Page 1 User's Manual AudioCodes Mediant™ Family of Session Border Controllers (SBC) Mediant 4000 SBC Version 7.2...
Page 3: Table Of Contents
Customizing the Product Name ................64 6.2.3 Customizing the Browser Tab Label ................65 6.2.4 Customizing the Favicon ..................66 6.2.5 Creating a Login Welcome Message ...............68 Configuring Additional Management Interfaces ............ 69 Configuring Management User Accounts ............. 70 Version 7.2 Mediant 4000 SBC...
Page 4 Mediant 4000 SBC Displaying Login Information upon Login .............. 75 Viewing Logged-In User Information ..............76 Configuring Web Session and Access Settings ............ 76 Changing Login Password for Administrator and Monitor Users ......77 Configuring Secured (HTTPS) Web ..............78 6.10 Web Login Authentication using Smart Cards............
Page 5 12.3 Configuring the Time Zone ................. 161 12.4 Configuring Daylight Saving Time ............... 162 General VoIP Configuration ..................163 13 Security ......................165 13.1 Configuring Firewall Settings ................165 13.2 Configuring General Security Settings ..............170 13.3 Intrusion Detection System ................. 171 Version 7.2 Mediant 4000 SBC...
Page 6 Mediant 4000 SBC 13.3.1 Enabling IDS ......................172 13.3.2 Configuring IDS Policies ..................172 13.3.3 Assigning IDS Policies ...................176 13.3.4 Viewing IDS Alarms ....................178 14 Media ........................ 181 14.1 Configuring Voice Settings ................. 181 14.1.1 Configuring Voice Gain (Volume) Control .............181 14.1.2 Configuring Echo Cancellation ................181 14.2 Fax and Modem Capabilities ................
Page 7 15.8.2.2 Adding ELINs to the Location Information Server ........294 15.8.2.3 Passing Location Information to the PSTN Emergency Provider ..295 15.8.3 AudioCodes ELIN Device for Skype for Business E9-1-1 Calls to PSTN .....296 15.8.3.1 Detecting and Handling E9-1-1 Calls .............297 Version 7.2...
Page 8 15.8.3.3 PSAP Callback to Skype for Business Clients for Dropped E9-1-1 Calls 15.8.3.4 Selecting ELIN for Multiple Calls within Same ERL .......300 15.8.4 Configuring AudioCodes ELIN Device ..............301 15.8.4.1 Enabling the E9-1-1 Feature ..............301 15.8.4.2 Configuring the E9-1-1 Callback Timeout ..........301 15.8.4.3 Configuring SBC IP-to-IP Routing Rule for E9-1-1 ........301...
Page 9 21.9.1 Interworking SIP 3xx Redirect Responses ............480 21.9.1.1 Resultant INVITE Traversing Device .............480 21.9.1.2 Local Handling of SIP 3xx ..............481 21.9.2 Interworking SIP Diversion and History-Info Headers ...........482 21.9.3 Interworking SIP REFER Messages ..............482 21.9.4 Interworking SIP PRACK Messages ..............483 Version 7.2 Mediant 4000 SBC...
Page 10 Mediant 4000 SBC 21.9.5 Interworking SIP Session Timer ................483 21.9.6 Interworking SIP Early Media ................483 21.9.7 Interworking SIP re-INVITE Messages ..............486 21.9.8 Interworking SIP UPDATE Messages ..............486 21.9.9 Interworking SIP re-INVITE to UPDATE ..............487 21.9.10 Interworking Delayed Offer ..................487 21.9.11 Interworking Call Hold ....................487 21.9.12 Interworking SIP Via Headers ................488...
Page 11 33.1.2.3 Step 3: Initialize HA on the Devices ............616 33.2 Configuration while HA is Operational ..............616 33.3 Configuring Firewall Allowed Rules ..............618 33.4 Monitoring IP Entities and HA Switchover upon Ping Failure ......619 Version 7.2 Mediant 4000 SBC...
Page 12 Mediant 4000 SBC 34 HA Maintenance ....................623 34.1 Maintenance of Redundant Device ..............623 34.2 Replacing a Failed Device .................. 623 34.3 Initiating an HA Switchover ................. 623 34.4 Resetting the Redundant Unit ................624 34.5 Software Upgrade ....................624 34.6 Disconnecting and Reconnecting HA ..............
Page 13 41.1.1.1 Provisioning the Device using DHCP Option 160 ........670 41.1.2 HTTP-based Provisioning ..................671 41.1.3 FTP-based Provisioning ..................672 41.1.4 Provisioning using AudioCodes OVOC ..............672 41.2 HTTP/S-Based Provisioning using the Automatic Update Feature ...... 672 41.2.1 Files Provisioned by Automatic Update ..............673 41.2.2 File Location for Automatic Update ...............674...
Page 14 53.2 Configuring Syslog ..................... 794 53.2.1 Syslog Message Format ..................794 53.2.1.1 Event Representation in Syslog Messages..........796 53.2.1.2 Identifying AudioCodes Syslog Messages using Facility Levels....798 53.2.1.3 Syslog Fields for Answering Machine Detection (AMD) ......798 53.2.1.4 SNMP Alarms in Syslog Messages ............799 53.2.2 Enabling Syslog .....................799...
Page 15 61.2.5 NAT Parameters ....................855 61.2.6 DNS Parameters ....................856 61.2.7 DHCP Parameters ....................857 61.2.8 NTP and Daylight Saving Time Parameters ............859 61.3 Debugging and Diagnostics Parameters ............. 861 61.3.1 General Parameters ....................861 61.3.2 SIP Test Call Parameters ..................861 Version 7.2 Mediant 4000 SBC...
Page 16 61.13.4 Call Setup Rules Parameters ................953 61.13.5 HTTP-based Services ....................953 61.13.6 HTTP Proxy Parameters..................954 62 Channel Capacity .................... 957 62.1 Mediant 4000 SBC ..................... 958 62.2 Mediant 4000B SBC ................... 959 63 Technical Specifications ................961 User's Manual Document #: LTRT-42025...
Page 17 Customer Support Customer technical support and services are provided by AudioCodes or by an authorized AudioCodes Service Partner. For more information on how to buy technical support for AudioCodes products and for contact information, please visit our Web site at https://www.audiocodes.com/services-support/maintenance-and-support.
Page 18 Some of the features listed in this document are available only if the relevant License Key has been purchased from AudioCodes and installed on the device. For a list of License Keys that can be purchased, please consult your AudioCodes sales representative.
Page 19 Routing (IP Group load balancing); MAC Address Placeholder in Configuration File Name; VoIPerfect; Technical Specifications (AMR-WB removed).  New sections: Configuring IP Group Sets.  Updated parameters: SIPInterface_SBCDirectMedia; IPProfile_SBCDirectMediaTag; IpProfile_DisconnectOnBrokenConnection; IP2IPRouting_DestType; IPOutboundManipulation_PrivacyRestrictionMode; BrokenConnectionEventTimeout.  New parameters: IP2IPRouting_IPGroupSetName; EnableNonCallCdr; PGroupSet; IPGroupSetMember; NoRTPDetectionTimeout; DisconnectOnBrokenConnection; BrokenConnectionEventTimeout. Version 7.2 Mediant 4000 SBC...
Page 20 Mediant 4000 SBC LTRT Description  Patch version 7.20A.100. 41733  Updated sections: CLI (telnet removed); Areas of the GUI (SBC Wizard); Assigning Rows from Other Tables (search, add new, and view); Invalid Value Indications; Creating a Login Welcome Message; Configuring Management User Accounts (CLI);...
Page 21 Account_RegEventPackageSubscription; IpProfile_SBCFaxReroutingMode; IP2IPRouting_RoutingTagName; IP2IPRouting_InternalAction; IPGroupSet_Tags; CustomerSN; MaxRegistrationBackoffTime; MaxSDPSessionVersionId; UseRandomUser; UnregisterOnStartup; PresencePublishIPGroupId; EnableMSPresence; PreParsingManipulationSets; PreParsingManipulationRules; MWINotificationTimeout; RoutingServerQualityStatus; RoutingServerQualityStatusRate.  Updated with patch version 7.20A.152. 40201  Updated sections: Configuring the LDAP Search Filter Attribute (Web path); Version 7.2 Mediant 4000 SBC...
Page 22 Mediant 4000 SBC LTRT Description Enabling LDAP Searches for Numbers with Characters; Microsoft Skype for Business Presence of Third-Party Endpoints; Configuring the Device for Skype for Business Presence (example); Configuring Media Realm Extensions; Configuring Firewall Allowed Rules; Configuring SBC IP-to-IP Routing (back to the sender);...
Page 23 SyslogOptimization (def); HAPingEnabled; HAPingDestination (removed); HAPingSourceIfName (removed); HAPingTimeout (removed); HAPingRetries (removed); EnableMediaSecurity (no reset)  New parameters: Account_RegByServedIPG; Account_UDPPortAssignment; IpProfile_SBCAdaptRFC2833BWToVoiceCoderBW; TimeZoneFormat; CallDurationUnits; SendAcSessionIDHeader; HaNetworkMonitorThreshold; HaNetworkMonitor; SRTPTunnelingValidateRTPRxAuthentication; SRTPTunnelingValidateRTCPRxAuthentication; RTPFWInvalidPacketHandling; RtpFWNonConfiguredPTHandling  Miscellaneous: New AudioCodes logo; '.content' removed fom manipulation syntax Version 7.2 Mediant 4000 SBC...
Page 24 Mediant 4000 SBC Documentation Feedback AudioCodes continually strives to produce high quality documentation. If you have any comments (suggestions or errors) regarding this document, please fill out the Documentation Feedback form site https://online.audiocodes.com/documentation-feedback. User's Manual Document #: LTRT-42025...
Page 25: Introduction
User's Manual 1. Introduction Introduction This User's Manual describes how to configure and manage your AudioCodes product (hereafter, referred to as device). This document is intended for the professional person responsible for installing, configuring and managing the device. Product Overview AudioCodes Mediant 4000 Session Border Controller (SBC), hereafter referred to as device, is a mid-to-high scale capacity member of AudioCodes’...
Page 26: Typographical Conventions
Mediant 4000 SBC Typographical Conventions This document uses the following typographical conventions to convey information: Table 1-1: Typographical Conventions Convention Description Example Boldface font Used for the following Web Click the Add button. interface elements:  Buttons  Selectable parameter values ...
Page 27: Getting Familiar With Configuration Concepts And Terminology
The Media Realm can be associated with the SIP entity, by assigning the Media Realm to the IP Group of the SIP entity, or by assigning it to the SIP Interface associated with the SIP entity. The SRD is a logical representation of your entire SIP-based VoIP Version 7.2 Mediant 4000 SBC...
Page 28 Mediant 4000 SBC Configuration Terms Description network (Layer 5) containing groups of SIP users and servers. The SRD is in effect, the foundation of your configuration to which all other previously mentioned configuration entities are associated. For example, if your VoIP network consists of three SIP entities -- a SIP Trunk, a LAN IP PBX, and remote WAN users -- the three SIP Interfaces defining these Layer-3 networks would all assigned to the same SRD.
Page 29 "served" IP Group. Authentication (SIP 401) is typically relevant for INVITE messages forwarded by the device to a "serving" IP Group. Registration is for REGISTER messages, which are initiated by the device on behalf of the "serving" SIP entity. Version 7.2 Mediant 4000 SBC...
Page 30 Mediant 4000 SBC The associations between the configuration entities are summarized in the following figure: Figure 1-1: Association of Configuration Entities The main configuration entities and their involvement in the call processing is summarized in following figure. The figure is used only as an example to provide basic understanding of the configuration terminology.
Page 31: Getting Started With Initial Connectivity
Part I Getting Started with Initial Connectivity...
Page 33: Introduction
User's Manual 2. Introduction Introduction This part describes how to initially access the device's management interface and change its default IP address to correspond with your networking scheme. Version 7.2 Mediant 4000 SBC...
Page 34 Mediant 4000 SBC This page is intentionally leftblank. User's Manual Document #: LTRT-42025...
Page 35: Default Oamp Ip Address
OAMP + Media + Control IP Address 192.168.0.2 (IP address assigned to the first Ethernet Port Group (top-left ports 1 & 2) Prefix Length 24 (255.255.255.0) Default Gateway 192.168.0.1 Ethernet Device vlan 1 Interface Name O+A+M+P Version 7.2 Mediant 4000 SBC...
Page 36 Mediant 4000 SBC This page is intentionally leftblank. User's Manual Document #: LTRT-42025...
Page 37: Configuring Voip Lan Interface For Oamp
Ethernet cable. Change the IP address and subnet mask of your computer to correspond with the default OAMP IP address and subnet mask of the device. Version 7.2 Mediant 4000 SBC...
Page 38 Mediant 4000 SBC Access the Web interface: On your computer, start a Web browser and in the URL address field, enter the default IP address of the device; the Web interface's Web Login screen appears: Figure 4-1: Web Login Screen In the 'Username' and 'Password' fields, enter the case-sensitive, default login username ("Admin") and password ("Admin").
Page 39: Cli
At the prompt, type the password (default is "Admin" - case sensitive): Password: Admin At the prompt, type the following: enable At the prompt, type the password again: Password: Admin Access the Network configuration mode: # configure network Access the IP Interfaces table: Version 7.2 Mediant 4000 SBC...
Page 40 Mediant 4000 SBC (config-network)# interface network-if 0 Configure the IP address: (network-if-0)# ip-address <IP address> Configure the prefix length: (network-if-0)# prefix-length <prefix length / subnet mask, e.g., 16> Configure the Default Gateway address: (network-if-0)# gateway <IP address> Apply your settings: (network-if-0)# activate Cable the device to your network.
Page 41: Management Tools
Part II Management Tools...
Page 43: Introduction
Configuration ini file - see ''INI File-Based Management'' on page 95 Note: • Some configuration settings can only be done using a specific management tool. • For a list and description of all the configuration parameters, see ''Configuration Parameters Reference'' on page 835. Version 7.2 Mediant 4000 SBC...
Page 44 Mediant 4000 SBC This page is intentionally leftblank. User's Manual Document #: LTRT-42025...
Page 45: Web-Based Management
(Versions 5.02 or later) ® • Google Chrome (Version 50 or later)  Recommended screen resolutions: 1024 x 768 pixels, or 1280 x 1024 pixels Note: Your Web browser must be JavaScript-enabled to access the Web interface. Version 7.2 Mediant 4000 SBC...
Page 46: Accessing The Web Interface
Mediant 4000 SBC 6.1.2 Accessing the Web Interface The following procedure describes how to access the Web interface.  To access the Web interface: Open a standard Web browser. In the Web browser, specify the OAMP IP address of the device (e.g., http://10.1.10.10);...
Page 47: Areas Of The Gui
The areas of the Web interface's GUI are shown in the figure below and described in the subsequent table. Figure 6-2: Main Areas of the Web Interface GUI Table 6-1: Description of the Web GUI Areas Item # Description Company logo. Menu bar containing the menus. Version 7.2 Mediant 4000 SBC...
Page 48 Mediant 4000 SBC Item # Description Toolbar providing frequently required command buttons.  Save: Saves configuration changes to the device's flash memory (without resetting the device). If you make a configuration change, the button is surrounded by a red-colored border as a reminder to save your settings to flash memory, by clicking the button.
Page 49: Accessing Configuration Pages From Navigation Tree
The items of the Navigation tree depend on the menu-tab combination, selected from the menu bar and tab bar, respectively. The menus and their respective tabs are listed below:  Setup menu: • IP Network tab • Signaling & Media tab Version 7.2 Mediant 4000 SBC...
Page 50 Mediant 4000 SBC • Administration tab  Monitor menu: Monitor tab  Troubleshoot menu: Troubleshoot tab When you open the Navigation tree, folders containing commonly required items are opened by default, allowing quick access to their pages. Items that open pages containing tables provide the following indications in the Navigation tree: ...
Page 51: Configuring Stand-Alone Parameters
Modify the parameter's value as desired. Click Apply; the changes are saved to the device's volatile memory (RAM). Save the changes to the device's non-volatile memory (flash): • If a device reset is not required: Version 7.2 Mediant 4000 SBC...
Page 52: Configuring Table Parameters
Mediant 4000 SBC On the toolbar, click Save; a confirmation message box appears: Figure 6-4: Save Configuration Confirmation Box Click Yes to confirm; the changes are save to flash memory. • If a device reset is required: On the toolbar, click Reset; the Maintenance Actions page opens.
Page 53: Adding Table Rows
Configure the parameters of the row as desired. For information on configuring parameters that are assigned a value which is a row referenced from another table, see ''Assigning Rows from Other Tables'' on page 54. Version 7.2 Mediant 4000 SBC...
Page 54 Mediant 4000 SBC Click Apply to add the row to the table or click Cancel to ignore your configuration. If the Save button is surrounded by a red border, you must save your settings to flash memory, otherwise they are discarded if the device resets (without a save to flash) or powers off.
Page 55: Modifying Table Rows
6.1.6.3 Deleting Table Rows The following procedure describes how to delete a row from a table.  To delete a table row: Select the row that you want to delete. Version 7.2 Mediant 4000 SBC...
Page 56: Invalid Value Indications
Mediant 4000 SBC Click the delete icon, located on the table's toolbar; a confirmation message box appears requesting you to confirm deletion, as shown in the example below: Click Yes, Delete; the row is removed from the table and the total number of configured rows that is displayed next to the page title and page item in the Navigation tree is updated to reflect the deletion.
Page 57 Proxy Set #0 with indicating that it has an invalid parameter value, and Proxy Set #1 with indicating that it has a parameter that is referenced to a row of another table that has an invalid value: Version 7.2 Mediant 4000 SBC...
Page 58: Viewing Table Rows
Mediant 4000 SBC Figure 6-13: Invalid Icon Display in Drop-Down List of Parameter Referencing Other Rows Note: If you assign a non-mandatory parameter with a referenced row and then later delete the referenced row (in the table in which the row is configured), the parameter's value automatically changes to an empty field (i.e., no row assigned).
Page 59: Sorting Tables By Column
Changing row position is supported only by certain tables (e.g., IP-to-IP Routing table).  To change the position of a row: Click the 'Index' column header so that the rows are sorted in ascending order (e.g., 0. Version 7.2 Mediant 4000 SBC...
Page 60: Searching Table Entries
Mediant 4000 SBC 1, 2, and so on). Select the row that you want to move. Do one of the following: • To move one index up (e.g., from Index 3 to 2): Click the up arrow; the row moves one index up in the table (e.g., to 2) and the row that originally occupied the index is moved one index down (e.g., to 3).
Page 61: Searching For Configuration Parameters
• Parameter's value • Brief description of parameter Figure 6-17: Search Result Window Click the link of the navigation path corresponding to the required found parameter to open the page on which the parameter appears. Version 7.2 Mediant 4000 SBC...
Page 62: Getting Help
The product name also affects other management interfaces. • In addition to Web-interface customization, you can customize the following to reference your company instead of AudioCodes: √ SNMP Interface: Product system OID (see the SNMPSysOid parameter) and trap Enterprise OID (see the SNMPTrapEnterpriseOid parameter).
Page 63: Replacing The Corporate Logo
User's Manual 6. Web-Based Management 6.2.1 Replacing the Corporate Logo You can replace the default corporate logo image (i.e., AudioCodes logo) that is displayed in the Web interface. The logo appears in the following Web areas:  Web Login screen: Figure 6-20: Corporate Logo on Web Login Screen ...
Page 64: Replacing The Corporate Logo With Text
Mediant 4000 SBC Note: • The logo image file type can be GIF, PNG, JPG, or JPEG. • The logo image must have a fixed height of 24 pixels. The width can be up to 199 pixels (default is 145).
Page 65: Customizing The Browser Tab Label
You can customize the label that appears on the tab of the Web browser that you use to open the device's Web interface. By default, the tab displays "AudioCodes". You can change this to display either the IP address of the device or any customized text.
Page 66: Customizing The Favicon
Web interface (see Replacing the Corporate Logo with an Image on page 63). • If you are using the default AudioCodes corporate logo image in the Web interface, you can only customize the tab to display "AudioCodes" or the IP address.
Page 67 Access the device's command shell interface, by appending "FAE" (case-sensitive) to the device's IP address in your browser's URL address field (i.e., <IP address>/FAE). Click Cmd Shell. In the 'Command Line' field, type the following, and then click Enter: CTACI FAVICON Version 7.2 Mediant 4000 SBC...
Page 68: Creating A Login Welcome Message
Mediant 4000 SBC 6.2.5 Creating a Login Welcome Message You can create a personalized welcome message that is displayed on the Web Login screen. The message always begins with the title "Note" and has a color background, as shown in the example below: Figure 6-27: Creating Login Welcome Message ...
Page 69: Configuring Additional Management Interfaces
Figure 6-28: Additional Management Interfaces Table - Add Dialog Box Configure an additional management interface according to the parameters described in the table below. Click Apply, and then save your settings to flash memory. Additional Management Interfaces Table Parameter Descriptions Parameter Description General Version 7.2 Mediant 4000 SBC...
Page 70: Configuring Management User Accounts
Mediant 4000 SBC Parameter Description Index Defines an index number for the new table row. [AdditionalManagementInt Note: Each row must be configured with a unique index. erfaces_Index] Interface Name Assigns an IP network interface (from the IP Interfaces table) to the management interface.
Page 71 You can define additional Web user accounts using a RADIUS server (see ''RADIUS Authentication'' on page 233). The following procedure describes how to configure user accounts through the Web interface. You can also configure it through ini file (WebUsers) or CLI (configure system > user). Version 7.2 Mediant 4000 SBC...
Page 72 Mediant 4000 SBC  To configure management user accounts: Open the Local Users table (Setup menu > Administration tab > Web & CLI folder > Local Users). Click New; the following dialog box is displayed: Figure 6-29: Local Users Table - Dialog Box Configure a user account according to the parameters described in the table below.
Page 73 Access Settings' on page 76). These users can log in only after a user-defined timeout configured by the 'Block Duration' parameter (see below) or if their status is changed (to New or Valid) by a Security Administrator or Master. Version 7.2 Mediant 4000 SBC...
Page 74 Mediant 4000 SBC Parameter Description  Inactivity = The state is automatically set for users that have not accessed the Web interface for a user-defined number of days, set by the 'User Inactivity Timer' (see 'Configuring Web Session and Access Settings' on page 76). These users can only log in to the Web interface if their status is changed (to New or Valid) by a System Administrator or Master.
Page 75: Displaying Login Information Upon Login
Enable. Click Apply. Once enabled, each time you login to the device, the Login Information window is displayed, as shown in the example below: Figure 6-30: Login Information Window To close the window, click Close. Version 7.2 Mediant 4000 SBC...
Page 76: Viewing Logged-In User Information
Mediant 4000 SBC Viewing Logged-In User Information The username of the currently logged in user is displayed in the top-right corner of the Web interface. If you click the username (e.g., "Admin"), a pop-up callout appears: Figure 6-31: Logged-in User Information The following information is displayed: ...
Page 77: Changing Login Password For Administrator And Monitor Users
Local Users table (see ''Configuring Management User Accounts'' on page 70). • You can only change the password if the duration configured in the 'Password Change Interval' has elapsed (see ''Configuring Web Session and Access Settings'' on page 76). Version 7.2 Mediant 4000 SBC...
Page 78: Configuring Secured (Https) Web
Mediant 4000 SBC  To change the login password: Open the Web Settings page (Setup menu > Administration tab > Web & CLI folder > Web Settings). Figure 6-34: Changing Login Password for Administrator and Monitor User Levels In the 'Current Password' field, type in your current login password.
Page 79 This feature is enabled using the EnableMgmtTwoFactorAuthentication parameter. Note: For specific integration requirements for implementing a third-party smart card for Web login authentication, contact your AudioCodes representative.  To log in to the Web interface using CAC: Insert the Common Access Card into the card reader.
Page 80: Configuring Web And Telnet Access List
Mediant 4000 SBC 6.11 Configuring Web and Telnet Access List The Access List table lets you restrict access to the device's management interfaces (Web, Telnet and SSH) by specifying IP addresses (up to ten) of management clients that are permitted to access the device. Access to the device's management interfaces from undefined IP addresses is denied.
Page 81: Cli-Based Management
CLI Settings). Configure the following parameters: • 'Embedded Telnet Server': Select Enable Unsecured or Enable Secured (i.e, SSL) to enable Telnet. • 'Telnet Server TCP Port': Enter the port number of the embedded Telnet server. Version 7.2 Mediant 4000 SBC...
Page 82: Enabling Ssh With Rsa Public Key For Cli
Mediant 4000 SBC • 'Telnet Server Idle Timeout': Enter the duration of inactivity in the Telnet session after which the session automatically ends. Click Apply, and then reset the device with a save-to-flash for your settings to take effect. For a detailed description of the Telnet parameters, see ''Telnet Parameters'' on page 841.
Page 83 Under the 'Authentication parameters' group, click Browse and then locate the private key file that you created and saved in Step 4. Connect to the device with SSH using the username "Admin"; RSA key negotiation Version 7.2 Mediant 4000 SBC...
Page 84: Configuring Maximum Telnet/Ssh Sessions
Mediant 4000 SBC occurs automatically and no password is required.  To configure RSA public keys for Linux (using OpenSSH 4.3): Run the following command to create a new key in the admin.key file and to save the public portion to the admin.key.pub file: ssh-keygen -f admin.key -N ""...
Page 85: Viewing Current Cli Sessions
The current session from which this show command was run is displayed with an asterisk (*). Note: The device can display management sessions of up to 24 hours. After this time, the duration counter is reset. Version 7.2 Mediant 4000 SBC...
Page 86: Terminating A User's Cli Session
Mediant 4000 SBC Terminating a User's CLI Session You can terminate users that are currently logged in to the device's CLI. This applies to users logged in to the CLI through RS-232 (console), Telnet, or SSH.  To terminate the CLI session of a specific CLI user: Establish a CLI session with the device.
Page 87: Snmp-Based Management
8. SNMP-Based Management SNMP-Based Management The device provides an embedded SNMP agent that lets you manage it using AudioCodes One Voice Operations Center (OVOC) or a third-party SNMP manager. The SNMP agent supports standard and proprietary Management Information Base (MIBs). All supported MIB files are supplied to customers as part of the release.
Page 88 Mediant 4000 SBC For detailed descriptions of the SNMP parameters, see ''SNMP Parameters'' on page 842.  To configure SNMP community strings: Open the SNMP Community Settings page (Setup menu > Administration tab > SNMP folder > SNMP Community Settings).
Page 89: Configuring Snmp Trap Destinations With Ip Addresses
SNMPv3 destination. By default, traps are sent unencrypted using SNMPv2. The following procedure describes how to configure SNMP trap destinations through the Web interface. You can also configure it through ini file (SNMPManager) or CLI (configure system > snmp trap-destination). Version 7.2 Mediant 4000 SBC...
Page 90 Mediant 4000 SBC  To configure SNMP trap destinations: Open the SNMP Trap Destinations table (Setup menu > Administration tab > SNMP folder > SNMP Trap Destinations). Figure 8-2: SNMP Trap Destinations Table Configure the SNMP trap manager according to the table below.
Page 91: Configuring An Snmp Trap Destination With Fqdn
(as long as the community string is correct). The following procedure describes how to configure SNMP Trusted Managers through the Web interface. You can also configure it through ini file (SNMPTrustedMgr_x) or CLI (configure system > snmp settings > trusted-managers). Version 7.2 Mediant 4000 SBC...
Page 92: Enabling Snmp Traps For Web Activity
Mediant 4000 SBC  To configure SNMP Trusted Managers: Open the SNMP Trusted Managers table (Setup menu > Administration tab > SNMP folder > SNMP Trusted Managers). Figure 8-3: SNMP Trusted Managers Table Configure an IP address (in dotted-decimal notation) for one or more SNMP Trusted Managers.
Page 93 [0] None (default)  [1] DES [SNMPUsers_PrivProtocol]  [2] 3DES  [3] AES-128  [4] AES-192  [5] AES-256 Authentication Key Authentication key. Keys can be entered in the form of a text password Version 7.2 Mediant 4000 SBC...
Page 94 Mediant 4000 SBC Parameter Description auth-key or long hex string. Keys are always persisted as long hex strings and keys are localized. [SNMPUsers_AuthKey] Privacy Key Privacy key. Keys can be entered in the form of a text password or long hex string. Keys are always persisted as long hex strings and priv-key keys are localized.
Page 95: Ini File-Based Management
An exception is Index fields, which are mandatory. • The Format line must end with a semicolon ";".  Data line(s): Contain the actual values of the columns (parameters). The values are interpreted according to the Format line. Version 7.2 Mediant 4000 SBC...
Page 96 Mediant 4000 SBC • The first word of the Data line must be the table’s string name followed by the Index field. • Columns must be separated by a comma ",". • A Data line must end with a semicolon ";".
Page 97: General Ini File Formatting Rules
(!), for example: !CpMediaRealm 1 = "ITSP", "Voice", "", 60210, 2, 6030, 0, "", ""; • To restore the device to default settings through the ini file, see ''Restoring Factory Defaults'' on page 701. Version 7.2 Mediant 4000 SBC...
Page 98: Loading An Ini File To The Device
The file may be loaded to the device using HTTP. These protocols are not secure and are vulnerable to potential hackers. To overcome this security threat, the AudioCodes DConvert utility allows you to binary-encode (encrypt) the ini file before loading it to the device.
Page 99 $0$<plain text>: Password can be entered in plain text; useful for configuring a new password. When the ini file is loaded to the device and then later saved from the device to a PC, the password is displayed obscured (i.e., $1$<obscured password>). Version 7.2 Mediant 4000 SBC...
Page 100: Ini Viewer And Editor Utility
Mediant 4000 SBC INI Viewer and Editor Utility AudioCodes INI Viewer & Editor utility provides a user-friendly graphical user interface (GUI) that lets you easily view and modify the device's ini file. This utility is available from AudioCodes Web site at www.AudioCodes.com/downloads, and can be installed on any Windows-based PC.
Page 101: General System Settings
Part III General System Settings...
Page 103: Configuring Ssl/Tls Certificates
You can configure the device to check whether a peer's certificate has been revoked, using the OCSP. When OCSP is enabled, the device queries the OCSP server for revocation information whenever a Version 7.2 Mediant 4000 SBC...
Page 104 Mediant 4000 SBC peer certificate is received (TLS client mode, or TLS server mode with mutual authentication). Note: • The device does not query OCSP for its own certificate. • Some PKIs do not support OCSP, but generate Certificate Revocation Lists (CRLs).
Page 105 Defines the Datagram Transport Layer Security (DTLS) version, which is used to negotiate keys for SBC calls. [TLSContexts_DTLSVersion]  [0] Any (default)  [1] DTLSv1.0  [2] DTLSv1.2 DTLS secures UDP-based media streams (according to RFC 5763 Version 7.2 Mediant 4000 SBC...
Page 106 Mediant 4000 SBC Parameter Description and 5764). For more information on DTLS, see SRTP using DTLS Protocol on page 207. Cipher Server Defines the supported cipher suite for the TLS server (in OpenSSL cipher list format). ciphers-server The default is AES:RC4. For valid values, visit the OpenSSL website [TLSContexts_ServerCipherSt at https://www.openssl.org/docs/man1.0.2/apps/ciphers.html.
Page 107: Assigning Csr-Based Certificates To Tls Contexts
From the 'Signature Algorithm' drop-down list, select the hash function algorithm (SHA-1, SHA-256, or SHA-512) with which to sign the certificate. Fill in the rest of the request fields according to your security provider's instructions. Version 7.2 Mediant 4000 SBC...
Page 108 Mediant 4000 SBC Click the Create CSR button; a textual certificate signing request is displayed in the area below the button: Figure 10-1: Certificate Signing Request Group Copy the text and send it to your security provider (CA) to sign this request.
Page 109 • The certificate replacement process can be repeated whenever necessary (e.g., the new certificate expires). • You can also load the device certificate through the device's Automatic Provisioning mechanism, using the HTTPSCertFileName ini file parameter. Version 7.2 Mediant 4000 SBC...
Page 110: Viewing Certificate Information
Mediant 4000 SBC 10.3 Viewing Certificate Information You can view information of TLS certificates installed on the device per TLS Context.  To view certificate information: Open the TLS Contexts table (see ''Configuring TLS Certificate Contexts'' on page 103). Select a TLS Context row, and then click the Certificate Information link located below the table;...
Page 111: Assigning Externally Created Private Keys To Tls Contexts
Browse button corresponding to the 'Send Device Certificate file ...' text. After the files successfully load to the device, save the configuration with a device reset. Verify that the private key is correct: Open the TLS Contexts table. Version 7.2 Mediant 4000 SBC...
Page 112: Generating Private Keys For Tls Contexts
Mediant 4000 SBC Select the required TLS Context index row. Click the Certificate Information link located below the table. Make sure that the 'Private key' field displays "OK"; otherwise (i.e., displays "Does not match certificate"), consult with your security administrator.
Page 113: Creating Self-Signed Certificates For Tls Contexts
In the table, select the required TLS Context index row, and then click the Change Certificate link located below the table; the Change Certificates page appears. Under the Certificate Signing Request group, in the 'Subject Name [CN]' field, enter the fully-qualified DNS name (FQDN) as the certificate subject. Version 7.2 Mediant 4000 SBC...
Page 114: Importing Certificates Into Trusted Certificate Store
Mediant 4000 SBC Scroll down the page to the Generate New Private Key and Self-signed Certificate group: Figure 10-8: Generate new private key and self-signed certificate Group Click Generate Self-Signed Certificate; a message appears requesting you to confirm generation. Click OK to confirm generation; the device generates a new self-signed certificate...
Page 115 Save certificates to a folder on your PC: Select the required certificate, click Export, and then in the Export Certificate dialog box, browse to the folder on your PC where you want to save the file and click Export. Version 7.2 Mediant 4000 SBC...
