip > voip-network proxy-ip > proxy-set-id Index Defines an index number for the new table row. Version 7.0 Mediant 4000 SBC...
Page 360 Mediant 4000 SBC Parameter Description Note: Each row must be configured with a unique index. proxy-ip-index [ProxyIp_ProxyIpIndex Proxy Address Defines the address of the proxy. Up to 10 addresses can be configured per Proxy Set. The address can be proxy-address defined as an IP address in dotted-decimal notation (e.g., 201.10.8.1) or...
Page 361: Sip Definitions
You can also configure it through ini file (Account) or CLI (configure voip > sip-definition account).  To configure an Account: Open the Account table (Configuration tab > VoIP menu > SIP Definitions > Account Table). Version 7.0 Mediant 4000 SBC...
Page 362 Mediant 4000 SBC Click Add; the following dialog box appears: Figure 18-1: Account Table - Add Row Dialog Box Configure an account according to the parameters described in the table below. Click Add. Once you have configured Accounts, you can register or un-register them, as described below: ...
Page 363 Group table is used instead.  If registration fails, the user part in the INVITE Contact header contains the source party number. Application Type Defines the application type:  [2] SBC = SBC application. application- type [Account_Applicatio nType] Version 7.0 Mediant 4000 SBC...
Page 364: Regular Registration Mode
Mediant 4000 SBC 18.2.1 Regular Registration Mode When you configure the registration mode in the Account table to Regular, the device sends REGISTER requests to the Serving IP Group. The host name (in the SIP From/To headers) and contact user (user in From/To and Contact headers) are taken from the configured Account table upon successful registration.
Page 365 User's Manual 18. SIP Definitions The figure below illustrates an incoming call using GIN: Version 7.0 Mediant 4000 SBC...
Page 366: Configuring Proxy And Registration Parameters
Mediant 4000 SBC 18.3 Configuring Proxy and Registration Parameters The Proxy & Registration page allows you to configure the Proxy server and registration parameters. For a description of the parameters appearing on this page, see ''Configuration Parameters Reference'' on page 701.
Page 367: Sip Message Authentication Example
The REGISTER request is sent to a Registrar/Proxy server for registration: REGISTER sip:10.2.2.222 SIP/2.0 Via: SIP/2.0/UDP 10.1.1.200 From: <sip: 122@10.1.1.200>;tag=1c17940 To: <sip: 122@10.1.1.200> Call-ID: 634293194@10.1.1.200 User-Agent: Sip-Gateway/Mediant 4000 SBC/v.6.80A.227.005 CSeq: 1 REGISTER Contact: sip:122@10.1.1.200: Expires:3600 Upon receipt of this request, the Registrar/Proxy returns a 401 Unauthorized response: SIP/2.0 401 Unauthorized...
Page 368 • The password from the ini file is "AudioCodes". • The equation to be evaluated is "122:audiocodes.com:AudioCodes". According to the RFC, this part is called A1. • The MD5 algorithm is run on this equation and stored for future usage.
Page 369: Configuring Sip Message Manipulation
Translating one SIP response code to another  Topology hiding (generally present in SIP headers such as Via, Record Route, Route and Service-Route).  Configurable identity hiding (information related to identity of subscribers, for example, Version 7.0 Mediant 4000 SBC...
Page 370 Mediant 4000 SBC P-Asserted-Identity, Referred-By, Identity and Identity-Info)  Apply conditions per rule - the condition can be on parts of the message or call’s parameters  Multiple manipulation rules on the same SIP message  Multiple manipulation rules using the same condition. The following figure shows a...
Page 371 Definitions > Msg Policy & Manipulation > Message Manipulations). Click Add; the following dialog box appears: Figure 18-4: Message Manipulations Table - Add Row Dialog Box Configure a Message Manipulation rule according to the parameters described in the table below. Version 7.0 Mediant 4000 SBC...
Page 372 Mediant 4000 SBC Click Add. An example of configured message manipulation rules are shown in the figure below: Figure 18-5: Message Manipulations Page  Index 0: Adds the suffix ".com" to the host part of the To header.  Index 1: Changes the user part of the From header to the user part of the P-Asserted- ...
Page 373 Use Current Condition is used. For example, if Index 3 is configured to Use Current Condition and Index 4 and 5 are configured to Use Previous Condition, Index 4 Version 7.0 Mediant 4000 SBC...
Page 374 Mediant 4000 SBC Parameter Description and 5 use the condition configured for Index 3. A configuration example is shown in the beginning of this section. The option allows you to use the same condition for multiple manipulation rules. Notes: ...
Page 375: Configuring Sip Message Policy Rules
Open the Message Policy table (Configuration tab > VoIP menu > SIP Definitions > Msg Policy & Manipulation > Message Policy Table). Click Add; the following dialog box appears: Figure 18-6: Message Policy Table - Add Row Dialog Box Version 7.0 Mediant 4000 SBC...
Page 376 Mediant 4000 SBC Configure a Message Policy rule according to the parameters described in the table below. Click Add. Table 18-3: Message Policy Table Parameter Descriptions Parameter Description Index Defines an index number for the new table row. [MessagePolicy_Index] Note: Each row must be configured with a unique index.
Page 377 Defines the policy (blacklist or whitelist) for the SIP body specified in the 'Body List' parameter (above). body-list-type  [0] Policy Blacklist =The specified SIP body is rejected. [MessagePolicy_BodyLis  [1] Policy Whitelist = (Default) Only the specified SIP body is allowed; tType] the others are rejected. Version 7.0 Mediant 4000 SBC...
Page 378 Mediant 4000 SBC This page is intentionally left blank. User's Manual Document #: LTRT-41730...
Page 379: Coders And Profiles
Notes: • Some coders are license-dependent and are available only if purchased from AudioCodes and included in the Software License Key installed on your device. For more information, contact your AudioCodes sales representative. • Only the packetization time of the first coder in the coder list is declared in INVITE/200 OK SDP, even if multiple coders are defined.
Page 380 Mediant 4000 SBC  To configure coders: Open the Coders page (Configuration tab > VoIP menu > Coders and Profiles > Coders). Figure 19-1: Coders Table Page Configure coders according to the parameters described in the table below. Click Submit, and then reset the device with a save ("burn") to flash memory.
Page 381 (default 2)  [1] 24 [1] Enable  [2] 32 (default)  [3] 40  [0] Disable G.729 10, 20 (default), 30, 40, [g729] 50, 60, 80, 100  [1] Enable  [2] Enable Adaptation Version 7.0 Mediant 4000 SBC...
Page 382 Mediant 4000 SBC Coder Name Packetization Time Rate (kbps) Payload Silence (msec) Type Suppression   [0] 4.75 [0] Disable 20 (default) Dynamic [Amr]   [1] 5.15 [1] Enable  [2] 5.90  [3] 6.70  [4] 7.40 ...
Page 383: Configuring Coder Groups
For a list of supported coders, see ''Configuring Default Coders'' on page 379. The following procedure describes how to configure the Coders table through the Web interface. You can also configure it through ini file (CodersGroup) or CLI (configure voip > coders-and-profiles coders-group). Version 7.0 Mediant 4000 SBC...
Page 384 Mediant 4000 SBC  To configure a Coder Group: Open the Coder Group Settings page (Configuration tab > VoIP menu > Coders and Profiles > Coders Group Settings). Figure 19-2: Coder Group Settings Page Configure the Coder Group according to the parameters described in the table below.
Page 385  [0] 0 = Bandwidth Efficient  [1] 1 = Octet Aligned (default) Note: The AMR payload type can be configured globally using the AmrOctetAlignedEnable parameter. However, the Coder Group configuration overrides the global parameter. Version 7.0 Mediant 4000 SBC...
Page 386: Configuring Ip Profiles
Mediant 4000 SBC 19.3 Configuring IP Profiles The IP Profile Settings table lets you configure up to 125 IP Profiles. An IP Profile is a set of parameters with user-defined settings relating to signaling (e.g., SIP message terminations such as REFER) and media (e.g., coder type). An IP Profile can later be assigned to specific IP calls (inbound and/or outbound).
Page 387 The valid range is 0 to 150. The default delay is 10. delay For more information on Jitter Buffer, see Dynamic Jitter Buffer [IpProfile_JitterBufMinDelay] Operation on page 193. Note: The corresponding global parameter is DJBufMinDelay. Version 7.0 Mediant 4000 SBC...
Page 388 Mediant 4000 SBC Parameter Description Dynamic Jitter Buffer Defines the Dynamic Jitter Buffer frame error/delay optimization Optimization Factor factor. jitter-buffer- The valid range is 0 to 12. The default factor is 10. optimization-factor For more information on Jitter Buffer, see Dynamic Jitter Buffer [IpProfile_JitterBufOptFactor] Operation on page 193.
Page 389 Note: The corresponding global parameter is InputGain. Voice Volume Defines the voice gain control (in decibels). voice-volume The valid range is -32 to 31 dB. The default is 0 dB. [IpProfile_VoiceVolume] Note: The corresponding global parameter is VoiceVolume. Version 7.0 Mediant 4000 SBC...
Page 390 Mediant 4000 SBC Parameter Description Media IP Version Preference Defines the preferred RTP media IP addressing version for outgoing SIP calls (according to RFC 4091 and RFC 4092). The media-ip-version-preference RFCs concern Alternative Network Address Types (ANAT) [IpProfile_MediaIPVersionPrefere semantics in the SDP to offer groups of network addresses (IPv4...
Page 391 This feature ensures that the roll-over counter [IpProfile_ResetSRTPStateUpon (ROC), one of the parameters used in the SRTP Rekey] encryption/decryption process of the SRTP packets is synchronized on both sides for transmit and receive packets. Version 7.0 Mediant 4000 SBC...
Page 392 Mediant 4000 SBC Parameter Description  [0] Disable = (Default) ROC is not reset on the device side.  [1] Enable = If the session expires causing a session refresh through a re-INVITE, the device or server generates a new...
Page 393 Note: If the Diversion header is used, you can specify the URI type (e.g., "tel:") to use in the header, using the SBCDiversionUriType parameter. History-Info Header Mode Defines the device’s handling of the SIP History-Info header for Version 7.0 Mediant 4000 SBC...
Page 394 Mediant 4000 SBC Parameter Description sbc-history-info-mode the SIP entity associated with the IP Profile.  [IpProfile_SBCHistoryInfoMode] [0] As Is = (Default) History-Info header is not handled.  [1] Add = Diversion header is converted to a History-Info header.  [2] Remove = History-Info header is removed from the SIP dialog and the conversion to the Diversion header depends on the SBCDiversionMode parameter.
Page 395 The parameter applies only to users that are located behind NAT and whose communication type is TCP. The registration time is inserted in the Expires header in the outgoing response sent to the user. The Expires header determines the lifespan of the registration. Version 7.0 Mediant 4000 SBC...
Page 396 Mediant 4000 SBC Parameter Description For example, a value of 3600 means that the registration will timeout in one hour, unless the user sends a refresh REGISTER before the timeout. Upon timeout, the device removes the user’s details from the registration database, and the user will not be able to make or receive calls through the device.
Page 397 Prerecorded Tones (PRT) file. For more information, see Prerecorded Tones File on page 574. Remote 3xx Mode Defines the device's handling of SIP 3xx redirect responses for the SIP entity associated with the IP Profile. By default, the Version 7.0 Mediant 4000 SBC...
Page 398 Mediant 4000 SBC Parameter Description sbc-rmt-3xx-behavior device's handling of SIP 3xx responses is to send the Contact header unchanged. However, some SIP entities may support [IpProfile_SBCRemote3xxBehavi different versions of the SIP 3xx standard while others may not even support SIP 3xx.
Page 399 (and multiple tags). However, non-standard, multiple answer support may still be configured by the SBCRemoteMultipleAnswersMode parameter.  [1] Enable = Device sends the multiple SDP answers with different To-header tags, to the SIP entity. In other words, the Version 7.0 Mediant 4000 SBC...
Page 400 Mediant 4000 SBC Parameter Description SIP entity supports standard multiple SDP answers (with different To-header tags). In this case, the SBCRemoteMultipleAnswersMode parameter is ignored. Note: If the parameter and the SBCRemoteMultipleAnswersMode parameter are disabled, multiple SDP answers are not reflected to the SIP entity (i.e., the device sends the same SDP answer in...
Page 401 [2] Transparent = Device doesn't change the Contact header and doesn't add a Record-Route header for itself. Instead, it relies on its' own inherent mechanism to remain in the route of future requests in the dialog (for example, relying on the way Version 7.0 Mediant 4000 SBC...
Page 402 Mediant 4000 SBC Parameter Description the endpoints are set up or on TLS as the transport type). Keep Incoming Via Headers Enables interworking SIP Via headers between SIP entities. The parameter defines the device's handling of Via headers for sbc-keep-via-headers messages sent to the SIP entity associated with the IP Profile.
Page 403 To configure Coders Groups, see Configuring Coder Groups on page 383. Allowed Coders Assigns an Allowed Audio Coders Group. This defines audio (voice) coders that can be used for the SIP entity associated with sbc-allowed-coders-group- Version 7.0 Mediant 4000 SBC...
Page 404 Mediant 4000 SBC Parameter Description the IP Profile. [IpProfile_SBCAllowedCodersGro To configure Allowed Audio Coder Groups, see Configuring upID] Allowed Audio Coder Groups on page 459. For a description of the Allowed Coders feature, see ''Restricting Coders'' on page 429. Allowed Coders Mode Defines the mode of the Allowed Coders feature for the SIP entity associated with the IP Profile.
Page 405 As DTLS has been defined by the WebRTC standard as mandatory for encrypting media channels for SRTP key exchange, the support is important for deployments implementing WebRTC. For more information on WebRTC, see WebRTC on page 515. Version 7.0 Mediant 4000 SBC...
Page 406 Mediant 4000 SBC Parameter Description Enforce MKI Size Enables negotiation of the Master Key Identifier (MKI) length for SRTP-to-SRTP flows between SIP networks (i.e., IP Groups). sbc-enforce-mki-size This includes the capability of modifying the MKI length on the [IpProfile_SBCEnforceMKISize] inbound or outbound SBC call leg for the SIP entity associated with the IP Profile.
Page 407 Coders Group ID (configured using the SBCFaxCodersGroupID parameter).  [1] Single coder = (Default) Use only one coder. If the incoming answer (from the called "fax") includes a coder that matches a coder match between the incoming offer coders Version 7.0 Mediant 4000 SBC...
Page 408 Mediant 4000 SBC Parameter Description (from the calling "fax") and the coders of the selected Coders Group ID (SBCFaxCodersGroupID, then the device uses this coder. If no match exists, the device uses the first listed coder of the matched coders between the incoming offer coders (from the calling "fax") and the coders of the selected Coders...
Page 409 To configure the payload type in the SDP offer for RTP redundancy, use the RFC2198PayloadType. RTCP Mode Defines how the device handles RTCP packets during call sessions for the SIP entity associated with the IP Profile. This is Version 7.0 Mediant 4000 SBC...
Page 410  This functionality may require DSP resources. For more information, contact your AudioCodes sales representative. ICE Mode Enables Interactive Connectivity Establishment (ICE) Lite for the SIP entity associated with the IP Profile. ICE is a methodology for...
Page 411 Note: As RTP multiplexing has been defined by the WebRTC standard as mandatory, the support is important for deployments implementing WebRTC. For more information on WebRTC, see WebRTC on page 515. Version 7.0 Mediant 4000 SBC...
Page 412 Mediant 4000 SBC Parameter Description RTCP Feedback Enables RTCP-based feedback indication in outgoing SDPs sent to the SIP entity associated with the IP Profile. sbc-rtcp-feedback The parameter supports indication of RTCP-based feedback, [IPProfile_SBCRTCPFeedback] according to RFC 5124, during RTP profile negotiation between two communicating SIP entities.
Page 413: Session Border Controller Application
Part V Session Border Controller Application...
Page 415: Sbc Overview
Black/White lists for both Layer-3 firewall and SIP classification.  Stateful Proxy Operation Mode: The device can act as a Stateful Proxy by enabling SIP messages to traverse it transparently (with minimal interference) between the inbound and outbound legs. Version 7.0 Mediant 4000 SBC...
Page 416 Mediant 4000 SBC  B2BUA and Topology Hiding: The device intrinsically supports topology hiding, limiting the amount of topology information displayed to external parties. For example, IP addresses of ITSPs' equipment (e.g. proxies, gateways, and application servers) can be hidden from outside parties. The device's topology hiding is provided by implementing back-to-back user agent (B2BUA) leg routing: •...
Page 417: B2Bua And Stateful Proxy Operating Modes
IP Profile parameters (see ''Configuring IP Profiles'' on page 386):  IpProfile_SBCRemoteRepresentationMode: Contact and Record-Route headers  IpProfile_SBCKeepVIAHeaders: Via headers  IpProfile_SBCKeepUserAgentHeader: User-Agent headers  IpProfile_SBCKeepRoutingHeaders: Record-Route headers  IpProfile_SBCRemoteMultipleEarlyDialogs: To-header tags Version 7.0 Mediant 4000 SBC...
Page 418 Mediant 4000 SBC Thus, the Stateful Proxy mode provides full SIP transparency (no topology hiding) or asymmetric topology hiding. Below is an example of a SIP dialog-initiating request when operating in Stateful Proxy mode for full transparency, showing all the incoming SIP headers retained in the outgoing INVITE message.
Page 419 IP PBX. The configuration is done using IP Groups and SRDs. • If Stateful Proxy mode is used only due to the debugging benefits, it is recommended to configure the device to only forward the Call-ID header unchanged Version 7.0 Mediant 4000 SBC...
Page 420: Call Processing Of Sip Dialog Requests