Page 116: Configuring Mutual Tls Authentication
Mediant 4000 SBC 10.8 Configuring Mutual TLS Authentication This section describes how to configure mutual (two-way) TLS authentication. 10.8.1 TLS for SIP Clients When Secure SIP (SIPS) is implemented using TLS, it is sometimes required to use two- way (mutual) authentication between the device and a SIP user agent (client). When the device acts as the TLS server in a specific connection, the device demands the authentication of the SIP client’s certificate.
Page 117: Configuring Tls Server Certificate Expiry Check
Open the TLS Contexts table (see ''Configuring TLS Certificate Contexts'' on page 103). Select the required TLS Context index row, and then click the Change Certificate link located below the table; the Change Certificates page appears. Version 7.2 Mediant 4000 SBC...
Page 118 Mediant 4000 SBC Scroll down the page to the TLS Expiry Settings group: Figure 10-12: TLS Expiry Settings Group In the 'TLS Expiry Check Start' field, enter the number of days before the installed TLS server certificate is to expire when the device sends an SNMP trap event to notify of this.
Page 119: Network
The areas of the Network view is shown in the example below and described in the subsequent table. Note: The below figure is used only as an example; your device may show different Ethernet Groups and Ethernet ports. Figure 11-1: Network View (Example) Version 7.2 Mediant 4000 SBC...
Page 120 Mediant 4000 SBC Table 11-1: Description of Network View Item # Description Configures and displays IP Interfaces. The IP Interface appears as an icon, displaying the application type ("OCM" for OAMP, "C" for Control, and "M" for Media), row index number, name, and IP address, as shown in the...
Page 121 125. To open the Ethernet Groups table, click any Ethernet Group icon, and then from the drop- down menu, choose View List. You can then view and edit all the Ethernet Groups in the table. Version 7.2 Mediant 4000 SBC...
Page 122: Configuring Physical Ethernet Ports
Mediant 4000 SBC Item # Description Configures and displays the device's Ethernet ports. To configure an Ethernet port: Click the required port icon, and then from the drop-down menu, choose Edit; the Physical Ports table opens with a dialog box for editing the Ethernet port.
Page 123 Open the Physical Ports table (Setup menu > IP Network tab > Core Entities folder > Physical Ports). Select a port that you want to configure, and then click Edit; the following dialog box appears: Version 7.2 Mediant 4000 SBC...
Page 124 Mediant 4000 SBC Configure the port according to the parameters described in the table below. Click Apply, and then save your settings to flash memory. Table 11-2: Physical Ports Table Parameter Descriptions Parameter Description General Index (Read-only) Displays the index number for the table row.
Page 125: Configuring Ethernet Port Groups
Ports with the same MAC address (e.g., GE 1-4 ports) must each be connected to a different Layer-2 switch. • When implementing 1+1 Ethernet port redundancy, each port in the Ethernet Group (port pair) must be connected to a different switch (but in the same subnet). Version 7.2 Mediant 4000 SBC...
Page 126 Mediant 4000 SBC  To configure Ethernet Groups: Open the Ethernet Groups table (Setup menu > IP Network tab > Core Entities folder > Ethernet Groups). Select the Ethernet Group that you want to configure, and then click Edit; the following...
Page 127: Configuring Underlying Ethernet Devices
Note: You cannot delete an Ethernet Device that is associated with an IP network interface (in the IP Interfaces table). You can only delete it once you have disassociated it from the IP network interface. Version 7.2 Mediant 4000 SBC...
Page 128 Mediant 4000 SBC The following procedure describes how to configure Ethernet Devices through the Web interface. You can also configure it through ini file (DeviceTable) or CLI (configure network > network-dev).  To configure an Ethernet Device: Open the Ethernet Devices table (Setup menu > IP Network tab > Core Entities folder >...
Page 129: Configuring Ip Network Interfaces
This can be achieved by employing Layer-2 VLANs and Layer-3 subnets. The figure below illustrates a typical network architecture where the device is configured with Version 7.2 Mediant 4000 SBC...
Page 130 Mediant 4000 SBC three network interfaces, each representing the OAMP, call control, and media applications. The device is connected to a VLAN-aware switch for directing traffic from and to the device to the three separated Layer-3 broadcast domains according to VLAN tags (middle pane).
Page 131 Open the IP Interfaces table (Setup menu > IP Network tab > Core Entities folder > IP Interfaces). Click New; the following dialog box appears: Figure 11-3: IP Interfaces Table - Dialog Box Configure the IP network interface according to the parameters described in the table below. Click Apply. Version 7.2 Mediant 4000 SBC...
Page 132 Mediant 4000 SBC Note: • If you modify the OAMP interface's address, after clicking Apply you will lose connectivity with the device and need to access the device with the new address. • If you edit or delete an IP interface, current calls using the interface are immediately terminated.
Page 133 When traffic is sent from this interface to an unknown gateway destination (i.e., not in the same subnet and not defined for any [InterfaceTable_Gateway] static routing rule), it is forwarded to this default gateway. By default, no value is defined. Version 7.2 Mediant 4000 SBC...
Page 134: Assigning Ntp Services To Application Types
Mediant 4000 SBC Parameter Description Primary DNS Defines the primary DNS server's IP address (in dotted-decimal notation), which is used for translating domain names into IP primary-dns addresses for the interface. [InterfaceTable_PrimaryDNSServe By default, no IP address is defined. rIPAddress]...
Page 135: Networking Configuration Examples
OAMP, one for Call Control, and one for RTP Media, and each with a different VLAN ID and default gateway: Table 11-8: Example of VoIP Interfaces per Application Type in IP Interfaces table Application Interface Prefix Default Ethernet Index IP Address Name Type Mode Length Gateway Device Version 7.2 Mediant 4000 SBC...
Page 136: Voip Interfaces For Combined Application Types
Mediant 4000 SBC Application Interface Prefix Default Ethernet Index IP Address Name Type Mode Length Gateway Device OAMP IPv4 192.168.0.2 192.168.0.1 ManagementIF Manual Control IPv4 200.200.85.14 200.200.85.1 myControlIF Manual Media IPv4 211.211.85.14 211.211.85.1 myMediaIF Manual Static Routes table: A routing rule is required to allow remote management from a host in 176.85.49.0 / 24:...
Page 137: Voip Interfaces With Multiple Default Gateways
The Static Routes table lets you configure up to 30 static IP routing rules. Static routes let you communicate with LAN networks that are not located behind the Default Gateway that is specified for an IP network interface in the IP Interfaces table, from which the packets Version 7.2 Mediant 4000 SBC...
Page 138 Mediant 4000 SBC are sent. Before sending an IP packet, the device searches the Static Routes table for an entry that matches the requested destination host/network. If an entry is found, the device sends the packet to the gateway that is configured for the static route. If no explicit entry is found, the packet is sent to the Default Gateway as configured for the IP interface in the IP Interfaces table.
Page 139 (using the 'Ethernet Output Device' parameter - see above).  The IP network interface associated with the static route must be of the same IP address family (IPv4 or IPv6). Version 7.2 Mediant 4000 SBC...
Page 140: Configuration Example Of Static Ip Routes
Mediant 4000 SBC 11.6.1 Configuration Example of Static IP Routes An example of the use for static routes is shown in the figure below. In the example, the device needs to communicate with a softswitch at IP address 10.1.1.10. However, the IP network interface from which packets destined for 10.1.1.10 is sent, is configured to send...
Page 141: Troubleshooting The Static Routes Table
If configured, uses the NAT Translation table which configures NAT per IP network interface - see Configuring NAT Translation per IP Interface on page 142. If NAT is not configured by any of the above-mentioned methods, the device sends the packet according Version 7.2 Mediant 4000 SBC...
Page 142: Configuring Nat Translation Per Ip Interface
Mediant 4000 SBC The figure below illustrates the NAT problem faced by SIP networks when the device is located behind a NAT: Figure 11-5: Device behind NAT and NAT Issues 11.7.1.1 Configuring NAT Translation per IP Interface The NAT Translation table lets you configure up to 32 network address translation (NAT) rules for translating source IP addresses into NAT IP addresses (global - public) when the device is located behind NAT.
Page 143 Defines the optional starting port range (0-65535) of the global address. If not configured, the ports are not replaced. target-start-port Matching source ports are replaced with the target ports. [NATTranslation_TargetStartPort] This address is set in the SIP Via and Contact headers and Version 7.2 Mediant 4000 SBC...
Page 144: Remote Ua Behind Nat
Mediant 4000 SBC Parameter Description in the 'o=' and 'c=' SDP fields. Target End Port Defines the optional ending port range (0-65535) of the global address. If not configured, the ports are not replaced. target-end-port Matching source ports are replaced with the target ports.
Page 145: Media (Rtp/Rtcp/T.38)
UA. • UA not behind NAT: The device sends the packets to the IP address:port specified in the SDP 'c=' line (Connection) of the first received SIP message. Version 7.2 Mediant 4000 SBC...
Page 146 Mediant 4000 SBC Note: If the SIP session is established (ACK) and the device (not the UA) sends the first packet, it sends it to the address obtained from the SIP message and only after the device receives the first packet from the UA does it determine whether the UA is behind NAT.
Page 147 STUN binding requests sent on the RTP and RTCP ports. ICE tries each candidate and selects the one that works (i.e., media can flow between the clients). The following figure shows a simple illustration of ICE: Version 7.2 Mediant 4000 SBC...
Page 148: Configuring Quality Of Service
Mediant 4000 SBC The device's support for ICE-Lite means that it does not initiate the ICE process. Instead, it supports remote endpoints that initiate ICE to discover their workable public IP address with the device. Therefore, the device supports the receipt of STUN binding requests for connectivity checks of ICE candidates and responds to them with STUN responses.
Page 149 Click New; the following dialog box appears: Figure 11-10: Configuring Class of Service Configure DiffServ values per CoS according to the parameters described in the table below. Click Apply, and then save your settings to flash memory. Version 7.2 Mediant 4000 SBC...
Page 150: Configuring Diffserv-To-Vlan Priority Mapping
Mediant 4000 SBC Table 11-17: QoS Settings Parameter Descriptions Parameter Description Media Premium QoS Defines the DiffServ value for Premium Media CoS content. media-qos The valid range is 0 to 63. The default is 46. [PremiumServiceClassMediaDiffServ] Note: You can also configure the the parameter per IP Profile (IpProfile_IPDiffServ).
Page 151: Configuring Icmp Messages
This feature is applicable to IPv4 and IPv6 addressing schemes. The following procedure describes how to configure ICMP messaging through the Web interface. You can also configure it through ini file - DisableICMPUnreachable (ICMP Unreachable messages) and DisableICMPRedirects (ICMP Redirect messages). Version 7.2 Mediant 4000 SBC...
Page 152: Dns
Mediant 4000 SBC  To configure handling of ICMP messages: Open the Network Settings page (Setup menu > IP Network tab > Advanced folder > Network Settings). Figure 11-12: Configuring ICMP Messaging Under the ICMP group, do the following: •...
Page 153: Configuring The Internal Srv Table
11.10.2 Configuring the Internal SRV Table The Internal SRV table resolves host names to DNS A-Records. Three different A-Records can be assigned to each host name, where each A-Record contains the host name, priority, weight, and port. Version 7.2 Mediant 4000 SBC...
Page 154 Mediant 4000 SBC Note: The device first attempts to resolve a domain name using the table. If the domain is not configured in the table, the device performs a Service Record (SRV) resolution using an external DNS server, configured in the IP Interfaces table (see ''Configuring IP Network Interfaces'' on page 129).
Page 155 Defines a relative weight for records with the same priority. weight-1|2|3 By default, no value is defined. [Srv2Ip_Weight1/2/3] Port (1-3) Defines the TCP or UDP port on which the service is to be found. port-1|2|3 By default, no value is defined. [Srv2Ip_Port1/2/3] Version 7.2 Mediant 4000 SBC...
Page 156: Robust Receipt Of Media Streams By Media Latching
Mediant 4000 SBC 11.11 Robust Receipt of Media Streams by Media Latching The Robust Media mechanism (or media latching) is an AudioCodes proprietary mechanism to filter out unwanted media (RTP, RTCP, SRTP, SRTCP, and T.38) streams that are sent to the same port number of the device. Media ports may receive additional multiple unwanted media streams (from multiple sources of traffic) as result of traces of previous calls, call control errors, or deliberate malicious attacks (e.g., Denial of Service).
Page 157 User's Manual 11. Network Click Apply, and then save your settings to flash memory. Version 7.2 Mediant 4000 SBC...
Page 158: Multiple Routers Support
Mediant 4000 SBC 11.12 Multiple Routers Support Multiple routers support is designed to assist the device when it operates in a multiple routers network. The device learns the network topology by responding to Internet Control Message Protocol (ICMP) redirections and caches them as routing rules (with expiration time).
Page 159: Date And Time
• In the 'NTP Authentication Key Identifier' field, configure the NTP authentication key identifier. • In the 'NTP Authentication Secret Key' field, configure the secret authentication key shared between the device and the NTP server. Version 7.2 Mediant 4000 SBC...
Page 160: Configuring Date And Time Manually
Mediant 4000 SBC Verify that the device has received the correct date and time from the NTP server. The date and time is displayed in the 'UTC Time' read-only field under the Time Zone group. Note: If the device does not receive a response from the NTP server, it polls the NTP server for 10 minutes.
Page 161: Configuring The Time Zone
UTC. For example, if your region is GMT +1 (an hour ahead), enter "1" in the 'Hours' field. Click Apply; the updated time is displayed in the 'UTC Time' read-only field and the fields under the Local Time group. Version 7.2 Mediant 4000 SBC...
Page 162: Configuring Daylight Saving Time
Mediant 4000 SBC 12.4 Configuring Daylight Saving Time You can apply daylight saving time (DST) to the date and time of the device. DST defines a date range in the year (summer) where the time is brought forward so that people can experience more daylight.
Page 163: General Voip Configuration
Part IV General VoIP Configuration...
Page 165: Security
The matched rule can permit (allow) or deny (block) the packet. Once a rule in the table is located, subsequent rules further down the table are ignored. If the end of the table is reached without a match, the packet is accepted. Version 7.2 Mediant 4000 SBC...
Page 166 Mediant 4000 SBC Note: • The rules configured by the Firewall table apply to a very low-level network layer and overrides all other security-related configuration. Thus, if you have configured higher-level security features (e.g., on the Application level), you must also configure firewall rules to permit this necessary traffic.
Page 167 The IP address of the sender of the incoming packet is trimmed in accordance with the prefix length (in bits) and then compared to the parameter ‘Source IP’. The default is 0 (i.e., applies to all packets). You must change Version 7.2 Mediant 4000 SBC...
Page 168 Mediant 4000 SBC Parameter Description this value to any of the above options. Note: A value of 0 applies to all packets, regardless of the defined IP address. Therefore, you must set the parameter to a value other than 0.
Page 169 50000 Action Upon Match Allow Allow Allow Allow Block The firewall rules in the above configuration example do the following:  Rules 1 and 2: Typical firewall rules that allow packets ONLY from specified IP Version 7.2 Mediant 4000 SBC...
Page 170: Configuring General Security Settings
Mediant 4000 SBC addresses (e.g., proxy servers). Note that the prefix length is configured.  Rule 3: A more "advanced” firewall rule - bandwidth rule for ICMP, which allows a maximum bandwidth of 40,000 bytes/sec with an additional allowance of 50,000 bytes.
Page 171: Intrusion Detection System
IDS rules. Each rule defines a type of malicious attack to detect and the number of attacks during an interval (threshold) before an SNMP trap is sent. Each policy is then applied to a target under attack (SIP interface) and/or source of attack (Proxy Set and/or subnet address). Version 7.2 Mediant 4000 SBC...
Page 172: Enabling Ids
Mediant 4000 SBC 13.3.1 Enabling IDS The following procedure describes how to enable IDS.  To enable IDS: Open the IDS General Settings page (Setup menu > Signaling & Media tab > Intrusion Detection folder >IDS General Settings). Figure 13-3: Enabling IDS From the 'Intrusion Detection System' drop-down list, select Enable.
Page 173 The valid value is a string of up to 100 characters. [IDSPolicy_Description] In the IDS Policies table, select the required IDS Policy row, and then click the IDS Rule link located below the table; the IDS Rule table opens. Version 7.2 Mediant 4000 SBC...
Page 174 Mediant 4000 SBC Click New; the following dialog box appears: Figure 13-6: IDS Rule Table - Add Dialog Box The figure above shows a configuration example: If 15 malformed SIP messages ('Reason') are received within a period of 30 seconds ('Threshold Window'), a minor alarm is sent ('Minor-Alarm Threshold').
Page 175 [IDSRule_MajorAlarmThreshold] defined. Critical-Alarm Threshold Defines the threshold that if crossed a critical severity alarm is sent. critical-alrm-thr The valid range is 1 to 1,000,000. A value of 0 or -1 means not [IDSRule_CriticalAlarmThreshold] defined. Deny Version 7.2 Mediant 4000 SBC...
Page 176: Assigning Ids Policies
Mediant 4000 SBC Parameter Description Deny Threshold Defines the threshold that if crossed, the device blocks (blacklists) the remote host (attacker). deny-thr The default is -1 (i.e., not configured). [IDSRule_DenyThreshold] Note: The parameter is applicable only if the 'Threshold Scope' parameter is set to IP or IP+Port.
Page 177 !10.1.0.0/16 & !10.2.2.2: includes all addresses except those of subnet 10.1.0.0/16 and IP address 10.2.2.2. Note that the exclamation mark "!" appears before each subnet.  10.1.0.0/16 & !10.1.1.1: includes subnet 10.1.0.0/16, except IP address 10.1.1.1. Version 7.2 Mediant 4000 SBC...
Page 178: Viewing Ids Alarms
Mediant 4000 SBC Parameter Description Policy Assigns an IDS Policy (configured in ''Configuring IDS Policies'' on page 172). policy [IDSMatch_Policy] 13.3.4 Viewing IDS Alarms For the IDS feature, the device sends the following SNMP traps:  Traps that notify the detection of malicious attacks: •...
Page 179 Malicious signature pattern detected establish-malicious- signature-db-reject   Requests and responses without a matching flow-no-match-tu Abnormal Flow transaction user (except ACK requests)  flow-no-match-  Requests and responses without a matching transaction transaction (except ACK requests) Version 7.2 Mediant 4000 SBC...
Page 180 Mediant 4000 SBC This page is intentionally left blank. User's Manual Document #: LTRT-42025...
Page 181: Media
(non-linear) of the received signal (i.e., from the speaker) which find their way from multiple reflections such as walls and windows into the transmitted signal (i.e., microphone). Therefore, the party at the far end hears his / her Version 7.2 Mediant 4000 SBC...
Page 182 Mediant 4000 SBC echo. The device removes these echoes and sends only the near-end’s desired speech signal to the network (i.e., to the far-end party). The echo is composed of a linear part and a nonlinear part. However, in the Acoustic Echo Canceler, a substantial part of the echo is non-linear echo.
Page 183: Fax And Modem Capabilities
During a call, when a fax/modem signal is detected, transition from voice to VBD (or T.38) is automatically performed and no additional SIP signaling is required. If negotiation fails (i.e., no match is achieved for Version 7.2 Mediant 4000 SBC...
Page 184: Fax/Modem Transport Modes
Mediant 4000 SBC any of the transport capabilities), fallback to existing logic occurs (according to the parameter IsFaxUsed). 14.2.2 Fax/Modem Transport Modes The device supports the following transport modes for fax per modem type (V.22/V.23/Bell/V.32/V.34):  T.38 fax relay (see ''T.38 Fax Relay Mode'' on page 184) ...
Page 185 T.38 Relay (FaxTransportMode = 1). Configure the following optional parameters: • 'Fax Relay Redundancy Depth' (FaxRelayRedundancyDepth) • 'Fax Relay Enhanced Redundancy Depth' (FaxRelayEnhancedRedundancyDepth) • 'Fax Relay ECM Enable' (FaxRelayECMEnable) • 'Fax Relay Max Rate' (FaxRelayMaxRate) Version 7.2 Mediant 4000 SBC...
Page 186: Fax / Modem Transport Mode
RTP method is used, whereby the device encapsulates the entire T.38 packet (payload with all its headers) in the sent RTP. For T.38 over RTP, AudioCodes devices use the proprietary identifier "AcUdptl" in the 'a=ftmp' line of the SDP. For example: o=AudiocodesGW 1357424688 1357424660 IN IP4 10.8.6.68...
Page 187: Fax Fallback
When the device initiates a fax session using G.711, a ‘gpmd’ attribute is added to the SDP according to the following format:  For G.711A-law: a=gpmd:0 vbd=yes;ecan=on  For G.711 µ-law: a=gpmd:8 vbd=yes;ecan=on In this mode, the 'Fax Transport Mode' (FaxTransportMode) parameter is ignored and automatically set to Disable (transparent mode). Version 7.2 Mediant 4000 SBC...
Page 188: Fax/Modem Bypass Mode
Mediant 4000 SBC  To configure fax fallback mode: Open the Gateway General Settings page (Setup menu > Signaling & Media tab > Gateway folder > Gateway General Settings), and then from the 'Fax Signaling Method' drop-down list (IsFaxUsed), select Fax Fallback: Figure 14-8: Configuring Fax Signaling to Fallback Click Apply.
Page 189: Fax / Modem Nse Mode
INVITE messages are sent. The voice channel is optimized for fax/modem transmission (same as for usual bypass mode). The parameters defining payload type for AudioCodes proprietary Bypass mode -- 'Fax Bypass Payload Type' (RTP/RTCP Settings page) and ModemBypassPayloadType (ini file) -- are not used with NSE Bypass.
Page 190: Fax / Modem Transparent With Events Mode
Mediant 4000 SBC Set the 'V.22 Modem Transport Type' parameter to Enable Bypass (V22ModemTransportType = 2). Set the 'V.23 Modem Transport Type' parameter to Enable Bypass (V23ModemTransportType = 2). Set the 'V.32 Modem Transport Type' parameter to Enable Bypass (V32ModemTransportType = 2).
Page 191: Rfc 2833 Ans Report Upon Fax/Modem Detection
V.34 fax machines can transmit data over IP to the remote side using various methods. The device supports the following modes for transporting V.34 fax data over IP:  Bypass mechanism for V.34 fax transmission (see ''Bypass Mechanism for V.34 Fax Transmission'' on page 192) Version 7.2 Mediant 4000 SBC...
Page 192: Bypass Mechanism For V.34 Fax Transmission
Mediant 4000 SBC  T.38 Version 0 relay mode, i.e., fallback to T.38 (see ''Relay Mode for T.30 and V.34 Faxes'' on page 192) Note: The CNG detector is disabled in all the subsequent examples. To disable the CNG detector, set the 'CNG Detector Mode' parameter (CNGDetectorMode) to Disable.
Page 193: Support
To minimize this problem, the device uses a jitter buffer. The jitter buffer collects voice packets, stores them and sends them to the voice processor in evenly spaced intervals. The device uses a dynamic jitter buffer that can be configured with the following: Version 7.2 Mediant 4000 SBC...
Page 194 Mediant 4000 SBC  Minimum delay: Defines the starting jitter capacity of the buffer. For example, at 0 msec, there is no buffering at the start. At the default level of 10 msec, the device always buffers incoming packets by at least 10 msec worth of voice frames.
Page 195: Configuring Rfc 2833 Payload
However, the port range of the Media Realm must be within the range configured by the BaseUDPPort parameter. The following procedure describes how to configure the RTP base UDP port through the Web interface. Version 7.2 Mediant 4000 SBC...
Page 196: Configuring Invalid Rtp/Rtcp Packet Handling
Mediant 4000 SBC  To configure the RTP base UDP port: Open the RTP/RTCP Settings page (Setup menu > Signaling & Media tab > Media folder > RTP/RTCP Settings). In the 'RTP Base UDP Port' field, configure the lower boundary of the UDP port range.
Page 197 Ringtone the events that you want to detect.  Beep (greeting message of Install the CPT file on the device. answering message) Note: To configure beep detection, see Detecting Answering Machine Beep on page 198. Version 7.2 Mediant 4000 SBC...
Page 198: Detecting Answering Machine Beeps
Mediant 4000 SBC 14.4.1 Detecting Answering Machine Beeps The device can detect the "beep" sound played by an answering machine that indicates the end of the answering machine's greeting message. This is useful in that the device can then notify, for example, a third-party, application server that it can now leave a voice message on the answering machine.
Page 199 The device receives a SIP message containing the X-Detect header from the remote application requesting beep detection: INVITE sip:101@10.33.2.53;user=phone SIP/2.0 Via: SIP/2.0/UDP 10.33.2.53;branch=z9hG4bKac5906 Max-Forwards: 70 From: "anonymous" <sip:anonymous@anonymous.invalid>;tag=1c25298 To: <sip:101@10.33.2.53;user=phone> Version 7.2 Mediant 4000 SBC...
Page 200: Answering Machine Detection (Amd)
The device's default AMD feature is based on voice detection for North American English (see note below). It uses AudioCodes' sophisticated speech detection algorithms which are based on hundreds of real-life recordings of answered calls by live voice and answering machines in English.
Page 201 AudioCodes sales representative for more information on this service. You will be typically required to provide AudioCodes with a database of recorded voices (calls) in the language on which the device's AMD feature can base its voice detector algorithms.
Page 202 Mediant 4000 SBC Table 14-2: Approximate AMD Normal Detection Sensitivity - Parameter Suite 0 (Based on North American English) Performance AMD Detection Sensitivity Success Rate for Live Calls Success Rate for Answering Machine 0 (Best for Answering Machine) 82.56% 97.10% 85.87%...
Page 203: Configuring Amd
(AMDBeepDetectionSensitivity), enter the AMD beep detection sensitivity level. Click Apply, and then reset the device with a save-to-flash for your settings to take effect. For a complete list of AMD-related parameters, see ''IP Media Parameters'' on page 941. Version 7.2 Mediant 4000 SBC...
Page 204: Automatic Gain Control (Agc)
Mediant 4000 SBC 14.6 Automatic Gain Control (AGC) Automatic Gain Control (AGC) adjusts the energy of the output signal to a required level (volume). This feature compensates for near-far gain differences. AGC estimates the energy of the incoming signal from the IP, determined by the 'AGC Redirection' parameter, calculates the essential gain, and then performs amplification.
Page 205: Configuring Media (Srtp) Security
SDP offer 'a=crypto' line in the SDP answer. You can enable symmetric MKI globally (using the EnableSymmetricMKI parameter) or per SIP entity (using the IP Profile parameter, IpProfile_EnableSymmetricMKI and IpProfile_SBCEnforceMKISize). For more information on symmetric MKI, see ''Configuring IP Profiles'' on page 424. Version 7.2 Mediant 4000 SBC...
Page 206 Mediant 4000 SBC configure enforcement policy SRTP, using IpProfile_SBCMediaSecurityBehaviour parameter. For example, if negotiation of the cipher suite fails or if incoming calls exclude encryption information, the device can be configured to reject the calls. You can also enable the device to validate the authentication of packets for SRTP tunneling for RTP and RTCP.
Page 207: Srtp Using Dtls Protocol
Open the IP Profiles table (see ''Configuring IP Profiles'' on page 424) and for the IP Profile associated with the SIP entity, configure the following: • Configure the 'SBC Media Security Mode' parameter (IPProfile_SBCMediaSecurityBehavior) to SRTP or Both. • Configure the 'Media Security Method' parameter (IPProfile_SBCMediaSecurityMethod) to DTLS. Version 7.2 Mediant 4000 SBC...
Page 208 Mediant 4000 SBC • Configure the 'RTCP Mux' parameter (IpProfile_SBCRTCPMux) to Supported. Multiplexing is required as the DTLS handshake is done for the port used for RTP and thus, RTCP and RTP must be multiplexed onto the same port. •...
Page 209: Services
DHCP Server Identifier Option 51 IP Address Lease Time Option 1 Subnet Mask Option 3 Router Option 6 Domain Name Server Option 44 NetBIOS Name Server Option 46 NetBIOS Node Type Option 42 Network Time Protocol Server Version 7.2 Mediant 4000 SBC...
Page 210 Mediant 4000 SBC DHCP Option Code DHCP Option Name Option 2 Time Offset Option 66 TFTP Server Name Option 67 Boot file Name Option 120 SIP Server Once you have configured the DHCP server, you can configure the following: ...
Page 211 Note: The IP address must belong to the same subnet as the associated interface’s IP address. End IP Address Defines the ending IP address (IPv4 address in dotted-decimal format) of the IP address pool range used by the DHCP server end-address Version 7.2 Mediant 4000 SBC...
Page 212 Mediant 4000 SBC Parameter Description [DhcpServer_EndIPAddress] to allocate addresses. The default value is 192.168.0.149. Note: The IP address must belong to the same subnet as the associated interface’s IP address and must be "greater or equal" to the starting IP address defined in 'Start IP Address'.
Page 213 SIP requests. The value is sent in DHCP [DhcpServer_SipServer] Option 120 (SIP Server). After defining the parameter, use the 'SIP server type' parameter (see below) to define the type of Version 7.2 Mediant 4000 SBC...
Page 214: Configuring The Vendor Class Identifier
The VCI is a string that identifies the vendor and functionality of a DHCP client to the DHCP server. For example, Option 60 can show the unique type of hardware (e.g., "AudioCodes 440HD IP Phone") or firmware of the DHCP client. The DHCP server can then differentiate between DHCP clients and process their requests accordingly.
Page 215: Configuring Additional Dhcp Options
Open the DHCP Servers table (see ''Configuring the DHCP Server'' on page 209). Select the row of the desired DHCP server for which you want to configure additional DHCP Options, and then click the DHCP Option link located below the table; the DHCP Option table opens. Version 7.2 Mediant 4000 SBC...
Page 216 Mediant 4000 SBC Click New; the following dialog box appears: Figure 15-3: DHCP Option Table - Add Dialog Box Configure additional DHCP Options for the DHCP server according to the parameters described in the table below. Click Apply. Table 15-4: DHCP Option Table Parameter Descriptions...
Page 217: Configuring Static Ip Addresses For Dhcp Clients
Select the row of the desired DHCP server for which you want to configure static IP addresses for DHCP clients, and then click the DHCP Static IP link located below the table; the DHCP Static IP table opens. Version 7.2 Mediant 4000 SBC...
Page 218: Viewing And Deleting Dhcp Clients
Mediant 4000 SBC Click New; the following dialog box appears: Figure 15-4: DHCP Static IP Table - Add Dialog Box Configure a static IP address for a specific DHCP client according to the parameters described in the table below. Click Apply.
Page 219: Sip-Based Media Recording
SIP that will manage delivery of RTP media to a recording device. The siprec protocol is based on RFC 6341 (Use Cases and Requirements for SIP-Based Media Recording), Session Recording Protocol (draft-ietf-siprec-protocol-02), and Architecture (draft-ietf-siprec-architecture-03). Version 7.2 Mediant 4000 SBC...
Page 220 Mediant 4000 SBC Warning for Deployments in France: The device supports SIP-based Media Recording (SIPREC) according to RFC 6341. As such, you must adhere to the Commission Nationale Informatique Libert‫’י‬s (CNIL) directive (https://www.cnil.fr/en/rights-and-obligations) and be aware that article R226-15 applies penalties to the malicious interception, diversion, use or disclosure of correspondence sent, transmitted or received by means of telecommunication, or the setting up of a device designed to produce such interceptions.
Page 221 SRS instead (which now becomes the active SRS). For new calls, if the device receives no response or a reject response from the active SRS to its' sent INVITE message, the device sends the recorded call to the standby SRS. Figure 15-7: Multiple SRSs (Standalone and Redundancy) Version 7.2 Mediant 4000 SBC...
Page 222 Mediant 4000 SBC Note: • The device can send recordings (media) to up to three active SRSs. In other words, any one of the following configurations are supported: √ Up to three standalone (active) SRSs. √ Up to three active-standby SRS pairs (i.e., six SRSs, but recordings are sent only to the three active SRSs).
Page 223 0-15 m=audio 6030 RTP/AVP 8 96 c=IN IP4 10.33.8.70 a=ptime:20 a=sendonly a=label:2 a=rtpmap:8 PCMA/8000 a=rtpmap:96 telephone-event/8000 a=fmtp:96 0-15 --boundary_ac1fffff85b Content-Type: application/rs-metadata Content-Disposition: recording-session <?xml version="1.0" encoding="UTF-8"?> <recording xmlns='urn:ietf:params:xml:ns:recording'> <datamode>complete</datamode> <group id="00000000-0000-0000-0000-00003a36c4e3"> <associate-time>2010-01-24T01:11:57Z</associate-time> </group> <session id="0000-0000-0000-0000-00000000d0d71a52"> Version 7.2 Mediant 4000 SBC...
Page 224: Enabling Sip-Based Media Recording
Mediant 4000 SBC <group-ref>00000000-0000-0000-0000-00003a36c4e3</group-ref> <start-time>2010-01-24T01:11:57Z</start-time> <ac:AvayaUCID xmlns="urn:ietf:params:xml:ns:Avaya">FA080030C4E34B5B9E59</ac:Avay aUCID> </session> <participant id="1056" session="0000-0000-0000-0000- 00000000d0d71a52"> <nameID aor="1056@192.168.241.20"></nameID> <associate-time>2010-01-24T01:11:57Z</associate-time> <send>00000000-0000-0000-0000-1CF23A36C4E3</send> <recv>00000000-0000-0000-0000-BF583A36C4E3</recv> </participant> <participant id="182052092" session="0000-0000-0000-0000- 00000000d0d71a52"> <nameID aor="182052092@voicelab.local"></nameID> <associate-time>2010-01-24T01:11:57Z</associate-time> <recv>00000000-0000-0000-0000-1CF23A36C4E3</recv> <send>00000000-0000-0000-0000-BF583A36C4E3</send> </participant> <stream id="00000000-0000-0000-0000-1CF23A36C4E3" session="0000- 0000-0000-0000-00000000d0d71a52"> <label>1</label> </stream> <stream id="00000000-0000-0000-0000-BF583A36C4E3" session="0000- 0000-0000-0000-00000000d0d71a52"> <label>2</label>...
Page 225: Configuring Sip Recording Rules
IP Group "SRS-1" is the active SRS and IP Group "SRS-2" the standby SRS. Configure a SIP recording rule according to the parameters described in the table below. Click Apply, and then save your settings to flash memory. Version 7.2 Mediant 4000 SBC...
Page 226 Mediant 4000 SBC Table 15-6: SIP Recording Rules Table Parameter Descriptions Parameter Description General Index Defines an index number for the new table record. [SIPRecRouting_Index] Recorded IP Group Defines the IP Group participating in the call and the recording is done on the leg interfacing with this recorded-ip-group-name IP Group.
Page 227: Using Conditions For Starting A Siprec Session
'Call Setup Rules Set ID': 1 In the Message Conditions table (see Configuring Message Condition Rules on page 406), click New, and then configure a Message Condition rule with the following properties: • 'Index': 0 • 'Name': CallRec Version 7.2 Mediant 4000 SBC...
Page 228: Configuring Sip User Part For Srs
SIP message, typically in the INVITE and the first 18x response. If the device receives a SIP message with Genesys SIP header, it adds the header's information to AudioCodes' proprietary tag in the XML metadata of the SIP INVITE that it sends to the recording server, as shown below: <ac:GenesysUUID...
Page 229: Radius-Based Services
When the primary RADIUS server is down, the device sends a RADIUS request twice (one retransmission) and if both fail (i.e., no response), the device considers the server as down and attempts to send requests to the next server. The device continues Version 7.2 Mediant 4000 SBC...
Page 230 Mediant 4000 SBC sending RADIUS requests to the redundant RADIUS server even if the primary server returns to service later on. However, if a device reset occurs or a switchover occurs in a High-Availability (HA) system, the device sends RADIUS requests to the primary RADIUS server.
Page 231 When set to 0, RADIUS-based login authentication is not implemented. The valid value is 0 to any integer. The default is 1645. Accounting Port Defines the port of the RADIUS Accounting server to where the Version 7.2 Mediant 4000 SBC...
Page 232: Configuring Interface For Radius Communication
Mediant 4000 SBC Parameter Description acc-port device sends accounting data of SIP calls as call detail records (CDR). When set to any value other than 0, the RADIUS server [RadiusServers_AccountingPort] is used by the device for RADIUS-based accounting (CDR). When set to 0, RADIUS-based accounting is not implemented.
Page 233: Configuring The Radius Vendor Id
Local Users table (see ''Configuring Management User Accounts'' on page 70). However, you can configure the device to use the Local Users table as a fallback mechanism if the RADIUS server does not respond. Version 7.2 Mediant 4000 SBC...
Page 234: Setting Up A Third-Party Radius Server
Mediant 4000 SBC When RADIUS authentication is used, the RADIUS server stores the user accounts - usernames, passwords, and access levels (authorization). When a management user (client) tries to access the device, the device sends the RADIUS server the user's username and password for authentication.
Page 235: Configuring Radius-Based User Authentication
RADIUS servers, see ''Configuring Management User Accounts'' on page 70. # AudioCodes VSA dictionary VENDOR AudioCodes 5003 ATTRIBUTE ACL-Auth-Level 35 integer AudioCodes VALUE ACL-Auth-Level ACL-Auth-UserLevel 50 VALUE ACL-Auth-Level ACL-Auth-AdminLevel 100 VALUE ACL-Auth-Level ACL-Auth-SecurityAdminLevel 200 Define the list of users authorized to use the device, using one of the password authentication methods supported by the server implementation.
Page 236 Mediant 4000 SBC • If the RADIUS server response includes the access level attribute: In the 'RADIUS VSA Access Level Attribute' field, enter the code that indicates the access level attribute in the VSA section of the received RADIUS packet. For defining the RADIUS server with access levels, see ''Setting Up a Third-Party RADIUS Server'' on page 234.
Page 237: Securing Radius Communication
For the device to run a search, the path to the directory’s subtree, known as the distinguished name (DN), where the search is to be done must be configured (see ''Configuring LDAP DNs (Base Paths) per LDAP Server'' on page 246). The search Version 7.2 Mediant 4000 SBC...
Page 238 Mediant 4000 SBC key (filter), which defines the exact DN to search and one or more attributes whose values must be returned to the device must also be configured. For more information on configuring these attributes and search filters, see ''AD-based Routing for Microsoft Skype for Business'' on page 259.
Page 239: Enabling The Ldap Service
The LDAP service can be used for authenticating and authorizing device management users (Web and CLI), based on the user's login username and password (credentials). At the same, it can also be used to determine users' management access levels (privileges). Version 7.2 Mediant 4000 SBC...
Page 240: Configuring Ldap Server Groups
Mediant 4000 SBC Before you can configure LDAP-based login authentication, you must enable this type of LDAP service, as described in the following procedure.  To enable LDAP-based login authentication: Open the Authentication Server page (Setup menu > Administration tab > Web &...
Page 241 [0] Parallel = (Default) The device queries the LDAP servers at [LdapServerGroups_SearchMet the same time. hod]  [1] Sequential = The device first queries one of the LDAP servers and if the DN object is not found or the search fails, it Version 7.2 Mediant 4000 SBC...
Page 242: Configuring Ldap Servers
Mediant 4000 SBC Parameter Description queries the second LDAP server. DN Search Method Defines the method for querying the Distinguished Name (DN) objects within each LDAP server. search-dn-method  [0] Sequential = (Default) The query is done in each DN object, [LdapServerGroups_SearchDns one by one, until a result is returned.
Page 243 Enables the device to encrypt the username and password (for Control and Management related queries) using TLS when sending use-tls them to the LDAP server. [LdapConfiguration_useTLS]  [0] No = (Default) Username and password are sent in clear-text Version 7.2 Mediant 4000 SBC...
Page 244 Mediant 4000 SBC Parameter Description format.  [1] Yes TLS Context Assigns a TLS Context for the connection with the LDAP server. tls-context By default, no value is defined and the device uses the default TLS Context (ID 0). [LdapConfiguration_ContextN...
Page 245 LDAP server for authenticating the user's username-password combination. An example configuration for the parameter is $@sales.local, where the device replaces the $ with the entered username, for example, JohnD@sales.local. The username can also be Version 7.2 Mediant 4000 SBC...
Page 246: Configuring Ldap Dns (Base Paths) Per Ldap Server
Mediant 4000 SBC Parameter Description configured with the domain name of the LDAP server. Note: By default, the device sends the username in clear-text format. You can enable the device to encrypt the username using TLS (see the 'Use SSL' parameter below).
Page 247: Configuring The Ldap Search Filter Attribute
The search filter is applicable only to LDAP-based login authentication and authorization queries. • The search filter is a global setting that applies to all LDAP-based login authentication and authorization queries, across all configured LDAP servers. Version 7.2 Mediant 4000 SBC...
Page 248: Configuring Access Level Per Management Groups Attributes
Mediant 4000 SBC  To configure the LDAP search filter for management users: Open the LDAP Settings page (Setup menu > IP Network tab > RADIUS & LDAP folder > LDAP Settings). In the 'LDAP Authentication Filter' field, enter the LDAP search filter attribute for...
Page 249 Defines an index number for the new table row. [MgmntLDAPGroups_GroupIndex] Note: Each row must be configured with a unique index. Level Defines the access level of the group(s).  level [0] Monitor (Default)  [1] Admin Version 7.2 Mediant 4000 SBC...
Page 250: Configuring The Device's Ldap Cache
Mediant 4000 SBC Parameter Description  [2] Security Admin [MgmntLDAPGroups_Level] Groups Defines the attribute names of the groups in the LDAP server. groups The valid value is a string of up to 256 characters. To define multiple groups, separate each group name with a semicolon (;).
Page 251 In the 'LDAP Cache Entry Removal Timeout' field, enter the duration (in hours) after which the device removes the LDAP entry from the cache. Click Apply, and then reset the device with a save-to-flash for your settings to take effect. Version 7.2 Mediant 4000 SBC...
Page 252: Refreshing The Ldap Cache
Mediant 4000 SBC 15.4.8.1 Refreshing the LDAP Cache You can refresh values of LDAP Attributes associated with a specified LDAP search key that are stored in the device's LDAP cache. The device sends an LDAP query to the LDAP server for the cached Attributes of the specified search key and replaces the old values in the cache with the new values received in the LDAP response.
Page 253: Clearing The Ldap Cache
To use the Local Users table for authenticating management users: Open the Authentication Server page (Setup menu > Administration tab > Web & CLI folder > Authentication Server). Figure 15-32: Local Users Table for Login Authentication Under the General group, do the following: Version 7.2 Mediant 4000 SBC...
Page 254 Mediant 4000 SBC Configure when the Local Users table must be used to authenticate login users. From the 'Use Local Users Database' drop-down list, select one of the following: ♦ When No Auth Server Defined (default): When no LDAP/RADIUS server is configured or if a server is configured but connectivity with the server is down (if the server is up, the device authenticates the user with the server).
Page 255: Ldap-Based Login Authentication Example
The LDAP server's entry data structure schema in the example is as follows:  DN (base path): OU=testMgmt,OU=QA,DC=testqa,DC=local. The DN path to search for the username in the directory is shown below: Figure 15-33: Base Path (DN) in LDAP Server Version 7.2 Mediant 4000 SBC...
Page 256 Mediant 4000 SBC  Search Attribute Filter: (sAMAccountName=$). The login username is found based on this attribute (where the attribute's value equals the username): Figure 15-34: Username Found using sAMAccount Attribute Search Filter  Management Attribute: memberOf. The attribute contains the member groups of the...
Page 257 Figure 15-37: Configuring LDAP Server Group for Management  The DN is configured in the LDAP Server Search Base DN table (see ''Configuring LDAP DNs (Base Paths) per LDAP Server'' on page 246): Figure 15-38: Configuring DN Version 7.2 Mediant 4000 SBC...
Page 258 Mediant 4000 SBC  The search attribute filter based on username is configured by the 'LDAP Authentication Filter' parameter (see ''Configuring the LDAP Search Filter Attribute'' on page 247): Figure 15-39: Configuring Search Attribute Filter  The group management attribute is configured by the 'Management Attribute'...
Page 259: Enabling Ldap Searches For Numbers With Characters
PBX or IP PBX - users not yet migrated to Skype for Business  Mobile - mobile number  Private - private telephone line for Skype for Business users (in addition to the primary telephone line) Version 7.2 Mediant 4000 SBC...
Page 260: Querying The Ad And Routing Priority
Mediant 4000 SBC 15.4.12.1 Querying the AD and Routing Priority The device queries the AD using the initial destination number (i.e., called number). The query can return up to four user phone numbers, each pertaining to one of the IP domains (i.e., private number, Skype for Business number, PBX / IP PBX number, and mobile...
Page 261 - call busy), the device can route the call to an alternative destination if an alternative routing rule is configured. "Redundant" route: If the query failed (i.e., no attribute found in the AD), the device uses the routing rule matching the "LDAP_ERR" prefix destination number value. Version 7.2 Mediant 4000 SBC...
Page 262 Mediant 4000 SBC The flowchart below summarizes the device's process for querying the AD and routing the call based on the query results: Figure 15-42: Querying AD in Skype for Business Environment Note: If you are using the device's local LDAP cache, see ''Configuring the Device's LDAP Cache'' on page 250 for the LDAP query process.
Page 263: Configuring Ad-Based Routing Rules
LDAP server. For alternative routing, enable the alternative routing mechanism and configure corresponding SIP reasons for alternative routing. For this feature, alternative routing starts from the table row located under the LDAP query row. Version 7.2 Mediant 4000 SBC...
Page 264 Mediant 4000 SBC The table below shows an example for configuring AD-based SBC routing rules in the IP- to-IP Routing Table: Table 15-14: AD-Based SBC IP-to-IP Routing Rule Configuration Examples Destination Username Destination Index Destination Type Prefix Address PRIVATE: Dest Address 10.33.45.60...
Page 265: Least Cost Routing
This example shows four defined Cost Groups and the total call cost if the average call duration is 10 minutes: Table 15-15: Call Cost Comparison between Cost Groups for different Call Durations Total Call Cost per Duration Connection Cost Group Minute Cost Cost 1 Minute 10 Minutes 80.3 Version 7.2 Mediant 4000 SBC...
Page 266 Mediant 4000 SBC If four matching routing rules are located in the routing table and each one is assigned a different Cost Group as listed in the table above, then the rule assigned Cost Group "D" is selected. Note that for one minute, Cost Groups "A" and "D" are identical, but due to the average call duration, Cost Group "D"...
Page 267: Configuring Lcr
Time Bands per Cost Group. The following procedure describes how to configure Cost Groups through the Web interface. You can also configure it through ini file (CostGroupTable) or CLI (configure voip > sip-definition least-cost-routing cost-group). Version 7.2 Mediant 4000 SBC...
Page 268 Mediant 4000 SBC  To configure a Cost Group: Open the Cost Groups table (Setup menu > Signaling & Media tab > SIP Definitions folder > Least Cost Routing > Cost Groups). Click New; the following dialog box appears: Configure a Cost Group according to the parameters described in the table below.
Page 269 (i.e., SUN, MON, TUE, WED, THU, FRI, or SAT).  hh and mm denote the time of day, where hh is the hour (00-23) and mm the minutes (00-59) Version 7.2 Mediant 4000 SBC...
Page 270: Assigning Cost Groups To Routing Rules
Mediant 4000 SBC Parameter Description For example, SAT:22:00 denotes Saturday at 10 pm. End Time Defines the day and time of day until when this time band is applicable. For a description of the valid values, see the end-time parameter above.
Page 271: Remote Web Services
 Capture: Recording of signaling and RTP packets, and Syslog. The remote host can be, for example, a Syslog server or AudioCodes OVOC.  QoS: Call routing based on QoS. For more information, see Configuring QoS-Based Routing by Routing Server on page 281.
Page 272 Mediant 4000 SBC Note: • You can configure only one Remote Web Service for each of the following server types: Routing, Call Status, Topology Status, and QoS. • The Routing service also includes the Call Status and Topology Status services.
Page 273 [0] Round Robin = (Default) Load balancing of traffic across all configured hosts. Every consecutive message is sent to the next available host.  [1] Sticky Primary = Device always attempts to send traffic to Version 7.2 Mediant 4000 SBC...
Page 274 Mediant 4000 SBC Parameter Description the first (primary) host. If the host does not respond, the device sends the traffic to the next available host. If the primary host becomes available again, the device sends the traffic to the primary host.
Page 275: Configuring Remote Http Hosts
Services folder > Remote Web Services). In the table, select the required remote Web service index row, and then click the HTTP Remote Hosts link located below the table; the HTTP Remote Hosts table appears. Version 7.2 Mediant 4000 SBC...
Page 276 Mediant 4000 SBC Click New; the following dialog box appears: Figure 15-46: HTTP Remote Hosts Table - Add Dialog Box Configure an HTTP remote host according to the parameters described in the table below. Click Apply, and then save your settings to flash memory.
Page 277: Enabling Topology Status Services
Open the Web Service Settings page (Setup menu > IP Network tab > Web Services folder > Web Service Settings). From the 'Topology Status' drop-down list (RoutingServerGroupStatus), select Enable: Figure 15-47: Enabling Topology Status Web-based Service Click Apply. Version 7.2 Mediant 4000 SBC...
Page 278: Centralized Third-Party Routing Server
15.6.3 Centralized Third-Party Routing Server You can employ a remote, third-party Routing server to handle call routing decisions in deployments consisting of multiple AudioCodes devices. Employing a Routing server replaces the need for the device's routing tables (IP-to-IP Routing table) to determine call destination.
Page 279 (disconnected). The device can also report when an IP Group (Proxy Set) is unavailable, detected by the keep-alive mechanism, or when the CAC thresholds permitted per IP Group have Version 7.2 Mediant 4000 SBC...
Page 280 Mediant 4000 SBC been crossed.  Credentials for Authentication: The Routing Server can provide user (e.g., IP Phone caller) credentials (username-password) in the Get Route response, which can be used by the device to authenticate outbound SIP requests if challenged by the outbound peer, for example, Microsoft Skype for Business (per RFC 2617 and RFC 3261).
Page 281: Configuring Qos-Based Routing By Routing Server
Enable voice quality monitoring and RTCP XR, using the 'Enable RTCP XR' (VQMonEnable) parameter (see Configuring RTCP XR on page 737). Note: For media metrics calculations, the device's License Key must include voice quality monitoring and RTCP XR. Version 7.2 Mediant 4000 SBC...
Page 282: Http-Based Proxy Services
 HTTP-based OVOC Services for AudioCodes Equipment behind NAT: You can configure the device to act as an HTTP Proxy that enables AudioCodes OVOC to manage AudioCodes equipment (such as IP Phones) over HTTP when the equipment is located behind NAT (e.g., in the LAN) and OVOC is located in a public domain (e.g., in the WAN).
Page 283: Enabling The Http Proxy Application
The HTTP Proxy application is a license-dependent feature and is available only if it is included in the License Key installed on the device. For ordering the feature, please contact your AudioCodes sales representative. For installing a new License Key, see License Key on page 649.
Page 284: Configuring Http Interfaces
The HTTP Interfaces table lets you configure up to 10 HTTP Interfaces. An HTTP Interface represents a local, listening interface for receiving HTTP/S requests from HTTP-based (Web) clients such as managed equipment (e.g., IP Phones) and/or AudioCodes OVOC management tool for HTTP/S-based services.
Page 285: Configuring Http Proxy Services
You can also configure it through ini file (HTTPProxyService) or CLI (configure network > http-proxy http-proxy-serv).  To configure an HTTP Proxy Service: Open the HTTP Proxy Services table (Setup menu > IP Network tab > HTTP Proxy folder > HTTP Proxy Services). Version 7.2 Mediant 4000 SBC...
Page 286 Mediant 4000 SBC Click New; the following dialog box appears: Figure 15-55: HTTP Proxy Services Table - Add Dialog Box Configure an HTTP Proxy service according to the parameters described in the table below. Click Apply, and then save your settings to flash memory.
Page 287: Configuring Http Proxy Hosts
HTTP Proxy Hosts link located below the table; the HTTP Proxy Hosts table appears. Click New; the following dialog box appears: Figure 15-56: HTTP Proxy Hosts Table - Add Dialog Box Configure an HTTP Proxy Host according to the parameters described in the table below. Version 7.2 Mediant 4000 SBC...
Page 288 Mediant 4000 SBC Click Apply, and then save your settings to flash memory. Table 15-22: HTTP Proxy Hosts Table Parameter Descriptions Parameter Description General Index Defines an index number for the new table row. Note:  Each row must be configured with a unique index.
Page 289: Configuring An Http-Based Ovoc Service
Table 15-23: OVOC Services Table Parameter Descriptions Parameter Description General Index Defines an index number for the new table row. [EMSService_Index] Note:  Each row must be configured with a unique index.  The parameter is mandatory. Version 7.2 Mediant 4000 SBC...
Page 290 Mediant 4000 SBC Name Defines a descriptive name, which is used when associating the row in other tables. service-name The valid value is a string of up to 40 characters. By default, no value [EMSService_ServiceNam is defined. Note:  Each row must be configured with a unique name.
Page 291: E9-1-1 Support For Microsoft Skype For Business
E9-1-1 due to the difficulty in accurately locating the E9-1-1 caller. This section describes the E9-1-1 solution provided by Microsoft Skype for Business and AudioCodes' device's ELIN interworking capabilities, which provides the SIP Trunk to the E9-1-1 emergency service provider. This section also describes the configuration of the device for interoperating between the Skype for Business environment and the E9-1-1 emergency provider.
Page 292: Microsoft Skype For Business And E9-1-1
The figure below illustrates the routing of an E9-1-1 call to the PSAP: The VoIP user dials 9-1-1. AudioCodes' ELIN device sends the call to the emergency service provider over the SIP Trunk (PSAP server). The emergency service provider identifies the call is an emergency call and sends it to an E9-1-1 Selective Router in the Emergency Services provider's network.
Page 293: Gathering Location Information Of Skype For Business Clients For
• Immediately after startup and registering the user with Skype for Business • Approximately every four hours after initial registration • Whenever a network connection change is detected (such as roaming to a new WAP) Version 7.2 Mediant 4000 SBC...
Page 294: Adding Elins To The Location Information Server
Mediant 4000 SBC The Skype for Business client includes in its location request the following known network connectivity information: • Always included: ♦ IPv4 subnet ♦ Media Access Control (MAC) address • Depends on network connectivity: ♦ Wireless access point (WAP) Basic Service Set Identifier (BSSID) ♦...
Page 295: Passing Location Information To The Pstn Emergency Provider
(for example, less than 7000 square feet per ERL). Typically, you would have an ERL for each floor of the building. The ELIN is used as the phone number for 911 callers within this ERL. Version 7.2 Mediant 4000 SBC...
Page 296: Audiocodes Elin Device For Skype For Business E9-1-1 Calls To Pstn
Therefore, IP phones, for example, on a specific floor are in the same subnet and therefore, use the same ELIN when dialing 9-1-1. 15.8.3 AudioCodes ELIN Device for Skype for Business E9-1-1 Calls to PSTN Microsoft Mediation Server sends the location information of the E9-1-1 caller in the XML- based PIDF-LO body contained in the SIP INVITE message.
Page 297: Detecting And Handling E9-1-1 Calls
PSAP, based on ELIN-address match lookup in the emergency service provider's ALI database. The figure below illustrates an AudioCodes ELIN device deployed in the Skype for Business environment for handling E9-1-1 calls between the Enterprise and the emergency service provider.
Page 298 Mediant 4000 SBC ELIN Time Count Index Call From 4257275999 22:11:57 4258359444 4257275615 22:12:03 4258359555 4257275616 22:11:45 4258359777 The ELIN table stores this information for a user-defined period (see ''Configuring the E9-1-1 Callback Timeout'' on page 301), starting from when the E9-1-1 call, established with the PSAP, terminates.
Page 299: Pre-Empting Existing Calls For E9-1-1 Calls
If a match is found in the ELIN table, it routes the call to the Mediation Sever by sending a SIP INVITE, where the values of the To and Request-URI are taken from Version 7.2 Mediant 4000 SBC...
Page 300: Selecting Elin For Multiple Calls Within Same Erl
Mediant 4000 SBC the value of the original From header that is stored in the ELIN table (in the Call From column). The device updates the Time in the ELIN table. (The Count is not affected). The PSAP callback can be done only within a user-defined period (see ''Configuring the E9-1-1 Callback Timeout'' on page 301), started from after the original E9-1-1 call established with the PSAP is terminated.
Page 301: Configuring Audiocodes Elin Device
User's Manual 15. Services 15.8.4 Configuring AudioCodes ELIN Device This section describes E9-1-1 configuration of the AudioCodes ELIN Gateway deployed in the Skype for Business environment. 15.8.4.1 Enabling the E9-1-1 Feature By default, the ELIN device feature for E9-1-1 emergency call handling in a Skype for Business environment is disabled.
Page 302: Viewing The Elin Table
Mediant 4000 SBC 15.8.4.4 Viewing the ELIN Table To view the ELIN table:  # show voip e911 ELIN Time Count Index Call From ------------------------------------------------------------ 4257275678 22:11:52 0 4258359333 4257275999 22:11:57 0 4258359444 4257275615 22:12:03 0 4258359555 4257275616 22:11:45 0...
Page 303 SIP-ETag value of last 200 OK) and Expires header value set to "0", as shown in the following example: PUBLISH sip:john.doe@sfb.example SIP/2.0 From: <sip:john.doe@sfb.example>;tag=1c1654434948 To: <sip:john.doe@sfb.example> CSeq: 1 PUBLISH Contact: <sip:john.doe@10.33.221.57:5061;transport=tls> Event: presence Expires: 0 User-Agent: sur1-vg1.ecarecenters.net/v.7.20A.001.080 SIP-If-Match: 2545777538-1-1 Content-Length: 0 Version 7.2 Mediant 4000 SBC...
Page 304: Configuring Skype For Business Server For Presence
Mediant 4000 SBC The following figure shows a basic illustration of the device's integration into Microsoft Skype for Business Presence feature for third-party endpoints. 15.9.1 Configuring Skype for Business Server for Presence On the Skype for Business Server side, you need to define the device in the Skype for Business Topology as a Trusted Application.
Page 305: Configuring The Device For Skype For Business Presence
When the call ends, the device sends another SIP PUBLISH message to the Skype for Business Server, clearing the users' "On-the-Phone" status (the presence status changes to what it was before the call was connected). Version 7.2 Mediant 4000 SBC...
Page 306 Mediant 4000 SBC  To configure the device for Skype for Business presence: Enable the Microsoft presence feature: open the SIP Definitions General Settings page (Setup menu > Signaling & Media tab > SIP Definitions folder > SIP Definitions General Settings), and then from the 'Enable MsPresence message'...
Page 307 Configure routing rules to route the calls in the network. Configure IP Groups to represent your call party entities, and assign them the group of Call Setup Rules (Set ID) that you configured in Step 7 (above). Version 7.2 Mediant 4000 SBC...
Page 308 Mediant 4000 SBC This page is intentionally left blank. User's Manual Document #: LTRT-42025...
Page 309: Quality Of Experience
Reporting Voice Quality of Experience to OVOC The device can be configured to report voice (media) Quality of Experience (QoE) to AudioCodes' One Voice Operations Center (OVOC) server, a plug-in for AudioCodes OVOC. The reports include real-time metrics of the quality of the actual call experience, which are then processed by the OVOC.
Page 310: Configuring The Ovoc Server
Mediant 4000 SBC In the SNMP Trusted Managers table (see Configuring SNMP Trusted Managers), either leave the table without any configuration, or if you want to use Trusted Managers, make sure you configure a Trusted Manager with the IP address of OVOC.
Page 311: Configuring Clock Synchronization Between Device And Ovoc
In other words, you need to configure them with the same NTP server. The NTP server can be one of the following:  AudioCodes OVOC server (also acting as an NTP server)  Third-party, external NTP server Once you have determined the NTP server, all the elements--deviceand OVOC--must be configured with the same NTP server address.
Page 312: Configuring Quality Of Experience Profiles
Mediant 4000 SBC VoIP call quality and diagnosing problems. Enabling RTCP XR means that the device can send RTCP XR messages, containing the call-quality metrics, to the OVOC server. For enabling RTCP XR reporting, see ''Configuring RTCP XR'' on page 737. To configure what to report to the OVOC, see ''Configuring Quality of Experience Profiles'' on page 312.
Page 313  Report the change in the measured metrics to AudioCodes' One Voice Operations Center (OVOC) server. The OVOC displays this call quality status for the associated OVOC link (IP Group, Media Realm, or Remote Media Subnet). To configure the OVOC server's address, see ''Configuring the OVOC Server'' on page 310.
Page 314 Mediant 4000 SBC  Depending on the crossed threshold type, you can configure the device to reject calls to the destination IP Group or use an alternative IP Profile for the IP Group. For more information, see ''Configuring Quality of Service Rules'' on page 321.
Page 315 [2] Packet Loss  [3] Jitter  [4] RERL [Echo] Direction Defines the monitoring direction.  direction [0] Device Side (default)  [1] Remote Side [QOEColorRules_direction] Sensitivity Level Defines the sensitivity level of the thresholds. Version 7.2 Mediant 4000 SBC...
Page 316 Mediant 4000 SBC Parameter Description  [0] User Defined = Need to define the thresholds in the sensitivity-level parameters described below. [QOEColorRules_profile]  [1] Low = Pre-configured low sensitivity threshold values. Thus, reporting is done only if changes in parameters' values are significant.
Page 317: Configuring Bandwidth Profiles
Red: Indicates that bandwidth utilization has exceeded total bandwidth. Bandwidth Profiles let you configure bandwidth thresholds, which when crossed changes the color-coded state for bandwidth utilization:  Green-Yellow (Minor) Threshold: Lower threshold configured as a percentage of the Version 7.2 Mediant 4000 SBC...
Page 318 Mediant 4000 SBC configured major (total) bandwidth threshold. When bandwidth goes over the threshold, the device considers it a Yellow state (Minor alarm severity); when it goes below the threshold, it considers it a Green state (cleared alarm).  Yellow-Red (Major) Threshold: Upper threshold configured by the major (total) bandwidth threshold.
Page 319 The valid value is a string of up to 20 characters. [BWProfile_Name] Egress Audio Bandwidth Defines the major (total) threshold for outgoing audio traffic (in Kbps). egress-audio-bandwidth [BWProfile_EgressAudioBandwidth] Ingress Audio Bandwidth Defines the major (total) threshold for incoming audio traffic (in Kbps). ingress-audio-bandwidth Version 7.2 Mediant 4000 SBC...
Page 320 Mediant 4000 SBC Parameter Description [BWProfile_IngressAudioBandwidth] Egress Video Bandwidth Defines the major (total) threshold for outgoing video traffic (in Kbps). egress-video-bandwidth [BWProfile_EgressVideoBandwidth] Ingress Video Bandwidth Defines the major (total) threshold for incoming video traffic (in Kbps). ingress-video-bandwidth [BWProfile_IngressVideoBandwidth] Total Egress Bandwidth Defines the major (total) threshold for video and audio outgoing bandwidth (in Kbps).
Page 321: Configuring Quality Of Service Rules
(configure voip > qoe quality-of-service-rules).  To configure a Quality of Service rule: Open the Quality of Service Rules table (Setup menu > Signaling & Media tab > Media folder > Quality of Service Rules). Version 7.2 Mediant 4000 SBC...
Page 322 Mediant 4000 SBC Click New; the following dialog box appears: Figure 16-7: Quality of Service Rules Table - Dialog Box Configure a rule according to the parameters described in the table below. Click Apply, and then reset the device with a save-to-flash for your settings to take effect.
Page 323 'Rule Metric' parameter) if the rule is matched. alt-ip-profile-name By default, no value is defined. [QualityOfServiceRules_AltIPPr ofileName] Note: The parameter is applicable only if the 'Rule Action' parameter is configured to Alternative IP Profile. Version 7.2 Mediant 4000 SBC...
Page 324 Mediant 4000 SBC This page is intentionally left blank. User's Manual Document #: LTRT-42025...
Page 325: Control Network
You can also configure it through ini file (CpMediaRealm) or CLI (configure voip > realm).  To configure a Media Realm: Open the Media Realms table (Setup menu > Signaling & Media tab > Core Entities folder > Media Realms). Version 7.2 Mediant 4000 SBC...
Page 326 Mediant 4000 SBC Click New; the following dialog box appears: Figure 17-1: Media Realms Table - Add Dialog Box Configure the Media Realm according to the parameters described in the table below. Click Apply. Table 17-1: Media Realms table Parameter Descriptions...
Page 327 For more information on local UDP port range, see ''Configuring RTP Base UDP Port'' on page 195. Default Media Realm Defines the Media Realm as the default Media Realm. The default Media Realm is used for SIP Interfaces and IP Groups is-default Version 7.2 Mediant 4000 SBC...
Page 328: Configuring Remote Media Subnets
Mediant 4000 SBC Parameter Description [CpMediaRealm_IsDefault] for which you have not assigned a Media Realm.  [0] No (default)  [1] Yes Note:  You can configure the parameter to Yes for only one Media Realm; all the other Media Realms must be configured to ...
Page 329 Open the Media Realms table (see ''Configuring Media Realms'' on page 325). Select the Media Realm row for which you want to add Remote Media Subnets, and then click the Remote Media Subnet link located below the table; the Remote Media Subnet table appears. Version 7.2 Mediant 4000 SBC...
Page 330 Mediant 4000 SBC Click New; the following dialog box appears: Figure 17-3: Remote Media Subnet Table - Add Dialog Box Configure the Remote Media Subnet according to the parameters described in the table below. Click Apply. Table 17-2: Remote Media Subnet Table Parameter Descriptions...
Page 331: Configuring Media Realm Extensions
Open the Media Realms table (see ''Configuring Media Realms'' on page 325). Select the Media Realm for which you want to add Remote Media Extensions, and then click the Media Realm Extension link located below the table; the Media Realm Extension table appears. Version 7.2 Mediant 4000 SBC...
Page 332 Mediant 4000 SBC Click New; the following dialog box appears: Figure 17-5: Media Realm Extension Table - Add Dialog Box Configure the Media Realm Extension according to the parameters described in the table below. Click Apply. Table 17-3: Media Realm Extension Table Parameter Descriptions...
Page 333: Configuring Srds
SRD, you can use the default SRD instead of creating a new one. When only one SRD is employed and you create other related configuration entities (e.g., SIP Interfaces), the default SRD is automatically assigned to the new configuration entity. Version 7.2 Mediant 4000 SBC...
Page 334 Mediant 4000 SBC Therefore, when employing a single-SRD configuration topology, there is no need to handle SRD configuration (i.e., transparent). SRDs are associated with the following configuration entities:  SIP Interface (mandatory) - see ''Configuring SIP Interfaces'' on page 343 ...
Page 335 Open the SRDs table (Setup menu > Signaling & Media tab > Core Entities folder > SRDs). Click New; the following dialog box appears: Figure 17-7: SRDs Table - Add Dialog Box Configure an SRD according to the parameters described in the table below. Click Apply. Version 7.2 Mediant 4000 SBC...
Page 336 Mediant 4000 SBC Table 17-4: SRDs table Parameter Descriptions Parameter Description General Index Defines an index for the new table row. [SRD_Index] Note: Each row must be configured with a unique index. Name Defines a descriptive name, which is used when associating the row in other tables.
Page 337  When the device rejects a call, it sends a SIP 500 "Server Internal Error" response to the user. In addition, it reports the rejection Version 7.2 Mediant 4000 SBC...
Page 338 Mediant 4000 SBC Parameter Description (Dialog establish failure - Classification failure) using the Intrusion Detection System (IDS) feature (see Configuring IDS Policies on page 172), by sending an SNMP trap.  When the corresponding parameter in the SIP Interfaces table...
Page 339: Filtering Tables In Web Interface By Srd
Tenant size in a multi-tenant architecture can vary and therefore, the instance CPU, memory and interface allocations should be optimized so as not to waste resources for small-sized Version 7.2 Mediant 4000 SBC...