Mediant 4000 SBC 20.3 Call Processing of SIP Dialog Requests The device processes incoming SIP dialog requests (SIP methods) such as INVITE, SUBSCRIBE, OPTIONS, REFER, INFO, UNSOLICITED NOTIFY, MESSAGE, and REGISTER. The process is summarized in the following figure and subsequently...
Page 421 The manipulation rule is associated with the dialog, by configuring the rule with incoming matching characteristics such as source IP Group and destination host name. The manipulation rules are also assigned an SBC Routing Policy, which in turn, Version 7.0 Mediant 4000 SBC...
Page 422: User Registration
Mediant 4000 SBC is assigned to IP-to-IP routing rules. As most deployments require only one SBC Routing Policy, the default Routing Policy is automatically assigned to manipulation rules and routing rules. For more information, see ''Configuring IP-to-IP Outbound Manipulations'' on page 497.
Page 423: Classification And Routing Of Registered Users
Request-URI in the INVITE message the device must search in the registration database:  Only by entire Request-URI (user@host), for example, "4709@joe.company.com".  By entire Request-URI, but if not found, by the user part of the Request-URI, for example, "4709". Version 7.0 Mediant 4000 SBC...
Page 424: General Registration Request Processing
Mediant 4000 SBC When an incoming INVITE is received for routing to a user and the user is located in the registration database, the device sends the call to the user's corresponding contact address specified in the database. Note: If the Request-URI contains the "tel:" URI or "user=phone" parameter, the device searches only for the user part.
Page 425: Registration Restriction Control
# clear voip register db sbc user John@10.33.2.22 # clear voip register db sbc user John  To delete all registered users belonging to a specific IP Group: # clear voip register db sbc ip-group <ID or name> Version 7.0 Mediant 4000 SBC...
Page 426: Media Handling
Mediant 4000 SBC 20.5 Media Handling Media behavior includes anything related to the establishment, management and termination of media sessions within the SIP protocol. Media sessions are created using the SIP offer-answer mechanism. If successful, the result is a bi-directional media (RTP) flow (e.g.
Page 427: Media Anchoring
Interface table) is used. The following figure provides an example of SDP handling for a call between a LAN IP Phone 10.2.2.6 and a remote IP Phone 212.179.1.13 on the WAN. Figure 20-3: SDP Offer/Answer Example Version 7.0 Mediant 4000 SBC...
Page 428: Direct Media
Mediant 4000 SBC 20.5.2 Direct Media You can configure the device to allow the media (RTP/SRTP) session to flow directly between the SIP endpoints, without traversing the device. This is referred to as No Media Anchoring (also known as Anti-Tromboning or Direct Media). SIP signaling continues to traverse the device, with minimal intermediation and involvement, to enable certain SBC capabilities such as routing.
Page 429: Restricting Audio Coders
(unless transcoding is implemented whereby Extension coders are added to the SDP, as described in Coder Transcoding on page 430). If the SDP offer contains some coders that are configured as allowed coders, the device manipulates Version 7.0 Mediant 4000 SBC...
Page 430: Coder Transcoding
Mediant 4000 SBC the SDP offer by removing the coders that are not configured as allowed coders, before routing the SIP message to its destination. The device also re-orders (prioritizes) the coder list in the SDP according to the listed order of configured allowed coders.
Page 431 The device adds the extension coders below the coder list received in the original SDP offer. This increases the chance of media flow without requiring transcoding. • The device does not add extension coders that also appear in the original SDP offer. Version 7.0 Mediant 4000 SBC...
Page 432 Mediant 4000 SBC As an example for using allowed and extension coders, assume the following:  Inbound leg: • Incoming SDP offer includes the G.729, G.711, and G.723 coders. m=audio 6050 RTP/AVP 18 0 8 4 96 a=rtpmap:18 G729/8000 a=rtpmap:0 PCMU/8000...
Page 433: Transcoding Mode
SIP entities use the same coder, the device performs transcoding of the same coder (e.g., G.711 and G.711) between the two legs. The transcoding mode can be configured globally (TranscodingMode parameter) or per SIP entity using IP Profiles (IpProfile_TranscodingMode parameter). Version 7.0 Mediant 4000 SBC...
Page 434: Prioritizing Coder List In Sdp Offer
Mediant 4000 SBC Note: If the transcoding mode is configured to Force (i.e., always performs transcoding) for an IP Profile associated with a specific SIP entity, the device also applies forced transcoding for the SIP entity communicating with this SIP entity, regardless of its IP Profile settings.
Page 435: Multiple Rtp Media Streams Per Call Session
Generate RFC 2198 redundant packets (IpProfile_RTPRedundancyDepth parameter).  Determine RTP redundancy support in the RTP redundancy negotiation in SDP offer/answer (IpProfile_SBCRTPRedundancyBehavior parameter). If not supported, the device discards RTP redundancy packets (if present) received from or sent to the SIP entity. Version 7.0 Mediant 4000 SBC...
Page 436: Interworking Rtp-Rtcp Multiplexing
Mediant 4000 SBC For more information, see the above parameters in ''Configuring IP Profiles'' on page 386. 20.5.9.3 Interworking RTP-RTCP Multiplexing The device supports interworking of RTP-RTCP multiplexing onto a single, local UDP port (according to RFC 5761) between SIP entities. Employing IP Profiles, you can configure RTP multiplexing per SIP entity, using the IPProfile_SBCRTCPMux parameter (see ''Configuring IP Profiles'' on page 386).
Page 437: Fax Negotiation And Transcoding
Coders Group Settings table for faxes. However, support for G.711 coders for voice is not dependent upon which fax coders are listed in the Coders Group Settings table. Version 7.0 Mediant 4000 SBC...
Page 438: Limiting Sbc Call Duration
Mediant 4000 SBC 20.7 Limiting SBC Call Duration You can define a maximum allowed duration (in minutes) for SBC calls. If an established call reaches this user-defined limit, the device terminates the call. This feature ensures calls are properly terminated, allowing available resources for new calls. This feature is configured using the MaxCallDuration parameter.
Page 439: User Authentication Based On Radius
The device can handle SIP 3xx responses so that the new INVITE message sent as a result of the 3xx traverses the device. The reasons for enforcing resultant INVITEs to traverse the device may vary: Version 7.0 Mediant 4000 SBC...
Page 440 Mediant 4000 SBC  The user that receives the 3xx is unable to route to the 3xx contact (i.e., the user is on the LAN and the new contact is on the WAN). In such a scenario, the device enables the user to reach the WAN contact and overcome NAT problems.
Page 441: Local Handling Of Sip 3Xx
HistoryInfoMode = Add Diversion Not present Diversion removed. converted to DiversionMode = Remove History-Info. Diversion removed. HistoryInfoMode = Not present. History-Info History-Info added to Diversion. Remove converted to History-Info removed. Diversion. DiversionMode = Add History-Info removed. Version 7.0 Mediant 4000 SBC...
Page 442: Interworking Sip Refer Messages
Mediant 4000 SBC Parameter Value SIP Header Present in Received SIP Message HistoryInfoMode = Diversion Not present. Diversion added to History-Info. Disable converted to History-Info. DiversionMode = Add HistoryInfoMode = Not present. History-Info History-Info added to Diversion. Disable converted to Diversion.
Page 443: Interworking Sip Prack Messages
Early media can arrive in provisional responses to an INVITE request. The device forwards the request of early media for IP Groups that support this capability; otherwise, the device terminates it. Provisional responses whose SDP are suppressed Version 7.0 Mediant 4000 SBC...
Page 444 Mediant 4000 SBC are changed to a SIP 180 response. This feature is also supported for delayed offers. This is configured using the IP Profile parameter, 'SBC Remote Early Media Support'. The device refers to the parameter also for features that require early media such as playing ringback tone.
Page 445: Interworking Sip Re-Invite Messages
SDP and only then forwards it to the destination endpoint. This interworking support is configured by the IP Profile parameter, 'SBC Remote Reinvite Support'. Version 7.0 Mediant 4000 SBC...
Page 446: Interworking Sip Update Messages
Mediant 4000 SBC 20.9.8 Interworking SIP UPDATE Messages The device supports interworking of the SIP UPDATED message. This enables communication between UAs that generate UPDATE requests and those that do not support the receipt of UPDATE requests. The device does not forward UPDATE requests to IP Groups that do not support it.
Page 447: Interworking Sip Via Headers
Record-Route headers received in the incoming SIP request/response from the other side. Employing IP Profiles, you can configure this interworking feature per SIP entity, using the IpProfile_SBCKeepRoutingHeaders parameter (see ''Configuring IP Profiles'' on page 386). Version 7.0 Mediant 4000 SBC...
Page 448: Interworking Sip To-Header Tags In Multiple Sdp Answers
Mediant 4000 SBC 20.9.15 Interworking SIP To-Header Tags in Multiple SDP Answers The device supports the interworking of SIP To-header tags in call forking responses (i.e., multiple SDP answers) between IP entities. The device can either use the same To-header tag value for all SDP answers sent to the SIP entity, or send each SDP answer with its original tag.
Page 449: Enabling The Sbc Application
Open the Applications Enabling page (Configuration tab > VoIP menu > Applications Enabling > Applications Enabling). From the 'SBC Application' drop-down list, select Enable. Click Submit, and then reset the device with a burn-to-flash for your settings to take effect. Version 7.0 Mediant 4000 SBC...
Page 450 Mediant 4000 SBC This page is intentionally left blank. User's Manual Document #: LTRT-41730...
Page 451: Configuring General Sbc Settings
Open the General Settings page (Configuration tab > VoIP menu > SBC > General Settings). Figure 22-1: General Settings Page Configure the parameters as required. Click Submit. To save the changes to flash memory, see ''Saving Configuration'' on page 564. Version 7.0 Mediant 4000 SBC...
Page 452: Interworking Dialog Information In Sip Notify Messages
Mediant 4000 SBC 22.1 Interworking Dialog Information in SIP NOTIFY Messages You can enable the device to interwork dialog information (XML body) received in SIP NOTIFY messages from a remote (WAN) application server. The NOTIFY message is sent by application servers to notify a SIP client, subscribed to a service and located behind the device (LAN), of the status of another SIP client in the LAN.
Page 453 <referred-by> sip:bob-is-not-here@vm.example.net </referred-by> <local> <identity display="Jason Forster"> sip:jforsters@home.net </identity> <target uri="sip:alice@pc33.example.com"> <param pname="+sip.rendering" pval="yes"/> </target> </local> <remote> <identity display="Cathy Jones"> sip:cjones@example.net </identity> <target uri="sip:line3@host3.example.net"> <param pname="actor" pval="attendant"/> <param pname="automaton" pval="false"/> </target> </remote> </dialog> </dialog-info> Version 7.0 Mediant 4000 SBC...
Page 454 Mediant 4000 SBC This page is intentionally left blank. User's Manual Document #: LTRT-41730...
Page 455: Configuring Admission Control
For example, if IP Group ID 1 needs to handle 21 calls, it's guaranteed 10, the SRD's shared pool provides another 10, and the last call is provided from the device's total call capacity support (e.g., of 200). Version 7.0 Mediant 4000 SBC...
Page 456 Mediant 4000 SBC Requests that reach the user-defined call limit (maximum concurrent calls and/or call rate) are sent to an alternative route, if configured in the IP-to-IP Routing table. If no alternative routing rule is located, the device rejects the SIP request with a SIP 480 "Temporarily Unavailable"...
Page 457 [0] Both = (Default) Rule applies to inbound and outbound SIP dialogs. request-direction  [1] Inbound = Rule applies only to inbound SIP dialogs. [SBCAdmissionControl_ RequestDirection]  [2] Outbound = Rule applies only to outbound SIP dialogs. Version 7.0 Mediant 4000 SBC...
Page 458 Mediant 4000 SBC Parameter Description Reserved Capacity Defines the guaranteed (minimum) call capacity. reservation The default is 0 (i.e., no reserved capacity). [SBCAdmissionControl_ Notes: Reservation]  Reserved call capacity is applicable only to IP Groups and SRDs (i.e., the 'Limit Type' parameter must be configured to IP Group or SRD). If you configure the 'Limit Type' parameter to SIP Interface, leave the 'Reserved Capacity' parameter at its' default (i.e., 0).
Page 459: Configuring Coder Groups
The Allowed Audio Coders Group for coder restriction takes precedence over the Coder Group for extension coders. In other words, if an extension coder is not listed as an allowed coder, the device does not add the extension coder to the SDP offer. Version 7.0 Mediant 4000 SBC...
Page 460 Mediant 4000 SBC The following procedure describes how to configure Allowed Audio Coder Groups through the Web interface. You can also configure it through ini file (AllowedCodersGroup) or CLI (configure voip > sbc allowed-coders-group group-0).  To configure an Allowed Coders Group: Open the Allowed Audio Coders Group page (Configuration tab >...
Page 461: Configuring Allowed Video Coder Groups
The valid value for user-defined coders is a string name of up to 25 characters (case-insensitive). For example, [AllowedVideoCodersGroupX_Na "WOW.789" (but without quotes). Note: Each coder type can be configured only once per Allowed Video Coders Group. Version 7.0 Mediant 4000 SBC...
Page 462 Mediant 4000 SBC This page is intentionally left blank. User's Manual Document #: LTRT-41730...
Page 463: Routing Sbc
SIP dialog arrived from a registered user. The device searches the database for a user that matches the address-of-record (AOR) and Contact of the incoming SIP message: Version 7.0 Mediant 4000 SBC...
Page 464 Mediant 4000 SBC • Compares the SIP Contact header to the contact value of the user in the database. • Compares the URL in the SIP P-Asserted-Identity/From header to the registered address-of-record (AOR) in the database. If the device finds a matching registered user, it classifies the user to the IP Group associated with the user in the database.
Page 465 Figure 25-1: Classification Process (Identifying IP Group or Rejecting Call) The following procedure describes how to configure Classification rules through the Web interface. You can also configure it through ini file (Classification) or CLI (configure voip > sbc routing classification). Version 7.0 Mediant 4000 SBC...
Page 466 Mediant 4000 SBC  To configure a Classification rule: Open the Classification table (Configuration tab > VoIP menu > SBC > Routing SBC > Classification Table). Click Add; the following dialog box appears: Figure 25-2: Classification Table - Add Row Dialog Box Configure the Classification rule according to the parameters described in the table below.
Page 467 The prefix can be a single digit or a range of digits. For available notations, see ''Dialing Plan Notation for Routing and Manipulation'' on page 697. Note: For REGISTER requests, the source URI is obtained from the To header. Version 7.0 Mediant 4000 SBC...
Page 468 Mediant 4000 SBC Parameter Description Source Host Defines the prefix of the source URI host name as a matching characteristic for the incoming SIP dialog. src-host The URI is typically located in the SIP From header. However, you can [Classification_SrcHost] configure the SIP header from where the device obtains the source URI, in the IP Group table ('Source URI Input' parameter).
Page 469: Classification Based On Uri Of Selected Header Example
Supported: em,100rel,timer,replaces P-Called-Party-ID: <sip:1111@10.33.38.1> User-Agent: Sip Message Generator V1.0.0.5 Content-Length: 0 In the Classification table, add the following classification rules: Source Username Destination Index Destination Host Source IP Group Prefix Username Prefix 1111 2000 10.10.10.10 Version 7.0 Mediant 4000 SBC...
Page 470: Configuring Message Condition Rules
Mediant 4000 SBC In the IP Group table, add the following IP Groups: Index Source URI Input Destination URI Input P-Called-Party-ID Route In this example, a match exists only for Classification Rule #1. This is because the source (1111) and destination (2000) username prefixes match those in the INVITE's P-Called-...
Page 471 The valid value is a string of up to 59 characters. name [ConditionTable_Name] Condition Defines the Condition rule of the SIP message. condition The valid value is a string. [ConditionTable_Conditio Note: User and host parts must be enclosed in single quotes. Version 7.0 Mediant 4000 SBC...
Page 472: Configuring Sbc Ip-To-Ip Routing
Mediant 4000 SBC 25.3 Configuring SBC IP-to-IP Routing The IP-to-IP Routing table lets you configure up to 3,750 SBC IP-to-IP routing rules. Configuration of IP-to-IP routing rules includes two areas:  Rule: Defines the characteristics of the incoming SIP dialog message (e.g., IP Group from which the message is received).
Page 473 Least Cost Routing (LCR), you need to configure these settings for the Routing Policy (regardless of the number of Routing Policies employed). For more information on Routing Policies, see ''Configuring SBC Routing Policy Rules'' on page 485. Version 7.0 Mediant 4000 SBC...
Page 474 Mediant 4000 SBC The IP-to-IP Routing table also provides the following features:  Alternative routing or load balancing: In addition to the alternative routing/load balancing provided by the Proxy Set associated with the destination IP Group, the table allows the configuration of alternative routes whereby if a route fails, the next adjacent (below) rule in the table that is configured as 'Alt Route Ignore/Consider Inputs' are used.
Page 475 You can also configure it through ini file (IP2IPRouting) or CLI (configure voip > sbc routing ip2ip-routing).  To configure an IP-to-IP routing rule: Open the IP-to-IP Routing table (Configuration tab > VoIP menu > SBC > Routing SBC > IP-to-IP Routing Table). Version 7.0 Mediant 4000 SBC...