Page 340 Mediant 4000 SBC tenants on the one hand, and not to allocate too many instances for a single tenant/customer on the other. For example, it would be a waste to allocate a capacity of 100 concurrent sessions to a small tenant for which 10 concurrent sessions suffice.
Page 341: Cloning Srds
To exit the tenant view: # no srd-view 17.2.3 Cloning SRDs You can clone (duplicate) existing SRDs. This is especially useful when operating in a multi-tenant environment and you need to add new tenants (SRDs). The new tenants can Version 7.2 Mediant 4000 SBC...
Page 342: Color-Coding Of Srds In Web Interface
Mediant 4000 SBC quickly and easily be added by simply cloning one of the existing SRDs. Once cloned, all you need to do is tweak configuration entities associated with the SRD clone. When an SRD is cloned, the device adds the new SRD clone to the next available index row in the SRDs table.
Page 343: Automatic Configuration Based On Srd
Interface. For more information, see ''Configuring IDS Policies'' on page 172.  SBC application: • IP-to-IP Routing rules for specifying the destination SIP Interface to where you want to route the call. For more information, see Configuring SBC IP-to-IP Routing Rules on page 505. Version 7.2 Mediant 4000 SBC...
Page 344 Mediant 4000 SBC • Classification rules for specifying the SIP Interface as a matching characteristic of the incoming call. This is especially useful for the single SRD-configuration topology, where each SIP Interface represents a Layer-3 network (SIP entity). Therefore, classification of calls to IP Groups (SIP entities) can be based on SIP Interface.
Page 345 6000 to 6999, the SIP port can either be less than 6000 or greater than 6999.  Each SIP Interface must have a unique signaling port (i.e., no two SIP Interfaces can share the same port - no port overlapping). Version 7.2 Mediant 4000 SBC...
Page 346 Mediant 4000 SBC Parameter Description TCP Port Defines the device's listening port for SIP signaling traffic over TCP. tcp-port The valid range is 1 to 65534. The default is 5060. [SIPInterface_TCPPort] Note:  The port must be different from ports configured for RTP traffic (i.e., ports configured for Media Realms).
Page 347 SIP request (OPTIONS, REGISTER, or INVITE) fails the SBC Classification process. classification_fail_response_ty The valid value can be a SIP response code from 400 through 699, or it can be set to 0 to not send any response at all. The default [SIPInterface_ClassificationFa Version 7.2 Mediant 4000 SBC...
Page 348 Mediant 4000 SBC Parameter Description ilureResponseType] response code is 500 (Server Internal Error). This feature is important for preventing Denial of Service (DoS) attacks, typically initiated from the WAN. Malicious attackers can use SIP scanners to detect ports used by SIP devices. These scanners...
Page 349 SRDs table (SRD_BlockUnRegUsers) of the SRD that is associated with the SIP Interface is applied.  [0] Accept All = Accepts requests from registered and unregistered users.  [1] Accept Registered Users = Accepts requests only from users Version 7.2 Mediant 4000 SBC...
Page 350 Mediant 4000 SBC Parameter Description registered with the device. Requests from users not registered are rejected.  [2] Accept Registered Users from Same Source = Accepts requests only from registered users whose source address is the same as that registered with the device (during the REGISTER message process).
Page 351: Configuring Ip Groups
If you delete an IP Group or modify the 'Type' or 'SRD' parameters, the device immediately terminates currently active calls that are associated with the IP Group. In addition, all users belonging to the IP Group are removed from the device's users database. Version 7.2 Mediant 4000 SBC...
Page 352 Mediant 4000 SBC The following procedure describes how to configure IP Groups through the Web interface. You can also configure it through ini file (IPGroup) or CLI (configure voip > ip-group).  To configure an IP Group: Open the IP Groups table (Setup menu > Signaling & Media tab > Core Entities folder >...
Page 353 Contact header in the REGISTER request received from the IP Group. Therefore, routing to this IP Group is possible only once a REGISTER request is received (i.e., IP Group is registered with the device). If a Version 7.2 Mediant 4000 SBC...
Page 354 Mediant 4000 SBC Parameter Description REGISTER refresh request arrives, the device updates the new location (i.e., IP address) of the IP Group. If the REGISTER fails, no update is performed. If an UN-REGISTER request arrives, the IP address associated with the IP Group is deleted and therefore, no routing to the IP Group is done.
Page 355 Group).  "Connected": Keep-alive success (i.e., connectivity with the IP Group). The connectivity status is also displayed in the Topology View page (see ''Building and Viewing SIP Entities in Topology View'' on page 374). Note: Version 7.2 Mediant 4000 SBC...
Page 356 Mediant 4000 SBC Parameter Description  The feature is applicable only to Server-type IP Groups.  To support the feature, you must enable the keep-alive mechanism of the Proxy Set that is associated with the IP Group (see ''Configuring Proxy Sets'' on page 366).
Page 357 Note: To ensure proper device handling, the parameter should be a valid FQDN. UUI Format Enables the generation of the Avaya UCID value, adding it to the outgoing INVITE sent to this IP Group. uui-format  [0] Disabled (default) [IPGroup_UUIFormat] Version 7.2 Mediant 4000 SBC...
Page 358 Mediant 4000 SBC Parameter Description  [1] Enabled This provides support for interworking with Avaya equipment by generating Avaya's UCID value in outgoing INVITE messages sent to Avaya's network. The device adds the UCID in the User-to-User SIP header. Avaya's UCID value has the following format (in hexadecimal): 00 +...
Page 359 [1] Classify by IP = For initial registrations from the IP Group, the device adds a key representing the user to its registration database, based on the REGISTER request source IP address, port (if UDP) and SIP Interface ID (e.g., "10.33.3.3:5010#1"). The Version 7.2 Mediant 4000 SBC...
Page 360 Mediant 4000 SBC Parameter Description device classifies incoming non-REGISTER SIP dialog requests (e.g., INVITEs) from the IP Group according to the received source IP address. The device rejects initial registration requests that have the same IP address, as the necessary key is already used for another registration.
Page 361 SIP headers, you must apply your manipulation rule (Manipulation Set ID) to the IP Group as an Outbound Message Manipulation Set (see the IPGroup_OutboundManSet parameter), when the IP Group is the Version 7.2 Mediant 4000 SBC...
Page 362 Mediant 4000 SBC Parameter Description destination of the call. Outbound Message Assigns a Message Manipulation Set (rule) to the IP Group for SIP Manipulation Set message manipulation on the outbound leg. outbound-mesg- By default, no value is defined. manipulation-set To configure Message Manipulation rules, see ''Configuring SIP [IPGroup_OutboundManSet] Message Manipulation'' on page 401.
Page 363 'Registration Mode' parameter of the IP Group (User-type) to which the user belongs, to User Initiates Registration.  This feature is also supported when the device operates in HA mode; registrar "stickiness" is retained even after an HA switchover. Version 7.2 Mediant 4000 SBC...
Page 364 Mediant 4000 SBC Parameter Description User UDP Port Assignment Enables the device to assign a unique, local UDP port (for SIP signaling) per registered user (User-type IP Group) on the leg user-udp-port- interfacing with the proxy server (Server-type IP Group). The port is...
Page 365 Defines the shared password for authenticating the IP Group, when the device acts as an Authentication server. password The valid value is a string of up to 51 characters. By default, no IPGroup_Password] password is defined. Version 7.2 Mediant 4000 SBC...
Page 366: Configuring Proxy Sets
Mediant 4000 SBC Parameter Description Note:  The parameter is applicable only to Server-type IP Groups and when the 'Authentication Mode' parameter is set to SBC as Server (i.e., authentication of servers).  To specify the SIP request types (e.g., INVITE) that must be challenged by the device, use the 'Authentication Method List' parameter.
Page 367 Open the Proxy Sets table (Setup menu > Signaling & Media tab > Core Entities folder >Proxy Sets). Click New; the following dialog box appears: Configure a Proxy Set according to the parameters described in the table below. Click Apply. Version 7.2 Mediant 4000 SBC...
Page 368 Mediant 4000 SBC Select the index row of the Proxy Set that you added, and then click the Proxy Address link located below the table; the Proxy Address table opens. Click New; the following dialog box appears: Figure 17-10: Proxy Address Table - Add Dialog Box Configure the address of the Proxy Set according to the parameters described in the table below.
Page 369 Proxy keep-alive using REGISTER messages (Using REGISTER option) is applicable only to the Parking redundancy mode ('Redundancy Mode' parameter configured to Parking).  For Survivability mode for User-type IP Groups, you must enable this Proxy Keep-Alive feature. Version 7.2 Mediant 4000 SBC...
Page 370 Mediant 4000 SBC Parameter Description  If you enable this Proxy Keep-Alive feature and the proxy uses the TCP/TLS transport type, you can enable CRLF Keep-Alive feature, using the UsePingPongKeepAlive parameter.  If you enable this Proxy Keep-Alive feature, the device can...
Page 371 REGISTER messages are also distributed unless a RegistrarIP is configured. The IP address list is refreshed every user-defined interval (see the ProxyIPListRefreshTime parameter). If a change in the order of the IP address entries in Version 7.2 Mediant 4000 SBC...
Page 372 Mediant 4000 SBC Parameter Description the list occurs, all load statistics are erased and balancing starts over again.  [2] Random Weights = The outgoing requests are not distributed equally among the Proxies. The weights are received from the DNS server, using SRV records. The device sends the requests in such a fashion that each proxy receives a percentage of the requests according to its' assigned weight.
Page 373 30 IP addresses in the received list and ignores the rest. Proxy Address Table Index Defines an index number for the new table row. proxy-ip-index Note: Each row must be configured with a unique index. [ProxyIp_ProxyIpIndex] Version 7.2 Mediant 4000 SBC...
Page 374: Building And Viewing Sip Entities In Topology View
Mediant 4000 SBC Parameter Description Proxy Address Defines the address of the proxy. proxy-address Up to 10 addresses can be configured per Proxy Set. The address can be defined as an IP address in dotted-decimal notation (e.g., [ProxyIp_IpAddress] 201.10.8.1) or FQDN. You can also specify the port using the following format: ...
Page 375 (as shown in the figure below for callouts #1 and #2, respectively). For example, on the top border you can position all entities relating to WAN, and on the bottom border all entities relating to LAN. Figure 17-12: Display Location in Topology View Version 7.2 Mediant 4000 SBC...
Page 376 Mediant 4000 SBC Item # Description By default, configuration entities are displayed on the bottom border. To define the position, use the 'Topology Location' parameter when configuring the entity, where Down is the bottom border and Up the top border: Figure 17-13: Configuration Postion in Topology View Configured SIP Interfaces.
Page 377 Configured IP Groups. Each IP Group is displayed using the following "IP Group [Server]" or "IP Group [User]" titled icon (depending on whether it's a Server- or User-type IP Group respectively), which includes the name and row index number (example of a Server-type): Version 7.2 Mediant 4000 SBC...
Page 378 Mediant 4000 SBC Item # Description If you hover your mouse over the icon, a pop-up appears displaying the following basic information (example): If you click the icon, a drop-down menu appears listing the following commands:  Edit: Opens a dialog box in the IP Groups table to modify the IP Group.
Page 379 Routing: Opens the IP-to-IP Routing table where you can configure IP-to-IP routing rules (see ''Configuring SBC IP-to-IP Routing Rules'' on page 505).  SBC Settings: Opens the SBC General Settings page where you can configure miscellaneous settings. Version 7.2 Mediant 4000 SBC...
Page 380 Mediant 4000 SBC This page is intentionally left blank. User's Manual Document #: LTRT-42025...
Page 381: Sip Definitions
In this scenario, the Account can be not registered due to any of the reasons listed previously or for the dynamic UDP port assignment feature, there is no available port for the Account (port used for interfacing with the Serving IP Group). Version 7.2 Mediant 4000 SBC...
Page 382 Mediant 4000 SBC Note: • The device uses the username and password configured for the Serving IP Group in the IP Groups table for user registration and authentication, in the scenarios listed below. For this mode of operation, the 'Authentication Mode' parameter in...
Page 383 (Unauthorized) in response to a sent INVITE, the device checks for a matching "serving" and "served" entry in the table. If a matching row exists, the device authenticates the INVITE by providing the corresponding MD5 authentication username and Version 7.2 Mediant 4000 SBC...
Page 384 Mediant 4000 SBC Parameter Description password to the "serving" IP Group.  [1] Regular = Regular registration process. For more information, see ''Regular Registration Mode'' on page 387.  [2] GIN = Registration for legacy PBXs, using Global Identification Number (GIN). For more information, see ''Single Registration for Multiple Phone Numbers using GIN'' on page 388.
Page 385 (Serving IP Group) to which the Account [Account_RegEventPackageSubscription] is successfully registered and binded, when the Registrar Stickiness feature is enabled. The service allows the device to receive notifications of the Accounts registration state change with the registrar. Version 7.2 Mediant 4000 SBC...
Page 386 Mediant 4000 SBC Parameter Description The device subscribes to the service by sending a SUBSCRIBE message containing the Event header with the value "reg" (Event: reg). Whenever a change occurs in the registration binding state, the registrar notifies the device by sending a SIP NOTIFY message.
Page 387: Regular Registration Mode
(user in From/To and Contact headers) are taken from the configured Accounts table upon successful registration. See the example below: REGISTER sip:xyz SIP/2.0 Via: SIP/2.0/UDP 10.33.37.78;branch=z9hG4bKac1397582418 From: <sip:ContactUser@HostName>;tag=1c1397576231 To: <sip: ContactUser@HostName > Call-ID: 1397568957261200022256@10.33.37.78 CSeq: 1 REGISTER Contact: <sip:ContactUser@10.33.37.78>;expires=3600 Version 7.2 Mediant 4000 SBC...
Page 388: Single Registration For Multiple Phone Numbers Using Gin
Mediant 4000 SBC Expires: 3600 User-Agent: Sip-Gateway/v.7.20A.000.038 Content-Length: 0 18.1.2 Single Registration for Multiple Phone Numbers using GIN When you configure the registration mode in the Accounts table to GIN, the Global Identifiable Number (GIN) registration method is used, according to RFC 6140. The device performs GIN-based registration of users to a SIP registrar on behalf of a SIP PBX.
Page 389: Registrar Stickiness
''Configuration Parameters Reference'' on page 835. To configure Proxy servers (Proxy Sets), see ''Configuring Proxy Sets'' on page 366. Note: To view the registration status of endpoints with a SIP Registrar/Proxy server, see ''Viewing Registration Status'' on page 730. Version 7.2 Mediant 4000 SBC...
Page 390: Sip Message Authentication Example
The REGISTER request is sent to a Registrar/Proxy server for registration: REGISTER sip:10.2.2.222 SIP/2.0 Via: SIP/2.0/UDP 10.1.1.200 From: <sip: 122@10.1.1.200>;tag=1c17940 To: <sip: 122@10.1.1.200> Call-ID: 634293194@10.1.1.200 User-Agent: Sip-Gateway/Mediant 4000 SBC/v.7.20A.000.038 CSeq: 1 REGISTER Contact: sip:122@10.1.1.200: Expires:3600 Upon receipt of this request, the Registrar/Proxy returns a 401 Unauthorized response: SIP/2.0 401 Unauthorized...
Page 391 • The password from the ini file is "AudioCodes". • The equation to be evaluated is "122:audiocodes.com:AudioCodes". According to the RFC, this part is called A1. • The MD5 algorithm is run on this equation and stored for future usage.
Page 392: Configuring Call Setup Rules
Mediant 4000 SBC Server: Columbia-SIP-Server/1.17 Content-Length: 0 Contact: <sip:122@10.1.1.200>; expires="Thu, 26 Jul 2012 10:34:42 GMT"; action=proxy; q=1.00 Contact: <122@10.1.1.200:>; expires="Tue, 19 Jan 2038 03:14:07 GMT"; action=proxy; q=0.00 Expires: Thu, 26 Jul 2012 10:34:42 GMT 18.3 Configuring Call Setup Rules The Call Setup Rules table lets you configure up to 40 Call Setup rules. Call Setup rules define various sequences that are run upon the receipt of an incoming call (dialog) at call setup, before the device routes the call to its destination.
Page 393 LDAP query result is not found:  Incorrect -this rule will always exit with result = True: Condition: ldap.found exists Action Type: Exit Action Value: True  Correct: • Single rule: Condition: ldap.found !exists Action Type: Exit Action Value: False Version 7.2 Mediant 4000 SBC...
Page 394 Mediant 4000 SBC • Set of rules: Condition: ldap.found exists Action Type: Exit Action Value: True Condition: <leave it blank> Action Type: Exit Action Value: False Note: If the source and/or destination numbers are manipulated by the Call Setup rules, they revert to their original values if the device moves to the next routing rule.
Page 395 To LDAP query the AD attribute "telephoneNumber" that has a redirect number: 'telephoneNumber=' + param.call.redirect +  To query a Dial Plan for the source number: param.call.src.user  To query an ENUM server for the URI of the called (destination) number: param.call.dst.user Version 7.2 Mediant 4000 SBC...
Page 396 Mediant 4000 SBC Parameter Description Note: The parameter is applicable only if the 'Query Type' parameter is configured to any value other than None. Attributes To Get Defines the attributes of the queried LDAP record that the device must handle (e.g., retrieve value).
Page 397: Call Setup Rule Examples
Below are configuration examples for using Call Setup Rules.  Example 1: This example configures the device to replace (manipulate) the incoming call's source number with a number retrieved from the AD by an LDAP query. The Version 7.2 Mediant 4000 SBC...
Page 398 Mediant 4000 SBC device queries the AD server for the attribute record, "telephoneNumber" whose value is the same as the received source number (e.g., "telephoneNumber =4064"). If such an attribute is found, the device retrieves the number of the attribute record, "alternateNumber"...
Page 399 IP Groups table: 'Call Setup Rules Set ID': 4 • IP-to-IP Routing table: ♦ Index 1: 'Destination Tag': dep-sales 'Destination IP Group': SALES ♦ Index 2: 'Destination Tag': dep-mkt 'Destination IP Group': MKT ♦ Index 3: 'Destination Tag': dep-rd 'Destination IP Group': RD Version 7.2 Mediant 4000 SBC...
Page 400 Mediant 4000 SBC  Example 5: The example configures the device to perform an ENUM query with an ENUM server in order to retrieve a SIP URI address for the called E.164 telephone number. The device then replaces (manipulates) the incoming call's E.164 destination number in the SIP Request-URI header with the URI retrieved from the ENUM server: •...
Page 401: Sip Message Manipulation
Translating one SIP response code to another  Topology hiding (generally present in SIP headers such as Via, Record Route, Route and Service-Route).  Configurable identity hiding (information related to identity of subscribers, for example, P-Asserted-Identity, Referred-By, Identity and Identity-Info) Version 7.2 Mediant 4000 SBC...
Page 402 Mediant 4000 SBC  Multiple manipulation rules on the same SIP message  Apply conditions per rule - the condition can be on parts of the message or call’s parameters  Multiple manipulation rules using the same condition. The following figure shows a...
Page 403 Open the Message Manipulations page (Setup menu > Signaling & Media tab > Message Manipulation folder > Message Manipulations). Click New; the following dialog box appears: Figure 19-3: Message Manipulations Table - Add Dialog Box Version 7.2 Mediant 4000 SBC...
Page 404 Mediant 4000 SBC Configure a Message Manipulation rule according to the parameters described in the table below. Click Apply. An example of configured message manipulation rules are shown in the figure below: Figure 19-4: Example of Configured Message Manipulation Rules ...
Page 405 [7] Normalize = Removes unknown SIP message elements before forwarding the message. Action Value Defines a value that you want to use in the manipulation. The default value is a string (case-insensitive) in the following Version 7.2 Mediant 4000 SBC...
Page 406: Configuring Message Condition Rules
Mediant 4000 SBC Parameter Description action-value syntax:  [MessageManipulations_Action string/<message-element>/<call-param> + Value]  string/<message-element>/<call-param> For example:  'itsp.com'  header.from.url.user  param.call.dst.user  param.call.dst.host + '.com'  param.call.src.user + '<' + header.from.url.user + '@' + header.p-asserted-id.url.host + '>' Note: Only single quotation marks must be used.
Page 407: Configuring Sip Message Policy Rules
Message Policy rules are used to block (blacklist) unwanted incoming SIP messages or permit (whitelist) receipt of desired SIP messages. You can configure legal and illegal characteristics of SIP messages. This feature is helpful against VoIP fuzzing (also known Version 7.2 Mediant 4000 SBC...
Page 408 Mediant 4000 SBC as robustness testing), which sends different types of packets to its "victims" for finding bugs and vulnerabilities. For example, the attacker might try sending a SIP message containing either an oversized parameter or too many occurrences of a parameter.
Page 409 [MessagePolicy_MaxMessageLength] Max Header Length Defines the maximum SIP header length. max-header-length The valid value is up to 512 characters. The default is 512. [MessagePolicy_MaxHeaderLength] Max Body Length Defines the maximum SIP message body length. This Version 7.2 Mediant 4000 SBC...
Page 410 Mediant 4000 SBC Parameter Description max-body-length is the value of the Content-Length header. [MessagePolicy_MaxBodyLength] The valid value is up to 1,024 characters. The default is 1,024. Max Num Headers Defines the maximum number of SIP headers. max-num-headers The valid value is any number up to 32. The default is...
Page 411: Configuring Pre-Parsing Manipulation Rules
Pre-Parsing Manipulation Rules table: ini file (PreParsingManipulationRules) or CLI (configure voip > message pre-parsing-manip-rules)  To configure Pre-Parsing Manipulation Sets: Open the Pre-Parsing Manipulation Sets table (Setup menu > Signaling & Media tab > Message Manipulation folder > Pre-Parsing Manipulation Sets). Version 7.2 Mediant 4000 SBC...
Page 412 Mediant 4000 SBC Click New; the following dialog box appears: Figure 19-8: Pre-Parsing Manipulation Sets Table - Add Dialog Box Configure a Pre-Parsing Manipulation Set name according to the parameters described in the table below. Click Apply. Pre-Parsing Manipulation Set Table Parameter Descriptions...
Page 413 For more information on regex, refer to the Message [PreParsingManipulationRules_P Manipulation Reference Guide. attern] Replace-With Defines a pattern, based on regex, to replace the matched pattern (defined above). replace-with For more information on regex, refer to the Message [PreParsingManipulationRules_R Manipulation Reference Guide. eplaceWith] Version 7.2 Mediant 4000 SBC...
Page 414 Mediant 4000 SBC This page is intentionally left blank. User's Manual Document #: LTRT-42025...
Page 415: Coders And Profiles
IpProfile_SBCAllowedCodersMode parameter to Restriction or Restriction and Preference). The following procedure describes how to configure the Coder Groups table through the Web interface. You can also configure it through ini file (AudioCodersGroups and AudioCoders) or CLI (configure voip > coders-and-profiles audio-coders-groups). Version 7.2 Mediant 4000 SBC...
Page 416 For supported audio coders, see ''Supported Audio Coders'' on page 417. • Some coders are license-dependent and are available only if purchased from AudioCodes and included in the License Key installed on your device. For more information, contact your AudioCodes sales representative. •...
Page 417: Supported Audio Coders
Note: The AMR payload type can be configured globally using the AmrOctetAlignedEnable parameter. However, the Coder Group configuration overrides the global parameter. 20.1.1 Supported Audio Coders The table below lists the coders supported by the device. Version 7.2 Mediant 4000 SBC...
Page 418 Mediant 4000 SBC Table 20-2: Supported Audio Coders Coder Name Packetization Time Rate (kbps) Payload Silence (msec) Type Suppression [1] 10, [2] 20, [3] 30, [4] 40, [5] 50, [6] 60, [8] 80, [9] 90, [10] 100, [12] 120 ...
Page 419: Configuring Various Codec Attributes
Open the Coder Settings page (Setup menu > Signaling & Media tab > Coders & Profiles folder > Coder Settings). Configure the following parameters: • AMR coder: ♦ 'AMR Payload Format' (AmrOctetAlignedEnable): Defines the AMR payload format type: Version 7.2 Mediant 4000 SBC...
Page 420: Configuring Allowed Audio Coder Groups
Mediant 4000 SBC • SILK coder (Skype's default audio codec): ♦ 'Silk Tx Inband FEC': Enables forward error correction (FEC) for the SILK coder. ♦ 'Silk Max Average Bit Rate': Defines the maximum average bit rate for the SILK coder.
Page 421 Configure a name for the Allowed Audio Coders Group according to the parameters described in the table below. Click Apply. Select the new row that you configured, and then click the Allowed Audio Coders link located below the table; the Allowed Audio Coders table opens. Version 7.2 Mediant 4000 SBC...
Page 422 Mediant 4000 SBC Click New; the following dialog box appears: Figure 20-5: Allowed Audio Coders Table - Add Dialog Box Configure coders for the Allowed Audio Coders Group according to the parameters described in the table below. Click Apply. Table 20-3: Allowed Audio Coders Groups and Allowed Audio Coders Tables Parameter...
Page 423: Configuring Allowed Video Coder Groups
Configure a name for the Allowed Video Coders Group according to the parameters described in the table below. Click Apply. Select the new row that you configured, and then click the Allowed Video Coders link located below the table; the Allowed Video Coders table opens. Version 7.2 Mediant 4000 SBC...
Page 424: Configuring Ip Profiles
Mediant 4000 SBC Click New; the following dialog box appears: Figure 20-7: Allowed Video Coders Table - Add Dialog Box Configure coders for the Allowed Video Coders Group according to the parameters described in the table below. Click Apply. Table 20-4: Allowed Video Coders Groups and Allowed Video Coders Tables Parameter...
Page 425 Click New; the following dialog box appears: Figure 20-8: IP Profiles Table - Add Dialog Box Configure an IP Profile according to the parameters described in the table below. Click Apply. Table 20-5: IP Profiles Table Parameter Descriptions Parameter Description General Version 7.2 Mediant 4000 SBC...
Page 426 Mediant 4000 SBC Parameter Description Index Defines an index number for the new table row. [IpProfile_Index] Note: Each row must be configured with a unique index. Name Defines a descriptive name, which is used when associating the row in other tables.
Page 427 RTP. Therefore, RTCP and RTP should be multiplexed over the same port.  The device does not support forwarding of DTLS transparently between endpoints (SIP entities).  As DTLS has been defined by the WebRTC standard as mandatory Version 7.2 Mediant 4000 SBC...
Page 428 Mediant 4000 SBC Parameter Description for encrypting media channels for SRTP key exchange, the support is important for deployments implementing WebRTC. For more information on WebRTC, see WebRTC on page 572. Reset SRTP Upon Re-key Enables synchronization of the SRTP state between the device and a server when a new SRTP key is generated upon a SIP session expire.
Page 429 SDP answers (with different To-header tags). In this case, the SBCRemoteMultipleAnswersMode parameter is ignored. Note: If the parameter and the SBCRemoteMultipleAnswersMode parameter are disabled, multiple SDP answers are not reflected to the Version 7.2 Mediant 4000 SBC...
Page 430 Mediant 4000 SBC Parameter Description SIP entity (i.e., the device sends the same SDP answer in multiple 18x and 200 responses). Remote Multiple Answers Enables interworking multiple SDP answers within the same SIP Mode dialog (non-standard). The parameter enables the device to forward multiple answers to the SIP entity associated with the IP Profile.
Page 431 Allowed coders; the rest are removed from the SDP offer (i.e., only sMode] coders common between those in the received SDP offer and the Allowed coders are used). If an Extension Coders Group is also assigned (using the 'Extension Coders Group' parameter, above), Version 7.2 Mediant 4000 SBC...
Page 432 Mediant 4000 SBC Parameter Description these coders are added to the SDP offer if they also appear in Allowed coders.  [1] Preference = The device re-arranges the priority (order) of the coders in the incoming SDP offer according to their order of appearance in the Allowed Audio Coders Group or Allowed Video Coders Group.
Page 433 SIP re-INVITE (or UPDATE) from the SIP entity to where the SIP INFO is being sent (and keep sending the DTMF digits using the RFC 2833 method). This is done using AudioCodes proprietary SIP header X-AC-Action and a Message Manipulation rule (inbound)
Page 434 Mediant 4000 SBC Parameter Description (i.e., 'Send Multiple DTMF Methods' is configured to Disable): X-AC-Action: 'switch-profile;profile-name=<IP Profile Name>' If the IP Profile name contains one or more spaces, you must enclose the name in double quotation marks, for example: X-AC-Action: 'switch-profile;profile-name="My IP Profile"'...
Page 435 Preferred Value [2] and the 'Preferred Ptime' parameter is configured to a non-zero value, the configured ptime is used (enabling ptime transrating if the other side uses a different ptime). If the 'SDP Ptime Answer' parameter is configured to Remote Answer Version 7.2 Mediant 4000 SBC...
Page 436 Mediant 4000 SBC Parameter Description [0] or Original Offer [1] and the 'Preferred Ptime' parameter is configured to a non-zero value, the configured value is used as the ptime in the SDP offer. The valid range is 0 to 200. The default is 0 (i.e., a preferred ptime is not used).
Page 437  This functionality may require DSP resources. For more information, contact your AudioCodes sales representative. ICE Mode Enables Interactive Connectivity Establishment (ICE) Lite for the SIP entity associated with the IP Profile. ICE is a methodology for NAT...
Page 438 Mediant 4000 SBC Parameter Description The parameter is useful for SIP entities that either require the attribute or do not support the attribute. For example, Google Chrome and Web RTC do not accept calls without the RTCP attribute in the SDP. In...
Page 439 80000 = Smart Transcoding [IpProfile_SBCMaxOpusBW] Note: The parameter is applicable only to the VoIPerfect feature (see VoIPerfect on page 592). Quality of Experience RTP IP DiffServ Defines the DiffServ value for Premium Media class of service (CoS) Version 7.2 Mediant 4000 SBC...
Page 440 Mediant 4000 SBC Parameter Description rtp-ip-diffserv content. [IpProfile_IPDiffServ] The valid range is 0 to 63. The default is 46. Note: The corresponding global parameter is PremiumServiceClassMediaDiffServ. Signaling DiffServ Defines the DiffServ value for Premium Control CoS content (Call Control applications).
Page 441 Session Expires Mode Defines the required session expires mode for the SIP entity associated with the IP Profile. sbc-session-expires-mode  [0] Transparent = (Default) The device does not interfere with the [IpProfile_SBCSessionExpir session expires negotiation. esMode] Version 7.2 Mediant 4000 SBC...
Page 442 Mediant 4000 SBC Parameter Description  [1] Observer = If the SIP Session-Expires header is present, the device does not interfere, but maintains an independent timer for each leg to monitor the session. If the session is not refreshed on time, the device disconnects the call.
Page 443 [1] Enable = Device retains the incoming Record-Route headers received in requests and non-failure responses from the other side, in the following scenarios:  The message is part of a SIP dialog-setup transaction.  The messages in the setup and previous transaction didn't Version 7.2 Mediant 4000 SBC...
Page 444 Mediant 4000 SBC Parameter Description include the Record-Route header, and therefore hadn't set the route set. Note: Record-Routes are kept only for SIP INVITE, UPDATE, SUBSCRIBE and REFER messages. Keep User-Agent Header Enables interworking SIP User-Agent headers between SIP entities.
Page 445 Note: If the parameter is not configured, the registration time is according to the global parameter SBCUserRegistrationTime or IP Profile parameter IpProfile_SBCUserRegistrationTime. SBC Forward and Transfer Remote REFER Mode Defines the device's handling of SIP REFER requests for the IP entity Version 7.2 Mediant 4000 SBC...
Page 446 Mediant 4000 SBC Parameter Description sbc-rmt-refer-behavior (transferee - call party that is transfered to the transfer target) associated with the IP Profile. [IpProfile_SBCRemoteRefer  Behavior] [0] Regular = (Default) SIP Refer-To header value is unchanged and the device forwards the REFER message as is.
Page 447 SIP 3xx standard while others may not even support SIP 3xx. When enabled, the device handles SIP redirections between different subnets (e.g., between LAN and WAN sides). This is required when Version 7.2 Mediant 4000 SBC...
Page 448 Mediant 4000 SBC Parameter Description the new address provided by the redirector (Redirect sever) may not be reachable by the far-end user (FEU) located in another subnet. For example, a far-end user (FEU) in the WAN sends a SIP request via...
Page 449 IP Profile for all re-INVITE offer-answer transactions (except for initial INVITE). Note: The fax settings in the IP Profile include IpProfile_SBCFaxCodersGroupName, IpProfile_SBCFaxOfferMode, and IpProfile_SBCFaxAnswerMode. Fax Offer Mode Defines the coders included in the outgoing SDP offer (sent to the Version 7.2 Mediant 4000 SBC...
Page 450 Mediant 4000 SBC Parameter Description sbc-fax-offer-mode called "fax") for the SIP entity associated with the IP Profile.  [IpProfile_SBCFaxOfferMod [0] All coders = (Default) Use only (and all) the coders of the selected Coder Group configured using the SBCFaxCodersGroupID parameter.
Page 451 (IPv4 and IPv6) and the IP address eference] version preference to establish the media stream. The IP address is indicated in the "c=" field (Connection) of the SDP.  [0] Only IPv4 = (Default) SDP offer includes only IPv4 media IP Version 7.2 Mediant 4000 SBC...
Page 452 Mediant 4000 SBC Parameter Description addresses.  [1] Only IPv6 = SDP offer includes only IPv6 media IP addresses.  [2] Prefer IPv4 = SDP offer includes IPv4 and IPv6 media IP addresses, but the first (preferred) media is IPv4.
Page 453 [2] 2 to [7]7 = Optional Parameter Suites that you can create based on any language (16 sensitivity levels, from 0 to 15). This requires a customized AMD Sensitivity file that needs to be installed on the device. For more information, contact your AudioCodes sales representative. Note: ...
Page 454 Mediant 4000 SBC Parameter Description [IPProfile_LocalRingbackTo (value of -1), the device plays a hard default ringback tone. To play user-defined tones, you need to record your tones and then install them on the device using a loadable Prerecorded Tones (PRT) file.