Page 476 Mediant 4000 SBC Click Add; the following dialog box appears: Figure 25-6: IP-to-IP Routing Table - Add Row Dialog Box Configure an IP-to-IP routing rule according to the parameters described in the table below. Click Add. Table 25-3: IP-to-IP Routing Table Parameter Descriptions...
Page 477 Note: The selectable IP Group for the parameter depends on the assigned SBC Routing Policy (in the 'Routing Policy' parameter in this table). For more information, see ''Configuring SBC Routing Policy Rules'' on page 485. Version 7.0 Mediant 4000 SBC...
Page 478 Mediant 4000 SBC Parameter Description Request Type Defines the SIP dialog request type (SIP Method) of the incoming SIP dialog. request-type  [0] All (default) [IP2IPRouting_RequestTy  [1] INVITE  [2] REGISTER  [3] SUBSCRIBE  [4] INVITE and REGISTER ...
Page 479 Such a configuration setup ensures that the device uses this alternative routing rule only when RTP broken connection is detected. Version 7.0 Mediant 4000 SBC...
Page 480 Mediant 4000 SBC Parameter Description ReRoute IP Group Defines the IP Group that initiated (sent) the SIP redirect response (e.g., 3xx) or REFER message. This parameter is typically used for re-routing re-route-ip-group- requests (e.g., INVITEs) when interworking is required for SIP 3xx redirect responses or REFER messages.
Page 481 If ENUM-based routing is used (i.e., the 'Destination Type' parameter is [IP2IPRouting_DestAddre set to ENUM) the parameter defines the IP address or domain name (FQDN) of the ENUM service, for example, e164.arpa, e164.customer.net or NRENum.net. The device sends the ENUM query Version 7.0 Mediant 4000 SBC...
Page 482 Mediant 4000 SBC Parameter Description containing the destination phone number to an external DNS server, configured in the Interface table. The ENUM reply includes a SIP URI (user@host) which is used as the destination Request-URI in this routing table. The valid value is a string of up to 50 characters (IP address or FQDN).
Page 483: Configuring Sip Response Codes For Alternative Routing Reasons
(configured in the Bandwidth profile table). When this occurs, the device sends a SIP 480 (Temporarily Unavailable) response to the SIP entity. This is configured by 1) assigning an IP Group a QoE and/or Bandwidth profile that rejects Version 7.0 Mediant 4000 SBC...
Page 484 Mediant 4000 SBC calls if the threshold is crossed, 2) configuring 806 in the SBC Alternative Routing Reasons table and 3) configuring an alternative routing rule. Notes: • If the device receives a SIP 408 response, an ICMP message, or no response, alternative routing is still performed even if the SBC Alternative Routing Reasons table is not configured.
Page 485: Configuring Sbc Routing Policy Rules
To determine the routing and manipulation rules for the SRD, you need to assign the Routing Policy to routing and manipulation rules. The figure below shows the configuration entities to which Routing Policies can be assigned: Version 7.0 Mediant 4000 SBC...
Page 486 Mediant 4000 SBC Typically, assigning a Routing Policy to a Classification rule is not required, as when an incoming call is classified it uses the Routing Policy associated with the SRD to which it belongs. However, if a Routing Policy is assigned to a Classification rule, it overrides the Routing Policy assigned to the SRD.
Page 487 Open the SBC Routing Policy table (Configuration tab > VoIP menu > SBC > Routing SBC > SBC Routing Policy). Click Add; the following dialog box appears: Figure 25-8: SBC Routing Policy Table - Add Row Dialog Box Version 7.0 Mediant 4000 SBC...
Page 488 Mediant 4000 SBC Configure the SBC Routing Policy rule according to the parameters described in the table below. Click Add. Table 25-5: SBC Routing Policy Table Parameter Descriptions Parameter Description Index Defines an index number for the new table row.
Page 489 Therefore, a call of 1 minute cost 7 units. Therefore, for calls under one minute, "Weekend A" carries the lower cost. However, if the average call duration is more than one minute, "Weekend B" carries the lower cost. Version 7.0 Mediant 4000 SBC...
Page 490 Mediant 4000 SBC This page is intentionally left blank. User's Manual Document #: LTRT-41730...
Page 491: Sbc Manipulations
IP Groups respectively (if any, in the IP Group table). Below is an example of a call flow and consequent SIP URI manipulations:  Incoming INVITE from LAN: INVITE sip:1000@10.2.2.3;user=phone;x=y;z=a SIP/2.0 Via: SIP/2.0/UDP 10.2.2.6;branch=z9hGLLLLLan From:<sip:7000@10.2.2.6;user=phone;x=y;z=a>;tag=OlLAN;paramer1 =abe To: <sip:1000@10.2.2.3;user=phone> Call-ID: USELLLAN@10.2.2.3 Version 7.0 Mediant 4000 SBC...
Page 492 Mediant 4000 SBC CSeq: 1 INVITE Contact: <sip:7000@10.2.2.3> Supported: em,100rel,timer,replaces Allow: REGISTER,OPTIONS,INVITE,ACK,CANCEL,BYE,NOTIFY,PRACK User-Agent: Sip Message Generator V1.0.0.5 Content-Type: application/sdp Content-Length: 155 o=SMG 791285 795617 IN IP4 10.2.2.6 s=Phone-Call c=IN IP4 10.2.2.6 t=0 0 m=audio 6000 RTP/AVP 8 a=rtpmap:8 pcma/8000 a=sendrecv a=ptime:20 ...
Page 493: Configuring Ip-To-Ip Inbound Manipulations
The IP Group table can be used to configure a host name that overwrites the received host name. This manipulation can be done for source and destination IP Groups (see ''Configuring IP Groups'' on page 342). Version 7.0 Mediant 4000 SBC...
Page 494 Mediant 4000 SBC The following procedure describes how to configure IP-to-IP Inbound Manipulation rules through interface. also configure through file (IPInboundManipulation) or CLI (configure voip > sbc manipulations ip-inbound- manipulation).  To configure an IP-to-IP Inbound Manipulation rule: Open the IP to IP Inbound Manipulation table (Configuration tab > VoIP menu > SBC >...
Page 495 Note: The prefix can be a single digit or a range of digits. For available notations, see ''Dialing Plan Notation for Routing and Manipulation'' on page 697. Source Host Defines the source SIP URI host name - full name (usually in the From CLI: src-host header). [IPInboundManipulation Version 7.0 Mediant 4000 SBC...
Page 496 Mediant 4000 SBC Parameter Description _SrcHost] The default is the asterisk (*) symbol (i.e., any host name). Destination Username Defines the prefix of the destination SIP URI user name, typically located Prefix in the Request-URI and To headers. CLI: dst-user-name-prefix The default is the asterisk (*) symbol (i.e., any destination username...
Page 497: Configuring Ip-To-Ip Outbound Manipulations
(IPOutboundManipulation) or CLI (configure voip > sbc manipulations ip-outbound- manipulation).  To configure IP-to-IP outbound manipulation rules: Open the IP to IP Outbound Manipulation table (Configuration tab > VoIP menu > SBC > Manipulations SBC > IP-to-IP Outbound). Version 7.0 Mediant 4000 SBC...
Page 498 Mediant 4000 SBC Click Add; the following dialog box appears: Figure 26-3: IP to IP Outbound Manipulation Table- Add Row Dialog Box Configure an IP-to-IP outbound manipulation rule according to the parameters described in the table below. Click Add. Table 26-2: IP to IP Outbound Manipulation Table Parameter Description...
Page 499 Prefix in the Request-URI and To headers. dst-user-name- The default value is the asterisk (*) symbol (i.e., any destination prefix username prefix). The prefix can be a single digit or a range of digits. For Version 7.0 Mediant 4000 SBC...
Page 500 Mediant 4000 SBC Parameter Description [IPOutboundManipulation available notations, see ''Dialing Plan Notation for Routing and _DestUsernamePrefix] Manipulation'' on page 697. Note: If you need to manipulate calls of many different destination URI user names, you can use tags (see 'Destination Tags' parameter below) instead of this parameter.
Page 501 'Manipulated Item' parameter to Calling Name, you can configure the parameter to a string of up 36 characters. Privacy Restriction Mode Determines user privacy handling (i.e., restricting source user identity in outgoing SIP dialogs). privacy- Version 7.0 Mediant 4000 SBC...
Page 502 Mediant 4000 SBC Parameter Description  [0] Transparent = (Default) No intervention in SIP privacy. restriction-mode  [1] Don't change privacy = The user identity remains the same as in [IPOutboundManipulation the incoming SIP dialog. If a restricted number exists, the restricted...
Page 503: Configuring Dial Plans
The Dial Plan itself is a set of dial plan rules having the following attributes:  Prefix: The prefix is matched against the source and/or destination number of the incoming SIP dialog-initiating request. Version 7.0 Mediant 4000 SBC...
Page 504 Mediant 4000 SBC  Tag: The tag corresponds to the matched prefix of the source and/or destination number and is the categorization result. You can use various syntax notations for configuring the prefix numbers in dial plan rules. You can configure the prefix as a complete number (all digits) or as a partial number using some digits and various syntax notations (patterns) to allow the device to match a dial pan rule for similar source and/or destination numbers.
Page 505 In the Dial Plan table, select the row for which you want to configure dial plan rules, and then click the Dial Plan Rule link located below the table; the Dial Plan Rule table appears. Version 7.0 Mediant 4000 SBC...
Page 506 Mediant 4000 SBC Click New; the following dialog box appears: Figure 27-3: Dial Plan Rule Table Configure a dial plan rule according to the parameters described in the table below. Click New, and then save ("burn") your settings to flash memory.
Page 507: Importing And Exporting Dial Plans
Plans 1 and 2, the rules of Dial Plan 1 in the imported file replace the rules of Dial Plan 1 on the device, and the rules of Dial Plan 2 on the device are deleted (the Dial Plan itself remains). The Dial Plan names in the imported file must be Version 7.0 Mediant 4000 SBC...
Page 508: Creating Dial Plan Files
Mediant 4000 SBC identical to the existing Dial Plan names on the device; otherwise, the specific Dial Plan is not imported. For creating Dial Plans in a CSV file for import, see 'Creating Dial Plan Files for Import' on page 508.
Page 509 'Source Tags' parameter (IP2IPRouting_SrcTags): tag denoting the calling user • 'Destination Tags' parameter (IP2IPRouting_DestTags): tag denoting the called user An example of a routing rule using a destination tag "LOC" is shown below: Figure 27-4: Assigning Tag to Routing Rule Version 7.0 Mediant 4000 SBC...
Page 510: Dial Plan Backward Compatibility
Mediant 4000 SBC 27.3.1 Dial Plan Backward Compatibility Note: This section is for backward compatibility only. It is recommended to migrate your Dial Plan configuration to the latest Dial Plan feature (see 'Using Dial Plan Tags for IP-to-IP Routing' on page 576).
Page 511 Click the Action tab, and then in the 'Remove from Left' or 'Remove from Right' fields (depending on whether you added the tag at the beginning or end of the URI user part, respectively), enter the number of characters making up the tag. Version 7.0 Mediant 4000 SBC...
Page 512: Using Dial Plan Tags For Outbound Manipulation
Mediant 4000 SBC 27.4 Using Dial Plan Tags for Outbound Manipulation You can use Dial Plan tags to denote source and/or destination URI user names in Outbound Manipulation rules in the IP-to-IP Outbound Manipulation table. The following procedure describes how to configure Outbound Manipulation based on tags.
Page 513: Advanced Sbc Features
To configure SBC emergency call preemption: In the Message Condition table, configure a Message Condition rule to identify incoming emergency calls. See above for examples. For more information on Message Conditions, see ''Configuring Message Condition Rules'' on page 470. Version 7.0 Mediant 4000 SBC...
Page 514: Emergency Call Routing Using Ldap To Obtain Elin
Mediant 4000 SBC Open the SBC General Settings page (Configuration tab > VoIP > SBC > SBC General Settings), and then scroll down the page to the Call Priority and Preemption group: Figure 28-2: Configuring Emergency SBC Call Preemption From the 'SBC Preemption Mode' drop-down list (SBCPreemptionMode), select Enable to enable the SBC call preemption feature.
Page 515: Webrtc
The figure below displays an example of a click-to-call application from a customer Web page, where the client needs to enter credentials (username and password) before placing the call. Version 7.0 Mediant 4000 SBC...
Page 516 The WebRTC feature is a license-dependent feature and is available only if it is included in the Software License Key that is installed on the device. For ordering the feature, please contact your AudioCodes sales representative. • The maximum concurrent WebRTC sessions (signaling-over-secure WebSocket and media-over-DTLS) supported by the device is 1,000.
Page 517 The WebRTC client uses a Web browser to visit the Web site page. The Web page receives Web page elements and JavaScript code for WebRTC from the Web hosting server. The JavaScript code runs locally on the Web browser. Version 7.0 Mediant 4000 SBC...
Page 518: Sip Over Websocket
Mediant 4000 SBC When the client clicks the Call button or call link, the browser runs the JavaScript code which sends the HTTP upgrade request for WebSocket in order to establish a WebSocket session with the device. The address of the device is typically included in the JavaScript code.
Page 519 Chrome side will stop the call, but the device will keep all of the call's resources open and the other side will have an active call with no voice. To prevent this, for the IP Profile associated with the WebRTC clients, configure the 'Broken Connection Mode' parameter to Disconnect. Version 7.0 Mediant 4000 SBC...
Page 520: Configuring Webrtc
Mediant 4000 SBC 28.3.2 Configuring WebRTC To support WebRTC, you need to perform special configuration settings for the device's SBC leg interfacing with the WebRTC client (i.e., Web browser). The following procedure describes the required configuration.  To configure WebRTC:...
Page 521: Call Forking
(with or without SDP).  Sequential: The device forwards all 18x responses to the INVITE-initiating UA, sequentially (one after another). If 18x arrives with an offer only, only the first offer is forwarded to the INVITE-initiating UA. Version 7.0 Mediant 4000 SBC...
Page 522: Call Forking-Based Ip-To-Ip Routing Rules
Mediant 4000 SBC The device also supports media synchronization for call forking. If the active UA is the first one to send the final response (e.g., 200 OK), the call is established and all other final responses are acknowledged and a BYE is sent if needed. If another UA sends the first final response, it is possible that the SDP answer that was forwarded to the INVITE- initiating UA is irrelevant and thus, media synchronization is needed between the two UAs.
Page 523: Call Survivability
Below is an example of an XML body received from the BroadWorks server: <?xml version="1.0" encoding="utf-8"?> <BroadsoftDocument version="1.0" content="subscriberData"> <phoneNumbers> <phoneNumber>2403645317</phoneNumber> <phoneNumber>4482541321</phoneNumber> </phoneNumbers> <aliases> <alias>sip:bob@broadsoft.com</alias> <alias>sip:rhughes@broadsoft.com</alias> </aliases> <extensions> <extension>5317</extension> <extension>1321</extension> </extensions> </BroadSoftDocument> Version 7.0 Mediant 4000 SBC...
Page 524: Broadsoft's Shared Phone Line Call Appearance For Sbc Survivability
Mediant 4000 SBC 28.5.2 BroadSoft's Shared Phone Line Call Appearance for SBC Survivability The device can provide redundancy for BroadSoft's Shared Call Appearance feature. When the BroadSoft application server switch (AS) fails or does not respond, or when the network connection between the device and the BroadSoft AS is down, the device manages the Shared Call Appearance feature for the SIP clients.
Page 525: Call Survivability For Call Centers
(such as IVR), the device routes the incoming calls received from the customer (i.e., from the TDM gateway) to the call center agents. Version 7.0 Mediant 4000 SBC...
Page 526 Mediant 4000 SBC In normal operation, the device registers the agents in its users registration database. Calls received from the TDM gateway are forwarded by the device to the application server, which processes the calls and sends them to specific call center agents, through the device.
Page 527 The figure below displays a routing rule example, assuming IP Group "1" represents the TDM Gateway and IP Group "3" represents the call center agents: Figure 28-9: Routing Rule Example for Call Center Survivability Version 7.0 Mediant 4000 SBC...
Page 528: Survivability Mode Display On Aastra Ip Phones
Mediant 4000 SBC 28.5.4 Survivability Mode Display on Aastra IP Phones If the SBC device is deployed in an Enterprise network with Aastra IP phones and connectivity with the WAN fails, the device provides call survivability by enabling communication between IP phone users within the LAN enterprise. In such a scenario, the device can be configured to notify the IP phones that it is currently operating in Survivability mode.
Page 529: Cloud Resilience Package
Part VI Cloud Resilience Package...
Page 531: Crp Overview
Distributed PBX or unified communications deployments The CRP application is based on the functionality of the SBC application, providing branch offices with call routing and survivability support similar to AudioCodes' Stand-Alone Survivability (SAS) application. CRP is implemented in a network topology where the...
Page 532 Mediant 4000 SBC Survivability Quality of Experience/Service Security registration process)  Survivability indication to IP phone  Call hold and retrieve  Call transfer (if IP phone initiates REFER)  Basic Shared Line Appearance (excluding correct busy line indications) ...
Page 533: Crp Configuration
Open the Applications Enabling page (Configuration tab > VoIP menu > Applications Enabling > Applications Enabling). From the 'CRP Application' drop-down list, select Enable. Click Submit, and then reset the device with a burn-to-flash for your settings to take effect. Version 7.0 Mediant 4000 SBC...
Page 534: Configuring Call Survivability Mode
Mediant 4000 SBC 30.2 Configuring Call Survivability Mode The CRP can be configured to operate in one of the following call survivability modes:  Normal (Default): The CRP interworks between the branch users and the IP PBX located at headquarters. The CRP forwards all requests (such as for registration) from the branch users to the IP PBX, and routes the calls based on the IP-to-IP routing rules.