Page 455: Session Border Controller Application
Part V Session Border Controller Application...
Page 457: Sbc Overview
For example, IP addresses of ITSPs' equipment (e.g. proxies, gateways, and application servers) can be hidden from outside parties. The device's topology hiding is provided by implementing back-to-back user agent (B2BUA) leg routing: Version 7.2 Mediant 4000 SBC...
Page 458: B2Bua And Stateful Proxy Operating Modes
Mediant 4000 SBC • Strips all incoming SIP Via header fields and creates a new Via value for the outgoing message. • Each leg has its own Route/Record Route set. • User-defined manipulation of SIP To, From, and Request-URI host names.
Page 459 Some SIP functionalities are achieved by conveying the SIP call identifiers either in SIP specific headers (e.g., Replaces) or in the message bodies (e.g. Dialog Info in an XML body). Version 7.2 Mediant 4000 SBC...
Page 460 Mediant 4000 SBC  In some setups, the SIP client authenticates using a hash that is performed on one or more of the headers that B2BUA changes (removes). Therefore, implementing B2BUA would cause authentication to fail.  For facilitating debugging procedures, some administrators require that the value in the Call-ID header remains unchanged between the inbound and outbound SBC legs.
Page 461: Call Processing Of Sip Dialog Requests
The device obtains the source and destination URLs from certain SIP headers. Once the URLs are determined, the user and host parts of the URLs can be used as matching rule characteristics for classification, message manipulation, and call routing. Version 7.2 Mediant 4000 SBC...
Page 462 Mediant 4000 SBC • All SIP requests (e.g., INVITE) except REGISTER: ♦ Source URL: Obtained from the From header. If the From header contains the value 'Anonymous', the source URL is obtained from the P-Preferred- Identity header. If the P-Preferred-Identity header does not exist, the source URL is obtained from the P-Asserted-Identity header.
Page 463: User Registration
You can configure Call Admission Control (CAC) rules for incoming and outgoing REGISTER messages. For example, you can limit REGISTER requests from a specific IP Group or SRD. Note that this applies only to concurrent REGISTER dialogs and not concurrent registrations in the device's registration database. Version 7.2 Mediant 4000 SBC...
Page 464: Classification And Routing Of Registered Users
Mediant 4000 SBC The device provides a dynamic registration database that it updates according to registration requests traversing it. Each database entry for a user represents a binding between an AOR (obtained from the SIP To header), optional additional AORs, and one or more contacts (obtained from the SIP Contact headers).
Page 465: General Registration Request Processing
If you configure this grace period, the device keeps the user in the database (and does not send an un-register to the registrar server), allowing the user to send a "late" re-registration to the device. The device removes the Version 7.2 Mediant 4000 SBC...
Page 466: Registration Restriction Control
Mediant 4000 SBC user from the database only when this additional time expires.  The graceful period is also used before removing a user from the registration database when the device receives a successful unregister response (200 OK) from the registrar/proxy server. This is useful in scenarios, for example, in which users (SIP user agents) such as IP Phones erroneously send unregister requests.
Page 467: Media Anchoring
SDP:  Origin: IP address, session and version id  Session connection attribute ('c=' field)  Media connection attribute ('c=' field)  Media port number  RTCP media attribute IP address and port Version 7.2 Mediant 4000 SBC...
Page 468: Direct Media
Mediant 4000 SBC The device uses different local ports (e.g., for RTP, RTCP and fax) for each leg (inbound and outbound). The local ports are allocated from the Media Realm associated with each leg. The Media Realm assigned to the leg's IP Group (in the IP Groups table) is used. If not assigned to the IP Group, the Media Realm assigned to the leg's SIP Interface (in the SIP Interfaces table) is used.
Page 469 Microsoft Server (direct media is required in the Skype for Business environment). For more information, see ''Configuring IP Groups'' on page 351. IP Groups of the endpoints use the same SIP Interface and the SIP Interface's 'SBC Version 7.2 Mediant 4000 SBC...
Page 470: Restricting Audio Coders
Mediant 4000 SBC Direct Media' parameter is set to Enable (SIPInterface_SBCDirectMedia = 1). IP Groups of the endpoints use the same SIP Interface and the SIP Interface's 'SBC Direct Media' parameter Enable When Single (SIPInterface_SBCDirectMedia = 2), and the endpoints are located behind the same NAT.
Page 471: Coder Transcoding
SDP answer from the WAN IP phone includes the G.729 coder as the chosen coder. Since this coder was not included in the original incoming SDP offer from the LAN IP phone, the device performs G.729-G.711 transcoding between the inbound and outbound legs. Version 7.2 Mediant 4000 SBC...
Page 472 Mediant 4000 SBC Figure 21-5: Transcoding using Extended Coders (Example) Note: • If you assign a SIP entity an Allowed Audio Coders Group for coder restriction (allowed coders) and a Coders Group for extension coders, the allowed coders take precedence over the extension coders. In other words, if an extension coder is not listed as an allowed coder, the device does not add the extension coder to the SDP offer.
Page 473 G.729 and G.726, but removes the G.711 coder as it does not appear in the Allowed Audio Coders Group for coder restriction. m=audio 6050 RTP/AVP 18 96 96 a=rtpmap:18 G729/8000 a=rtpmap:96 G726-32/8000 a=fmtp:4 annexa=no Version 7.2 Mediant 4000 SBC...
Page 474: Transcoding Mode
Mediant 4000 SBC a=rtpmap:96 telephone-event/8000 a=fmtp:96 0-15 a=ptime:20 a=sendrecv The device includes only the G.729 and G.726 coders in the SDP offer that it sends from the outgoing leg to the outbound SIP entity. The G.729 is listed first as the Allowed Audio Coders Group for coder restriction takes precedence over the extension coder.
Page 475: Srtp-Rtp And Srtp-Srtp Transcoding
It supports the negotiation of up to five media streams ('m=' line) in the SDP offer/answer model per session. The media can include a combination of any of the following types:  Audio, indicated in the SDP as 'm=audio' Version 7.2 Mediant 4000 SBC...
Page 476: Interworking Miscellaneous Media Handling
Mediant 4000 SBC  Video, indicated in the SDP as 'm=video'  Text, indicated in the SDP as 'm=text'  Fax, indicated in the SDP as 'm=image'  Binary Floor Control Protocol (BFCP), indicated in the SDP as 'm=application <port>...
Page 477: Interworking Rtp-Rtcp Multiplexing
SIP entity. The IP Profiles table also defines the negotiation method used between the incoming and outgoing fax legs, using the following fax-related parameters:  IPProfile_SBCFaxBehavior: defines the offer negotiation method - pass fax Version 7.2 Mediant 4000 SBC...
Page 478: Limiting Sbc Call Duration
Mediant 4000 SBC transparently, negotiate fax according to fax settings in IP Profile, or enforce remote UA to first establish a voice channel before fax negotiation.  IPProfile_SBCFaxCodersGroupName: defines the supported fax coders (from the Coder Groups table).  IPProfile_SBCFaxOfferMode: determines the fax coders sent in the outgoing SDP offer.
Page 479: User Authentication Based On Radius
The SIP client sends the SIP request with the Authorization header to the device. The device sends an Access-Request message to the RADIUS server. The RADIUS server verifies the client's credentials and sends an Access-Accept (or Version 7.2 Mediant 4000 SBC...
Page 480: Interworking Sip Signaling
Mediant 4000 SBC Access-Reject) response to the device. The device accepts the SIP client's request (sends a SIP 200 OK or forwards the authenticated request) or rejects it (sends another SIP 407 to the SIP client). To configure this feature, set the SBCServerAuthMode ini file parameter to 2.
Page 481: Local Handling Of Sip 3Xx
Routing table rules. (where the 'Call Trigger' field is set to 3xx). It is also possible to specify the IP Group that sent the 3xx request as matching criteria for the re-routing rule in this table ('ReRoute IP Group ID' field). Version 7.2 Mediant 4000 SBC...
Page 482: Interworking Sip Diversion And History-Info Headers
Mediant 4000 SBC 21.9.2 Interworking SIP Diversion and History-Info Headers This device can be configured to interwork between the SIP Diversion and History-Info headers. This is important, for example, to networks that support the Diversion header but not the History-Info header, or vice versa. Therefore, mapping between these headers is crucial for preserving the information in the SIP dialog regarding how and why (e.g., call...
Page 483: Interworking Sip Prack Messages
21.9.6 Interworking SIP Early Media The device supports early media. Early media is when the media flow starts before the SIP call is established (i.e., before the 200 OK response). This occurs when the first SDP offer- Version 7.2 Mediant 4000 SBC...
Page 484 Mediant 4000 SBC answer transaction completes. The offer-answer options can be included in the following SIP messages:  Offer in first INVITE, answer on 180, and no or same answer in the 200 OK  Offer in first INVITE, answer on 180, and a different answer in the 200 OK (not standard) ...
Page 485 Media RTP Detection Mode', 'SBC Remote Supports RFC 3960', and 'SBC Remote Can Play Ringback'. See the flowcharts below for the device's handling of such scenarios: Figure 21-8: SBC Early Media RTP 18x without SDP Version 7.2 Mediant 4000 SBC...
Page 486: Interworking Sip Re-Invite Messages
Mediant 4000 SBC Figure 21-9: Early Media RTP - SIP 18x with SDP 21.9.7 Interworking SIP re-INVITE Messages The device supports interworking re-INVITE messages. This enables communication between endpoints that generate re-INVITE requests and those that do not support the receipt of re-INVITEs. The device does not forward re-INVITE requests to IP Groups that do not support it.
Page 487: Interworking Sip Re-Invite To Update
Interworking generation of held tone where the device generates the tone to the held party instead of the call hold initiator. This is configured by the IP Profile parameter, 'SBC Reliable Held Tone Source'. To configure IP Profiles, see ''Configuring IP Profiles'' on page 424. Version 7.2 Mediant 4000 SBC...
Page 488: Interworking Sip Via Headers
Mediant 4000 SBC 21.9.12 Interworking SIP Via Headers The device supports the interworking of SIP Via headers between SIP entities. For the outgoing message sent to a SIP entity, the device can remove or retain all the Via headers received in the incoming SIP request from the other side. Employing IP Profiles, you can configure this interworking feature per SIP entity, using the IpProfile_SBCKeepVIAHeaders parameter (see ''Configuring IP Profiles'' on page 424).
Page 489: Enabling The Sbc Application
Open the Applications Enabling page (Setup menu > Signaling & Media tab > Core Entities folder > Applications Enabling). From the 'SBC Application' drop-down list, select Enable: Click Apply, and then reset the device with a save-to-flash for your settings to take effect. Version 7.2 Mediant 4000 SBC...
Page 490 Mediant 4000 SBC This page is intentionally left blank. User's Manual Document #: LTRT-42025...
Page 491: Configuring General Sbc Settings
XML body. Below is an example of an XML body where the call-id, tags, and URIs have been replaced by the device: <?xml version="1.0"?> <dialog-info xmlns="urn:ietf:params:xml:ns:dialog-info" version="10" state="partial" entity="sip:alice@example.com"> <dialog id="zxcvbnm3" call-id="67402270@10.132.10.150" local-tag="1c137249965" Version 7.2 Mediant 4000 SBC...
Page 492 Mediant 4000 SBC remote-tag="CCDORRTDRKIKWFVBRWYM" direction="initiator"> <state event="replaced">terminated</state> </dialog> <dialog id="sfhjsjk12" call-id="67402270@10.132.10.150" local-tag="1c137249965" remote-tag="CCDORRTDRKIKWFVBRWYM" direction="receiver"> <state reason="replaced">confirmed</state> <replaces call-id="67402270@10.132.10.150" local-tag="1c137249965" remote-tag="CCDORRTDRKIKWFVBRWYM"/> <referred-by> sip:bob-is-not-here@vm.example.net </referred-by> <local> <identity display="Jason Forster"> sip:jforsters@home.net </identity> <target uri="sip:alice@pc33.example.com"> <param pname="+sip.rendering" pval="yes"/> </target> </local> <remote> <identity display="Cathy Jones">...
Page 493: Configuring Admission Control
(e.g., of 200). Requests that reach the user-defined call limit (maximum concurrent calls and/or call rate) are sent to an alternative route if configured in the IP-to-IP Routing table. If no alternative Version 7.2 Mediant 4000 SBC...
Page 494 Mediant 4000 SBC routing rule exists, the device rejects the SIP request with a SIP 480 "Temporarily Unavailable" response. Note: The device applies the CAC rule for the incoming leg immediately after the Classification process. If the call/request is rejected at this stage, no routing is performed.
Page 495 'Reserved Capacity' parameter at its' default (i.e., 0).  Reserved call capacity is applicable only to INVITE and SUBSCRIBE messages.  Reserved call capacity must be less than the maximum capacity (limit) configured for the CAC rule (see the 'Limit' parameter below). Version 7.2 Mediant 4000 SBC...
Page 496 Mediant 4000 SBC Parameter Description  The total reserved call capacity configured for all CAC rules must be within the device's total call capacity support. Limit Defines the maximum number of concurrent SIP dialogs per IP Group, SIP Interface or SRD. You can also use the following special...
Page 497: Routing Sbc
 To configure the action for unclassified calls: Open the SBC General Settings (Setup menu > Signaling & Media tab > SBC folder > SBC General Settings). Version 7.2 Mediant 4000 SBC...
Page 498 Mediant 4000 SBC From the 'Unclassified Calls' drop-down list, select Reject to reject unclassified calls or Allow to accept unclassified calls: Figure 25-1: Configuring Action for Classification Failure Click Apply. If you configure the parameter to Allow, the incoming SIP dialog is assigned to an IP Group as follows: The device determines on which SIP listening port (e.g., 5061) the incoming SIP...
Page 499 Proxy Set feature). • The device saves incoming SIP REGISTER messages in its registration database. If the REGISTER message is received from a User-type IP Group, the device sends the message to the configured destination. Version 7.2 Mediant 4000 SBC...
Page 500 Mediant 4000 SBC The flowchart below illustrates the classification process: Figure 25-2: Classification Process (Identifying IP Group or Rejecting Call) The following procedure describes how to configure Classification rules through the Web interface. You can also configure it through ini file (Classification) or CLI (configure voip >...
Page 501 Source SIP Interface Assigns a SIP Interface to the rule as a matching characteristic for the incoming SIP dialog. src-sip-interface-name The default is Any (i.e., all SIP Interfaces belonging to the SRD [Classification_SrcSIPInterfac assigned to the rule). Version 7.2 Mediant 4000 SBC...
Page 502 Mediant 4000 SBC Parameter Description Note: The SIP Interface must belong to the SRD assigned to the rule eName] (see the 'SRD' parameter in the table). Source IP Address Defines a source IP address as a matching characteristic for the incoming SIP dialog.
Page 503 Note: The IP Group must be associated with the assigned SRD (see the 'SRD' parameter in the table). IP Profile Assigns an IP Profile to the matched incoming SIP dialog. The assigned IP Profile overrides the IP Profile assigned to the IP Version 7.2 Mediant 4000 SBC...
Page 504: Classification Based On Uri Of Selected Header Example
Mediant 4000 SBC Parameter Description ip-profile-id Group (in the IP Groups table) to which the SIP dialog is classified. Therefore, assigning an IP Profile during classification allows you to [Classification_IpProfileName] assign different IP Profiles to specific users (calls) that belong to the same IP Group (User or Server type).
Page 505: Configuring Sbc Ip-To-Ip Routing
Request-URI of incoming SIP dialog-initiating requests.  Any registered user in the registration database. If the Request-URI of the incoming INVITE exists in the database, the call is sent to the corresponding contact address specified in the database. Version 7.2 Mediant 4000 SBC...
Page 506 Mediant 4000 SBC  According to result of an ENUM query.  Hunt Group - used for call survivability of call centers (see ''Configuring Call Survivability for Call Centers'' on page 587).  According to result of LDAP query (for more information on LDAP-based routing, see ''Routing Based on LDAP Active Directory Queries'' on page 237).
Page 507 (call forking). The incoming call can be routed to multiple destinations of any type such as an IP Group or IP address. The device forks the call by sending simultaneous INVITE messages to all the specified destinations. It handles Version 7.2 Mediant 4000 SBC...
Page 508 Mediant 4000 SBC the multiple SIP dialogs until one of the calls is answered and then terminates the other SIP dialogs. Call forking is configured by creating a Forking group. A Forking group consists of a main routing rule ('Alternative Route Options' set to Route Row) whose 'Group Policy' is set to Forking, and one or more associated routing rules ('Alternative Route Options' set to Group Member Ignore Inputs or Group Member Consider Inputs).
Page 509 Determines whether this routing rule is the main routing rule or an alternative routing rule (to the rule defined directly above it in the table). alt-route-options  [0] Route Row = (Default) Main routing rule - the device first attempts Version 7.2 Mediant 4000 SBC...
Page 510 Mediant 4000 SBC Parameter Description [IP2IPRouting_AltRouteOp to route the call to this route if the incoming SIP dialog's input tions] characteristics matches this rule.  [1] Alternative Route Ignore Inputs = If the call cannot be routed to the main route (Route Row), the call is routed to this alternative route regardless of the incoming SIP dialog's input characteristics.
Page 511 The valid value is a string of up to 20 characters. The tag is case [IP2IPRouting_DestTags] insensitive. To configure prefix tags, see ''Configuring Dial Plans'' on page 547. Note:  Make sure that you assign the Dial Plan in which you have Version 7.2 Mediant 4000 SBC...
Page 512 Mediant 4000 SBC Parameter Description configured the prefix tag, to the related IP Group or SRD.  Instead of using tags and configuring the parameter, you can use the 'Destination Username Prefix' parameter to specify a specific URI destination user or all destinations users.
Page 513 [13] Internal = Instead of sending the incoming SIP dialog to another destination, the device replies to the sender of the dialog with a SIP response code or a redirection response, configured by the 'Internal Version 7.2 Mediant 4000 SBC...
Page 514 Mediant 4000 SBC Parameter Description Action' (IP2IPRouting_InternalAction) parameter in this table (see below). Note:  Use option [5] Dial Plan only for backward compatibility purposes; otherwise, use prefix tags as described in ''Configuring Dial Plans'' on page 547.  If you configure the parameter to Dest Address, Request URI,...
Page 515 Call Setup rules of this Set ID if the incoming call matches call-setup-rules-set-id the characteristics of this routing rule. The device routes the call to the [IP2IPRouting_CallSetupR destination according to the routing rule's configured action, only after it ulesSetId] has performed the Call Setup rules. Version 7.2 Mediant 4000 SBC...
Page 516 Mediant 4000 SBC Parameter Description To configure Call Setup rules, see ''Configuring Call Setup Rules'' on page 413. Group Policy Defines whether the routing rule includes call forking. group-policy  [0] None = (Default) Call uses only this route (even if Forking Group [IP2IPRouting_GroupPolicy members are configured in the rows below it).
Page 517: Configuring Rerouting Of Calls To Fax Destinations
Open the Fax/Modem/CID Settings page (Setup menu > Signaling & Media tab > Media folder > Fax/Modem/CID Settings). In the 'Fax Detection Timeout' field (SBCFaxDetectionTimeout), enter the duration (in seconds) for which the device attempts to detect fax (CNG tone): Version 7.2 Mediant 4000 SBC...
Page 518 Mediant 4000 SBC From the 'CNG Detector Mode' drop-down list (CNGDetectorMode), select Event Only. Load an ini file to the device through the Auxiliary Files page (see Loading Auxiliary Files through Web Interface on page 635) with the following parameter setting,...
Page 519: Configuring Specific Udp Ports Using Tag-Based Routing
Open the SIP Interfaces table (see Configuring SIP Interfaces on page 343), and then configure the following SIP Interfaces: • SIP Interface for leg interfacing with IP PBXs (local UDP port 5060 is used): General Index Name Version 7.2 Mediant 4000 SBC...
Page 520 Mediant 4000 SBC Network Interface UDP Port 5060 • SIP Interface for leg interfacing with proxy server (specific local UDP ports are later taken from this port range): General Index Name ITSP Network Interface UDP Port 5060 Additional UDP Ports...
Page 521 'Tags' parameter of the classified IP Group, as the local UDP port on the leg interfacing with the proxy server for messages sent to the proxy server: General Index Rule Set ID Condition srctags.Type=='PBX' Action Action Subject message.outgoing.local-port Action Type Modify Version 7.2 Mediant 4000 SBC...
Page 522 Mediant 4000 SBC param.ipg.src.tags.Port Action Value • If the source tag name "Type" equals "ITSP" (i.e., SIP message from the ITSP), then use the value (port number) of the local port on which the incoming message from the proxy server is received by the device, as the value of the destination tag name "Port".
Page 523: Configuring Sip Response Codes For Alternative Routing Reasons
(see ''Configuring Quality of Service Rules'' on page 321). If the response code is configured in the table and the device rejects a call due to threshold crossing, it searches in the IP-to-IP Routing table for an alternative routing rule. Version 7.2 Mediant 4000 SBC...
Page 524 Mediant 4000 SBC Note: • If the device receives a SIP 408 response, an ICMP message, or no response, alternative routing is still performed even if the code is not configured in the Alternative Routing Reasons table. • SIP requests belonging to an SRD or IP Group that have reached the call limit...
Page 525: Configuring Sbc Routing Policy Rules
(tenants), unless deployment requires otherwise (i.e., a dedicated Routing Policy per SRD). Once configured, you need to associate the Routing Policy with an SRD(s) in the SRDs table. To determine the routing and manipulation rules for the SRD, you need to assign the Version 7.2 Mediant 4000 SBC...
Page 526 Mediant 4000 SBC Routing Policy to routing and manipulation rules. The figure below shows the configuration entities to which Routing Policies can be assigned: Typically, assigning a Routing Policy to a Classification rule is not required, as when an incoming call is classified it uses the Routing Policy associated with the SRD to which it belongs.
Page 527 > Routing > Routing Policies). Click New; the following dialog box appears: Figure 25-8: Routing Policies Table - Add Dialog Box Configure the Routing Policy rule according to the parameters described in the table below. Click Apply. Version 7.2 Mediant 4000 SBC...
Page 528 Mediant 4000 SBC Table 25-4: Routing Policies table Parameter Descriptions Parameter Description General Index Defines an index number for the new table row. Note: Each row must be configured with a unique index. Name Defines a descriptive name, which is used when associating the row in other tables.
Page 529: Configuring Ip Group Sets
You can assign up to five IP Groups per IP Group Set. The following procedure describes how to configure IP Group Sets through the Web interface. You can also configure it through other management platforms: Version 7.2 Mediant 4000 SBC...
Page 530 Mediant 4000 SBC  IP Group Set Table: ini file (IPGroupSet) or CLI (configure voip > sbc routing ip- group-set)  IP Group Set Member Table: ini file (IPGroupSetMember) or CLI (configure voip > sbc routing ip-group-set-member)  To configure an IP Group Set: Open the IP Group Set table (Setup menu >...
Page 531 Figure 25-10: IP Group Set Member Table - Dialog Box Configure IP Group Set members according to the parameters described in the table below. Click Apply, and then save your settings to flash memory. IP Group Set Member Table Parameter Descriptions Parameter Description Version 7.2 Mediant 4000 SBC...
Page 532 Mediant 4000 SBC Parameter Description Index Defines an index number for the new table row. index Note: Each row must be configured with a unique index. [IPGroupSetMember_IPGroupSe tMemberIndex] IP Group Assigns an IP Group to the IP Group Set. ip-group-name To configure IP Groups, see Configuring IP Groups.
Page 533: Sbc Manipulations
IP Groups respectively (if any, in the IP Groups table). Below is an example of a call flow and consequent SIP URI manipulations:  Incoming INVITE from LAN: INVITE sip:1000@10.2.2.3;user=phone;x=y;z=a SIP/2.0 Via: SIP/2.0/UDP 10.2.2.6;branch=z9hGLLLLLan From:<sip:7000@10.2.2.6;user=phone;x=y;z=a>;tag=OlLAN;paramer1 =abe To: <sip:1000@10.2.2.3;user=phone> Call-ID: USELLLAN@10.2.2.3 Version 7.2 Mediant 4000 SBC...
Page 534 Mediant 4000 SBC CSeq: 1 INVITE Contact: <sip:7000@10.2.2.3> Supported: em,100rel,timer,replaces Allow: REGISTER,OPTIONS,INVITE,ACK,CANCEL,BYE,NOTIFY,PRACK User-Agent: Sip Message Generator V1.0.0.5 Content-Type: application/sdp Content-Length: 155 o=SMG 791285 795617 IN IP4 10.2.2.6 s=Phone-Call c=IN IP4 10.2.2.6 t=0 0 m=audio 6000 RTP/AVP 8 a=rtpmap:8 pcma/8000 a=sendrecv a=ptime:20 ...
Page 535: Configuring Ip-To-Ip Inbound Manipulations
Routing Policy ("Default_SBCRoutingPolicy"), when only one Routing Policy is required, the device automatically assigns the default Routing Policy to the routing rule. If you are implementing LDAP-based routing (with or without Call Setup Rules) and/or Version 7.2 Mediant 4000 SBC...
Page 536 Mediant 4000 SBC Least Cost Routing (LCR), you need to configure these settings for the Routing Policy (regardless of the number of Routing Policies employed). For more information on Routing Policies, see ''Configuring SBC Routing Policy Rules'' on page 525.
Page 537  [2] REGISTER = Only REGISTER messages.  [3] SUBSCRIBE = Only SUBSCRIBE messages.  [4] INVITE and REGISTER = All SIP messages except SUBSCRIBE.  [5] INVITE and SUBSCRIBE = All SIP messages except Version 7.2 Mediant 4000 SBC...
Page 538 Mediant 4000 SBC Parameter Description REGISTER. Source IP Group Defines the IP Group from where the incoming INVITE is CLI: src-ip-group-name received. [IPInboundManipulation_SrcIpGr The default is Any (i.e., any IP Group). oupName] Source Username Prefix Defines the prefix of the source SIP URI user name (usually in CLI: src-user-name-prefix the From header).
Page 539: Configuring Ip-To-Ip Outbound Manipulations
IP Groups, respectively. The following procedure describes how to configure Outbound Manipulations rules through the Web interface. You can also configure it through ini file (IPOutboundManipulation) or CLI (configure voip > sbc manipulation ip-outbound-manipulation). Version 7.2 Mediant 4000 SBC...
Page 540 Mediant 4000 SBC  To configure Outbound Manipulation rules: Open the Outbound Manipulations table (Setup menu > Signaling & Media tab > SBC folder > Manipulation > Outbound Manipulations). Click New; the following dialog box appears: Figure 26-3: Outbound Manipulations Table- Add Dialog Box Configure an Outbound Manipulation rule according to the parameters described in the table below.
Page 541 Defines the prefix of the source SIP URI user name, typically used in the SIP From header. src-user-name-prefix The default value is the asterisk (*) symbol (i.e., any source [IPOutboundManipulation_SrcUsern username prefix). The prefix can be a single digit or a range of amePrefix] Version 7.2 Mediant 4000 SBC...
Page 542 Mediant 4000 SBC Parameter Description digits. For available notations, see ''Dialing Plan Notation for Routing and Manipulation'' on page 831. Note: If you need to manipulate calls of many different source URI user names, you can use tags (see 'Source Tags' parameter below) instead of this parameter.
Page 543 Prefix to Add Defines the number or string to add in the front of the manipulated item. For example, if you enter 'user' and the user prefix-to-add name is "john", the new user name is "userjohn". [IPOutboundManipulation_Prefix2Ad Version 7.2 Mediant 4000 SBC...
Page 544 Mediant 4000 SBC Parameter Description If you set the 'Manipulated Item' parameter to Source URI or Destination URI, you can configure the parameter to a string of up 49 characters. If you set the 'Manipulated Item' parameter to Calling Name, you can configure the parameter to a string of up 36 characters.
Page 545: Using The Proprietary Sip X-Ac-Action Header
26.3 Using the Proprietary SIP X-AC-Action Header You can use AudioCodes proprietary SIP header, X-AC-Action in message manipulation rules to trigger certain actions. These actions can be used to support, for example, interworking of SIP-I and SIP endpoints for the ISUP SPIROU variant (see Enabling Interworking of SIP and SIP-I Endpoints on page 569).
Page 546 Mediant 4000 SBC receiving this manipulated message, the device starts using IP Profile "ITSP-Profile-2" instead of "ITSP-Profile-1", for the IP Group. User's Manual Document #: LTRT-42025...
Page 547: Configuring Dial Plans
Dial Plan for a rule that matches the destination number. If matching dial plan rules are found, the tags configured for these rules are used in the routing and/or manipulation processes as source and/or destination tags. Version 7.2 Mediant 4000 SBC...
Page 548 Mediant 4000 SBC Note: When tags are used in the IP-to-IP Routing table to determine destination IP Groups (i.e., 'Destination Type' parameter configured to Destination Tag), the device searches the Dial Plan for a matching destination (called) prefix number only.
Page 549 532[1-9] 532[2-4]  For incoming calls with prefix number "53124", the rule with tag C is chosen (longest suffix - C has three digits, B two digits and A one digit): Prefix 53([2-4]) 53([01-99]) 53([001-999]) Version 7.2 Mediant 4000 SBC...
Page 550 Mediant 4000 SBC  For incoming calls with prefix number "53124", the rule with tag B is chosen (suffix is more specific for digit "4"): Prefix 53([2-4]) 53(4),B Dial Plans are configured using two tables with parent-child type relationship: ...
Page 551 For example, "54324#" represents a 5-digit number that starts with the digits 54324.  .: (Period) Denotes any letter or digit.  [n-m], (n-m), or ([n1-m1,n2-m2,a,b,c,n3-m3]): Represents a Version 7.2 Mediant 4000 SBC...
Page 552: Importing And Exporting Dial Plans
Mediant 4000 SBC Parameter Description mixed notation of single numbers and multiple ranges. To represent the prefix, the notation is enclosed by square brackets [...]; to represent the suffix, the notation is enclosed by square brackets which are enclosed by parenthesis ([...]).
Page 553 The following procedures describe how to import a Dial Plan file.  To overwrite all existing Dial Plans with imported Dial Plan file:  Web interface (from a local folder): Open the Dial Plan table. Version 7.2 Mediant 4000 SBC...
Page 554 Mediant 4000 SBC From the 'Action' drop-down menu, choose Import; the following dialog box appears: Figure 27-5: Importing Dial Plan Rules for Specific Dial Plan Use the Browse button to select the Dial Plan file on your PC, and then click OK.
Page 555: Creating Dial Plan Files
Name: Name of the dial plan rule belonging to the Dial Plan.  Prefix: Source or destination number prefix.  Tag: Result of the user categorization and can be used as matching characteristics for routing and outbound manipulation For example: DialPlanName,Name,Prefix,Tag PLAN1,rule_100,5511361xx,A PLAN1,rule_101,551136184[4000-9999]#,B MyDialPlan,My_rule_200,5511361840000#,itsp_1 MyDialPlan,My_rule_201,66666#,itsp_2 Version 7.2 Mediant 4000 SBC...
Page 556: Using Dial Plan Tags For Ip-To-Ip Routing
Mediant 4000 SBC 27.3 Using Dial Plan Tags for IP-to-IP Routing You can use Dial Plan tags with IP-to-IP Routing rules in the IP-to-IP Routing table, where tags can be used for the following:  Matching routing rules by source and/or destination prefix numbers (see Using Dial Plan Tags for Matching Routing Rules on page 556) ...
Page 557: Using Dial Plan Tags For Routing Destinations
The device searches the IP Groups table and IP Group Set table for an IP Group whose 'Tags' parameter is configured with the same tag as selected from the Dial Plan rule. If found, the device routes the call to this IP Group. Version 7.2 Mediant 4000 SBC...
Page 558 Mediant 4000 SBC The following figure displays the device's SIP dialog processing when Dial Plan tags are used to determine the destination IP Group: Figure 27-7: SIP Dialog Handling for Tag-Based Routing The following procedure describes how to configure routing to destination IP Groups determined by Dial Plan tags.
Page 559 Destination Tag and the 'Routing Tag Name' to one of your Dial Plan tags. In our example, the tag "Country" is used: Parameter Index 0 Name Europe Source IP Group Destination Type Destination Tag Routing Tag Name Country Version 7.2 Mediant 4000 SBC...
Page 560: Dial Plan Backward Compatibility
Mediant 4000 SBC Note: • For configuring Dial Plan tags, see Configuring Dial Plans on page 547. • Configure the 'Routing Tag Name' parameter with only the name of the tag (i.e., without the value, if exists). For example, instead of "Country=England", configure it as "Country"...
Page 561: Using Dial Plan Tags For Outbound Manipulation
Manipulations'' on page 539), configure a rule with the required manipulation and whose matching characteristics include the tag(s) that you configured in your Dial Plan in Step 1. The tags are assigned using the following parameters: • 'Source Tags' parameter (IPOutboundManipulation_SrcTags): tag denoting the calling users Version 7.2 Mediant 4000 SBC...
Page 562 Mediant 4000 SBC • 'Destination Tags' parameter (IPOutboundManipulation_DestTags): tag denoting the called users User's Manual Document #: LTRT-42025...
Page 563: Using Dial Plan Tags For Call Setup Rules
For example, you can configure a rule that adds the SIP header "City" with the value "ny" (i.e., City: ny) to all outgoing SIP INVITE messages associated with the source tag "ny": Note: You cannot modify Dial Plan tags using Message Manipulation rules. Version 7.2 Mediant 4000 SBC...
Page 564 Mediant 4000 SBC This page is intentionally leftblank. User's Manual Document #: LTRT-42025...
Page 565: Configuring Malicious Signatures
(i.e., IP Group). To configure Message Policies, see ''Configuring SIP Message Policy Rules''. The following procedure describes how to configure Malicious Signatures through the Web interface. You can also configure it through ini file (MaliciousSignatureDB) or CLI (configure voip > sbc malicious-signature-database). Version 7.2 Mediant 4000 SBC...