Page 535  To configure the Call Survivability mode: Open the General Settings page (Configuration tab > VoIP menu > CRP > General Settings). From the 'CRP Survivability Mode' drop-down list, select the required mode. Click Submit. Version 7.0 Mediant 4000 SBC...
Page 536: Pre-Configured Ip Groups
Mediant 4000 SBC 30.3 Pre-Configured IP Groups For CRP, the device is pre-configured with the following IP Groups in the IP Group table: Table 30-1: Pre-configured IP Groups in the IP Group Table Index Type Description User Users Server Proxy...
Page 537: Pre-Configured Ip-To-Ip Routing Rules
''Configuring PSTN Fallback'' on page 540). This routing rule is used if the device can't find a matching destination user for IP Group 1 (User-type IP Group) in its registration database. If the CRPGatewayFallback parameter is disabled and no matching user is find, the device rejects the call. Version 7.0 Mediant 4000 SBC...
Page 538: Emergency Mode
Mediant 4000 SBC 30.4.2 Emergency Mode The pre-configured IP-to-IP routing rules for the Emergency CRP call survivability mode are shown in the table below: Table 30-3: Pre-Configured IP-to-IP Routing Rules for Emergency Mode Mode Index Source IP Request Destinatio Destinatio...
Page 539: Auto Answer To Registrations
For the routing rule of Index 2, the destination is the source IP Group (i.e., from where the REGISTER message was received). Index 7 appears only if the CRPGatewayFallback parameter is enabled (see ''Configuring PSTN Fallback'' on page 540). Version 7.0 Mediant 4000 SBC...
Page 540: Configuring Pstn Fallback
Mediant 4000 SBC 30.5 Configuring PSTN Fallback You can enable the CRP to route emergency calls (or PSTN-intended calls) such as "911" from the Proxy server (IP Group 2) to the PSTN (IP Group 3). In addition, for calls from the...
Page 541: High Availability System
Part VII High Availability System...
Page 543: Ha Overview
Auxiliary files. The active device also sends its software file (.cmp) if the redundant device is running a different software version. Once loaded to the redundant device, the redundant device reboots to apply the new Version 7.0 Mediant 4000 SBC...
Page 544: Device Switchover Upon Failure
Mediant 4000 SBC configuration and/or software. This ensures that the two units are synchronized regarding configuration and software. Note: If the active unit runs an earlier version (e.g., 6.8) than the redundant unit (e.g., 7.0), the redundant unit is downgraded to the same version as the active unit (e.g., 6.8).
Page 545 After HA switchover, the active device updates other hosts in the network about the new mapping of its Layer-2 hardware address to the global IP address, by sending a broadcast gratuitous Address Resolution Protocol (ARP) message. Version 7.0 Mediant 4000 SBC...
Page 546: Ha Status On The Home Page
Mediant 4000 SBC 31.3 HA Status on the Home Page The Home page of the device's Web interface displays the status of the HA system. The Home page provides a graphical display of both active and redundant devices.  Active device: •...
Page 547: Ha Configuration
Ethernet Group used by the Maintenance interface is as follows:  (Recommended Physical Connectivity) If the Maintenance ports of both devices are connected directly to each other without intermediation of switches, configure the mode to 2RX/1TX: Figure 32-1: Rx/Tx Mode for Direct Connection Version 7.0 Mediant 4000 SBC...
Page 548: Configuring The Ha Devices
Mediant 4000 SBC  If the two devices are connected through two (or more) isolated LAN switches (i.e., packets from one switch cannot traverse the second switch), configure the mode to 2RX/2TX: Figure 32-2: Redundancy Mode for Two Isolated Switches ...
Page 549: Step 1: Configure The First Device
Make sure that the Maintenance interface uses an Ethernet Device and Ethernet Group that is not used by any other IP network interface. The Ethernet Group is associated with the Ethernet Device assigned to the interface in the 'Underlying Device' field.. Version 7.0 Mediant 4000 SBC...
Page 550 Mediant 4000 SBC The Interface table below shows an example where the Maintenance interface is assigned to Ethernet Device "vlan 2" (which is associated with Ethernet Group "GROUP_2") in the 'Underlying Device' field, while the other interface is assigned to "vlan 1"...
Page 551: Step 2: Configure The Second Device
Once you have configured both devices for HA as described in the previous sections, follow the procedure below to complete and initialize HA so that the devices become operational in HA. This last stage applies to both devices. Version 7.0 Mediant 4000 SBC...
Page 552: Configuration While Ha Is Operational
Mediant 4000 SBC  To initialize the devices for HA: Cable the devices to the network. Note: You must connect both ports (two) in the Ethernet Group of the Maintenance interface to the network (i.e., two network cables are used). This provides 1+1 Maintenance port redundancy.
Page 553: Configuring Firewall Allowed Rules
The figure below displays an example of the required firewall rules. In this example, 10.31.4.61 is the Maintenance interface of the redundant device and 10.31.4.62 is the Maintenance interface of the active device. "HA_IF" is the name of the Maintenance interface. Figure 32-7: Allowed Firewall Rules for HA Version 7.0 Mediant 4000 SBC...
Page 554: Monitoring Ip Entity And Ha Switchover Upon Ping Failure
Mediant 4000 SBC 32.4 Monitoring IP Entity and HA Switchover upon Ping Failure The device can monitor a specified network entity, using pings. If the device does not receive a ping response from the entity, a switchover to the redundant device occurs. The switchover happens only if a ping was initially successful and then a subsequent ping failed.
Page 555 "Disabled by Eth groups error": when the number of Ethernet Groups in the redundant device becomes less than in the active device, the ping mechanism is disabled.  “Failed to be activated": Internal error (failed activating the ping mechanism). Version 7.0 Mediant 4000 SBC...
Page 556 Mediant 4000 SBC This page is intentionally left blank. User's Manual Document #: LTRT-41730...
Page 557: Ha Maintenance
Replacing a Failed Device If you need to replace a non-functional device with a new one, the new device must be configured exactly as the second device, as described in ''Configuring the HA Devices'' on page 548. Version 7.0 Mediant 4000 SBC...
Page 558: Forcing A Switchover
Mediant 4000 SBC 33.3 Forcing a Switchover If required, you can force a switchover between active and redundant units. For more information, see ''High Availability Maintenance'' on page 565. 33.4 Software Upgrade The following types of software upgrades are available on the HA system: ...
Page 559: Maintenance
Part VIII Maintenance...
Page 561: Basic Maintenance
Description'' on page 46) to indicate that a device reset is required. • After you reset the device, the Web GUI is displayed in Basic view (see ''Displaying Navigation Tree in Basic and Full View'' on page 47). Version 7.0 Mediant 4000 SBC...
Page 562 Mediant 4000 SBC  To reset the device: Open the Maintenance Actions page (see ''Basic Maintenance'' on page 561). Under the 'Reset Configuration' group, from the 'Burn To FLASH' drop-down list, select one of the following options: • Yes: The device's current configuration is saved (burned) to the flash memory prior to reset (default).
Page 563: Remotely Resetting Device Using Sip Notify
Under the Misc Parameters group, set the 'SIP Remote Rest' parameter to Enable. Click Submit. Note: This SIP Event header value is proprietary to AudioCodes. 34.3 Locking and Unlocking the Device The Lock and Unlock option allows you to lock the device so that it doesn't accept any new calls and maintains only the current calls.
Page 564: Saving Configuration
Mediant 4000 SBC Click the LOCK button; a confirmation message box appears requesting you to confirm device lock. Click OK to confirm device lock; if you set 'Graceful Option' to Yes, a lock icon is delayed and a window appears displaying the number of remaining calls and time. If you set 'Graceful Option' to No, the lock process begins immediately.
Page 565: High Availability Maintenance
When resetting the Redundant unit, the HA mode becomes temporarily unavailable.  To reset the Redundant unit: Open the High Availability Maintenance page: • Navigation menu tree: Maintenance tab > Maintenance menu > High Availability Maintenance Version 7.0 Mediant 4000 SBC...
Page 566 Mediant 4000 SBC • Toolbar: Click the Device Actions button, and then choose Reset Redundant Figure 35-2: High Availability Maintenance Page Under the 'Redundant Options' group, click Reset; a confirmation box appears requesting you to confirm. Click OK. User's Manual...
Page 567: Disconnecting Active Calls
Session ID. This is done in the CLI using the following commands (from basic command mode):  Disconnects all active calls: # clear voip calls  Disconnects active calls belonging to a specified Session ID: # clear voip calls <Session ID> Version 7.0 Mediant 4000 SBC...
Page 568 Mediant 4000 SBC This page is intentionally left blank. User's Manual Document #: LTRT-41730...
Page 569: Software Upgrade
''Locking and Unlocking the Device'' on page 563. • To delete installed Auxiliary files, see ''Viewing Device Information'' on page 619. Version 7.0 Mediant 4000 SBC...
Page 570: Loading Auxiliary Files Through Web Interface
Mediant 4000 SBC 37.1.1.1 Loading Auxiliary Files through Web Interface The following procedure describes how to load Auxiliary files through the Web interface.  To load Auxiliary files through the Web interface: Open the Load Auxiliary Files page (Maintenance tab > Software Update menu >...
Page 571: Loading Auxiliary Files Through Cli
Click the Delete button corresponding to the file that you want to delete; a confirmation message box appears. Click OK to confirm deletion. Reset the device with a burn-to-flash for your settings to take effect. Version 7.0 Mediant 4000 SBC...
Page 572: Call Progress Tones File
AudioCodes DConvert utility. For a description on converting a CPT ini file into a binary dat file, refer to the DConvert Utility User's Guide.
Page 573 1 to 128 Hz). • Signal Level [-dBm]: Level of the tone for AM tones. • AM Factor [steps of 0.02]: Amplitude modulation factor (valid range from 1 to 50). Recommended values from 10 to 25. Version 7.0 Mediant 4000 SBC...
Page 574: Prerecorded Tones File
Mediant 4000 SBC Notes: • When the same frequency is used for a continuous tone and a cadence tone, the 'Signal On Time' parameter of the continuous tone must have a value that is greater than the 'Signal On Time' parameter of the cadence tone. Otherwise, the continuous tone is detected instead of the cadence tone.
Page 575: Dial Plan File
37. Software Upgrade The prerecorded tones can be created using standard third-party, recording utilities such as Adobe Audition, and then combined into a single file (PRT file) using AudioCodes DConvert utility (refer to the document, DConvert Utility User's Guide for more information).
Page 576: Obtaining Ip Destination From Dial Plan File
Plans as required. Save the file with the ini file extension name (e.g., mydialplanfile.ini). Convert the ini file to a dat binary file, using AudioCodes DConvert utility. For more information, refer to DConvert Utility User's Guide. Load the converted file to the device, as described in ''Loading Auxiliary Files'' on page 569.
Page 577: User Information File
You can configure up to 3,000 users (table rows) in the SBC User Info table. The SBC User Info table can be configured using any of the following methods:  Web interface - see ''Configuring SBC User Info Table through Web Interface'' on page 578 Version 7.0 Mediant 4000 SBC...
Page 578 Mediant 4000 SBC  CLI - see Configuring SBC User Info Table through CLI on page 579  Loadable User Info file - see ''Configuring SBC User Info Table in Loadable Text File'' on page 580 37.1.6.2.1 Configuring SBC User Info Table through Web Interface The following procedure describes how to configure the SBC User Info table through the Web interface.
Page 579 (not-resgistered) ---- sbc-user-info-1 ---- local-user (SuePark) username (userSue) password (t6sn+un=) ip-group-id (1) status (not-resgistered)  To view a specific entry (example): (sip-def-proxy-and-reg)# user-info sbc-user-info <index, e.g., 0> (sbc-user-info-0)# display local-user (JohnDee) username (userJohn) password (s3fn+fn=) Version 7.0 Mediant 4000 SBC...
Page 580: Viewing The Installed User Info File Name
Mediant 4000 SBC ip-group-id (1) status (not-resgistered)  To search a user by local-user: (sip-def-proxy-and-reg)# user-info find <local-user, e.g., JohnDoe> JohnDee: Found at index 0 in SBC user info table, not registered 37.1.6.2.3 Configuring SBC User Info Table in Loadable Text File The SBC User Info table can be configured as a User Info file using a text-based file (*.txt).
Page 581: Amd Sensitivity File
The XML-to-binary format conversion can be done using AudioCodes DConvert utility. For more information on using this utility, refer to DConvert Utility User's Guide. Only one AMD Sensitivity file can be installed on the device.
Page 582: Installing The Software License Key
If you need a Software License Key for more than one device, repeat Step 1 for each device. Send the MAC address and/or serial number to your AudioCodes representative when requesting the required Software License Key. When you receive the new Software License Key file, check the file as follows: Open the file with any text-based program such as Notepad.
Page 583: Installing Software License Key Through Web Interface
User's Manual 37. Software Upgrade  AudioCodes EMS - refer to the EMS User’s Manual Note: When you install a new Software License Key, it is loaded to the device's non- volatile flash memory and overwrites the previously installed Software License Key.
Page 584: Installing Software License Key Through Cli
Open the Software License Key file and check that the "S/N" line appears. If it does not appear, contact AudioCodes. Verify that you have loaded the correct file. Open the file and ensure that the first line displays "[LicenseKeys]".
Page 585: Upgrading Sbc Capacity Licenses By License Pool Manager Server
Manager Server The device can receive SBC capacity licenses from a centralized pool of SBC resources managed by the License Pool Manager Server running on AudioCodes EMS. The License Pool Manager Server can dynamically allocate and de-allocate SBC capacity licenses from the pool to devices in the network to meet capacity demands of each device whenever required.
Page 586 Mediant 4000 SBC Figure 37-4: Software Upgrade Key Status Page Displaying SBC Licenses from License Pool Manager If communication with the License Pool Manager Server is lost for a long duration, the device discards the allocated SBC license (i.e., expires) and resets with its initial, "local"...
Page 587 If the device is allocated an SBC license by the License Pool Manager Server that exceeds the maximum number of sessions that it can support, the device sets the number of sessions to its maximum supported Version 7.0 Mediant 4000 SBC...
Page 588: Software Upgrade Wizard
Mediant 4000 SBC 37.4 Software Upgrade Wizard The Web interface's Software Upgrade Wizard lets you easily upgrade the device's software version (.cmp file). The wizard also provides you the option to load other files such as an ini file and Auxiliary files (e.g., Call Progress Tone / CPT file). However, loading a .cmp file is mandatory through the wizard and before you can load any other type of file,...
Page 589 If you upgraded your firmware (.cmp file) and the "SW version mismatch" message appears in the Syslog or Web interface, your Software License Key does not support the new .cmp file version. If this occurs, contact AudioCodes support for assistance.
Page 590 Mediant 4000 SBC • On the toolbar, click Device Actions, and then choose Software Upgrade Wizard. Figure 37-5: Start Software Upgrade Wizard Screen Click Start Software Upgrade; the wizard starts, prompting you to load a .cmp file: Note: At this stage, you can quit the Software Upgrade Wizard without having to reset the device, by clicking Cancel .
Page 591 Select the file, and then click Load File; the device loads the ini file. • Retain the existing configuration (default): Select the 'Use existing configuration' check box to use the current configuration (and do not select an ini file). Version 7.0 Mediant 4000 SBC...
Page 592 Mediant 4000 SBC • Restore configuration to factory defaults: Clear the 'Use existing configuration' check box (and do not select an ini file). Figure 37-6: Software Upgrade Wizard - Load INI File Note: If you use the wizard to load an ini file, parameters excluded from the ini file are assigned default values (according to the .cmp file running on the device) and...
Page 593 Click End Process to close the wizard; the Web Login dialog box appears. Enter your login username and password, and then click Login; a message box appears informing you of the new .cmp file version. Click OK; the Web interface becomes active, reflecting the upgraded device. Version 7.0 Mediant 4000 SBC...
Page 594: Backing Up And Loading Configuration File
Mediant 4000 SBC Backing Up and Loading Configuration File You can save a copy of the device's current configuration settings as a file on a local PC (ini file), remote server. This can be used as a backup file for your configuration. If needed, you can load the file to the device at a later stage to restore your configuration settings.
Page 595 Click the Load INI File button, and then at the prompt, click OK; the device uploads the file and then resets. Once complete, the Web Login screen appears, requesting you to enter your user name and password. Version 7.0 Mediant 4000 SBC...
Page 596 Mediant 4000 SBC This page is intentionally left blank. User's Manual Document #: LTRT-41730...
Page 597: Automatic Provisioning
Open the Application Settings page (Configuration tab > System menu > Application Settings). Figure 39-1: Enabling DHCP - Application Settings Page From the 'Enable DHCP" drop-down list, select Enable. Click Submit. To activate the DHCP process, reset the device. Version 7.0 Mediant 4000 SBC...
Page 598: Http-Based Provisioning