Page 566 Mediant 4000 SBC  To configure a Malicious Signature: Open the Malicious Signature table (Setup menu > Signaling & Media tab > SBC folder > Malicious Signature). Click New; the following dialog box appears: Figure 28-1: Malicious Signature Table - Add Dialog Box Configure a Malicious Signature according to the parameters described in the table below.
Page 567: Advanced Sbc Features
The device does not preempt established emergency calls.  To configure SBC emergency call preemption: In the Message Conditions table (see ''Configuring Message Condition Rules'' on page 406), configure a Message Condition rule to identify incoming emergency calls. See above for examples. Version 7.2 Mediant 4000 SBC...
Page 568: Emergency Call Routing Using Ldap To Obtain Elin
Mediant 4000 SBC Open the SBC General Settings page (Setup menu > Signaling & Media tab > SIP Definitions folder > Priority and Emergency), and then scroll down to the Call Priority and Preemption group: Figure 29-2: Configuring Emergency SBC Call Preemption From the 'Preemption Mode' drop-down list (SBCPreemptionMode), select Enable to enable call preemption.
Page 569: Enabling Interworking Of Sip And Sip-I Endpoints
SIP-I is SIP encapsulated with ISUP and the interworking is between SIP signaling and ISUP signaling. This allows you to deploy the device in a SIP environment where part of the call path involves the PSTN. Version 7.2 Mediant 4000 SBC...
Page 570 Mediant 4000 SBC The SIP-I sends calls, originating from the SS7 network, to the SIP network by adding ISUP messaging in the SIP INVITE message body. The device can receive such a message from the SIP-I and remove the ISUP information before forwarding the call to the SIP endpoint.
Page 571 ''Configuring SIP Message Manipulation'' on page 401). For a complete description of the ISUP manipulation syntax, refer to the SIP Message Manipulation Reference Guide. In addition, you can use AudioCodes proprietary SIP header X-AC-Action in Message Manipulation rules to support various call actions (e.g., SIP-I SUS and RES messages) for the ISUP SPIROU variant.
Page 572: Webrtc
The WebRTC feature is a license-dependent feature and is available only if it is included in the License Key that is installed on the device. For ordering the feature, please contact your AudioCodes sales representative. User's Manual Document #: LTRT-42025...
Page 573 WebRTC components and the device's interworking of these components between the WebRTC client and the SIP user agent: The call flow process for interworking WebRTC with SIP endpoints by the device is illustrated below and subsequently described: Version 7.2 Mediant 4000 SBC...
Page 574: Sip Over Websocket
Mediant 4000 SBC The WebRTC client uses a Web browser to visit the Web site page. The Web page receives Web page elements and JavaScript code for WebRTC from the Web hosting server. The JavaScript code runs locally on the Web browser.
Page 575 The SIP messages over WebSocket are indicated by the "ws" value, as shown in the example below of a SIP REGISTER request received from a client: REGISTER sip:10.132.10.144 SIP/2.0 Via: SIP/2.0/WS v6iqlt8lne5c.invalid;branch=z9hG4bK7785666 Max-Forwards: 69 To: <sip:101@10.132.10.144> From: "joe" <sip:101@10.132.10.144>;tag=ub50pqjgpr Call-ID: fhddgc3kc3hhu32h01fghl CSeq: 81 REGISTER Version 7.2 Mediant 4000 SBC...
Page 576: Configuring Webrtc
For the WebRTC deployment environment, you need to install a signed certificate by a Certificate Authority (CA) on you Web server machine (hosting the WebRTC JavaScript) and on your AudioCodes SBC device (i.e., WebSocket server). Note: • Google announced a security policy change that impacts new versions of the Chrome Web browser.
Page 577 From the 'TLS Context Name' drop-down list, assign the TLS Context that you configured in Step 1 (e.g., "WebRTC"). Figure 29-7: Configuring SIP Interface for WebRTC Clients Click Apply. Configure an IP Profile for the WebRTC clients: Version 7.2 Mediant 4000 SBC...
Page 578 Mediant 4000 SBC Open the IP Profiles table (see ''Configuring IP Profiles'' on page 424). Do the following: ♦ From the 'ICE Mode' drop-down list (IPProfile_SBCIceMode), select Lite to enable ICE. ♦ From the 'RTCP Mux' drop-down list (IPProfile_SBCRTCPMux), select Supported to enable RTCP multiplexing.
Page 579: Handling Registered Aors With Same Contact Uris
Some SIP entities (e.g., IP Phones) are setup to register with two registrar/proxy servers (primary and secondary). The reason for this is to provide call redundancy for the SIP entity in case one of the proxy servers fail. When the SIP entity registers with the proxy servers, it Version 7.2 Mediant 4000 SBC...
Page 580 Mediant 4000 SBC sends two identical REGISTER messages - one to the primary proxy and one to the secondary proxy. When the device is located between the SIP entity and the two proxy servers, it needs to differentiate between these two REGISTER messages even though they are identical.
Page 581 Keep user; add unique identifier as URI parameter. In the Message Manipulations table, configure the following rules: • Index 0: ♦ Manipulation Set ID: 1 ♦ Action Subject: header.contact.url.ac-int ♦ Action Type: Modify ♦ Action Value: '1' • Index 1: Version 7.2 Mediant 4000 SBC...
Page 582 Mediant 4000 SBC ♦ Manipulation Set ID: 2 ♦ Action Subject: header.contact.url.ac-int ♦ Action Type: Modify ♦ Action Value: '2' In the SIP Interfaces table, configure the following SIP Interfaces: • Index 0 (SIP Interface for IP Phone A): ♦...
Page 583: Call Forking
29.7.2 Configuring SIP Forking Initiated by SIP Proxy The device can handle the receipt of multiple SIP 18x responses as a result of SIP forking initiated by a proxy server. This occurs when the device forwards an INVITE, received from Version 7.2 Mediant 4000 SBC...
Page 584: Configuring Call Forking-Based Ip-To-Ip Routing Rules
Mediant 4000 SBC a user agent (UA), to a proxy server and the proxy server then forks the INVITE request to multiple UAs. Several UAs may answer and the device may therefore, receive several replies (responses) for the single INVITE request. Each response has a different 'tag' value in the SIP To header.
Page 585: Enabling Auto-Provisioning Of Subscriber-Specific Information Of Broadworks Server For Survivability
To enable the BroadWorks survivability feature: Open the SBC General Settings page (Setup menu > Signaling & Media tab > SBC folder > SBC General Settings). From 'BroadWorks Survivability Feature' drop-down list (SBCExtensionsProvisioningMode), select Enable: Click Apply. Version 7.2 Mediant 4000 SBC...
Page 586: Configuring Broadsoft's Shared Phone Line Call Appearance For Survivability
Mediant 4000 SBC 29.8.2 Configuring BroadSoft's Shared Phone Line Call Appearance for Survivability The device can provide redundancy for BroadSoft's Shared Call Appearance feature. When the BroadSoft application server switch (AS) fails or does not respond, or when the network connection between the device and the BroadSoft AS is down, the device manages the Shared Call Appearance feature for the SIP clients.
Page 587: Configuring Call Survivability For Call Centers
(such as IVR), the device routes the incoming calls received from the customer (i.e., from the TDM gateway) to the call center agents. Version 7.2 Mediant 4000 SBC...
Page 588 Mediant 4000 SBC In normal operation, the device registers the agents in its users registration database. Calls received from the TDM gateway are forwarded by the device to the application server, which processes the calls and sends them to specific call center agents, through the device.
Page 589: Enabling Survivability Display On Aastra Ip Phones
LCD screens. If you enable the feature and the device is in Survivability mode, it responds to SIP REGISTER messages from the IP phones with a SIP 200 OK containing the following XML body: Version 7.2 Mediant 4000 SBC...
Page 590 Mediant 4000 SBC Content-Type: application/xml <?xml version="1.0" encoding="utf-8"?> <LMIDocument version="1.0"> <LocalModeStatus> <LocalModeActive>true</LocalModeActive> <LocalModeDisplay>StandAlone Mode</LocalModeDisplay> </LocalModeStatus> </LMIDocument>  To enable survivability display on Aastra phones: Load an ini file to the device that includes the following parameter setting: SBCEnableSurvivabilityNotice = 1...
Page 591: Alternative Routing On Detection Of Failed Sip Response
If the device does not receive a SIP ACK in response to this, it sends a new 200 OK to the next alternative destination. This new destination can be the next given IP address resolved from a DNS from the Contact or Record-Route header in the request related to the response. Version 7.2 Mediant 4000 SBC...
Page 592: Voiperfect
25%. ISPs can therefore offer service level agreements (SLAs) to their customers based on the VoIPerfect feature. For more information, contact your AudioCodes sales representative. In addition, by ensuring high call quality even in adverse network conditions, VoIPerfect may reduce costs for ISPs such...
Page 593 ♦ RTCP Feedback: Feedback On ♦ Voice Quality Enhancement: Enable ♦ Max Opus Bandwidth: 80000 • Quality of Service Rules (see Configuring Quality of Service Rules on page 321): ♦ Rule Metric: Poor InVoice Quality Version 7.2 Mediant 4000 SBC...
Page 594 Mediant 4000 SBC ♦ Alternative IP Profile Name: name of Alternative IP Profile (above) Configuration of the Access SBC for both methods:  Coder Groups: • Coders Group with G.711 and Opus • Coders Group with Opus  Allowed Audio Coders Group with Opus ...
Page 595: Cloud Resilience Package
Part VI Cloud Resilience Package...
Page 597: Crp Overview
 Short number dialog (short numbers are learned dynamically in the registration process)  Survivability indication to IP phone  Call hold and retrieve Version 7.2 Mediant 4000 SBC...
Page 598 Mediant 4000 SBC Survivability Quality of Experience/Service Security  Call transfer (if IP phone initiates REFER)  Basic Shared Line Appearance (excluding correct busy line indications)  Call waiting (if supported by IP phone) One of the main advantages of CRP is that it enables quick-and-easy configuration. This is accomplished by its pre-configured routing entities, whereby only minimal configuration is required.
Page 599: Crp Configuration
Open the Applications Enabling page (Setup menu > Signaling & Media tab > Core Entities folder > Applications Enabling). From the 'CRP Application' drop-down list, select Enable. Click Apply, and then reset the device with a save-to-flash for your settings to take effect. Version 7.2 Mediant 4000 SBC...
Page 600: Configuring Call Survivability Mode
Mediant 4000 SBC 31.2 Configuring Call Survivability Mode The CRP can be configured to operate in one of the following call survivability modes:  Normal (Default): The CRP interworks between the branch users and the IP PBX located at headquarters. The CRP forwards all requests (such as for registration) from the branch users to the IP PBX, and routes the calls based on the IP-to-IP routing rules.
Page 601: Pre-Configured Ip Groups
The IP Groups can be edited, except for the fields listed above, which are read-only. • For accessing the IP Groups table and for a description of its parameters, see ''Configuring IP Groups'' on page 351. Version 7.2 Mediant 4000 SBC...
Page 602: Pre-Configured Ip-To-Ip Routing Rules
Mediant 4000 SBC 31.4 Pre-Configured IP-to-IP Routing Rules For the CRP application, the IP-to-IP Routing table is pre-configured with IP-to-IP routing rules. These rules depend on the configured Call Survivability mode, as described in ''Configuring Call Survivability Mode'' on page 600.
Page 603: Emergency Mode
Route Ignore Inputs #1 [CRP IP Group #3 [CRP Alternative Users] Gateway] Route Ignore Inputs #2 [CRP IP Group #1 [CRP Route Row Proxy] Users] #2 [CRP IP Group #3 [CRP Route Row Proxy] Gateway] Version 7.2 Mediant 4000 SBC...
Page 604: Configuring Pstn Fallback
Mediant 4000 SBC Mode Index Source IP Request Type Destination Destination Destination Alternative Group Type IP Group Address Route Options #3 [CRP IP Group #2 [CRP Route Row Gateway] Proxy] #3 [CRP IP Group #1 [CRP Alternative Gateway] Users] Route Ignore...
Page 605: High-Availability System
Part VII High-Availability System...
Page 607: Ha Overview
(.cmp) if the redundant device is running a different software version. Once loaded to the redundant device, the redundant device reboots to apply the new configuration and/or software. This ensures that the two units are synchronized regarding configuration and software. Version 7.2 Mediant 4000 SBC...
Page 608: Device Switchover Upon Failure
Mediant 4000 SBC Note: If the active unit runs an earlier version (e.g., 7.0) than the redundant unit (e.g., 7.2), the redundant unit is downgraded to the same version as the active unit (e.g., 7.0). Thus, under normal operation, one of the devices is in active state while the other is in redundant state, where both devices share the same configuration and software.
Page 609: Viewing Ha Status On Monitor Web Page
Title above device is "Active Device". The default name is "Device 1".  Redundant device: • Color of border surrounding device is blue. • Title above device is "Redundant Device". The default name is "Device 2". Version 7.2 Mediant 4000 SBC...
Page 610 Mediant 4000 SBC The Monitor page also displays the HA operational status of the device to which you are currently logged in. This is displayed in the 'HA Status' field under the Device Information:  "Synchronizing": Redundant device is synchronizing with Active device ...
Page 611: Ha Configuration
This is enabled by configuring the Ethernet Group associated with the Maintenance interface with two ports. The required receive (Rx) and transmit (TX) mode for the port pair in the Ethernet Group used by the Maintenance interface is as follows (not applicable to Mediant VE): Version 7.2 Mediant 4000 SBC...
Page 612 Mediant 4000 SBC  (Recommended Physical Connectivity) If the Maintenance ports of both devices are connected directly to each other without intermediation of switches, configure the mode to 2RX/1TX: Figure 33-1: Rx/Tx Mode for Direct Connection  If the two devices are connected through two (or more) isolated LAN switches (i.e.,...
Page 613: Configuring The Ha Devices
Assigning the OAMP IP Address on page Open the IP Interfaces table (see ''Configuring IP Network Interfaces'' on page 129). Change the default OAMP network settings to suit your networking scheme. Configure the Control and Media network interfaces, as required. Version 7.2 Mediant 4000 SBC...
Page 614 Mediant 4000 SBC Add the HA Maintenance interface (i.e., the MAINTENANCE Application Type). Note: Make sure that the Maintenance interface uses an Ethernet Device and Ethernet Group that is not used by any other IP network interface. The Ethernet Group is associated with the Ethernet Device, which is assigned to the interface.
Page 615: Step 2: Configure The Second Device
Configure the same Ethernet port Tx / Rx mode of the Ethernet Group used by the Maintenance interface as configured for the first device. Configure HA parameters in the HA Settings page: In the 'HA Remote Address' field, enter the Maintenance IP address of the first device. Version 7.2 Mediant 4000 SBC...
Page 616: Step 3: Initialize Ha On The Devices
Mediant 4000 SBC (Optional) Enable the HA Preempt feature by configuring the 'Preempt Mode' parameter to Enable, and then setting the priority level of the device in the 'Preempt Priority' field. Make sure that you configure different priority levels for the two devices.
Page 617 After it synchronizes with the active device, it initiates a switchover and becomes the new active device (the former active device resets and becomes the new redundant device). Version 7.2 Mediant 4000 SBC...
Page 618: Configuring Firewall Allowed Rules
Mediant 4000 SBC 33.3 Configuring Firewall Allowed Rules If you want to configure firewall rules (see 'Configuring Firewall Rules' on page 165) that block specific network traffic, you must first configure firewall rules that allow traffic needed in your deployment. Therefore, in addition to allowing basic traffic (such as OAMP,...
Page 619: Monitoring Ip Entities And Ha Switchover Upon Ping Failure
To enable and configure monitoring of network entities using pings: Open the HA Settings page (Setup menu > IP Network tab > Core Entities folder > HA Settings). From the 'HA Network Monitor' (HAPingEnabled) drop-down list, select Enable: Version 7.2 Mediant 4000 SBC...
Page 620 Mediant 4000 SBC In the 'Monitor Threshold' (HaNetworkMonitorThreshold) field, enter the minimum number of failed ("Not Reachable") monitored rows that are required to trigger an HA switchover: Open the HA Network Monitor table (Setup menu > IP Network tab > Core Entities folder >...
Page 621 ('Peer Destination Address') of the monitored row, as shown in the below example: The reachability status is displayed in the 'Peer Reachability Status' read-only field:  "Reachability unverified": The reachability status of the destination is currently Version 7.2 Mediant 4000 SBC...
Page 622 Mediant 4000 SBC undetermined. In other words, the destination has never replied to the device's pings.  "Reachable": The device considers the destination as online (reachable). In other words, the device has received a ping reply from the destination. ...
Page 623: Ha Maintenance
• Navigation tree: Setup menu > Administration tab > Maintenance folder > High Availability Maintenance. Figure 34-1: Performing a Device HA Switchover Click Switch Over; a confirmation box appears requesting you to confirm. Click OK. Version 7.2 Mediant 4000 SBC...
Page 624: Resetting The Redundant Unit
Mediant 4000 SBC 34.4 Resetting the Redundant Unit You can reset the Redundant device, if necessary. Note: When resetting the Redundant device, the HA mode becomes temporarily unavailable.  To reset the Redundant device: Open the High Availability Maintenance page: •...
Page 625 Reset the redundant device. Note: The procedure assumes that no network changes were made to both devices' HA Maintenance interface or Ethernet Devices (VLAN); otherwise, the devices may not be able to communicate with each other. Version 7.2 Mediant 4000 SBC...
Page 626 Mediant 4000 SBC This page is intentionally leftblank. User's Manual Document #: LTRT-42025...
Page 627: Maintenance
Part VIII Maintenance...
Page 629: Basic Maintenance
Timeout' field (see next step). During this interval, no new traffic is accepted. If no traffic exists and the time has not yet expired, the device resets immediately. • No: Reset begins immediately, regardless of traffic. Any existing traffic is immediately terminated. Version 7.2 Mediant 4000 SBC...
Page 630: Locking And Unlocking The Device
Mediant 4000 SBC In the 'Shutdown Timeout' field (available only if the 'Graceful Option' field is configured to Yes), enter the time after which the device resets. Note that if no traffic exists and the time has not yet expired, the device resets.
Page 631 User's Manual 35. Basic Maintenance calls. The 'Gateway Operational State' read-only field displays "UNLOCKED". Version 7.2 Mediant 4000 SBC...
Page 632: Saving Configuration
Mediant 4000 SBC 35.3 Saving Configuration When you configure parameters and tables in the Web interface and then click the Apply button on the pages in which the configurations are done, changes are saved to the device's volatile memory (RAM). These changes revert to their previous settings if the device subsequently resets (hardware or software) or powers down.
Page 633: Channel Maintenance
You can forcibly disconnect all active calls, or disconnect specific calls based on Session  To disconnect calls through CLI:  Disconnect all active calls: # clear voip calls  Disconnect active calls belonging to a specified Session ID: # clear voip calls <Session ID> Version 7.2 Mediant 4000 SBC...
Page 634 Mediant 4000 SBC This page is intentionally left blank. User's Manual Document #: LTRT-42025...
Page 635: Auxiliary Files
''Locking and Unlocking the Device'' on page 630. 37.1.1 Loading Auxiliary Files through Web Interface The following procedure describes how to load Auxiliary files through the Web interface. Version 7.2 Mediant 4000 SBC...
Page 636: Loading Auxiliary Files Through Cli
Mediant 4000 SBC Note: • When loading an ini file through the Auxiliary Files page (as described in this section), only parameter settings specified in the ini file are applied to the device; all other parameters remain at their current settings.
Page 637: Deleting Auxiliary Files
(in any standard text editor) to suit your specific requirements and then convert the modified ini file into binary dat file format, using AudioCodes DConvert utility. For more information, refer to the DConvert Utility User's Guide.
Page 638 Mediant 4000 SBC Only eight AM tones, in the range of 1 to 128 kHz, can be configured (the detection range is limited to 1 to 50 kHz). Note that when a tone is composed of a single frequency, the second frequency field must be set to zero.
Page 639 High Freq [Hz]=0 Low Freq Level [-dBm]=10 (-10 dBm) High Freq Level [-dBm]=32 (use 32 only if a single tone is required) First Signal On Time [10msec]=300; the dial tone is detected after 3 sec Version 7.2 Mediant 4000 SBC...
Page 640: Prerecorded Tones File
Audition), and then combined into a single and loadable PRT file (.dat) using the latest version of AudioCodes DConvert utility (refer to the DConvert Utility User's Guide). Once created, you need to install the PRT file on the device (flash memory), using the Web interface (see 'Loading Auxiliary Files' on page 635) or CLI.
Page 641: Dial Plan File
Plans as required. Save the file with the ini file extension name (e.g., mydialplanfile.ini). Convert the ini file to a dat binary file, using AudioCodes DConvert utility. For more information, refer to DConvert Utility User's Guide. Load the converted file to the device, as described in ''Loading Auxiliary Files'' on page 635.
Page 642: Obtaining Ip Destination From Dial Plan File
Mediant 4000 SBC 37.5.2 Obtaining IP Destination from Dial Plan File You can use a Dial Plan index listed in a loaded Dial Plan file for determining the IP destination of SBC (see note below) calls. This enables the mapping of called numbers to IP addresses (in dotted-decimal notation) or FQDNs (up to 15 characters).
Page 643: User Information File
644  CLI - see Configuring SBC User Info Table through CLI on page 645  Loadable User Info file - see ''Configuring SBC User Info Table in Loadable Text File'' on page 646 Version 7.2 Mediant 4000 SBC...
Page 644: Configuring Sbc User Info Table Through Web Interface
Mediant 4000 SBC 37.6.2.1 Configuring SBC User Info Table through Web Interface The following procedure describes how to configure the SBC User Info table through the Web interface. Note: • To configure the User Info table, make sure that you have enabled the feature as described in Enabling the User Info Table on page 643.
Page 645: Configuring Sbc User Info Table Through Cli
(SuePark) username (userSue) password (t6sn+un=) ip-group-id (1) status (not-resgistered)  To view a specific entry (example): (sip-def-proxy-and-reg)# user-info sbc-user-info <index, e.g., 0> (sbc-user-info-0)# display local-user (JohnDee) username (userJohn) password (s3fn+fn=) ip-group-id (1) status (not-resgistered) Version 7.2 Mediant 4000 SBC...
Page 646: Configuring Sbc User Info Table In Loadable Text File
Mediant 4000 SBC  To search a user by local-user: (sip-def-proxy-and-reg)# user-info find <local-user, e.g., JohnDoe> JohnDee: Found at index 0 in SBC user info table, not registered Note: To configure the User Info table, make sure that you have enabled the feature as described in Enabling the User Info Table on page 643.
Page 647: Viewing The Installed User Info File Name
The XML-to-binary format conversion can be done using AudioCodes DConvert utility. For more information on using this utility, refer to DConvert Utility User's Guide. Only one AMD Sensitivity file can be installed on the device.
Page 648 Mediant 4000 SBC This page is intentionally leftblank. User's Manual Document #: LTRT-42025...
Page 649: License Key
License Key The License Key determines the device's supported features and call capacity, as ordered from your AudioCodes sales representative. You can upgrade or change your device's supported features and capacity, by purchasing and installing a new License Key that match your requirements.
Page 650: Installing A New License Key
 Serial Number: Device's serial number.  Board Type: AudioCodes internal identification number of the type of your device.  Remote License Server / Remote License Server IP: For more information, see Upgrading SBC Capacity Licenses by License Pool Manager Server on page 657.
Page 651: Installing A License Key String
The License Key page uses color-coded icons to indicate the changes between the previous License Key and the newly loaded License Key (for more information, see Installing License Key through Web Interface on page 650). Version 7.2 Mediant 4000 SBC...
Page 652: Installing A License Key File
Mediant 4000 SBC Click Apply New License Key; the following message box appears: Figure 38-4: Apply New License Key Message Click Reset; the device begins to save the file to flash memory with a reset and the following progress message box appears:...
Page 653 Figure 38-7: Apply New License Key Message Click Reset; the device begins to save the file to flash memory with a reset and the following progress message box appears: Figure 38-8: Reset in Progress for License Key Version 7.2 Mediant 4000 SBC...
Page 654 Mediant 4000 SBC When installation completes, the following message box appears: Figure 38-9: Reset and Save-to-Flash Success Message Clock Close to close the message box; you are logged out of the Web interface and prompted to log in again. The features and capabilities displayed on the License Key page now reflect the newly installed License Key.
Page 655 HA switchover mechanism. When you click the button, the process starts and a message box is displayed indicating the installation progress: Figure 38-10: Hitless License Key Upgrade - Progress When installation completes, the following message box appears: Figure 38-11: Hitless License Upgrade Successfully Completed Version 7.2 Mediant 4000 SBC...
Page 656: Installing License Key Through Cli
Mediant 4000 SBC • Non-Hitless Upgrade: Installs the License Key simultaneously on both devices where both undergo a reset and therefore, current calls are terminated. When you click the button, the process starts and the following progress message box appears:...
Page 657: Upgrading Sbc Capacity Licenses By License Pool Manager Server
Manager Server The device can receive SBC capacity (session) licenses from a centralized pool of SBC resources managed by the License Pool Manager Server running on AudioCodes OVOC. The License Pool Manager Server can dynamically allocate and de-allocate SBC licenses from the pool to devices in the network to meet capacity demands of each device, whenever required.
Page 658 Mediant 4000 SBC  Remote License Server IP: IP address of the License Server. The device periodically checks with the License Pool Manager Server for SBC capacity licenses. The License Pool Manager Server identifies the device by serial number. If it has an SBC license for the device, it sends it to the device.
Page 659: Backing Up The License Key
: Saves the License Key as a file to a folder on your computer. By default, the device names the file "license". • : Copies the License Key as a string to your computer's clipboard. You can then paste the string into any application, for example, an e-mail message. Version 7.2 Mediant 4000 SBC...
Page 660: Viewing The Device's Product Key
Viewing the Device's Product Key The Product Key identifies a specific purchase of your device installation for the purpose of subsequent communication with AudioCodes (e.g., for support and software upgrades). The Product Key is your chassis' serial number--"S/N(Product Key)"--which also appears on the product label affixed to the chassis.
Page 661: Software Upgrade Wizard
An HA switchover occurs from active device (i.e., the initial redundant device) to redundant device (i.e., the initial active device) to return the devices to their original HA state. Only the initial redundant deviceundergoes a reset to return to redundant state. Version 7.2 Mediant 4000 SBC...
Page 662 Mediant 4000 SBC Note: • You can obtain the latest software files from AudioCodes Web site at http://www.audiocodes.com/downloads. • When you start the wizard, the rest of the Web interface is unavailable. After the files are successfully installed with a device reset, access to the full Web interface is restored.
Page 663 Cancel. However, if you continue with the wizard and start loading the cmp file, the upgrade process must be completed with a device reset. Click Browse, and then navigate to and select the .cmp file. Version 7.2 Mediant 4000 SBC...
Page 664 Mediant 4000 SBC Click Load File; the device begins to install the .cmp file and a progress bar displays the status of the loading process: Figure 39-2: CMP File Loading Progress Bar When the file is loaded, a message is displayed to inform you.
Page 665 (according to the .cmp file) and thereby, overwrite values previously configured for these parameters. Click Reset; a progress bar is displayed, indicating the progress of saving the files to flash and device reset. Figure 39-4: Progress Bar Indicating Burning Files to Flash Version 7.2 Mediant 4000 SBC...
Page 666 Mediant 4000 SBC Note: Device reset may take a few minutes (even up to 30 minutes), depending on .cmp file version. When the device finishes the installation process and resets, the wizard displays the following, which lists the installed .cmp software version and other files that you may...
Page 667: Configuration File
The following procedure describes how to load a configuration file from a folder on your PC to the device. You can load any of the following configuration file types:  ini file  CLI Script file  CLI Startup Script file Version 7.2 Mediant 4000 SBC...
Page 668 Mediant 4000 SBC Warning: • When loading an ini file as described in this section, parameters not included in the ini file are restored to default settings. If you want to keep the device's current configuration settings and also apply the settings specified in the ini file, load the file through the Auxiliary Files page, as described in Loading Auxiliary Files through Web Interface on page 635.
Page 669: Automatic Provisioning
Open the Network Settings page (Setup menu > IP Network tab > Advanced folder > Network Settings). From the 'Enable DHCP" drop-down list, select Enable. Figure 41-1: Enabling DHCP Client Functionality Click Apply. To activate the DHCP process, reset the device. Version 7.2 Mediant 4000 SBC...
Page 670: Provisioning The Device Using Dhcp Option 160
Mediant 4000 SBC The following shows an example of a configuration file for a Linux DHCP server (dhcpd.conf). The devices are allocated temporary IP addresses in the range 10.31.4.53 to 10.31.4.75. TFTP is assumed to be on the same computer as the DHCP server (alternatively, the "next-server"...
Page 671: Http-Based Provisioning
The only configuration required is to preconfigure the device(s) with the URL of the initial (master) ini file. This can be done using one of the following methods:  DHCP, as described in ''DHCP-based Provisioning'' on page 669 or via TFTP at a Version 7.2 Mediant 4000 SBC...
Page 672: Ftp-Based Provisioning
Provisioning'' on page 671 is that the protocol in the URL is "ftp" (instead of "http"). 41.1.4 Provisioning using AudioCodes OVOC AudioCodes OVOC server functions as a core-network provisioning server. The device's SNMP Manager should be configured with the IP address of the OVOC server, using one of the methods detailed in the previous sections.
Page 673: Files Provisioned By Automatic Update
Automatic Update settings and other configuration settings that require a device reset. The URL of the server where this file is located is configured by the AUPDStartupScriptURL ini file parameter or CLI command, configure system > automatic-update > startup-script <URL>. Version 7.2 Mediant 4000 SBC...
Page 674: File Location For Automatic Update
Mediant 4000 SBC 41.2.2 File Location for Automatic Update The files for updating the device can be stored on any standard Web (HTTP/S), TFTP, or FTP, server. The files can be loaded periodically to the device using HTTP/S, TFTP, or FTP, .
Page 675: File Template For Automatic Provisioning
URL is replaced with the filename and extension, as listed in the below table. For example, if you configure the AupdFilesList parameter as in Step 1 and the TemplateUrl parameter to: • ini File: TemplateUrl = 'http://10.8.8.20/Site1_<FILE>' • CLI: Version 7.2 Mediant 4000 SBC...
Page 676: Triggers For Automatic Update
Mediant 4000 SBC # configure system (config-system)# automatic update (automatic-update)# template-url http://10.8.8.20/Site1_<FILE> The device sends HTTP requests to the following URLs: • http://10.8.8.20/Site1_device.ini • http://10.8.8.20/Site1_fk.ini • http://10.8.8.20/Site1_cpt.data Place the files to download on the provisioning server. Make sure that their file names and extensions are based on the hardcoded string values specific to the file type for the <FILE>...
Page 677: Access Authentication With Http Server
(working in conjunction with the HTTP If- Modified-Since header, described further on in this section). Version 7.2 Mediant 4000 SBC...
Page 678 Mediant 4000 SBC You can configure the information sent in the User-Agent header, using the AupdHttpUserAgent parameter or CLI command, configure system > http-user-agent. The information can include any user-defined string or the following supported string variable tags (case-sensitive): •...
Page 679 If the serial number is the same and the license key is different to the one currently installed on the device, it applies the new License Key. For devices in HA mode, the License Key is applied to both active and redundant units. Version 7.2 Mediant 4000 SBC...
Page 680: File Download Sequence
Mediant 4000 SBC If the device receives an HTTP 301/302/303 redirect response from the provisioning server, it establishes a connection with the new server at the redirect URL and re- sends the HTTP Get request. 41.2.8 File Download Sequence Whenever the Automatic Update feature is triggered (see ''Triggers for Automatic Update''...
Page 681: Cyclic Redundancy Check On Downloaded Configuration Files
For enabling CRC, use the ini file parameter AUPDCheckIfIniChanged or CLI command, configure system > automatic-update > crc-check regular. By default, CRC is disabled. For more information on the parameter, see ''Automatic Update Parameters'' on page 848. Version 7.2 Mediant 4000 SBC...
Page 682: Automatic Update Configuration Examples
Mediant 4000 SBC 41.2.10 Automatic Update Configuration Examples This section provides a few examples on configuring the Automatic Update feature. 41.2.10.1 Automatic Update for Single Device This simple example describes how to configure the Automatic Update feature for updating a single device. In this example, the device queries the provisioning server for software, configuration and Auxiliary files every 24 hours.
Page 683: Automatic Update From Remote Servers
'ftps://root:wheel@ftpserver.corp.com/feature_key.txt' Software (.cmp) and ini files: Set up an HTTP Web server and copy the .cmp and configuration files to the server. Configure the device with the URL paths of the .cmp and ini files: Version 7.2 Mediant 4000 SBC...
Page 684: Automatic Update For Mass Deployment
Mediant 4000 SBC ♦ ini File: AutoCmpFileUrl = 'http://www.company.com/device/sw.cmp' IniFileURL = 'http://www.company.com/device/inifile.ini' ♦ CLI: # configure system (config-system)# automatic update (automatic-update)# auto-firmware 'http://www.company.com/sw.cmp' (automatic-update)# startup-script https://company.com/files/startup_script.txt Configure the device with the IP address of the DNS server for resolving the domain...
Page 685 (e.g., http://www.company.com) that is used in the URL for the provisioning server. This is done in the IP Interfaces table: ♦ ini File: [ InterfaceTable ] FORMAT InterfaceTable_Index = InterfaceTable_ApplicationTypes, InterfaceTable_InterfaceMode, InterfaceTable_IPAddress, InterfaceTable_PrefixLength, InterfaceTable_Gateway, InterfaceTable_VlanID, InterfaceTable_InterfaceName, InterfaceTable_PrimaryDNSServerIPAddress, InterfaceTable_SecondaryDNSServerIPAddress, InterfaceTable_UnderlyingDevice; Version 7.2 Mediant 4000 SBC...
Page 686 Mediant 4000 SBC InterfaceTable 0 = 6, 10, 10.15.7.95, 16, 10.15.0.1, 1, "Voice", 80.179.52.100, 0.0.0.0, "vlan 1"; [ \InterfaceTable ] ♦ CLI: # configure network (config-network)# interface network-if 0 (network-if-0)# primary-dns 80.179.52.100 Power down and then power up the device.