Mediant 4000 SBC The following shows an example of a configuration file for a Linux DHCP server (dhcpd.conf). The devices are allocated temporary IP addresses in the range 10.31.4.53 to 10.31.4.75. TFTP is assumed to be on the same computer as the DHCP server (alternatively, the "next-server"...
Page 599: Ftp- Based Provisioning
Provisioning'' on page 598 is that the protocol in the URL is "ftp" (instead of "http"). 39.1.4 Provisioning using AudioCodes EMS AudioCodes EMS server functions as a core-network provisioning server. The device's SNMP Manager should be configured with the IP address of the EMS server, using one of the methods detailed in the previous sections.
Page 600: Http/S-Based Provisioning Using The Automatic Update Feature
Mediant 4000 SBC 39.2 HTTP/S-Based Provisioning using the Automatic Update Feature The Automatic Update feature can be used for automatic provisioning of the device through HTTP/S. Automatic provisioning is useful for large-scale deployment of devices. In some cases, the devices are shipped to the end customer directly from the manufacturer. In other cases, they may pass through a staging warehouse.
Page 601: Triggers For Automatic Update
Upon receipt of an SNMP request from the provisioning server. • Upon receipt of a special SIP NOTIFY message from the provisioning server. The NOTIFY message includes an Event header with the AudioCodes proprietary value, "check-sync;reboot=false", as shown in the example below: NOTIFY sip:<user>@<dsthost> SIP/2.0 To: sip:<user>@<dsthost>...
Page 602: Access Authentication With Http Server
Mediant 4000 SBC To enable this feature through the Web interface: Open the Advanced Parameters page (Configuration tab > VoIP menu > SIP Definitions > Advanced Parameters). Under the Misc Parameters group, set the 'SIP Remote Reset' parameter to Enable.
Page 603 INIFileVersion or CLI command, configuration-version The device automatically populates these tag variables with actual values in the sent header. By default, the device sends the following in the User-Agent header: User-Agent: Mozilla/4.0 (compatible; AudioCodes; <NAME>;<VER>;<MAC>;<CONF>) For example, if you set AupdHttpUserAgent = MyWorld-<NAME>;<VER>(<MAC>), the device sends the following User-Agent header: User-Agent: MyWorld-Mediant;7.00.200.001(00908F1DD0D3)
Page 604 Mediant 4000 SBC Notes: • When this method is used, there is typically no need for the provisioning server to check the device’s current firmware version using the HTTP-User-Agent header. • The Automatic Update feature assumes that the Web server conforms to the HTTP standard.
Page 605: File Download Sequence
Therefore, this is a very important issue to take into consideration. Version 7.0 Mediant 4000 SBC...
Page 606: Cyclic Redundancy Check On Downloaded Configuration Files
Mediant 4000 SBC 39.2.7 Cyclic Redundancy Check on Downloaded Configuration Files You can enable the device to perform cyclic redundancy checks (CRC) on downloaded configuration files (ini) during the Automatic Update process. The CRC checks whether the content (raw data) of the downloaded file is different to the content of the previously downloaded file from the previous Automatic Update process.
Page 607 Place the files to download on the provisioning server. Make sure that their file names and extensions are based on the hardcoded string values specific to the file type for the <FILE> placeholder (e.g., "Site1_device.ini" for the ini file), as shown in the table below. Version 7.0 Mediant 4000 SBC...
Page 608: Automatic Update Configuration Examples
Mediant 4000 SBC File Template Keywords and Placeholder Values per File Type Keywords for Value Replacing File Type Template File <FILE> Placeholder ini file device.ini CMP file based on timestamp acmp autoFirmware.cmp User Info file usrinf userInfo.txt CMP file firmware.cmp Feature Key file fk.ini...
Page 609 # configure system (config-system)# automatic update (automatic-update)# voice-configuration 'http://www.company.com/config.ini' Enable Cyclical Redundancy Check (CRC) on downloaded ini file: ♦ ini File: AUPDCheckIfIniChanged = 1 ♦ CLI: # configure system (config-system)# automatic update (automatic-update)# crc-check regular Version 7.0 Mediant 4000 SBC...
Page 610: Automatic Update From Remote Servers
Mediant 4000 SBC Power down and then power up the device. 39.2.10.2 Automatic Update from Remote Servers This example describes how to configure the Automatic Update feature where files are stored and downloaded from different file server types. The example scenario includes the following: ...
Page 611: Automatic Update For Mass Deployment
MAC address, using the special string "<MAC>" in the URL, as described in ''MAC Address Placeholder in Configuration File Name'' on page 606.  Device queries the provisioning server daily at 24:00 (midnight) for software, configuration and Auxiliary files. Version 7.0 Mediant 4000 SBC...
Page 612 Mediant 4000 SBC  HTTP-based provisioning server at www.company.com for storing the files.  DNS server at 80.179.52.100 for resolving the domain name of the provisioning server.  To set up automatic provisioning for mass provisioning (example): Create a "master" configuration file template named "master_configuration.ini" with the following settings: •...
Page 613 InterfaceTable 0 = 6, 10, 10.15.7.95, 16, 10.15.0.1, 1, "Voice", 80.179.52.100, 0.0.0.0, "vlan 1"; [ \InterfaceTable ] ♦ CLI: # configure voip (config-voip)# interface network-if 0 (network-if-0)# primary-dns 80.179.52.100 Power down and then power up the device. Version 7.0 Mediant 4000 SBC...
Page 614 Mediant 4000 SBC This page is intentionally left blank. User's Manual Document #: LTRT-41730...
Page 615: Restoring Factory Defaults
# enable At the prompt, type the password again, and then press Enter: # Password: Admin At the prompt, type the following to reset the device to default settings, and then press Enter: # write factory Version 7.0 Mediant 4000 SBC...
Page 616: Restoring Factory Defaults Through Web Interface
Mediant 4000 SBC 40.2 Restoring Factory Defaults through Web Interface You can restore the device to factory defaults through the Web interface. Note: When restoring to factory defaults, you can preserve your IP network settings that are configured in the Interface table (see ''Configuring IP Network Interfaces'' on page 132), as described in the procedure below.
Page 617: Status, Performance Monitoring And Reporting
Part IX Status, Performance Monitoring and Reporting...
Page 619: System Status
The page also lists Auxiliary files that have been installed on the device and allows you to remove them (see ''Deleting Auxiliary Files'' on page 571).  To access the Device Information page:  Open the Device Information page (Status & Diagnostics tab > System Status menu > Device Information). Version 7.0 Mediant 4000 SBC...
Page 620: Viewing Ethernet Port Information
Mediant 4000 SBC 41.2 Viewing Ethernet Port Information The Ethernet Port Information page displays read-only information about the Ethernet Group connections. Note: If the device is operating in High-Availability mode, you can also view Ethernet port information of the redundant device, by opening the Redundant Ethernet Port Information page (Status &...
Page 621: Viewing Hardware Components Status
Page'' on page 60).  To view the status of the device's hardware components:  Open the Components Status page (Status & Diagnostics tab > System Status menu > Components Status). Figure 41-1: Components Status Page Version 7.0 Mediant 4000 SBC...
Page 622: Reporting Dsp Utilization Through Snmp Mib
Mediant 4000 SBC 41.4 Reporting DSP Utilization through SNMP MIB You can obtain information on the percentage of DSP resources utilized by the device, through the SNMP MIB table, acPMDSPUsage. You can also configure low and high DSP utilization thresholds...
Page 623: Carrier-Grade Alarms
Description: brief explanation of the reason of the alarm  Date: date and time that the alarm was generated You can view the next 20 alarms (if exist), by clicking the Go to page button. Version 7.0 Mediant 4000 SBC...
Page 624: Viewing History Alarms
Mediant 4000 SBC 42.2 Viewing History Alarms The Alarms History table displays a list of alarms that have been cleared (resolved). You can configure the maximum number of alarms displayed in the table, using the AlarmHistoryTableMaxSize ini file parameter. If the maximum is reached and a new alarm is added to the table, the oldest alarm is removed from the table to accommodate the new alarm.
Page 625: Performance Monitoring
As you increase the resolution, more data is displayed on the graph. The minimum resolution is about 30 seconds; the maximum resolution is about an hour. To pause the graph, click the Pause button; click Play to resume. Version 7.0 Mediant 4000 SBC...
Page 626: Viewing Quality Of Experience
Mediant 4000 SBC 43.2 Viewing Quality of Experience The Quality Of Experience page provides statistical information on calls per SRD or IP Group. The statistics can be further filtered to display incoming and/or outgoing call direction, and type of SIP dialog (INVITE, SUBSCRIBE, or all).
Page 627: Viewing Average Call Duration
Figure 43-3: Average Call Duration Graph From the 'SRD/IpGroup' drop-down list, select whether you want to view information for an SRD or IP Group. From the 'Index' drop-down list, select the SRD or IP Group index. Version 7.0 Mediant 4000 SBC...
Page 628 Mediant 4000 SBC Use the Zoom In button to increase the displayed time resolution or the Zoom Out button to decrease it. Instead of using these zoom buttons, you can use the slide ruler. As you increase the resolution, more data is displayed on the graph. The minimum resolution is about 30 seconds;...
Page 629: Voip Status
For configuring Ethernet Devices, see ''Configuring Underlying Ethernet Devices'' on page 129.  To view the configured and applied Ethernet Devices:  Open the Ethernet Device Status page (Status & Diagnostics tab > VoIP Status menu >Ethernet Device Status Table). Version 7.0 Mediant 4000 SBC...
Page 630: Viewing Static Routes Status
Mediant 4000 SBC 44.3 Viewing Static Routes Status The IP Routing Status table displays the status of the static routes. These are routes configured in the Static Route table (see ''Configuring Static IP Routing'' on page 140) and routes through the Default Gateway.
Page 631: Viewing Registration Status
Open the Registration Status page (Status & Diagnostics tab > VoIP Status menu > Registration Status). • Accounts Registration Status: ♦ Group Type: served IP Group ♦ Group Name: name of served IP Group, if applicable ♦ Status: "Registered" or "Unregistered" Version 7.0 Mediant 4000 SBC...
Page 632 Mediant 4000 SBC This page is intentionally left blank. User's Manual Document #: LTRT-41730...
Page 633: Reporting Information To External Party
Start Timestamp Stop Timestamp Call-ID Local Address (IP, Port & SSRC) Remote Address (IP, Port & SSRC) Session Description Payload Type Payload Description Sample Rate Frame Duration Frame Octets Frames per Packets Packet Loss Concealment Version 7.0 Mediant 4000 SBC...
Page 634 Mediant 4000 SBC Group Metric Name Silence Suppression State Jitter Buffer Jitter Buffer Adaptive Jitter Buffer Rate Jitter Buffer Nominal Jitter Buffer Max Jitter Buffer Abs Max Packet Loss Network Packet Loss Rate Jitter Buffer Discard Rate Burst Gap Loss...
Page 635 Open the RTP/RTCP Settings page (Configuration tab > VoIP menu > Media > RTP/RTCP Settings). The RTCP XR parameters are listed under the RTCP XR Settings group: Figure 45-1: RTCP XR Parameters in RTP/RTCP Settings Page Under the RTCP XR Settings group, configure the following: Version 7.0 Mediant 4000 SBC...
Page 636 Mediant 4000 SBC • 'Enable RTCP XR' (VQMonEnable) - enables voice quality monitoring and RTCP • 'Burst Threshold' (VQMonBurstHR) - defines the voice quality monitoring excessive burst alert threshold. • 'Delay Threshold' (VQMonDelayTHR) - defines the voice quality monitoring excessive delay alert threshold.
Page 637: Generating Call Detail Records
Call originator (Orig CDR field) - indicates the call direction (caller)  Call duration (Durat CDR field) - call duration (elapsed time) from call connect  Call time is based on SetupTime, ConnectTime and ReleaseTime CDR fields Version 7.0 Mediant 4000 SBC...
Page 638 Mediant 4000 SBC Table 45-2: Default CDR Fields for SBC Signaling CDR Field Name Description Format SBCReportType Report type: String  "CALL_START"  "CALL_CONNECT"  "CALL_END"  "DIALOG_START"  "DIALOG_END" EPTyp Endpoint type: String  "SBC" SIPMethod SIP message type...
Page 639 Call connect time String of up to 35 characters ReleaseTime Call release time String of up to 35 characters RedirectReason Redirect reason String of up to 15 characters RedirectURINum Redirection URI String of up to 41 characters Version 7.0 Mediant 4000 SBC...
Page 640 Mediant 4000 SBC CDR Field Name Description Format RedirectURINumBe Redirect URI number before String of up to 41 characters foreMap manipulation TxSigIPDiffServ Signaling IP DiffServ String of up to 15 characters IPGroup IP Group ID and name String of up to 40 characters...
Page 641: Cdr Fields For Sbc Media
Note: If the RTCP XR feature is unavailable (not licensed or disabled), this R-factor VoIP metric is not provided. Instead, the device sends the CDR field with the value 127, meaning that information is unavailable. Version 7.0 Mediant 4000 SBC...
Page 642: Cdr Fields For Locally Stored Sbc
Mediant 4000 SBC CDR Field Name Description RemoteRFactor Remote conversation quality Note: If the RTCP XR feature is unavailable (not licensed or disabled), this R-factor VoIP metric is not provided. Instead, the device sends the CDR field with the value 127, meaning that information is unavailable.
Page 643: Customizing Cdrs For Sbc Calls
CDR field. The table lets you configure up to 64 locally-stored CDR customization rules. For more information on storing CDRs on the device, see Storing CDRs on the Device on page 647. Version 7.0 Mediant 4000 SBC...
Page 644 Mediant 4000 SBC If you do not configure a CDR customization rule for a specific CDR, the device generates the CDR in a predefined default CDR format (see CDR Field Description on page 637). Notes: • The following standard RADIUS Attributes cannot be customized: 1 through 6, 18 through 20, 22, 23, 27 through 29, 32, 34 through 39, 41, 44, 52, 53, 55, 60 through 85, 88, 90, and 91.
Page 645 Redirect URI Before Manipulation; [206] SIP Method; [207] Direct Media; [208] Source Username; [209] Destination Username; [210] Source Username Before Manipulation; [211] Destination Username Before Manipulation; [212] Source Host; [213] Destination Host; [214] Source Host Before Manipulation; [215] Destination Host Before Manipulation. Version 7.0 Mediant 4000 SBC...
Page 646 Mediant 4000 SBC Parameter Description Title Defines a new name for the CDR field (for Syslog or local storage) or for the RADIUS Attribute prefix name (for RADIUS accounting) that you title selected in the 'Column Type' parameter. [SBCCDRFormat_Title] You can configure the name to be enclosed by apostrophes (single or double).
Page 647: Storing Cdrs On The Device
• protocol: protocol over which the file is sent (tftp, http, or https). For example: copy storage-history cdr-storage-history my_cdrs.csv to tftp://company.com/cdrs The following procedure describes how to configure local CDR storage through the Web interface. Version 7.0 Mediant 4000 SBC...
Page 648 Mediant 4000 SBC  To configure local CDR storage: Open the Logging Settings page (Configuration tab > System menu > Logging > Logging Settings), and then scroll down to the Local Storage group: Figure 45-4: CDR Local Storage on Logging Settings Page Configure the following parameters: •...
Page 649: Configuring Cdr Reporting
''Syslog, CDR and Debug Parameters'' on page 727. Click Submit. Note: If the CDR server IP address is not configured, the CDRs are sent to the Syslog server configured in ''Enabling Syslog'' on page 672. Version 7.0 Mediant 4000 SBC...
Page 650: Configuring Radius Accounting
Mediant 4000 SBC 45.3 Configuring RADIUS Accounting The device can send accounting data of SIP calls as call detail records (CDR) to a RADIUS Accounting server. CDR-based accounting messages can be sent upon call release, call connection and release, or call setup and release. For a list of the CDR attributes for RADIUS accounting, see the table following the procedure below.
Page 651 Table 45-5: Supported RADIUS Accounting CDR Attributes Vendor- Attribute Attribute Specific Value Description Example Name Attribute Format (VSA) ID Request Attributes user-name (Standard) Account number or String up 5421385747 Start Acc calling party number to 15 Stop Acc Version 7.0 Mediant 4000 SBC...
Page 652 Mediant 4000 SBC Vendor- Attribute Attribute Specific Value Description Example Name Attribute Format (VSA) ID or blank digits long nas-ip- (Standard) IP address of the Numeric 192.168.14. Start Acc address requesting device Stop Acc service-type (Standard) Type of service Numeric...
Page 653 Type - start (1) or stop Stop Acc Note: ‘start’ isn’t supported on the Calling Card application. acct-delay- (Standard) No. of seconds tried in Numeric Start Acc time sending a particular Stop Acc record Version 7.0 Mediant 4000 SBC...
Page 654 Mediant 4000 SBC Vendor- Attribute Attribute Specific Value Description Example Name Attribute Format (VSA) ID acct-input- (Standard) Number of octets Numeric Stop Acc octets received for that call duration ( applicable only if media anchoring) acct-output- (Standard) Number of octets sent...
Page 655 (4923 23) h323-remote-address = 212.179.22.214 (4923 1) h323-ivr-out = h323-incoming-conf-id:02102944 600a1899 3fd61009 0e2f3cc5 (4923 30) h323-disconnect-cause = 22 (0x16) (4923 27) h323-call-type = VOIP (4923 26) h323-call-origin = Originate (4923 24) h323-conf-id = 02102944 600a1899 3fd61009 0e2f3cc5 Version 7.0 Mediant 4000 SBC...
Page 656 Mediant 4000 SBC This page is intentionally left blank. User's Manual Document #: LTRT-41730...
Page 657: Diagnostics
Part X Diagnostics...
Page 659: Syslog And Debug Recording
Syslog'' on page 672). Enabling Syslog functionality is not required for rules that include Syslog messages in the DR sent to a Debug Recording server. • To configure the Syslog server's address, see ''Configuring Address of Syslog Version 7.0 Mediant 4000 SBC...
Page 660 Mediant 4000 SBC Server'' on page 672. To configure additional, global Syslog settings, see Configuring Syslog on page 664. • To configure the Debug Recording server's address, see ''Configuring Address of Debug Recording Server'' on page 675. • To configure additional, global CDR settings such as at what stage of the call the CDR is generated (e.g., start and end of call), see Configuring CDR Reporting on...
Page 661 CDR Only: The Syslog messages contain only CDRs (no system information and alerts).  [1] Debug Recording Server = (Default) The device generates DR packets based on the configured log filter and sends them to a user- defined Debug Recording server. Version 7.0 Mediant 4000 SBC...
Page 662 Mediant 4000 SBC Parameter Description  [2] Local Storage = The device generates CDRs based on the configured log filter and stores them locally on the device. For more information on local CDR storage, see Storing CDRs on the Device on page 647.
Page 663: Filtering Ip Network Traces
If the 'Value' field is undefined, the device records all IP traffic types. • You cannot use ip.addr or udp/tcp.port together with ip.src/dst or udp/tcp.srcport/dstport. For example, "ip.addr==1.1.1.1 and ip.src==2.2.2.2" is an invalid configuration value. Version 7.0 Mediant 4000 SBC...
Page 664: Configuring Syslog
Mediant 4000 SBC 46.2 Configuring Syslog This section describes the Syslog message format, how to configure and enable Syslog, and how to view the generated Syslog messages. For filtering Syslog messages for specific calls, see ''Configuring Log Filter Rules'' on page 659.
Page 665 Forked legs and alternative legs share the same session number. Note: You can configure the device to maintain the same SID value for calls traversing multiple AudioCodes' devices. For more information, see ''Maintaining Same Syslog SID/BID over Multiple Devices'' on page 667.
Page 666: Event Representation In Syslog Messages
96 is the number of times the device has reset.  Note: You can configure the device to maintain the same BID value for calls traversing multiple AudioCodes' devices. For more information, see ''Maintaining Same Syslog SID over Multiple Devices'' on page 667.
Page 667: Identifying Audiocodes Syslog Messages Using Facility Levels
Unknown Aggregation Payload Type Invalid Routing Flag Received 46.2.1.2 Identifying AudioCodes Syslog Messages using Facility Levels The device’s Syslog messages can easily be identified and distinguished from Syslog messages from other equipment, by setting its Facility level. The Facility levels of the device's Syslog messages are numerically coded with decimal values.
Page 668: Syslog Fields For Answering Machine Detection (Amd)
Mediant 4000 SBC use any of the "local use" facilities (0 through 7), according to RFC 3164. Implementing Facility levels is useful, for example, if you collect the device’s as well as other equipments’ Syslog messages on the same server. Therefore, in addition to filtering Syslog messages according to IP address, the messages can be filtered according to Facility level.
Page 669: Snmp Alarms In Syslog Messages
The device can report the following Web user activities:  Modifications of individual parameters, for example: 14:33:00.162 : 10.15.7.95 : Local 0 :NOTICE : [S=3403] [BID=3aad56:32] Activity Log: Max Login Attempts was changed from '3' to '2'. User: Admin. Session: HTTP (10.13.22.54) Version 7.0 Mediant 4000 SBC...
Page 670 Mediant 4000 SBC  Modifications of table fields, and addition and deletion of table rows, for example: 14:42:48.334 : 10.15.7.95 : NOTICE : [S=3546] [BID=3aad56:32] Activity Log: Classification - remove line 2. User: Admin. Session: HTTP (10.13.22.54)  Entered CLI commands (modifications of security-sensitive commands are logged without the entered value).
Page 671: Configuring Syslog Debug Level
No Debug. Once CPU resources are returned to normal, the device automatically changes the debug level back to its' original setting (i.e., Detailed). The threshold is configured by the DebugLevelHighThreshold parameter. Click Submit. Version 7.0 Mediant 4000 SBC...
Page 672: Configuring Address Of Syslog Server
Mediant 4000 SBC 46.2.4 Configuring Address of Syslog Server The following procedure describes how to configure the Syslog server's address to where the device sends the Syslog messages.  To configure the address of the Syslog server: Open the Syslog Settings page (Configuration tab > System menu > Syslog Settings).
Page 673: Viewing Syslog Messages
When debug recording is enabled and Syslog messages are also included in the debug recording, to view Syslog messages using Wireshark, you must install AudioCodes' Wireshark plug-in (acsyslog.dll). Once the plug-in is installed, the Syslog messages are decoded as "AC SYSLOG" and displayed using the "acsyslog" filter (instead of the regular "syslog"...
Page 674: Viewing Web User Activity Logs
• You can select the Syslog messages in this page, and copy and paste them into a text editor such as Notepad. This text file (txt) can then be sent to AudioCodes Technical Support for diagnosis and troubleshooting. 46.2.7 Viewing Web User Activity Logs If you have enabled the reporting of Web user activities, you can view logged activities in the Web interface's Activity Log table (read-only).
Page 675: Configuring Debug Recording
Click Submit. 46.3.2 Collecting Debug Recording Messages To collect debug recording packets, use the open source packet capturing program, Wireshark. AudioCodes proprietary plug-in files for Wireshark are required. Notes: • The default debug recording port is 925. You can change the port in Wireshark (Edit menu >...
Page 676 In the Filter field, type "acdr" (see the figure below) to view the debug recording messages. Note that the source IP address of the messages is always the OAMP IP address of the device. The device adds the header "AUDIOCODES DEBUG RECORDING" to each debug recording message, as shown below: User's Manual...
Page 677: Debug Capturing On Physical Voip Interfaces
TFTP or FTP server: # debug capture voip physical stop <TFTP/FTP server IP address> If no IP address is defined, the capture is saved on the device for later retrieval. Version 7.0 Mediant 4000 SBC...
Page 678 Mediant 4000 SBC This page is intentionally left blank. User's Manual Document #: LTRT-41730...
Page 679: Creating Core Dump And Debug Files Upon Device Crash
The core dump can either be included in or excluded from the debug file, or alternatively, sent separately to a TFTP server. You can then provide the files to AudioCodes support team for troubleshooting. ...
Page 680 Mediant 4000 SBC The following procedure describes how to retrieve the debug file from the device through the Web interface.  To save the debug file from the device:  In the Debug Utilities page, click the Save Debug File button.
Page 681: Testing Sip Signaling Calls
By default, you can configure up to five test calls. However, this number can be increased by installing the relevant Software License Key. For more information, contact your AudioCodes sales representative. The following procedure describes how to configure test calls through the Web interface.
Page 682 Mediant 4000 SBC Click Add; the following dialog box appears: Figure 48-1: Test Call Table - Add Row Dialog Box Configure a test call according to the parameters described in the table below. Click Add, and then save ("burn") your settings to flash memory.
Page 683  [-1] = Not configured (default) dst-transport  [0] UDP [Test_Call_DestTrans  [1] TCP portType]  [2] TLS Note: The parameter is applicable only if the 'Route By' parameter is set to [2] (Dest Address). Version 7.0 Mediant 4000 SBC...
Page 684 Mediant 4000 SBC Parameter Description QoE Profile Assigns a QoE Profile to the test call. qoe-profile By default, no value is defined (None). [Test_Call_QOEProfil To configure QoE Profiles, see ''Configuring Quality of Experience Profiles'' on page 307. Bandwidth Profile Assigns a Bandwidth Profile to the test call.
Page 685 Defines the interval (in minutes) between automatic outgoing test calls. schedule- The valid value range is 0 to 100000. The default is 0 (i.e., scheduling is interval disabled). [Test_Call_ScheduleI Note: The parameter is applicable only if 'Call Party' is set to Caller. nterval] Version 7.0 Mediant 4000 SBC...
Page 686: Starting And Stopping Test Calls
Mediant 4000 SBC 48.2 Starting and Stopping Test Calls The following procedure describes how to start, stop, and restart test calls.  To start, stop, and restart a test call: In the Test Call table, select the required test call entry; the Actions button appears above the table.
Page 687: Viewing Test Call Statistics
Average CPS: Average calls per second.  Test Status: Displays the status (brief description) as displayed in the 'Test Status' field (see ''Starting, Stopping and Restarting Test Calls'' on page 686).  Average CPS: Average calls per second. Version 7.0 Mediant 4000 SBC...
Page 688 Mediant 4000 SBC  Detailed Status: Displays a detailed description of the test call status: • "Idle": test call is currently not active. • "Scheduled - Established Calls: <number of established calls>, ASR: <%>": test call is planned to run (according to 'Schedule Interval' parameter settings) and also shows the following summary of completed test calls: ♦...
Page 689: Configuring Dtmf Tones For Test Calls
The device removes this prefix, enabling it to route the call according to the IP-to- IP Routing rules to the external proxy/registrar, instead of directly to the simulated endpoint. Only when the device receives the call from the proxy/registrar, does it route the call to the simulated endpoint. Version 7.0 Mediant 4000 SBC...
Page 690 Mediant 4000 SBC The figure below displays an example of an SBC test call: Figure 48-4: SBC Test Call Example The call is received from the remote endpoint with the called number prefix "8101". As the 'SBC Test ID' parameter is set to "8", the device identifies this call as a test call and removes the digit "8"...
Page 691: Test Call Configuration Examples
The test call is done between two AudioCodes devices - Device A and Device B - with simulated test endpoints. This eliminates the need for phone users, who would otherwise need to answer and end calls many times for batch testing.
Page 692 Mediant 4000 SBC ♦ SIP Interface: SIPInterface_0 ♦ Call Party: Caller ♦ Maximum Channels for Session: "3" (configures three endpoints - "101", "102" and "103) ♦ Call Duration: "5" (seconds) ♦ Calls per Sec: "1" ♦ Test Mode: Continuous ♦...
Page 693: Pinging A Remote Host Or Ip Address
IPv4 address. The ping is done using the following CLI command: # ping <IPv4 ip address or host name> source [voip|data] interface For a complete description of the ping command, refer to the CLI Reference Guide. Version 7.0 Mediant 4000 SBC...
Page 694 Mediant 4000 SBC This page is intentionally left blank. User's Manual Document #: LTRT-41730...
Page 695: Appendix
Part XI Appendix...
Page 697: Dialing Plan Notation For Routing And Manipulation
4 to 8, and suffix is 234, 235, or 236. The entered value would be the following: [4-8](23[4,5,6]). [n-m] or (n-m) Represents a range of numbers. Examples:  To depict prefix numbers from 5551200 to 5551300: Version 7.0 Mediant 4000 SBC...
Page 698 Mediant 4000 SBC Notation Description  [5551200-5551300]#  To depict prefix numbers from 123100 to 123200:  123[100-200]#  To depict prefix and suffix numbers together:  03(100): for any number that starts with 03 and ends with 100. ...
Page 699 "x" wildcards (e.g., xx165xxxxx#); the prefix to add to the number would include the HEX values (e.g., +49 \287303\29 165-). Below is a list of common ASCII characters and their corresponding HEX values: ASCII Character HEX Value Version 7.0 Mediant 4000 SBC...
Page 700 Mediant 4000 SBC This page is intentionally left blank. User's Manual Document #: LTRT-41730...
Page 701: Configuration Parameters Reference
The default is 0.0.0.0 (i.e., the device can be accessed from any IP address). For example: WebAccessList_0 = 10.13.2.66 WebAccessList_1 = 10.13.77.7 For a description of the parameter, see ''Configuring Web and Telnet Access List'' on page 73. Version 7.0 Mediant 4000 SBC...
Page 702: Web Parameters
Mediant 4000 SBC 51.1.2 Web Parameters The Web parameters are described in the table below. Table 51-2: Web Parameters Parameter Description Enable web access from Enables Web access from any of the device's IP network interfaces. all interfaces This feature applies to HTTP and HTTPS protocols.
Page 703 Password acSysWEBAccessUserCode: username/old/new [WelcomeMessage] Enables and defines a Welcome message that appears on the Web Login page for logging in to the Web interface. The format of the ini file table parameter is: [WelcomeMessage ] Version 7.0 Mediant 4000 SBC...
Page 704: Telnet Parameters
Mediant 4000 SBC Parameter Description FORMAT WelcomeMessage_Index = WelcomeMessage_Text [\WelcomeMessage] For Example: FORMAT WelcomeMessage_Index = WelcomeMessage_Text WelcomeMessage 1 = "**********************************" ; WelcomeMessage 2 = "********* This is a Welcome message ***" ; WelcomeMessage 3 = "**********************************" ; Notes:  Each index row represents a line of text in the Welcome message box.
Page 705: Ini File Parameters
Defines the textual name of the interface. The value is equal to the ifAlias SNMP MIB object. The valid range is a string of up to 64 characters. Enables the device to send NAT keep-alive traps to the port of the auto-send-keep-alive Version 7.0 Mediant 4000 SBC...
Page 706 Parameter Description [SendKeepAliveTrap] SNMP network management station (e.g., AudioCodes EMS). This is used for NAT traversal, and allows SNMP communication with AudioCodes EMS management platform, located in the WAN, when the device is located behind NAT. It is needed to keep the NAT pinhole open for the SNMP messages sent from EMS to the device.
Page 707 The valid value is a string of up to 19 characters that can include only the following: [SNMPReadOnlyCommunityStri  ng_x] Upper- and lower-case letters (a to z, and A to Z)  Numbers (0 to 9) Version 7.0 Mediant 4000 SBC...
Page 708 Mediant 4000 SBC Parameter Description  Hyphen (-)  Underline (_) For example, "Public-comm_string1". The default is "public". Community String - Read / Write Defines a read-write SNMP community string. Up to five read-write community strings can be configured. configure system > snmp >...
Page 709: Serial Parameters
Note: For the parameter to take effect, a device reset is required. [SerialFlowControl] Defines the serial communication flow control.  [0] = (Default) None  [1] = Hardware Note: For the parameter to take effect, a device reset is required. Version 7.0 Mediant 4000 SBC...
Page 710: Auxiliary And Configuration File Name Parameters
Dial Plan File Defines the name of the Dial Plan file. This file should be created using AudioCodes DConvert utility (refer to DConvert Utility User's Guide). [DialPlanFileName] For the ini file, the name must be enclosed by single apostrophes, for example, 'dial_plan.dat'.
Page 711: Automatic Update Parameters
The device automatically populates these tag variables with actual values in the sent header. By default, the device sends the following in the User- Agent header: User-Agent: Mozilla/4.0 (compatible; AudioCodes; <NAME>;<VER>;<MAC>;<CONF>) For example, if you set AupdHttpUserAgent = MyWorld- <NAME>;<VER>(<MAC>), the device sends the following User-Agent...
Page 712 Mediant 4000 SBC Parameter Description Notes:  The variable tags are case-sensitive.  If you configure the parameter with the <CONF> variable tag, you must reset the device with a burn-to-flash for your settings to take effect.  The tags can be defined in any order.
Page 713 ''MAC Address Placeholder in Configuration File Name'' on page 606. This option allows the loading of specific configurations for specific devices.  The maximum length of the URL address is 99 characters. Version 7.0 Mediant 4000 SBC...
Page 714 Mediant 4000 SBC Parameter Description prerecorded-tones Defines the name of the Prerecorded Tones (PRT) file and the path to the server (IP address or FQDN) on which it is located. [PrtFileURL] For example: http://server_name/file, https://server_name/file. Note: The maximum length of the URL address is 99 characters.
Page 715: Networking Parameters
The format of the ini file table parameter is as follows: [ DeviceTable ] FORMAT DeviceTable_Index = DeviceTable_VlanID, DeviceTable_UnderlyingInterface, DeviceTable_DeviceName, DeviceTable_Tagging; [ \DeviceTable ] For a detailed description of the table, see Configuring Underlying Ethernet Devices on page 129. Version 7.0 Mediant 4000 SBC...
Page 716: Multiple Voip Network Interfaces And Vlan Parameters
Mediant 4000 SBC 51.2.2 Multiple VoIP Network Interfaces and VLAN Parameters The IP network interfaces and VLAN parameters are described in the table below. Table 51-10: IP Network Interfaces and VLAN Parameters Parameter Description Interface Table Interface Table The table configures the Interface table.
Page 717: Quality Of Service Parameters
Global parameter that defines the DiffServ value for Premium Control CoS content (Call Control applications). You can also configure this control-qos functionality per specific calls, using IP Profiles (IpProfile_SigIPDiffServ). [PremiumServiceClassCo For a detailed description of the parameter and for configuring this Version 7.0 Mediant 4000 SBC...
Page 718: Nat Parameters
Mediant 4000 SBC Parameter Description ntrolDiffServ] functionality in the IP Profile table, see ''Configuring IP Profiles'' on page 386. Note: If this functionality is configured for a specific IP Profile, the settings of this global parameter is ignored for calls associated with the IP Profile.
Page 719 (in seconds). Therefore, the parameter is applicable only if the SendKeepAliveTrap parameter is set to 1. The parameter is used to allow SNMP communication with AudioCodes EMS management platform, located in the WAN, when the device is located behind NAT.
Page 720: Dns Parameters
Mediant 4000 SBC 51.2.6 DNS Parameters The Domain name System (DNS) parameters are described in the table below. Table 51-14: DNS Parameters Parameter Description Internal DNS Table Internal DNS Table The table defines the internal DNS table for resolving host names into IP addresses.
Page 721: Dhcp Parameters