Page 687: Sbc Configuration Wizard
SBC Configuration Wizard, their new settings are used. • On some wizard pages, the availability of certain fields depends on the selected application. Version 7.2 Mediant 4000 SBC...
Page 688: Starting The Sbc Configuration Wizard
Figure 42-1: SBC Configuration Wizard - Welcome Page If desired, the SBC Configuration Wizard allows you to share usage statistics with AudioCodes in order to help us improve our software. To agree, select the 'Report usage statistics' check box, and then fill in the subsequent fields.
Page 689: General Setup Page
SIP REGISTER, SUBSCRIBE and NOTIFY messages. If you selected the SIP Trunk application in Step 1, do the following: From the 'IP-PBX' drop-down list, select the IP PBX model. If the model is not listed, select Generic IP-PBX. Version 7.2 Mediant 4000 SBC...
Page 690 Mediant 4000 SBC From the 'SIP-Trunk' drop-down list, select the SIP trunk provider. If the provider is not listed, select Generic SIP Trunk. To generate a configuration template based on the individual properties of the selected IP PBX and SIP Trunk, instead of using the existing template for the specific combination, select the 'Override template' check box.
Page 691: System Page
DNS server and the IP PBX or ITSP require the use of hostnames instead of IP addresses. Select the 'Apply local DNS' check box, and then configure the following parameters: Version 7.2 Mediant 4000 SBC...
Page 692: Interfaces Page
Mediant 4000 SBC ♦ 'Domain Name': Domain name to resolve into an IP address. ♦ 'First IP address': IP address of the domain name. ♦ 'Secondary IP address': Second IP address of the domain name (optional). For more information on configuring the device's DNS table, see Configuring the Internal DNS Table on page 152.
Page 693: Ip-Pbx Page
'NAT Public IP': Displays the public IP address (of the Enterprise router) for communicating with the IP PBX. The field is applicable only when the device is connected to a router that performs NAT.  To configure IP PBX settings: Under the IP-PBX group, configure the following: Version 7.2 Mediant 4000 SBC...
Page 694 Mediant 4000 SBC • 'Address': Configure the IP address (or hostname) of the IP PBX. Note that for the One port: WAN network topology, when the device is assigned a public IP address, you must use the public IP address (of the Enterprise router) instead of the private address of the IP PBX, and configure the Enterprise router to forward VoIP traffic from the device to the IP PBX.
Page 695: Sip Trunk Page
Under the SIP Trunk group, configure the following: • 'Address': Configures the IP address or hostname of the SIP Trunk. • 'Backup Address': (Optional) Configures the backup IP address or hostname of the SIP Trunk. Version 7.2 Mediant 4000 SBC...
Page 696 Mediant 4000 SBC • 'SIP Domain': Configures the SIP domain name for communicating with the SIP Trunk. The domain name is used in the following SIP message headers: ♦ Outbound calls: Request-URI and To headers ♦ Inbound calls: From header •...
Page 697: Number Manipulation Page
'Password': Password for communication with ARM. Click Next; the Remote Users (FEU) page appears (see Remote Users Page on page 698). The example below changes the number "+15033311432" to "03311432":  Prefix: "+1503"  Remove:"4"  Add: "0" Version 7.2 Mediant 4000 SBC...
Page 698: Remote Users Page
Mediant 4000 SBC 42.8 Remote Users Page The Remote Users (FEU) wizard page configures the remote users settings. Note: This page is applicable only to IP PBXs that support such configuration. Figure 42-8: SBC Configuration Wizard - Remote Users Page ...
Page 699: Summary Page
To save the configuration as an ini file to a folder on your PC, click the Save INI file button. You can later load the file to the device (see Loading an ini File to the Device on page 667). Click Next; the Congratulations page appears (see Congratulations Page on page 700). Version 7.2 Mediant 4000 SBC...
Page 700: Congratulations Page
Mediant 4000 SBC 42.10 Congratulations Page The Congratulations wizard page is the last wizard page and allows you to complete configuration. Figure 42-10: SBC Configuration Wizard - Congratulations Page  To complete the SBC Configuration Wizard:  Click Apply & Reset to apply configuration to the device or click Save INI File to save configuration as an ini file on your PC.
Page 701: Restoring Factory Defaults
# enable At the prompt, type the password again, and then press Enter: # Password: Admin At the prompt, type the following to reset the device to default settings, and then press Enter: # write factory Version 7.2 Mediant 4000 SBC...
Page 702: Restoring Factory Defaults Through Web Interface
Mediant 4000 SBC 43.2 Restoring Factory Defaults through Web Interface You can restore the device to factory defaults through the Web interface. Note: When restoring to factory defaults, you can preserve your IP network settings that are configured in the IP Interfaces table (see ''Configuring IP Network Interfaces'' on page 129), as described in the procedure below.
Page 703: Status, Performance Monitoring And Reporting
Part IX Status, Performance Monitoring and Reporting...
Page 705: System Status
Product Key, which identifies the specific device purchase. The Product Key also appears on the product label that is affixed to the chassis, as "S/N(Product Key)". For more information, see Viewing the Device's Product Key on page 660. Version 7.2 Mediant 4000 SBC...
Page 706 Mediant 4000 SBC Parameter Description Board Type Product name of the device. Device Up Time Duration that the device has been up and running since the last reset. The duration is displayed in the following format: dd:hh:mm:ss:100th of a second Device Administrative State Administrative status ("Unlocked"...
Page 707: Viewing Device Status On Monitor Page
INVITE and REGISTER, or in-dialog transactions such as UPDATE and BYE). The corresponding • Registered Users: Number of users registered with the device. The corresponding SNMP performance monitoring MIB is PM_gwSBCRegisteredUsers. Figure 44-2: Viewing Call Statistics on Monitor Page Version 7.2 Mediant 4000 SBC...
Page 708 Mediant 4000 SBC  Graphical display of the device with color-coded status icons, as shown in the figure below and described in the subsequent table: Note: For a description of the Monitor page when the device is in High Availability (HA) mode, see HA Status Display on Monitor Web Page on page 609.
Page 709 (green): Ethernet link is working  (gray): Ethernet link is not connected To view detailed Ethernet port information, click these icons to open the Ethernet Port Information page (see Viewing Ethernet Port Information on page 733). Version 7.2 Mediant 4000 SBC...
Page 710 Mediant 4000 SBC This page is intentionally left blank. User's Manual Document #: LTRT-42025...
Page 711: Reporting Dsp Utilization Through Snmp Mib
SNMP MIB table, acPMDSPUsage. You can also configure low and high DSP utilization thresholds this MIB, that crossed, SNMP trap event, acPerformanceMonitoringThresholdCrossing is sent by the device. For more information on this MIB, refer to the SNMP Reference Guide. Version 7.2 Mediant 4000 SBC...
Page 712 Mediant 4000 SBC This page is intentionally left blank. User's Manual Document #: LTRT-42025...
Page 713: Viewing Carrier-Grade Alarms
Critical (red)  Major (orange)  Minor (yellow) Source Component of the device from which the alarm was raised. Description Brief description of the alarm. Date Date (DD/MM/YYYY) and time (HH:MM:SS) the alarm was raised. Version 7.2 Mediant 4000 SBC...
Page 714: Viewing History Alarms
Mediant 4000 SBC 46.2 Viewing History Alarms You can view all SNMP alarms, in the Web interface's Alarms History table, that have been raised (active alarms) as well as cleared (resolved). One of the benefits of this is that you can view alarms that may have been raised and then cleared on a continuous basis.
Page 715 Description Date Date (DD/MM/YYYY) and time (HH:MM:SS) the alarm was raised.  To delete all the alarms in the table: Click the Delete History Table button; a confirmation message box appears. Click OK to confirm. Version 7.2 Mediant 4000 SBC...
Page 716 Mediant 4000 SBC This page is intentionally left blank. User's Manual Document #: LTRT-42025...
Page 717: Viewing Management User Activity Logs
Username of the user account that performed the activity. Interface Protocol used for connecting to the management interface (e.g., Telnet, SSH, Web, or HTTP). Client IP address of the client PC from where the user accessed the management interface. Version 7.2 Mediant 4000 SBC...
Page 718 Mediant 4000 SBC This page is intentionally left blank. User's Manual Document #: LTRT-42025...
Page 719: Viewing Performance Monitoring
From the 'SRD/IP Group' drop-down list, select whether you want to view statistic for an SRD or IP Group. From the 'Index' drop-down list, select the SRD or IP Group index. From the 'Direction' drop-down list, select the call direction: Version 7.2 Mediant 4000 SBC...
Page 720 Mediant 4000 SBC • In: incoming calls • Out: outgoing calls • Both: incoming and outgoing calls From the 'Type' drop-down list, select the SIP message type: • INVITE: INVITE • SUBSCRIBE: SUBSCRIBE • Other: all SIP messages If there is no data for the charts, the chart appears gray and "No Data" is displayed to the right of the chart.
Page 721: Viewing Average Call Duration
The minimum resolution is about 30 seconds; the maximum resolution is about an hour. To pause the graph, click the Pause button; click Play to resume. Version 7.2 Mediant 4000 SBC...
Page 722: Configuring Performance Profiles
Mediant 4000 SBC 48.3 Configuring Performance Profiles The Performance Profile table lets you configure up to 2628 Performance Profile rules. A Performance Profile rule defines thresholds of performance monitoring call metrics for Major and Minor severity alarms. If the threshold is crossed, the device raises the corresponding severity alarm.
Page 723 92 (i.e., 90 + 2) crosses the configured Minor threshold with hysteresis. Yellow to Green (alarm The change occurs if the measured metric 92 (i.e., 90 + 2) cleared) crosses the configured Minor threshold with hysteresis. Version 7.2 Mediant 4000 SBC...
Page 724 Mediant 4000 SBC Note: • Forwarded calls are not considered in the calculation for ASR and NER. • If you don't configure thresholds for a specific metric, the device still provides current performance monitoring values of the metric, but does not raise any threshold alarms for it.
Page 725 For example, if you configure the 'Major Threshold' parameter to 70% and the 'Hysteresis' parameter to 2%, the device considers a threshold crossing from Red to Yellow only if the ASR crosses 72% (i.e., 70% + 2%). Version 7.2 Mediant 4000 SBC...
Page 726 Mediant 4000 SBC Parameter Description Minimum Samples Defines the minimum number of call sessions (sample) that is required for the device to calculate the performance minimum-samples monitoring metrics (per window size). If the number of call [PerformanceProfile_MinimumSample] sessions is less than the configured value, no calculation is done.
Page 727: Viewing Voip Status
10 seconds from the proxy/registrar server.  CLI: • SBC users: # show voip register db sbc list • SBC contacts of a specified AOR: # show voip register db sbc user <Address Of Record> Version 7.2 Mediant 4000 SBC...
Page 728: Viewing Proxy Set Status
Mediant 4000 SBC 49.2 Viewing Proxy Set Status You can view the status of Proxy Sets that are used in your call routing topology. Proxy Sets that are not associated with any routing rule are not displayed. To configure proxy Sets, see Configuring Proxy Sets on page 366.
Page 729 "NOT RESOLVED": Proxy address is configured as an FQDN, but the DNS resolution has failed.  Empty field: Keep-alive for the proxy is disabled or the device has yet to send a keep-alive to the proxy. Version 7.2 Mediant 4000 SBC...
Page 730: Viewing Registration Status
Mediant 4000 SBC 49.3 Viewing Registration Status You can view the registration status of the device's SIP Accounts.  To view registration status:  Open the Registration Status table (Monitor menu > Monitor tab > VoIP Status folder > Registration Status).
Page 731: Viewing Sbc Cdr History
CDR is added, the last CDR entry is removed from the table. Note: • The CDR fields in the table cannot be customized. • If the device is reset, all CDRs are deleted from memory and from the table. Version 7.2 Mediant 4000 SBC...
Page 732 Mediant 4000 SBC  To view SBC CDR history:  Web: Open the SBC CDR History table (Monitor menu > Monitor tab > VoIP Status folder > SBC CDR History). Figure 49-4: SBC CDR History Table  CLI: • All CDR history: # show voip calls history sbc •...
Page 733: Viewing Network Status
Navigation tree: Monitor menu > Monitor tab > Network Status folder > Ethernet Port Information. • Monitor home page: Click an Ethernet port on the graphical display of the device (see ''Viewing Device Status on Monitor Page'' on page 707). Version 7.2 Mediant 4000 SBC...
Page 734: Viewing Static Routes Status
Mediant 4000 SBC Table 50-1: Ethernet Port Information Table Description Parameter Description Port Name Displays the name of the port. Active Displays whether the port is active ("Yes") or not ("No"). Speed Displays the speed of the Ethernet port. Duplex Mode Displays whether the port is half- or full-duplex.
Page 735: Viewing Hardware Status
Navigation tree: Monitor menu > Monitor tab > Hardware folder > Components Status. • Monitor home page: Click a power supply or fan tray icon (see ''Viewing Device Status on Monitor Page'' on page 707). Version 7.2 Mediant 4000 SBC...
Page 736 Mediant 4000 SBC This page is intentionally leftblank. User's Manual Document #: LTRT-42025...
Page 737: Reporting Information To External Party
Description CallID Call ID - call ID from the SIP dialog LocalID Local ID - identifies the reporting endpoint for the media session RemoteID Remote ID - identifies the remote endpoint of the media session Version 7.2 Mediant 4000 SBC...
Page 738 Mediant 4000 SBC Metric Parameter Description OrigID Originating ID - Identifies the endpoint which originated the session LocalAddr Local Address - IP address, port, and SSRC of the endpoint/UA which is the receiving end of the stream being measured RemoteAddr...
Page 739 MOSCQEstAlg MOS-CQ Est. Algorithm - name (string) of the algorithm used to estimate MOSCQ QoEEstAlg QoE Est. Algorithm - name (string) of the algorithm used to estimate all voice quality metrics DialogID Identification of the SIP dialog with which the media session is related Version 7.2 Mediant 4000 SBC...
Page 740 Mediant 4000 SBC Below shows an example of a SIP PUBLISH message sent with RTCP XR and QoE information: PUBLISH sip:172.17.116.201 SIP/2.0 Via: SIP/2.0/UDP 172.17.116.201:5060;branch=z9hG4bKac2055925925 Max-Forwards: 70 From: <sip:172.17.116.201>;tag=1c2055916574 To: <sip:172.17.116.201> Call-ID: 20559160721612201520952@172.17.116.201 CSeq: 1 PUBLISH Contact: <sip:172.17.116.201:5060> Allow: REGISTER,OPTIONS,INVITE,ACK,CANCEL,BYE,NOTIFY,PRACK,REFER,INFO,SUB...
Page 741: Generating Call Detail Records
In addition, CDRs can be generated for SIP signaling and/or media. The device can send CDRs to any of the following:  Syslog server. The CDR Syslog message complies with RFC 3164 and is identified by Facility 17 (local1) and Severity 6 (Informational). Version 7.2 Mediant 4000 SBC...
Page 742: Cdr Field Description
Mediant 4000 SBC  RADIUS server. For CDR in RADIUS format, see ''Configuring RADIUS Accounting'' on page 780. To configure RADIUS servers for CDR reporting, see ''Configuring RADIUS Servers'' on page 229. Note: To view SBC CDRs stored on the device's memory, see Viewing SBC CDR History on page 731.
Page 743 The maximum number of characters for tabular alignment are given in the table below. Table 52-2: CDR Field Descriptions Field Description Accounting Displays the CDR Report Type in numeric representation (integer), used mainly for Status Type the RADIUS Accounting Status Type attribute (40): Version 7.2 Mediant 4000 SBC...
Page 744 Mediant 4000 SBC Field Description  [305] "1" = “Accounting Start” for CALL_START or CALL_CONNECT  "2" = “Accounting Stop” for CALL_END Note:  The field is included in the default CDR.  The field is applicable to all CDR Report Types.
Page 745 Displays the name of the called party. The field is a string of up to 36 characters. Note: [432]  The field is included in the default CDR.  The field is applicable to all CDR Report Types.  The field is applicable only to SBC signaling and Gateway CDRs. Version 7.2 Mediant 4000 SBC...
Page 746 Mediant 4000 SBC Field Description  The default field title is "Callee" in the sent CDR.  The maximum number of characters for Syslog tabular alignment is 37. Caller Display Displays the name of the caller (caller ID). The field is a string of up to 50 characters.
Page 747 The field is a string of up to 150 characters. Manipulation Note: [803]  The field is included in the default CDR.  The field is applicable to all CDR Report Types.  The field is applicable only to SBC signaling CDRs. Version 7.2 Mediant 4000 SBC...
Page 748 Mediant 4000 SBC Field Description  The default field title is "DstURIBeforeMap".  The maximum number of characters for Syslog tabular alignment is 41. Destination Displays the destination URI (username@host) after manipulation, if any. The field is a string of up to 150 characters.
Page 749 Format and Gateway CDR Format tables.  The field is applicable to all CDR Report Types.  The field is applicable only to SBC signaling and Gateway CDRs.  The maximum number of characters for Syslog tabular alignment is 5. Version 7.2 Mediant 4000 SBC...
Page 750 Mediant 4000 SBC Field Description IP Profile Displays the IP Profile name. The field is a string of up to 40 characters. Name Note: [426]  The field is included in the default CDR.  The field is applicable to all CDR Report Types.
Page 751 Displays the local MOS for conversation quality. The field is an integer from 10 to 46 (127 if information is unavailable). [627] Note:  The field is included in the default CDR.  The field is applicable only to "CALL_END" and "MEDIA_END" CDR Report Types. Version 7.2 Mediant 4000 SBC...
Page 752 Mediant 4000 SBC Field Description  The field is applicable only to SBC media and Gateway CDRs.  The default field title is "LocalMosCQ".  The maximum number of characters for Syslog tabular alignment is 10. Local Output Displays the local output octets (bytes).
Page 753 The field is applicable to all CDR Report Types.  The field is applicable only to SBC signaling and Gateway CDRs.  The default field title is "MediaRealmId (name)".  The maximum number of characters for Syslog tabular alignment is 32. Version 7.2 Mediant 4000 SBC...
Page 754 Mediant 4000 SBC Field Description Media Type Displays the media type:  [304] "audio"  "video"  "text" Note:  The field is included in the default CDR.  The field is applicable only to "CALL_END" and "MEDIA_END" CDR Report Types.
Page 755 Displays the date and time the call ended (disconnected). The field is a string of up to 35 characters and presented in the following format: <hh:mm:ss:ms> UTC [413] <DDD> <MMM> <DD> <YYYY>. For example, "17:00:55.002 UTC Thu Dec 14 2017". Version 7.2 Mediant 4000 SBC...
Page 756 Mediant 4000 SBC Field Description Note:  To configure the time zone string (e.g., "UTC" - default, "GMT+1", and "EST"), use the TimeZoneFormat parameter.  The field is included in the default CDR.  The field is applicable to "CALL_END" CDR Report Types.
Page 757 The maximum number of characters for Syslog tabular alignment is 5. Remote R Displays the remote R-factor conversation quality. The field is an integer from 0 to Factor 120 (127 if information is unavailable). [626] Note: Version 7.2 Mediant 4000 SBC...
Page 758 Mediant 4000 SBC Field Description  The field is included in the default CDR.  The field is applicable only to "CALL_END" and "MEDIA_END" CDR Report Types.  The field is applicable only to SBC media and Gateway CDRs. ...
Page 759 Displays the date and time that the call was setup. The field value is a string of up to 35 characters and presented in the following format: [411] <hh:mm:ss:ms> UTC <DDD> <MMM> <DD> <YYYY>. For example, "17:00:49.052 UTC Thu Dec 14 2017" Version 7.2 Mediant 4000 SBC...
Page 760 Mediant 4000 SBC Field Description Note:  To configure the time zone string (e.g., "UTC" - default, "GMT+1", and "EST"), use the TimeZoneFormat parameter.  The field is included in the default CDR.  The field is applicable to all CDR Report Types.
Page 761 Displays the source IP address. The field value is a string of up to 20 characters. [402] Note:  The field is included in the default CDR.  The field is applicable to all CDR Report Types. Version 7.2 Mediant 4000 SBC...
Page 762 Mediant 4000 SBC Field Description  The field is applicable only to SBC signaling and Gateway CDRs.  The default field title is "SourceIp".  The maximum number of characters for Syslog tabular alignment is 20. Source Port Displays the SIP signaling source UDP port. The field value is an integer of up to 10 digits.
Page 763  The field is applicable only to "CALL_END" CDR Report Types.  The field is applicable only to SBC signaling and Gateway CDRs.  The default field title is "TrmReasonCategory" for Syslog and Local Storage, Version 7.2 Mediant 4000 SBC...
Page 764 Mediant 4000 SBC Field Description and "Termination Reason" for Web CDR History.  The maximum number of characters for Syslog tabular alignment is 17. Termination Displays the Q.850 reason codes (1-127) for call termination. For example, "16" for Reason Value Normal Termination.
Page 765 "RELEASE_BECAUSE_UNMATCHED_CREDENTIALS"  "UNABLE_TO_HANDLE_REMOTE_REQUEST"  "NO_CONFERENCE_RESOURCES_LEFT"  "RELEASE_BECAUSE_CONFERENCE_FULL"  "RELEASE_BECAUSE_MANUAL_DISC"  "RELEASE_BECAUSE_SILENCE_DISC"  "RELEASE_BECAUSE_NORTEL_XFER_SUCCESS"  "RELEASE_BECAUSE_RTP_CONN_BROKEN"  "RELEASE_BECAUSE_DISCONNECT_CODE"  "RELEASE_BECAUSE_GW_LOCKED"  "RELEASE_BECAUSE_FAIL"  "RELEASE_BECAUSE_FORWARD"  "RELEASE_BECAUSE_FORWARD_SUPPLEMENTARY"  "RELEASE_BECAUSE_ANONYMOUS_SOURCE"  "PREEMPTION_ANALOG_CIRCUIT_RESERVED_FOR_REUSE"  "RELEASE_POSTPONE_POSSIBLE"  "PREEMPTION_DUE_TO_HIGH_PRIORITY"  "PREEMPTION_FAILED" Version 7.2 Mediant 4000 SBC...
Page 766 Mediant 4000 SBC Field Description  "RELEASE_BECAUSE_PRECEDENCE_CALL_BLOCKED"  "RELEASE_BECAUSE_HELD_TIMEOUT"  "RELEASE_BECAUSE_MEDIA_MISMATCH"  "RELEASE_BECAUSE_MAX_DURATION_TIMER_EXPIRED"  "RELEASE_BECAUSE_TRANSCODING_FULL"  "NO_TRANSCODING_RESOURCES_LEFT"  "RELEASE_BECAUSE_IP_PROFILE_CALL_LIMIT"  "RELEASE_BECAUSE_OUT_MEDIA_LIMITS_EXCEEDED"  "CALL_TRANSFERRED"  "RELEASE_BECAUSE_CLASSIFICATION_FAILED"  "RELEASE_BECAUSE_AUTHENTICATION_FAILED"  "IPGROUP_REGISTRATION_MODE"  "RELEASE_BECAUSE_ARM_DROP"  "RELEASE_BECAUSE_SRC_IP_IS_NOT_DEDICATED_REGISTRAR"  "RELEASE_BECAUSE_ACCOUNT_NOT_REGISTERED"  "MEDIA_DEST_UNREACHABLE"  "START_ARM_ROUTING" ...
Page 767 The default field title is "Trigger".  The maximum number of characters for Syslog tabular alignment is 8. Was Call Displays whether the call was started or not (i.e., whether a "CALL_START" CDR Started Report was generated). Version 7.2 Mediant 4000 SBC...
Page 768: Customizing Cdrs For Sbc Calls
Mediant 4000 SBC Field Description  [415] "0": No INVITE was sent to the IP side for the Tel-to-IP call, or no Setup message was sent to the Tel side for the IP-to-Tel call. Note that the first "CALL_START" CDR report type of a new signaling leg has value "0".
Page 769 Examples of configured CDR customization rules are shown below: Figure 52-6: Examples of SBC CDR Customization Rules Table 52-3: SBC CDR Format Table Parameter Descriptions Parameter Description Index Defines an index number for the new table row. Version 7.2 Mediant 4000 SBC...
Page 770 Mediant 4000 SBC Parameter Description Note: Each row must be configured with a unique index. [SBCCDRFormat_Index] CDR Type Defines the application type for which you want to customize CDRs.  cdr-type [1] Syslog SBC = (Default) Customizes CDR fields for SIP signaling-related CDRs sent in Syslog messages.
Page 771 ID to 0 (default) for any of the RADIUS Attributes (configured in the 'Column Type' parameter) listed below and then apply your rule (Click Apply), the device automatically replaces the value with the RADIUS Attribute's ID according to the RFC:  Destination Username: 30 Version 7.2 Mediant 4000 SBC...
Page 772: Customizing Cdrs For Test Calls
Mediant 4000 SBC Parameter Description  Source Username: 31  Accounting Status Type: 40  Local Input Octets: 42  Local Output Octets: 43  Call Duration: 46  Local Input Packets: 47  Local Output Packets: 48 If you configure the value to 0 and the RADIUS Attribute is not any of the ones listed above, the configuration is invalid.
Page 773 Index 2: The default CDR field "Call Duration" for local CDR storage is changed to "call-duration=". Table 52-4: Test Call CDR Format Table Parameter Descriptions Parameter Description Index Defines an index number for the new table row. Note: Each row must be configured with a unique index. [GWCDRFormat_Index] Version 7.2 Mediant 4000 SBC...
Page 774 Mediant 4000 SBC Parameter Description CDR Type Defines the application type for which you want to customize CDRs.  cdr-type [0] Syslog Gateway = (Default) Customizes CDR field names for CDRs (media and signaling) sent in Syslog messages. [GWCDRFormat_CDRType] ...
Page 775 Call Duration: 46  Local Input Packets: 47  Local Output Packets: 48 If you configure the value to 0 and the RADIUS Attribute is not any of the ones listed above, the configuration is invalid. Version 7.2 Mediant 4000 SBC...
Page 776: Configuring Cdr Reporting
Mediant 4000 SBC 52.2.4 Configuring CDR Reporting To enable and configure CDR reporting, follow the procedure below. For detailed descriptions of the parameters, see ''Syslog, CDR and Debug Parameters'' on page 862.  To configure CDR reporting: Enable the Syslog feature for sending log messages generated by the device to a collecting log message server.
Page 777: Storing Cdrs On The Device
You can do the following with locally saved CDR files (*.csv), through the CLI (root menu):  View stored CDR files: • View all stored CDR files: # show storage-history • View all stored, unused CDR files: # show storage-history unused Version 7.2 Mediant 4000 SBC...
Page 778 Mediant 4000 SBC  Delete stored CDR files: • Delete all stored files: # clear storage-history cdr-storage-history all • Delete all stored, unused CDR files: # clear storage-history cdr-storage-history unused  Save stored CDR files to an external destination: # copy storage-history cdr-storage-history <filename> to <protocol://destination>...
Page 779 If you have enabled the CDR storage feature and you later decide to change the maximum number of files (CDRLocalMaxNumOfFiles) to a lower value (e.g., from 50 to 10), the device stores the remaining files (e.g., 40) in its memory (i.e., unused files). Version 7.2 Mediant 4000 SBC...
Page 780: Configuring Radius Accounting
Mediant 4000 SBC 52.3 Configuring RADIUS Accounting The device can send accounting data of SIP calls as call detail records (CDR) to a RADIUS Accounting server. CDR-based accounting messages can be sent upon call release, call connection and release, or call setup and release. This section lists the CDR attributes for RADIUS accounting.
Page 781 Customizing CDRs for SBC Calls on page 768. To configure the address of the RADIUS Accounting server, see ''Configuring RADIUS Servers'' on page 229. For all RADIUS-related configuration, see ''RADIUS-based Services'' on page 229. Version 7.2 Mediant 4000 SBC...
Page 782 Mediant 4000 SBC  To configure RADIUS accounting: Open the Call Detail Record Settings page (Troubleshoot menu > Troubleshoot tab > Call Detail Record folder > Call Detail Record Settings). Configure the following parameters: • From the 'Enable RADIUS Access Control' drop-down list (EnableRADIUS), select Enable.
Page 783 String h323-gw-id=<SIP Start gateway ID string> Stop sip-call-id SIP Call ID String sip-call- Start id=abcde@ac.com Stop call-terminator Terminator of the String call-terminator=yes Stop call:  "yes": Call terminated by the outgoing leg  "no": Call Version 7.2 Mediant 4000 SBC...
Page 784 Mediant 4000 SBC Vendor- Attribute Attribute Specific Value Description Example Name Attribute Format (VSA) ID terminated by the incoming leg terminator Terminator of the String terminator=originate Stop call:  "answer": Call originated from the incoming leg  "originate": Call originated from...
Page 785 (4923 23) h323-remote-address = 212.179.22.214 (4923 1) h323-ivr-out = h323-incoming-conf-id:02102944 600a1899 3fd61009 0e2f3cc5 (4923 30) h323-disconnect-cause = 22 (0x16) (4923 27) h323-call-type = VOIP (4923 26) h323-call-origin = Originate (4923 24) h323-conf-id = 02102944 600a1899 3fd61009 0e2f3cc5 Version 7.2 Mediant 4000 SBC...
Page 786 Mediant 4000 SBC This page is intentionally leftblank. User's Manual Document #: LTRT-42025...
Page 787: Diagnostics
Part X Diagnostics...
Page 789: Syslog And Debug Recording
Syslog messages, or CDRs. Disabling a rule is useful, for example, if you no longer require the rule, but may need it in the future. Thus, instead of deleting the rule entirely, you can simply disable it. Version 7.2 Mediant 4000 SBC...
Page 790 Mediant 4000 SBC Note: • If you want to configure a Log Filter rule that logs Syslog messages to a Syslog server (i.e., not to a Debug Recording server), you must enable Syslog functionality, using the 'Enable Syslog' (EnableSyslog) parameter (see ''Enabling Syslog'' on page 799).
Page 791 IP Group at Index 2 with the name "SIP Trunk", configure the parameter to either "2" or "SIP Trunk" (without apostrophes).  For IP trace expressions, see ''Filtering IP Network Traces'' on Version 7.2 Mediant 4000 SBC...
Page 792 Mediant 4000 SBC Parameter Description page 793. Log Destination Defines where the device sends the log file.  log-dest [0] Syslog Server = The device generates Syslog messages based on the configured log filter and sends them to a user- [LoggingFilters_LogDestination] defined Syslog server.
Page 793: Filtering Ip Network Traces
IP protocol type (PDU) entered as an enumeration value (e.g., 1 is ICMP, 6 is TCP, 17 is UDP) udp, tcp, icmp, sip, ldap, http, https Single expressions for protocol type udp.port, tcp.port Transport layer Version 7.2 Mediant 4000 SBC...
Page 794: Configuring Syslog
Mediant 4000 SBC Expression Description udp.srcport, tcp.srcport Transport layer for source port udp.dstport, tcp.dstport Transport layer for destination port and, &&, ==, <, > Between expressions Below are examples of configured expressions for the 'Value' parameter:  udp && ip.addr==10.8.6.55 ...
Page 795 In addition, the benefit of unique numbering is that it enables you to filter the information (such as SIP, Syslog, and media) according to device or session ID. The syntax of the session and device identifiers are as follows: Version 7.2 Mediant 4000 SBC...
Page 796: Event Representation In Syslog Messages
Mediant 4000 SBC Message Item Dscription [SID=<last 6 characters of device's MAC address>:<number of times device has reset>:<unique SID counter indicating the call session; increments consecutively for each new session; resets to 1 after a device reset>] For example: 14:32:52.028: 10.33.8.70: NOTICE: [S=9369] [SID=2ed1c8:96:5] (lgr_psbrdex)(274) recv <--...
Page 797 Counts the number of BFI Frames Received From The Host No Available Release Descriptor RTP Reorder Unknown RTP Payload Type RTP SSRC Error Unrecognized Fax Relay Command Invalid Accumulated Packets Counter Invalid Channel ID Invalid Header Length Invalid Codec Type Version 7.2 Mediant 4000 SBC...
Page 798: Identifying Audiocodes Syslog Messages Using Facility Levels
Unknown Aggregation Payload Type Invalid Routing Flag Received 53.2.1.2 Identifying AudioCodes Syslog Messages using Facility Levels The device’s Syslog messages can easily be identified and distinguished from Syslog messages from other equipment, by setting its Facility level. The Facility levels of the device's Syslog messages are numerically coded with decimal values.
Page 799: Snmp Alarms In Syslog Messages
The following procedure describes how to enable Syslog.  To enable Syslog: Open the Syslog Settings page (Troubleshoot menu > Troubleshoot tab > Logging folder > Syslog Settings). From the 'Enable Syslog' drop-down list, select Enable. Figure 53-2: Enabling Syslog Version 7.2 Mediant 4000 SBC...
Page 800: Configuring The Syslog Server Address
Mediant 4000 SBC Click Apply. 53.2.3 Configuring the Syslog Server Address The following procedure describes how to configure the Syslog server's address to where the device sends Syslog messages.  To configure the Syslog server address: Open the Syslog Settings page (Troubleshoot menu > Troubleshoot tab > Logging folder >...
Page 801: Configuring Reporting Of Management User Activities
Actions that are not related to parameter changes (for example, file uploads, file delete, lock-unlock maintenance actions, LDAP clear cache, register-unregister, and start-stop trunk. In the Web, these actions are typically done by clicking a button (e.g., the LOCK button). Version 7.2 Mediant 4000 SBC...
Page 802: Viewing Syslog Messages
When debug recording is enabled and Syslog messages are also included in the debug recording, to view Syslog messages using Wireshark, you must install AudioCodes' Wireshark plug-in (acsyslog.dll). Once the plug-in is installed, the Syslog messages are decoded as "AC SYSLOG" and displayed using the "acsyslog" filter (instead of the regular "syslog"...