DhcpServer_SubnetMask, DhcpServer_LeaseTime, DhcpServer_DNSServer1, DhcpServer_DNSServer2, DhcpServer_NetbiosNameServer, DhcpServer_NetbiosNodeType, DhcpServer_NTPServer1, DhcpServer_NTPServer2, DhcpServer_TimeOffset, DhcpServer_TftpServer, DhcpServer_BootFileName, DhcpServer_ExpandBootfileName, DhcpServer_OverrideRouter, DhcpServer_SipServer, DhcpServer_SipServerType; [ \DhcpServer ] For a detailed description of the table, see Configuring the Device's DHCP Server. DHCP Vendor Class Table Version 7.0 Mediant 4000 SBC...
Page 722 Mediant 4000 SBC Parameter Description DHCP Vendor Class table Defines Vendor Class Identifier (VCI) names (DHCP Option 60) for the device's DHCP server. Only if the DHCPDiscover request message, configure voip > received from the DHCP client, contains this value does the device dhcp vendor-class provide DHCP services.
Page 723: Ntp And Daylight Saving Time Parameters
Note: The offset setting is applied only on the hour. For example, if you configure the parameter at 15:42, the device applies the setting only at 16:00. Daylight Saving Time Enables daylight saving time (DST).  [0] Disable (default) summer-time  [1] Enable [DayLightSavingTimeEnab Version 7.0 Mediant 4000 SBC...
Page 724 Mediant 4000 SBC Parameter Description Start Time / Day of Month Defines the date and time when DST begins. This value can be Start configured using any of the following formats:  start Day of year - mm:dd:hh:mm, where: ...
Page 725: Debugging And Diagnostics Parameters
Defines the DTMF tone that is played for answered test calls (incoming and outgoing). testcall-dtmf- string The DTMF string can be up to 15 strings. The default is "3212333". If no string is defined (empty), DTMF is not played. [TestCallDtmfString] Version 7.0 Mediant 4000 SBC...
Page 726 Mediant 4000 SBC Parameter Description Test Call ID Defines the test call prefix number (ID) of the simulated phone on the device. Incoming calls received with this called prefix number are testcall-id identified as test calls. [TestCallID] This can be any string of up to 15 characters. By default, no number is defined.
Page 727: Syslog, Cdr And Debug Parameters
Syslog messages to the Syslog server. [CDRSyslogServerIP] Notes:  The CDR messages are sent to UDP port 514 (default Syslog port).  This mechanism is active only when Syslog is enabled (i.e., the parameter EnableSyslog is set to 1). Version 7.0 Mediant 4000 SBC...
Page 728 Mediant 4000 SBC Parameter Description CDR Report Level Enables signaling-related CDRs to be sent to a Syslog server and determines the call stage at which they are sent. cdr-report-level  [0] None = (Default) CDRs are not used. [CDRReportLevel] ...
Page 729 Debug Level High Defines the threshold (in percentage) for automatically switching to a Threshold different debug level, depending on CPU usage. The parameter is applicable only if the 'Syslog CPU Protection' parameter is enabled. debug-level-high- Version 7.0 Mediant 4000 SBC...
Page 730 Mediant 4000 SBC Parameter Description threshold The valid value is 0 to 100. The default is 90. [DebugLevelHighThreshol The debug level is changed upon the following scenarios:  CPU usage equals threshold: Debug level is reduced one level.  CPU usage is at least 5% greater than threshold: Debug level is reduced another level.
Page 731 Destination IP configure system > logging > dbg-rec- dest-ip [DebugRecordingDestIP] Debug Recording Defines the UDP port of the server for capturing debug recording. The Destination Port default is 925. configure system > logging > dbg-rec- Version 7.0 Mediant 4000 SBC...
Page 732: Resource Allocation Indication Parameters
Mediant 4000 SBC Parameter Description dest-port [DebugRecordingDestPort] Enable Core Dump Enables the automatic generation of a Core Dump file upon a device crash. [EnableCoreDump]  [0] Disable (disable)  [1] Enable Core Dump Destination IP Defines the IP address of the remote server where you want the device to send the Core Dump file.
Page 733: Ha Parameters
Therefore, whenever possible, the highest priority device is the active one. For more information on the HA switchover mechansim, see Device Switchover upon Failure on page 544. Version 7.0 Mediant 4000 SBC...
Page 734 Mediant 4000 SBC Parameter Description HA Priority Defines the priority of the device used in the HA Revertive mechanism. configure system > The valid value is 1 (lowest priority) to 10 (highest priority). The default is high-availability > priority Note: [HAPriority] ...
Page 735: Security Parameters
(first latched onto) IP address:port is received at any time, the device latches onto this stream.  [2] Dynamic-Strict = Device latches onto the first stream. If it receives at least a minimum number of consecutive packets (configured by Version 7.0 Mediant 4000 SBC...
Page 736 Mediant 4000 SBC Parameter Description New<media type>StreamPackets) all from the same source which is different to the first stream and the device has not received packets from the current stream for a user-defined period (TimeoutToRelatch<media type>Msec), it latches onto the next packet received from any other stream.
Page 737: Https Parameters
Notes:  For the parameter to take effect, a device reset is required.  For a description on implementing client certificates, see ''TLS for Remote Device Management'' on page 114. Version 7.0 Mediant 4000 SBC...
Page 738: Srtp Parameters
Mediant 4000 SBC 51.5.3 SRTP Parameters The Secure Real-Time Transport Protocol (SRTP) parameters are described in the table below. Table 51-24: SRTP Parameters Parameter Description Media Security Enables Secure Real-Time Transport Protocol (SRTP).  [0] Disable (default) media-security- enable ...
Page 739: Tls Parameters
# [ TLSContexts ] FORMAT TLSContexts_Index = TLSContexts_Name, [TLSContexts] TLSContexts_TLSVersion, TLSContexts_ServerCipherString, TLSContexts_ClientCipherString, TLSContexts_OcspEnable, TLSContexts_OcspServerPrimary, TLSContexts_OcspServerSecondary, TLSContexts_OcspServerPort, TLSContexts_OcspDefaultResponse; [ \TLSContexts ] For a detailed description of the table, see ''Configuring TLS Certificate Contexts'' on page 103. Version 7.0 Mediant 4000 SBC...
Page 740 Mediant 4000 SBC Parameter Description TLS Client Re- Defines the time interval (in minutes) between TLS Re-Handshakes Handshake Interval initiated by the device. tls-re-hndshk-int The interval range is 0 to 1,500 minutes. The default is 0 (i.e., no TLS Re- Handshake).
Page 741 The valid value is 0 to 3650. The default is 60. TLS Expiry Check Period Defines the periodical interval (in days) for checking the TLS server certificate expiry date. expiry-check- period The valid value is 1 to 3650. The default is 7. [TLSExpiryCheckPeriod] Version 7.0 Mediant 4000 SBC...
Page 742: Ssh Parameters
Mediant 4000 SBC 51.5.5 SSH Parameters Secure Shell (SSH) parameters are described in the table below. Table 51-26: SSH Parameters Parameter Description Enable SSH Server Enables the device's embedded SSH server.  [0] Disable (default)  [1] Enable [SSHServerEnable] Server Port Defines the port number for the embedded SSH server.
Page 743: Ids Parameters
The format of the ini file parameter is: [ IDSMatch ] FORMAT IDSMatch_Index = IDSMatch_SIPInterface, IDSMatch_ProxySet, IDSMatch_Subnet, IDSMatch_Policy; [ \IDSMatch ] For a detailed description of the table, see ''Assigning IDS Policies'' on page 174. Version 7.0 Mediant 4000 SBC...
Page 744: Ocsp Parameters
Mediant 4000 SBC 51.5.7 OCSP Parameters The Online Certificate Status Protocol (OCSP) parameters are described in the table below. Table 51-28: OCSP Parameters Parameter Description Enable OCSP Server Enables or disables certificate checking using OCSP.  [0] Disable (default) enable ...
Page 745: Quality Of Experience Parameters
[1] Report QoE At End Call Note: If a QoE traffic overflow between SEM and the device occurs, the device sends the QoE data only at the end of the call, regardless of the settings of the parameter. Version 7.0 Mediant 4000 SBC...
Page 746 Mediant 4000 SBC Parameter Description Quality of Experience Profile Table Quality of Experience The table defines Quality of Experience Profiles. Profile The format of the ini file table parameter is as follows: configure voip/qoe [QOEProfile] qoe-profile FORMAT QOEProfile_Index = QOEProfile_Name, [QOEProfile] QOEProfile_SensitivityLevel;...
Page 747 The format of the ini file table parameter is as follows: configure voip/qoe [MediaEnhancementRules] media-enhancement- FORMAT MediaEnhancementRules_Index = rules MediaEnhancementRules_MediaEnhancementProfile, [MediaEnhancementRule MediaEnhancementRules_RuleIndex, MediaEnhancementRules_Trigger, MediaEnhancementRules_Color, MediaEnhancementRules_ActionRule, MediaEnhancementRules_ActionValue; [\MediaEnhancementRules] For a detailed description of the table, see ''Configuring Media Enhancement Profiles'' on page 314. Version 7.0 Mediant 4000 SBC...
Page 748: Control Network Parameters
Mediant 4000 SBC 51.7 Control Network Parameters 51.7.1 IP Group, Proxy, Registration and Authentication Parameters The proxy server, registration and authentication SIP parameters are described in the table below. Table 51-30: Proxy, Registration and Authentication SIP Parameters Parameter Description IP Group Table IP Group Table This table configures IP Groups.
Page 749 Note: The parameter is applicable only if a Proxy server is used (i.e., the parameter IsProxyUsed is set to 1). DNS Query Type Enables the use of DNS Naming Authority Pointer (NAPTR) and Service Record (SRV) queries to resolve Proxy and Registrar servers and to dns-query Version 7.0 Mediant 4000 SBC...
Page 750 Mediant 4000 SBC Parameter Description [DNSQueryType] resolve all domain names that appear in the SIP Contact and Record- Route headers.  [0] A-Record = (Default) No NAPTR or SRV queries are performed.  [1] SRV = If the Proxy/Registrar IP address parameter, Contact/Record-Route headers, or IP address configured in the routing tables contain a domain name, an SRV query is performed.
Page 751  Challenge caching is used with all proxies and not only with the active one.  The challenge can be cached per Account or per user whose credentials are known through the User Info table. Version 7.0 Mediant 4000 SBC...
Page 752 Mediant 4000 SBC Parameter Description Proxy Address Table Proxy IP Table The table defines proxy addresses per Proxy Set. configure voip > The format of the ini file table parameter is as follows: voip-network proxy- [ProxyIP] FORMAT ProxyIp_Index = ProxyIp_ProxySetId, ProxyIp_ProxyIpIndex, [ProxyIP] ProxyIp_IpAddress, ProxyIp_TransportType;...
Page 753 - set to an empty value  response - set to an empty value For example: Authorization: Digest username=alice_private@home1.net, realm=”home1.net”, nonce=””, response=”e56131d19580cd833064787ecc” Note: This registration header is according to the IMS 3GPP TS24.229 and PKT-SP-24.220 specifications. Version 7.0 Mediant 4000 SBC...
Page 754 Mediant 4000 SBC Parameter Description Add initial Route Header Enables the inclusion of the SIP Route header in initial registration or re- registration (REGISTER) requests sent by the device. add-init-rte-hdr  [0] Disable (default) [InitialRouteHeader]  [1] Enable When the device sends a REGISTER message, the Route header...
Page 755: Network Application Parameters
For a detailed description of the table, see ''Configuring SRDs'' on page 325. SIP Interface Table SIP Interface Table Defines SIP Interfaces. The format of the ini file table parameter is as follows: configure voip > voip-network sip- [ SIPInterface ] interface FORMAT SIPInterface_Index = SIPInterface_InterfaceName, Version 7.0 Mediant 4000 SBC...
Page 756 Mediant 4000 SBC Parameter Description [SIPInterface] SIPInterface_NetworkInterface, SIPInterface_ApplicationType, SIPInterface_UDPPort, SIPInterface_TCPPort, SIPInterface_TLSPort, SIPInterface_SRDName, SIPInterface_MessagePolicyName, SIPInterface_TLSContext, SIPInterface_TLSMutualAuthentication, SIPInterface_TCPKeepaliveEnable, SIPInterface_ClassificationFailureResponseType, SIPInterface_PreClassificationManSet, SIPInterface_EncapsulatingProtocol, SIPInterface_MediaRealm, SIPInterface_SBCDirectMedia, SIPInterface_BlockUnRegUsers, SIPInterface_MaxNumOfRegUsers, SIPInterface_EnableUnAuthenticatedRegistrations, SIPInterface_UsedByRoutingServer; [ \SIPInterface ] For a detailed description of the table, see ''Configuring SIP Interfaces'' on page 336.
Page 757 The format of the ini file table parameter is as follows: [ MediaRealmExtension ] FORMAT MediaRealmExtension_Index = MediaRealmExtension_MediaRealmIndex, MediaRealmExtension_ExtensionIndex, MediaRealmExtension_IPv4IF, MediaRealmExtension_IPv6IF, MediaRealmExtension_PortRangeStart, MediaRealmExtension_PortRangeEnd, MediaRealmExtension_MediaSessionLeg; [ \MediaRealmExtension ] For a detailed description of the table, see ''Configuring Media Realm Extensions'' on page 322. Version 7.0 Mediant 4000 SBC...
Page 758: General Sip Parameters
(if Automatic Update has been enabled on the device)  'check-sync;reboot=true': triggers a device reset Note: The Event header value is proprietary to AudioCodes. Max SIP Message Length Defines the maximum size (in Kbytes) for each SIP message that can be [KB] sent over the network.
Page 759 The X-RTP-Stat header contains the following fields:  PS=<voice packets sent>  OS=<voice octets sent>  PR=<voice packets received>  OR=<voice octets received>  PL=<receive packet loss>  JI=<jitter in ms>  LA=<latency in ms> Version 7.0 Mediant 4000 SBC...
Page 760 Mediant 4000 SBC Parameter Description Below is an example of the X-RTP-Stat header in a SIP BYE message: BYE sip:302@10.33.4.125 SIP/2.0 Via: SIP/2.0/UDP 10.33.4.126;branch=z9hG4bKac2127550866 Max-Forwards: 70 From: <sip:401@10.33.4.126;user=phone>;tag=1c2113553324 To: <sip:302@company.com>;tag=1c991751121 Call-ID: 991750671245200001912@10.33.4.125 CSeq: 1 BYE X-RTP-Stat: PS=207;OS=49680;;PR=314;OR=50240;PL=0;JI=600;LA=40; Supported: em,timer,replaces,path,resource-priority Allow:...
Page 761 If the remote party supports T.38, the fax is relayed over T.38. Notes:  If VBD coder negotiation fails at call start and if the IsFaxUsed parameter is set to 1 (or 3), then the channel opens with the Version 7.0 Mediant 4000 SBC...
Page 762 Mediant 4000 SBC Parameter Description FaxTransportMode parameter set to 1 (relay) to allow future detection of fax tones and sending of T.38 Re-INVITES. In such a scenario, the FaxVBDBehavior parameter has no effect.  This feature can be used only if the remote party supports T.38 fax relay;...
Page 763 Determines whether the 'user=phone' string is added to the From and Header Contact SIP headers.  phone-in-from-hdr [0] No = (Default) Doesn't add 'user=phone' string.  [1] Yes = 'user=phone' string is part of the From and Contact [IsUserPhoneInFrom] Version 7.0 Mediant 4000 SBC...
Page 764 Mediant 4000 SBC Parameter Description headers. Use Tel URI for Asserted Determines the format of the URI in the P-Asserted-Identity and P- Identity Preferred-Identity headers.  uri-for-assert-id [0] Disable = (Default) 'sip:'  [1] Enable = 'tel:' [UseTelURIForAssertedID Enable GRUU Determines whether the Globally Routable User Agent URIs (GRUU) mechanism is used, according to RFC 5627.
Page 765 When configured, the string <UserAgentDisplayInfo user-agent-info value>/software version' is used, for example: [UserAgentDisplayInfo] User-Agent: myproduct/v.6.80A.227.005 If not configured, the default string, <AudioCodes product- name>/software version' is used, for example: User-Agent: Audiocodes-Sip-Gateway-Mediant 4000 SBC/v.6.80A.227.005 The maximum string length is 50 characters.
Page 766 Mediant 4000 SBC Parameter Description Multiple Packetization Determines whether the 'mptime' attribute is included in the outgoing Time Format SDP.  mult-ptime-format [0] None = (Default) Disabled.  [1] PacketCable = Includes the 'mptime' attribute in the outgoing SDP [MultiPtimeFormat] - PacketCable-defined format.
Page 767 [1] = Sets the IP address of the outgoing SDP c= field to the IP address of the device. If the incoming SDP doesn’t contain the "a=inactive" line, the returned SDP contains the "a=recvonly" line. Enable Delayed Offer Determines whether the device sends the initial INVITE message with or Version 7.0 Mediant 4000 SBC...
Page 768 Mediant 4000 SBC Parameter Description delayed-offer without an SDP. Sending the first INVITE without SDP is typically done by clients for obtaining the far-end's full list of capabilities before sending [EnableDelayedOffer] their own offer. (An alternative method for obtaining the list of supported capabilities is by using SIP OPTIONS, which is not supported by every SIP agent.)
Page 769 To use this feature, you must set the parameter to any value other than 0.  To enable the generation by the device of the Avaya UCID value and adding it to the outgoing INVITE sent to the IP Group (Avaya entity), Version 7.0 Mediant 4000 SBC...
Page 770 Mediant 4000 SBC Parameter Description use the IP Group table's parameter 'UUI Format'. Enable Microsoft Enables the modification of the called and calling number for numbers Extension received with Microsoft's proprietary "ext=xxx" parameter in the SIP INVITE URI user part. Microsoft Office Communications Server...
Page 771 The valid range is 1 to 30. The default is 3. swap For example, if configured to 3 and no response is received from an IP [HotSwapRtx] destination, the device attempts another three times to send the call to Version 7.0 Mediant 4000 SBC...
Page 772 Mediant 4000 SBC Parameter Description the IP destination. If still unsuccessful, it attempts to redirect the call to another IP destination. Note: The parameter is also used for alternative routing (see Alternative Routing Based on IP Connectivity. SIP Message Manipulations Table Message Manipulations Defines manipulation rules for SIP header messages.
Page 773: Coders And Profile Parameters
IpProfile_RTPRedundancyDepth, IpProfile_RemoteBaseUDPPort, IpProfile_CNGmode, IpProfile_VxxTransportType, IpProfile_NSEMode, IpProfile_IsDTMFUsed, IpProfile_PlayRBTone2IP, IpProfile_EnableEarlyMedia, IpProfile_ProgressIndicator2IP, IpProfile_EnableEchoCanceller, IpProfile_CopyDest2RedirectNumber, IpProfile_MediaSecurityBehaviour, IpProfile_CallLimit, IpProfile_DisconnectOnBrokenConnection, IpProfile_FirstTxDtmfOption, IpProfile_SecondTxDtmfOption, IpProfile_RxDTMFOption, IpProfile_EnableHold, IpProfile_InputGain, IpProfile_VoiceVolume, IpProfile_AddIEInSetup, IpProfile_SBCExtensionCodersGroupID, IpProfile_MediaIPVersionPreference, IpProfile_TranscodingMode, IpProfile_SBCAllowedMediaTypes, IpProfile_SBCAllowedCodersGroupID, IpProfile_SBCAllowedVideoCodersGroupID, IpProfile_SBCAllowedCodersMode, IpProfile_SBCMediaSecurityBehaviour, IpProfile_SBCRFC2833Behavior, IpProfile_SBCAlternativeDTMFMethod, IpProfile_SBCAssertIdentity, IpProfile_AMDSensitivityParameterSuit, IpProfile_AMDSensitivityLevel, IpProfile_AMDMaxGreetingTime, IpProfile_AMDMaxPostSilenceGreetingTime, Version 7.0 Mediant 4000 SBC...
Page 774 Mediant 4000 SBC Parameter Description IpProfile_SBCDiversionMode, IpProfile_SBCHistoryInfoMode, IpProfile_EnableQSIGTunneling, IpProfile_SBCFaxCodersGroupID, IpProfile_SBCFaxBehavior, IpProfile_SBCFaxOfferMode, IpProfile_SBCFaxAnswerMode, IpProfile_SbcPrackMode, IpProfile_SBCSessionExpiresMode, IpProfile_SBCRemoteUpdateSupport, IpProfile_SBCRemoteReinviteSupport, IpProfile_SBCRemoteDelayedOfferSupport, IpProfile_SBCRemoteReferBehavior, IpProfile_SBCRemote3xxBehavior, IpProfile_SBCRemoteMultiple18xSupport, IpProfile_SBCRemoteEarlyMediaResponseType, IpProfile_SBCRemoteEarlyMediaSupport, IpProfile_EnableSymmetricMKI, IpProfile_MKISize, IpProfile_SBCEnforceMKISize, IpProfile_SBCRemoteEarlyMediaRTP, IpProfile_SBCRemoteSupportsRFC3960, IpProfile_SBCRemoteCanPlayRingback, IpProfile_EnableEarly183, IpProfile_EarlyAnswerTimeout, IpProfile_SBC2833DTMFPayloadType, IpProfile_SBCUserRegistrationTime, IpProfile_ResetSRTPStateUponRekey, IpProfile_AmdMode, IpProfile_SBCReliableHeldToneSource, IpProfile_GenerateSRTPKeys, IpProfile_SBCPlayHeldTone, IpProfile_SBCRemoteHoldFormat, IpProfile_SBCRemoteReplacesBehavior, IpProfile_SBCSDPPtimeAnswer, IpProfile_SBCPreferredPTime,...
Page 775: Channel Parameters
Note: If this functionality is configured for a specific IP Profile, the settings of this global parameter is ignored for calls associated with the IP Profile. Echo Canceler Global parameter that enables echo cancellation (i.e., echo from Version 7.0 Mediant 4000 SBC...
Page 776 Mediant 4000 SBC Parameter Description echo-canceller-enable voice calls is removed). You can also configure this functionality per specific calls, using IP Profiles [EnableEchoCanceller] (IpProfile_EnableEchoCanceller). For a detailed description of the parameter and for configuring this functionality in the IP Profile table, see ''Configuring IP Profiles'' on page 386.
Page 777 Currently, not supported. [AnswerDetectorSilenceTime] Answer Detector Redirection Currently, not supported. [AnswerDetectorRedirection] Answer Detector Sensitivity Defines the Answer Detector sensitivity. answer-detector- The range is 0 (most sensitive) to 2 (least sensitive). The default is sensitivity [AnswerDetectorSensitivity] Version 7.0 Mediant 4000 SBC...
Page 778: Coder Parameters
Mediant 4000 SBC 51.10.2 Coder Parameters The coder parameters are described in the table below. Table 51-35: Coder Parameters Parameter Description Silk Tx Inband FEC Enables forward error correction (FEC) for the SILK coder.  [0] Disable (default) silk-tx-inband-fec ...
Page 779: Dtmf Parameters
NTEs (RFC 4733/2833 DTMF relay), regardless of the DTMF signal telephony-events-max- duration on the other side. duration The range is -1 to 200,000,000 msec. The default is -1 (i.e., NTE [NTEMaxDuration] stops only upon detection of an End event). Version 7.0 Mediant 4000 SBC...
Page 780: Rtp, Rtcp And T.38 Parameters
Mediant 4000 SBC 51.10.4 RTP, RTCP and T.38 Parameters The RTP, RTCP and T.38 parameters are described in the table below. Table 51-37: RTP/RTCP and T.38 Parameters Parameter Description Dynamic Jitter Buffer Minimum Global parameter that defines the minimum delay (in msec) of the Delay device's dynamic Jitter Buffer.
Page 781 (no RTP/T.38 traffic) when No-Op packet transmission is enabled. The valid range is 20 to 65,000 msec. The default is 10,000. Note: To enable No-Op packet transmission, use the NoOpEnable Version 7.0 Mediant 4000 SBC...
Page 782 Mediant 4000 SBC Parameter Description parameter. Defines the payload type of No-Op packets. no-operation-interval [RTPNoOpPayloadType] The valid range is 96 to 127 (for the range of Dynamic RTP Payload Type for all types of non hard-coded RTP Payload types, refer to RFC 3551). The default is 120.
Page 783: Sbc Parameters
[0] Reject = (Default) Call is rejected if classification fails.  [1] Allow = If classification fails, the incoming packet is assigned to a source IP Group (and subsequently processed) as follows:  The source SRD is determined according to the SIP Interface to Version 7.0 Mediant 4000 SBC...
Page 784 The valid value is any value between 0 and the maximum supported subscribes SUBSCRIBE sessions. When set to -1, the device uses the default [NumOfSubscribes] value. For more information, contact your AudioCodes sales representative. Notes:  For the parameter to take effect, a device reset is required.
Page 785 Users Registration database. The valid value is 0 to 2,000,000. The default is 0. configure voip/sbc general- For more information, see Registration Refreshes on page 424. setting/sbc-usr- reg-grace-time [SBCUserRegistrationGra Version 7.0 Mediant 4000 SBC...
Page 786 Mediant 4000 SBC Parameter Description ceTime] SBC DB Routing Search Defines the method for searching a registered user in the device's User Mode Registration database when a SIP INVITE message is received for routing to a user. If the registered user is found (i.e., destination URI in configure voip >...
Page 787 [0] (default) = Authentication is done by the device (locally).  [1] = Authentication is done by the RFC 5090 compliant RADIUS [SBCServerAuthMode] server  [2] = Authentication is done according to the Draft Sterman-aaa-sip- 01 method. Note: Currently, option [1] is not supported. Version 7.0 Mediant 4000 SBC...
Page 788 Mediant 4000 SBC Parameter Description Lifetime of the nonce in Defines the lifetime (in seconds) that the current nonce is valid for seconds server-based authentication. The device challenges a message that attempts to use a server nonce beyond this period. The parameter is lifetime-of-nonce used to provide replay protection (i.e., ensures that old communication...
Page 789 "Stand Alone Mode" on their LCD screens. Survivability mode occurs when connectivity with the WAN fails and as a result, the device enables communication between IP phone users within the LAN enterprise.  [0] = Disable  [1] = Enable Version 7.0 Mediant 4000 SBC...
Page 790 Mediant 4000 SBC Parameter Description When this feature is enabled and the SBC device is in Survivability mode, it responds to SIP REGISTER messages from the IP phones with a SIP 200 OK containing the following XML body: Content-Type: application/xml <?xml version="1.0"...
Page 791 For more information on No Media Anchoring, see ''Direct Media'' on page 428. Transcoding Mode Global parameter that defines the voice transcoding mode (media negotiation). You can also configure this functionality per specific calls, transcoding-mode using IP Profiles (IpProfile_TranscodingMode). For a detailed description Version 7.0 Mediant 4000 SBC...
Page 792 Mediant 4000 SBC Parameter Description [TranscodingMode] of the parameter and for configuring this functionality in the IP Profile table, see Configuring IP Profiles on page 386. Note: If this functionality is configured for a specific IP Profile, the settings of this global parameter is ignored for calls associated with the IP Profile.
Page 793 SBCAdmissionControl_MaxBurst, SBCAdmissionControl_Reservation; [\SBCAdmissionControl] For a description of the table, see ''Configuring Admission Control'' on page 455. Allowed Audio Coders Table Allowed Audio Coders Defines Allowed Coders Groups, which determine the audio (voice) configure voip > Version 7.0 Mediant 4000 SBC...
Page 794 Mediant 4000 SBC Parameter Description sbc allowed-coders- coders that can be used for a specific SIP entity. group The format of the ini file table parameter is as follows: allowedcodersgroup0 [AllowedCodersGroupX] [AllowedCodersGroupX] FORMAT AllowedCodersGroup_Index = AllowedCodersGroup_Name; [\AllowedCodersGroup] Where X represents the index number.
Page 795 Manipulations'' on page 493. IP to IP Outbound Manipulation Table IP to IP Outbound Defines IP-to-IP outbound manipulation rules. Manipulation The format of the ini file table parameter is as follows: configure voip > [IPOutboundManipulation] sbc manipulations Version 7.0 Mediant 4000 SBC...
Page 796 Mediant 4000 SBC Parameter Description ip-outbound- FORMAT IPOutboundManipulation_Index = manipulation IPOutboundManipulation_ManipulationName, IPOutboundManipulation_RoutingPolicyName, [IPOutboundManipulation] IPOutboundManipulation_IsAdditionalManipulation, IPOutboundManipulation_SrcIPGroupName, IPOutboundManipulation_DestIPGroupName, IPOutboundManipulation_SrcUsernamePrefix, IPOutboundManipulation_SrcHost, IPOutboundManipulation_DestUsernamePrefix, IPOutboundManipulation_DestHost, IPOutboundManipulation_CallingNamePrefix, IPOutboundManipulation_MessageConditionName, IPOutboundManipulation_RequestType, IPOutboundManipulation_ReRouteIPGroupName, IPOutboundManipulation_Trigger, IPOutboundManipulation_ManipulatedURI, IPOutboundManipulation_RemoveFromLeft, IPOutboundManipulation_RemoveFromRight, IPOutboundManipulation_LeaveFromRight, IPOutboundManipulation_Prefix2Add, IPOutboundManipulation_Suffix2Add, IPOutboundManipulation_PrivacyRestrictionMode, IPOutboundManipulation_DestTags, IPOutboundManipulation_SrcTags; [\IPOutboundManipulation] For a description of the table, see ''Configuring IP-to-IP Outbound Manipulations'' on page 497.
Page 797 User's Manual 51. Configuration Parameters Reference Parameter Description  [DialPlanRule] The table is hidden in the ini file.  To configure Dial Plan rules from a file, see Importing and Exporting Dial Plans on page 507. Version 7.0 Mediant 4000 SBC...
Page 798: Supplementary Services
Mediant 4000 SBC 51.11.1 Supplementary Services The SBC and CRP supplementary services parameters are described in the table below. Table 51-39: SBC and CRP Supplementary Services Parameters Parameter Description Emergency Call Preemption Parameters For more information on SBC emergency call preemption, ''Configuring Call Preemption for SBC Emergency Calls'' on page 513.
Page 799: Ip Media Parameters
[10] 10 = 3.50 dB/sec  [11] 11 = 4.00 dB/sec  [12] 12 = 4.50 dB/sec  [13] 13 = 5.00 dB/sec  [14] 14 = 5.50 dB/sec  [15] 15 = 6.00 dB/sec Version 7.0 Mediant 4000 SBC...
Page 800 Mediant 4000 SBC Parameter Description  [16] 16 = 7.00 dB/sec  [17] 17 = 8.00 dB/sec  [18] 18 = 9.00 dB/sec  [19] 19 = 10.00 dB/sec  [20] 20 = 11.00 dB/sec  [21] 21 = 12.00 dB/sec ...
Page 801 Type=AMD and SubType=Beep. This feature allows users of certain third-party, Application server to leave a voice message after an answering machine plays the “beep”.  [0] Disabled (default)  [1] Start After AMD Version 7.0 Mediant 4000 SBC...
Page 802 Mediant 4000 SBC Parameter Description  [2] Start Immediately Answer Machine Detector Defines the AMD beep detection timeout (i.e., the duration that the Beep Detection Timeout beep detector functions from when detection is initiated). This is used for detecting beeps at the end of an answering machine message.
Page 803: Services
[ SIPRecRouting ] recording sip-rec- FORMAT SIPRecRouting_Index = routing SIPRecRouting_RecordedIPGroupName, [SIPRecRouting] SIPRecRouting_RecordedSourcePrefix, SIPRecRouting_RecordedDestinationPrefix, SIPRecRouting_PeerIPGroupName, SIPRecRouting_PeerTrunkGroupID, SIPRecRouting_Caller, SIPRecRouting_SRSIPGroupName; [ \SIPRecRouting ] For a description of the table, see ''Configuring SIP Recording Rules'' on page 224. Version 7.0 Mediant 4000 SBC...
Page 804: Radius And Ldap Parameters
Mediant 4000 SBC 51.13.2 RADIUS and LDAP Parameters 51.13.2.1 General Parameters The general RADIUS and LDAP parameters are described in the table below. Table 51-42: General RADIUS and LDAP Parameters Parameter Description Use Local Users Database Defines when the device uses its local management-users database (Web Users table) or an LDAP/RADIUS server for authenticating the configure system >...
Page 805: Radius Parameters
[3] Accounting Only = Only accounting indications are used. RADIUS User Authentication Parameters Use RADIUS for Enables RADIUS queries for Web and Telnet login authentication. When Web/Telnet Login enabled, logging into the device's Web and Telnet embedded servers is Version 7.0 Mediant 4000 SBC...
Page 806 Mediant 4000 SBC Parameter Description enable-mgmt-login done through a RADIUS server. The device communicates with a user- defined RADIUS server and verifies the given username and password [WebRADIUSLogin] against a remote database, in a secure manner.  [0] Disable (default) ...
Page 807: Ldap Parameters
Defines the name of the attribute that represents the user Mobile attribute name number in the Microsoft AD database. The valid value is a string of up to 49 characters. The default is ldap-mobile-nm-attr "mobile". [MSLDAPMobileNumAttribut eName] Version 7.0 Mediant 4000 SBC...
Page 808 Mediant 4000 SBC Parameter Description ldap-private-nm-attr Defines the name of the attribute that represents the user's private number in the AD. If this value equals the value of the [MSLDAPPrivateNumAttribut MSLDAPPrimaryKey or MSLDAPSecondaryKey parameter, then the eName] device queries the AD for the destination number in this private attribute name;...
Page 809: Least Cost Routing Parameters
> (charge per minute). services least-cost- routing cost-group [ CostGroupTable ] FORMAT CostGroupTable_Index = [CostGroupTable] CostGroupTable_CostGroupName, CostGroupTable_DefaultConnectionCost, CostGroupTable_DefaultMinuteCost; [ \CostGroupTable ] For example: CostGroupTable 2 = "Local Calls", 2, 1; Version 7.0 Mediant 4000 SBC...
Page 810: Call Setup Rules Parameters
Mediant 4000 SBC Parameter Description For a description of the table, see ''Configuring Cost Groups'' on page 266. Cost Group > Time Band Defines time bands and associates them with Cost Groups. Table [CostGroupTimebands] FORMAT CostGroupTimebands_TimebandIndex = configure voip >...
Page 811: Http Proxy Parameters
HTTP Proxy Application Enables the HTTP Proxy application.  configure system > [0] Disable (default) http-proxy > http-  [1] Enable proxy-app Note: For the parameter to take effect, a device reset is required. [HTTPProxyApplication] Version 7.0 Mediant 4000 SBC...
Page 812 Defines an HTTP-based EMS Service so that the device can act as an HTTP Proxy that enables AudioCodes EMS to manage configure system > AudioCodes equipment (such as IP Phones) over HTTP when the http-proxy > ems- equipment is located behind NAT (e.g., in the LAN) and EMS is serv located in a public domain (e.g., in the WAN).
Page 813: Sbc And Dsp Channel Capacity
• The number of channels refers to the maximum channel capacity of the device. • For additional DSP templates, contact your AudioCodes sales representative. 52.1 Signaling-Media Sessions & User Registrations The table below lists the maximum capacity figures for SIP signaling, media sessions, and registered users.
Page 814: Mediant 4000 Channel Capacity And Capabilities
User Registrations'' on page 813. The SBC sessions also support SRTP and RTCP XR. When DSP capabilities are required, the number of sessions that can use DSP capabilities is reduced, as shown in the table below. Table 52-2: Channel Capacity per Coder-Capability Profile for Mediant 4000 SBC Session Coders Number of Sessions...
Page 815 Call Progress Tone Detection (CP) is only on one leg of the SBC call (should this not be the case, figures will be reduced)  Sessions are only for forwarding sessions (i.e., no transcoding) Table 52-3: Maximum Channel Capacity per Detection Feature for Mediant 4000 SBC Number of Sessions Special Detection Features Without MPM8...
Page 816: Mediant 4000B Channel Capacity And Capabilities
Profile 2: G.711, G.726, G.729, G.723.1, AMR-NB, T.38 with fax detection, In-band signaling (in voice channel), and Silence Compression. • Acoustic Echo Suppressor reduces performance by about 30%. For more information, contact your AudioCodes sales representative. • MPM is the optional, Media Processing Module that provides additional DSPs, allowing greater capacity.
Page 817 Number of Sessions Special Detection Features Without MPM12B 1 x MPM12B 2 x MPM12B 3 x MPM12B Fax Detection 5,000 5,000 5,000 5,000 AD/AMD/Beep Detection 5,000 5,000 5,000 5,000 CP Detection 5,000 5,000 5,000 5,000 Version 7.0 Mediant 4000 SBC...
Page 818 Mediant 4000 SBC This page is intentionally left blank. User's Manual Document #: LTRT-41730...
Page 819: Technical Specifications
The device's technical specifications are listed in the table below. Notes: • All specifications in this document are subject to change without prior notice. • The compliance and regulatory information can be downloaded from AudioCodes Web site at http://www.audiocodes.com/library. Table 53-1: Technical Specifications Function Specification...
Page 820 Direct Media (No Media Hair-pinning of local calls to avoid unnecessary media delays and Anchoring) bandwidth consumption Voice Quality Monitoring RTCP-XR, AudioCodes Session Experience Manager (SEM) High Availability SBC high availability with two-box redundancy, active calls (Redundancy) preserved Quality of Experience...
Page 821 Desktop or 19" rack mount Power 100–240 VAC redundant dual feed  Operational: 0 to 40°C (32 to 104°F) Environmental  Storage: -20 to 70°C (-4 to 158°F)  Relative Humidity: 10 to 85% non-condensing Version 7.0 Mediant 4000 SBC...
Page 822 International Headquarters Contact us: www.audiocodes.com/info Website www.audiocodes.com Document #: LTRT-41730...

AudioCodes Mediant 4000 SBC User Manual

1 Introduction

Getting Started with Initial Connectivity

2 Introduction

3 Default OAMP IP Address

4 Configuring Voip LAN Interface for OAMP

Management Tools

5 Introduction

6 Web-Based Management

7 CLI-Based Management

8 SNMP-Based Management

9 INI File-Based Management

General System Settings

10 Configuring SSL/TLS Certificates

11 Date and Time

General Voip Configuration

12 Network

13 Security

14 Media

15 Services

16 Quality of Experience

17 Control Network

18 SIP Definitions

19 Coders and Profiles

Session Border Controller Application

20 SBC Overview

Quick Links

Related Manuals for AudioCodes Mediant 4000 SBC

Summary of Contents for AudioCodes Mediant 4000 SBC