Page 803: Configuring Debug Recording
You can select the Syslog messages displayed on the page, and copy and paste them into a text editor such as Notepad. This text file (txt) can then be sent to AudioCodes Technical Support for diagnosis and troubleshooting. 53.3 Configuring Debug Recording This section describes how to configure debug recording and how to collect debug recording packets.
Page 804: Configuring The Debug Recording Server Address
Click Apply. 53.3.2 Collecting Debug Recording Messages To collect debug recording packets, use the open source packet capturing program, Wireshark. AudioCodes proprietary plug-in files for Wireshark are required. Note: • The default debug recording port is 925. You can change the port in Wireshark (Edit menu >...
Page 805: Debug Capturing On Physical Voip Interfaces
Note that the source IP address of the messages is always the OAMP IP address of the device. The device adds the header "AUDIOCODES DEBUG RECORDING" to each debug recording message, as shown below: 53.3.3 Debug Capturing on Physical VoIP Interfaces You can capture traffic on the device's physical (Ethernet LAN) VoIP interfaces (Layer-2 VLAN tagged packets).
Page 806 Mediant 4000 SBC # debug capture VoIP physical get_last_capture <TFTP/FTP server IP address> The file is saved to the device's memory (not flash) and erased after a device reset.  Marks the captured file (useful for troubleshooting process): # debug capture VoIP physical insert-pad Before running this command, the debug capture must be started.
Page 807: Enabling Same Call Session Id Over Multiple Devices
The ID is unique to the call session and remains the same throughout the session even if the call traverses multiple devices. The Global Session ID appears in SIP messages using AudioCodes’ proprietary SIP header, AC-Session-ID, as shown in the example below: INVITE sip:2000@172.17.113.123;user=phone SIP/2.0...
Page 808 Mediant 4000 SBC This page is intentionally left blank. User's Manual Document #: LTRT-42025...
Page 809: Enabling Sip Call Flow Diagrams In Ovoc
55. Enabling SIP Call Flow Diagrams in OVOC Enabling SIP Call Flow Diagrams in OVOC You can configure the device to send SIP messages of SIP call dialogs to AudioCodes One Voice Operations Centers (OVOC) so that OVOC management users can view the call dialog as a call flow in graphical format.
Page 810 Mediant 4000 SBC Note: • If the Logging Filters table does not include any filtering rule for SIP call flow, the device sends call flow messages to OVOC for all calls. • The feature does not support SIPRec messages and REGISTER messages.
Page 811: Debugging Web Services
Open the Web Service Settings page (Setup menu > IP Network tab > Web Services folder > Web Service Settings). In the 'Debug Level' field (RestDebugMode), enter the debug level (or disable debugging by configuring it to 0): Click Apply. Version 7.2 Mediant 4000 SBC...
Page 812 Mediant 4000 SBC This page is intentionally leftblank. User's Manual Document #: LTRT-42025...
Page 813: Creating Core Dump And Debug Files Upon Device Crash
The files may assist you in identifying the cause of the crash. The core dump can either be included in or excluded from the debug file, or alternatively, sent separately to a TFTP server. You can then provide the files to AudioCodes support team for troubleshooting. ...
Page 814 Mediant 4000 SBC You can also delete the core dump file through CLI, as described in the following procedure:  To delete the core dump file:  Navigate to the root CLI directory (enable mode), and then enter the following...
Page 815: Testing Sip Signaling Calls
By default, you can configure up to five test calls. However, this number can be increased by installing the relevant License Key. For more information, contact your AudioCodes sales representative. The following procedure describes how to configure test calls through the Web interface.
Page 816 Mediant 4000 SBC Click New; the following dialog box appears: Figure 58-1: Test Call Rules Table - Add Dialog Box Configure a test call according to the parameters described in the table below. Click Apply, and then save your settings to flash memory.
Page 817 To configure QoE Profiles, see ''Configuring Quality of Experience Profiles'' on page 312. Bandwidth Profile Assigns a Bandwidth Profile to the test call. bandwidth-profile By default, no value is defined. To configure Bandwidth Profiles, see ''Configuring Bandwidth Version 7.2 Mediant 4000 SBC...
Page 818 Mediant 4000 SBC Parameter Description [Test_Call_BWProfile] Profiles'' on page 317. Authentication Note: These parameters are applicable only if the 'Call Party' parameter (see below) is configured to Caller. Auto Register Enables automatic registration of the endpoint. The endpoint can register to the device itself or to the 'Destination Address' or 'IP auto-register Group' parameter settings (see above).
Page 819: Starting And Stopping Test Calls
Dial: Starts the test call (applicable only if the test call party is the caller). • Drop Call: Stops the test call. • Restart: Ends all established calls and then starts the test call session again. Version 7.2 Mediant 4000 SBC...
Page 820: Viewing Test Call Status
Mediant 4000 SBC 58.3 Viewing Test Call Status You can view the status of test call rules in the 'Test Status' field of the Test Call Rules table. The status can be one of the following: Table 58-2: Test Call Status Description...
Page 821 "Done - Established Calls: <number of established calls>, ASR: <ASR>%": Test call has been successfully completed (or was prematurely stopped by clicking the Drop Call command) and shows the following:  Total number of test calls that were established. Version 7.2 Mediant 4000 SBC...
Page 822: Configuring Dtmf Tones For Test Calls
Mediant 4000 SBC Statistics Field Description  Number of successfully answered calls out of the total number of calls attempted (ASR). MOS Status MOS count and color threshold status of local and remote sides according to the assigned QoE Profile.
Page 823: Test Call Configuration Examples
Single Test Call Scenario: This example describes the configuration of a simple test call scenario that includes a single test call between a simulated test endpoint on the device and a remote endpoint. Figure 58-6: Single Test Call Example • Test Call Rules table configuration: Version 7.2 Mediant 4000 SBC...
Page 824 The test call is done between two AudioCodes devices - Device A and Device B - with simulated test endpoints. This eliminates the need for phone users, who would otherwise need to answer and end calls many times for batch testing.
Page 825 Route By: Dest Address ♦ Destination Address: "10.13.4.12" (this is the IP address of the device itself) ♦ SIP Interface: SIPInterface_0 ♦ Auto Register: Enable ♦ User Name: "testuser" ♦ Password: "12345" ♦ Call Party: Caller Version 7.2 Mediant 4000 SBC...
Page 826 Mediant 4000 SBC This page is intentionally leftblank. User's Manual Document #: LTRT-42025...
Page 827: Pinging A Remote Host Or Ip Address
IPv4 address. The ping is done using the following CLI command: # ping <IPv4 ip address or host name> source [voip] interface For a complete description of the ping command, refer to the CLI Reference Guide. Version 7.2 Mediant 4000 SBC...
Page 828 Mediant 4000 SBC This page is intentionally leftblank. User's Manual Document #: LTRT-42025...
Page 829: Appendix
Part XI Appendix...
Page 831: Dialing Plan Notation For Routing And Manipulation
4 to 8, and suffix is 234, 235, or 236. The entered value would be the following: [4-8](23[4,5,6]). [n-m] or (n-m) Represents a range of numbers. Examples:  To depict prefix numbers from 5551200 to 5551300: Version 7.2 Mediant 4000 SBC...
Page 832 Mediant 4000 SBC Notation Description  [5551200-5551300]#  To depict prefix numbers from 123100 to 123200:  123[100-200]#  To depict prefix and suffix numbers together:  03(100): for any number that starts with 03 and ends with 100. ...
Page 833 User's Manual 60. Dialing Plan Notation for Routing and Manipulation Notation Description Version 7.2 Mediant 4000 SBC...
Page 834 Mediant 4000 SBC This page is intentionally leftblank. User's Manual Document #: LTRT-42025...
Page 835: Configuration Parameters Reference
(i.e., the [WebAccessList_x] device can be accessed from any IP address). The default is 0.0.0.0 (i.e., the device can be accessed from any IP address). For example: Version 7.2 Mediant 4000 SBC...
Page 836: Web Parameters
Mediant 4000 SBC Parameter Description WebAccessList_0 = 10.13.2.66 WebAccessList_1 = 10.13.77.7 For a description of the parameter, see ''Configuring Web and Telnet Access List'' on page 80. Local Users Table Local Users The table defines management users. The format of the ini file table parameter is as follows: configure system >...
Page 837 The valid value is 0 to 100000, where 0 means that login is not denied regardless of number of failed login attempts. The default is 60. Display Last Login Information Enables display of user's login information on each successful login attempt. [DisplayLoginInformation] Version 7.2 Mediant 4000 SBC...
Page 838 Mediant 4000 SBC Parameter Description  [0] Disable (default)  [1] Enable [EnableMgmtTwoFactorAuthentication] Enables Web login authentication using a third-party, smart card.  [0] = Disable (default)  [1] = Enable When enabled, the device retrieves the Web user’s login username from the smart card, which is automatically displayed (read-only) in the Web Login screen;...
Page 839 For more information, see Customizing the Product Name on page 64. [UserProductName] Defines a name for the device instead of the default name. The value can be a string of up to 29 characters. For more information, see Customizing the Product Name Version 7.2 Mediant 4000 SBC...
Page 840 Defines the name of the image file that you want loaded to the device. This image is displayed as the logo in the Web interface (instead of AudioCodes logo). The file name can be up to 47 characters. For more information, see Replacing the Corporate Logo with an Image on page 63.
Page 841: Telnet Parameters
“—MORE—" prompt is displayed (at which you can press the spacebar to display the next four output lines). Note: You can override this parameter for a specific CLI session and configure a different number of output lines, by using the Version 7.2 Mediant 4000 SBC...
Page 842: Ini File Parameters
> snmp trap > auto- Enables the device to send NAT keep-alive traps to the port send-keep-alive of the SNMP network management station (e.g., AudioCodes OVOC). This is used for NAT traversal, and allows SNMP [SendKeepAliveTrap] communication with AudioCodes OVOC management...
Page 843 The parameter can be controlled by the Config Global Entry Limit MIB (located in the Notification Log MIB). The valid range is 50 to 1000. The default is 500. Note: For the parameter to take effect, a device reset is required. Version 7.2 Mediant 4000 SBC...
Page 844 Mediant 4000 SBC Parameter Description [ActiveAlarmTableMaxSize] Defines the maximum number of currently active alarms that can be displayed in the Active Alarms table. When the table reaches this user-defined maximum capacity (i.e., full), the device sends the SNMP trap event, acActiveAlarmTableOverflow.
Page 845 SNMP V3 Users Table SNMP V3 Users The table defines SNMP v3 users. configure system > snmp v3-users The format of the ini file table parameter is: [SNMPUsers] [SNMPUsers] FORMAT SNMPUsers_Index = SNMPUsers_Username, SNMPUsers_AuthProtocol, SNMPUsers_PrivProtocol, Version 7.2 Mediant 4000 SBC...
Page 846: Serial Parameters
Mediant 4000 SBC Parameter Description SNMPUsers_AuthKey, SNMPUsers_PrivKey, SNMPUsers_Group; [\SNMPUsers] For example: SNMPUsers 1 = v3admin1, 1, 0, myauthkey, -, 1; The example above configures user 'v3admin1' with security level authNoPriv(2), authentication protocol MD5, authentication text password 'myauthkey', and ReadWriteGroup2. For more information, see ''Configuring SNMP V3 Users'' on page 92.
Page 847: Auxiliary And Configuration File Name Parameters
Note: For the parameter to take effect, a device reset is required. Dial Plan File Defines the name of the Dial Plan file. This file should be created using AudioCodes DConvert utility (refer to DConvert Utility User's [DialPlanFileName] Guide). For the ini file, the name must be enclosed by single apostrophes, for example, 'dial_plan.dat'.
Page 848: Automatic Update Parameters
Mediant 4000 SBC 61.1.8 Automatic Update Parameters The automatic update of software and configuration files parameters are described in the table below. Table 61-8: Automatic Update of Software and Configuration Files Parameters Parameter Description General Automatic Update Parameters CLI path: configure system > automatic-update update-firmware Enables the Automatic Update mechanism for the cmp file.
Page 849 [1] = Enable CRC for the entire file, including line order (i.e., same text must be on the same lines). If there are differences between the files, the device installs the downloaded file. If there are no Version 7.2 Mediant 4000 SBC...
Page 850 Mediant 4000 SBC Parameter Description differences, the device discards the newly downloaded file.  [2] = Enable CRC for individual lines only. Same as option [1], except that the CRC ignores the order of lines (i.e., same text can be on different lines).
Page 851 Defines the name of the License Key file and the URL address of the feature-key server on which the file is located. [FeatureKeyURL] template-url Defines the URL address in the File Template for automatic updates, Version 7.2 Mediant 4000 SBC...
Page 852: Networking Parameters
Mediant 4000 SBC Parameter Description [TemplateUrl] of the provisioning server on which the files to download are located. For more information, see ''File Template for Automatic Provisioning'' on page 675. Defines the list of file types in the File Template for automatic template-files-list updates, to download from the provisioning server.
Page 853: Multiple Voip Network Interfaces And Vlan Parameters
Note: For the parameter to take effect, a device reset is required. 61.2.3 Routing Parameters The IP network routing parameters are described in the table below. Table 61-11: IP Network Routing Parameters Parameter Description Send ICMP Unreachable Enables sending of ICMP Unreachable messages. Version 7.2 Mediant 4000 SBC...
Page 854: Quality Of Service Parameters
Mediant 4000 SBC Parameter Description  Messages [0] Enable = (Default) Device sends these messages.  [1] Disable = Device does not send these messages. configure network > network-settings > icmp- disable-unreachable [DisableICMPUnreachable] Send and Receive ICMP Enables sending and receiving of ICMP Redirect messages.
Page 855: Nat Parameters
Note: If the SIP session is established (ACK) and the device (not the UA) sends the first packet, it sends it to the address obtained from the SIP message and only after the device receives the first Version 7.2 Mediant 4000 SBC...
Page 856: Dns Parameters
1. The parameter is used to allow SNMP communication with AudioCodes OVOC management platform, located in the WAN, when the device is located behind NAT. It is needed to keep the NAT pinhole open for the SNMP messages sent from OVOC to the device.
Page 857: Dhcp Parameters
The parameter is a "hidden" parameter. Once defined and saved to flash memory, its value doesn't revert to default even if the parameter doesn't appear in the ini file. [DHCP120OptionMode] Enables the acceptance of DHCP Option 120 in DHCP responses sent Version 7.2 Mediant 4000 SBC...
Page 858 Mediant 4000 SBC Parameter Description by a DHCP server.  [0] = DHCP Option 120 is not supported and ignored if received in the DHCP response.  [1] = (Default) DHCP Option 120 is supported and if received, the device adds the SIP server information to the Proxy Set.
Page 859: Ntp And Daylight Saving Time Parameters
NTP server fails, then this NTP server is used. secondary-server The default IP address is 0.0.0.0. [NTPSecondaryServerIP] NTP Update Interval Defines the time interval (in seconds) that the NTP client requests for a time update. update-interval Version 7.2 Mediant 4000 SBC...
Page 860 Mediant 4000 SBC Parameter Description [NTPUpdateInterval] The default interval is 86400 (i.e., 24 hours). The range is 0 to 214783647. Note: It is not recommend to set the parameter to beyond one month (i.e., 2592000 seconds). NTP Authentication Key Defines the NTP authentication key identifier for authenticating NTP Identifier messages.
Page 861: Debugging And Diagnostics Parameters
[EnableAutoRAITransmitBER] Enables the device to send a remote alarm indication (RAI) when the bit error rate (BER) is greater than 0.001.  [0] Disable (default)  [1] Enable 61.3.2 SIP Test Call Parameters The SIP Signaling Test Call parameters are described in the table below. Version 7.2 Mediant 4000 SBC...
Page 862: Syslog, Cdr And Debug Parameters
Mediant 4000 SBC Table 61-18: SIP Test Call Parameters Parameter Description Test Call DTMF String Defines the DTMF tone that is played for answered test calls (incoming and outgoing). configure troubleshoot > test-call settings > testcall- The DTMF string can be up to 15 strings. The default is "3212333". If no dtmf-string string is defined (empty), DTMF is not played.
Page 863 CDR with the MediaReportType field set to "Update" is sent, as the media was changed from voice to T.38. A CDR is also sent upon termination (end) of the media in the call. Version 7.2 Mediant 4000 SBC...
Page 864 Mediant 4000 SBC Parameter Description  [4] Start & End & Update Media = Sends a CDR at the start of the media, upon an update in the media (if occurs), and at the end of the media. Note: To enable CDR generation as well as enable signaling- related CDRs, use the CDRReportLevel parameter.
Page 865 Syslog messages, at one single server. The device’s Syslog messages can easily be identified and distinguished from other Syslog messages by its Facility level. Therefore, in addition to Version 7.2 Mediant 4000 SBC...
Page 866 Mediant 4000 SBC Parameter Description filtering Syslog messages according to IP address, the messages can be filtered according to Facility level.  [16] = (Default) local use 0 (local0)  [17] = local use 1 (local1)  [18] = local use 2 (local2) ...
Page 867 Defines the IP address of the server for capturing debug recording. configure troubleshoot > logging settings > dbg-rec-dest-ip [DebugRecordingDestIP] Debug Recording Destination Port Defines the UDP port of the server for capturing debug recording. The default is 925. configure troubleshoot > logging Version 7.2 Mediant 4000 SBC...
Page 868 Mediant 4000 SBC Parameter Description settings > dbg-rec-dest-port [DebugRecordingDestPort] Enable Core Dump Enables the automatic generation of a Core Dump file upon a device crash. [EnableCoreDump]  [0] Disable (default)  [1] Enable Note: For the parameter to take effect, a device reset is required.
Page 869: Resource Allocation Indication Parameters
Defines a name for the active device, which is displayed on the Home page to indicate the active device. configure network > high-availability > unit-id-name The valid value is a string of up to 128 characters. The default Version 7.2 Mediant 4000 SBC...
Page 870 Mediant 4000 SBC Parameter Description [HAUnitIdName] value is "Device 1". Redundant HA Device Name Defines a name for the redundant device, which is displayed on the Home page to indicate the redundant device. configure network > high-availability > redundant-unit-id-name The valid value is a string of up to 128 characters. The default value is "Device 2".
Page 871: Security Parameters
> access-list The format of the ini file table parameter is: [AccessList] [AccessList] FORMAT AccessList_Index = AccessList_Source_IP, AccessList_Source_Port, AccessList_PrefixLen, AccessList_Source_Port, AccessList_Start_Port, AccessList_End_Port, AccessList_Protocol, AccessList_Use_Specific_Interface, AccessList_Interface_ID, AccessList_Packet_Size, AccessList_Byte_Rate, AccessList_Byte_Burst, AccessList_Allow_Type; [\AccessList] For example: Version 7.2 Mediant 4000 SBC...
Page 872 Mediant 4000 SBC Parameter Description AccessList 10 = mgmt.customer.com, , , 32, 0, 80, tcp, 1, OAMP, 0, 0, 0, allow; AccessList 22 = 10.4.0.0, , , 16, 4000, 9000, any, 0, , 0, 0, 0, block; In the example above, Rule #10 allows traffic from the host ‘mgmt.customer.com’...
Page 873: Https Parameters
The valid range is 0 to 255. The default is 10. 61.5.2 HTTPS Parameters The Secure Hypertext Transport Protocol (HTTPS) parameters are described in the table below. Table 61-23: HTTPS Parameters Parameter Description Secured Web Connection Determines the protocol used to access the Web interface. Version 7.2 Mediant 4000 SBC...
Page 874: Srtp Parameters
Mediant 4000 SBC Parameter Description  (HTTPS) [0] HTTP and HTTPS (default).  [1] HTTPs Only = Unencrypted HTTP packets are blocked. configure system > web > secured-connection Note: For the parameter to take effect, a device reset is required.
Page 875 Enables encryption on transmitted RTCP packets in a secured RTP session. configure voip > media security > RTCP-  encryption-disable-tx [0] Enable (default)  [1] Disable [RTCPEncryptionDisableTx] SRTP Tunneling Authentication for RTP Enables validation of SRTP tunneling Version 7.2 Mediant 4000 SBC...
Page 876: Tls Parameters
Mediant 4000 SBC Parameter Description configure voip > media security > authentication for RTP. srtp-tnl-vld-rtp-auth  [0] Disable = (Default) The device does not [SRTPTunnelingValidateRTPRxAuthentication] perform any validation and forwards the packets as is.  [1] Enable = The device validates the packets (e.g., sequence number) and if successful,...
Page 877 TLS connection. If the device receives a certificate from a SIP entity (IP Group) and the parameter is configured to Server Only or Server & Client, it attempts to authenticate the certificate based on the Version 7.2 Mediant 4000 SBC...
Page 878 Mediant 4000 SBC Parameter Description certificate's address. The device searches for a Proxy Set that contains the same address (IP address or FQDN) as that specified in the certificate's SubjectAltName (Subject Alternative Names). For Proxy Sets with an FQDN, the device checks the FQDN itself and not the DNS- resolved IP addresses.
Page 879: Ssh Parameters
Note: The last SSH login information is cleared when the device is reset. Max Login Attempts Defines the maximum SSH login attempts allowed for entering an incorrect password by an administrator before the SSH session is Version 7.2 Mediant 4000 SBC...
Page 880: Ids Parameters
Mediant 4000 SBC Parameter Description configure system > cli-settings rejected. > ssh-max-login-attempts The valid range is 1 to 5. The default is 3. [SSHMaxLoginAttempts] Note: The new setting takes effect only for new subsequent SSH connections. 61.5.6 IDS Parameters The Intrusion Detection System (IDS) parameters are described in the table below.
Page 881: Ocsp Parameters
The Quality of Experience (QoE) parameters are described in the table below. Table 61-29: Quality of Experience Parameters Parameter Description OVOC Parameters Server IP Defines the IP address of the primary One Voice Operations Center Version 7.2 Mediant 4000 SBC...
Page 882 Mediant 4000 SBC Parameter Description configure voip > qoe (OVOC) server to where the quality experience reports are sent. settings > server-ip Note: For the parameter to take effect, a device reset is required. [QOEServerIP] Redundant Server IP Defines the IP address of the secondary OVOC server to where the quality experience reports are sent.
Page 883 The format of the ini file table parameter is as follows: performance-profile [ PerformanceProfile ] [PerformanceProfile] FORMAT PerformanceProfile_Index = PerformanceProfile_Entity, PerformanceProfile_IPGroupName, PerformanceProfile_SRDName, PerformanceProfile_PMType, PerformanceProfile_MinorThreshold, PerformanceProfile_MajorThreshold, PerformanceProfile_Hysteresis, PerformanceProfile_MinimumSample, PerformanceProfile_WindowSize; [ \PerformanceProfile ] For more information, see ''Configuring Performance Profiles'' on page 722. Version 7.2 Mediant 4000 SBC...
Page 884: Control Network Parameters
Mediant 4000 SBC 61.7 Control Network Parameters 61.7.1 IP Group, Proxy, Registration and Authentication Parameters The proxy server, registration and authentication SIP parameters are described in the table below. Table 61-30: Proxy, Registration and Authentication SIP Parameters Parameter Description IP Groups Table IP Groups This table configures IP Groups.
Page 885 - upon device reset, device power up, or new and modified configuration. Always Use Proxy Determines whether the device sends SIP messages and responses through a Proxy server. configure voip > sip-definition Version 7.2 Mediant 4000 SBC...
Page 886 Mediant 4000 SBC Parameter Description  proxy-and-registration > always- [0] Disable = (Default) Use standard SIP routing rules. use-proxy  [1] Enable = All SIP messages and responses are sent to the Proxy server. [AlwaysSendToProxy] Note: The parameter is applicable only if a Proxy server is used (i.e., the parameter IsProxyUsed is set to 1).
Page 887  [1] INVITE Only = Challenges issued for INVITE requests are cached. This prevents a mixture of REGISTER and INVITE authorizations.  [2] Full = Caches all challenges from the proxies. Version 7.2 Mediant 4000 SBC...
Page 888 Mediant 4000 SBC Parameter Description Note:  Challenge caching is used with all proxies and not only with the active one.  The challenge can be cached per Account or per user whose credentials are known through the User Info table.
Page 889 50% and 100% of the upper-bound wait time (e.g., for an upper-bound wait-time of 240, the actual wait-time is between 120 and 240 seconds). As can be seen from the algorithm, the upper-bound wait time can never exceed the value of the MaxRegistrationBackoffTime parameter. Version 7.2 Mediant 4000 SBC...
Page 890 Mediant 4000 SBC Parameter Description Registration Time Threshold Defines a threshold (in seconds) for re-registration timing. If the parameter is greater than 0, but lower than the computed re- configure voip > sip-definition registration timing (according to the parameter proxy-and-registration >...
Page 891 The device uses the range of 80-100% of this user-defined value as the actual interval. For example, if the parameter value is set to 200 sec, the interval used is any random time between 160 to Version 7.2 Mediant 4000 SBC...
Page 892: Network Application Parameters
Mediant 4000 SBC Parameter Description 200 seconds. This prevents an “avalanche” of keep-alive by multiple SIP UAs to a specific server. Max Generated Register Rate Defines the maximum number of user register requests (REGISTER messages) that the device sends (to a proxy or configure voip >...
Page 893 The format of the ini file table parameter is as follows: [NATTranslation] [ NATTranslation ] FORMAT NATTranslation_Index = NATTranslation_SrcIPInterfaceName, NATTranslation_TargetIPAddress, NATTranslation_SourceStartPort, NATTranslation_SourceEndPort, NATTranslation_TargetStartPort, NATTranslation_TargetEndPort; [ \NATTranslation ] For more information, see ''Configuring NAT Translation per IP Interface'' on page 142. Version 7.2 Mediant 4000 SBC...
Page 894: General Sip Parameters
Mediant 4000 SBC Parameter Description Media Realms table Media Realms Defines Media Realms. configure voip > realm The format of the ini file table parameter is as follows: [CpMediaRealm] [ CpMediaRealm ] FORMAT CpMediaRealm_Index = CpMediaRealm_MediaRealmName, CpMediaRealm_IPv4IF, CpMediaRealm_IPv6IF, CpMediaRealm_PortRangeStart, CpMediaRealm_MediaSessionLeg,...
Page 895 [0] Disable = SIP 408 response is not sent upon receipt of non-INVITE [EnableNonInvite408Re messages (to comply with RFC 4320). ply]  [1] Enable = (Default) SIP 408 response is sent upon receipt of non- INVITE messages, if necessary. Version 7.2 Mediant 4000 SBC...
Page 896 Mediant 4000 SBC Parameter Description Max SIP Message Defines the maximum size (in Kbytes) for each SIP message that can be Length [KB] sent over the network. The device rejects messages exceeding this user- defined size. [MaxSIPMessageLengt The valid value range is 1 to 100. The default is 100.
Page 897 This is because 90 minus 32 is 58 seconds, which is less than one third of the Session-Expires value (i.e., 60/3 is 30, and 90 minus 30 is 60). The valid range is 0 to 32 (in seconds). The default is 32. Version 7.2 Mediant 4000 SBC...
Page 898 Mediant 4000 SBC Parameter Description [RemoveToTagInFailur Determines whether the device removes the ‘to’ header tag from final SIP eResponse] failure responses to INVITE transactions.  [0] = (Default) Do not remove tag.  [1] = Remove tag. [EnableRTCPAttribute] Enables the use of the 'rtcp' attribute in the outgoing SDP.
Page 899 Enables the re-use of the same TCP/TLS connection for sessions with the same user, even if the "alias" parameter is not present in the SIP Via configure voip > sip- header of the first INVITE. definition settings > Version 7.2 Mediant 4000 SBC...
Page 900 Mediant 4000 SBC Parameter Description  [0] Disable = (Default) TCP/TLS connection reuse is done only if the fake-tcp-alias "alias" parameter is present in the Via header of the first INVITE. [FakeTCPalias]  [1] Enable Note: To enable TCP/TLS connection re-use, set the EnableTCPConnectionReuse parameter to 1.
Page 901 URI. It must use the GRUU in the following messages: INVITE request, its 2xx response, SUBSCRIBE request, its 2xx response, NOTIFY request, REFER request and its 2xx response. [IsCiscoSCEMode] Determines whether a Cisco gateway exists at the remote side. Version 7.2 Mediant 4000 SBC...
Page 902 > user-agent-info User-Agent: myproduct/v.7.20A.000.038 [UserAgentDisplayInfo] If not configured, the default string, <AudioCodes product-name>/software version' is used, for example: User-Agent: Audiocodes-Sip-Gateway-Mediant 4000 SBC/v.7.20A.000.038 The maximum string length is 50 characters. Note: The software version number and preceding forward slash (/) cannot be modified.
Page 903 If the device receives a SIP 503 response to an INVITE, it also marks that the proxy is out of service for the defined "Retry-After" period. Enable P-Associated- Determines the device usage of the P-Associated-URI header. This Version 7.2 Mediant 4000 SBC...
Page 904 Mediant 4000 SBC Parameter Description URI Header header can be received in 200 OK responses to REGISTER requests. When enabled, the first URI in the P-Associated-URI header is used in p-associated-uri-hdr subsequent requests as the From/P-Asserted-Identity headers value. [EnablePAssociatedURI ...
Page 905 Reason header for Release Reason mapping. settings >  [0] = Disregard Reason header in incoming SIP messages. handle-reason-  [1] = (Default) Use the Reason header value for Release Reason header mapping. [HandleReasonHeader] Version 7.2 Mediant 4000 SBC...
Page 906 Mediant 4000 SBC Parameter Description [EnableSilenceSuppInS Determines the device's behavior upon receipt of SIP Re-INVITE messages that include the SDP's 'silencesupp:off' attribute.  [0] = (Default) Disregard the 'silecesupp' attribute.  [1] = Handle incoming Re-INVITE messages that include the 'silencesupp:off' attribute in the SDP as a request to switch to the Voice-Band-Data (VBD) mode.
Page 907 SDP received from the remote side. settings >  [0] Disable (default) ignore-remote-  [1] Enable sdp-mki [IgnoreRemoteSDPMKI configure voip > sip- Defines the echo canceller format in the outgoing SDP. The 'ecan' definition settings > Version 7.2 Mediant 4000 SBC...
Page 908 Mediant 4000 SBC Parameter Description sdp-ecan-frmt attribute is used in the SDP to indicate the use of echo cancellation.  [SDPEcanFormat] [0] = (Default) The 'ecan' attribute appears on the 'a=gpmd' line.  [1] = The 'ecan' attribute appears as a separate attribute.
Page 909 SIP Message Manipulations Table Message Manipulations Defines manipulation rules for SIP header messages. configure voip > The format of the ini file table parameter is as follows: message message- [ MessageManipulations] manipulations FORMAT MessageManipulations_Index = [MessageManipulations MessageManipulations_ManSetID, Version 7.2 Mediant 4000 SBC...
Page 910 Mediant 4000 SBC Parameter Description MessageManipulations_MessageType, MessageManipulations_Condition, MessageManipulations_ActionSubject, MessageManipulations_ActionType, MessageManipulations_ActionValue, MessageManipulations_RowRole; [\MessageManipulations] For example, the below configuration changes the user part of the SIP From header to 200: MessageManipulations 1 = 0, Invite.Request, , Header.From.Url.User, 2, 200, 0; For more information, see Configuring SIP Message Manipulation on page 401.
Page 911: Coders And Profile Parameters
FORMAT IpProfile_Index = IpProfile_ProfileName, [IPProfile] IpProfile_IpPreference, IpProfile_CodersGroupName, IpProfile_IsFaxUsed, IpProfile_JitterBufMinDelay, IpProfile_JitterBufOptFactor, IpProfile_IPDiffServ, IpProfile_SigIPDiffServ, IpProfile_RTPRedundancyDepth, IpProfile_CNGmode, IpProfile_VxxTransportType, IpProfile_NSEMode, IpProfile_IsDTMFUsed, IpProfile_PlayRBTone2IP, IpProfile_EnableEarlyMedia, IpProfile_ProgressIndicator2IP, IpProfile_EnableEchoCanceller, IpProfile_CopyDest2RedirectNumber, IpProfile_MediaSecurityBehaviour, IpProfile_CallLimit, IpProfile_DisconnectOnBrokenConnection, IpProfile_FirstTxDtmfOption, IpProfile_SecondTxDtmfOption, IpProfile_RxDTMFOption, IpProfile_EnableHold, IpProfile_InputGain, IpProfile_VoiceVolume, IpProfile_AddIEInSetup, IpProfile_SBCExtensionCodersGroupName, IpProfile_MediaIPVersionPreference, IpProfile_TranscodingMode, Version 7.2 Mediant 4000 SBC...
Page 912 Mediant 4000 SBC Parameter Description IpProfile_SBCAllowedMediaTypes, IpProfile_SBCAllowedAudioCodersGroupName, IpProfile_SBCAllowedVideoCodersGroupName, IpProfile_SBCAllowedCodersMode, IpProfile_SBCMediaSecurityBehaviour, IpProfile_SBCRFC2833Behavior, IpProfile_SBCAlternativeDTMFMethod, IpProfile_SBCSendMultipleDTMFMethods, IpProfile_SBCAssertIdentity, IpProfile_AMDSensitivityParameterSuit, IpProfile_AMDSensitivityLevel, IpProfile_AMDMaxGreetingTime, IpProfile_AMDMaxPostSilenceGreetingTime, IpProfile_SBCDiversionMode, IpProfile_SBCHistoryInfoMode, IpProfile_EnableQSIGTunneling, IpProfile_SBCFaxCodersGroupName, IpProfile_SBCFaxBehavior, IpProfile_SBCFaxOfferMode, IpProfile_SBCFaxAnswerMode, IpProfile_SbcPrackMode, IpProfile_SBCSessionExpiresMode, IpProfile_SBCRemoteUpdateSupport, IpProfile_SBCRemoteReinviteSupport, IpProfile_SBCRemoteDelayedOfferSupport, IpProfile_SBCRemoteReferBehavior, IpProfile_SBCRemote3xxBehavior, IpProfile_SBCRemoteMultiple18xSupport, IpProfile_SBCRemoteEarlyMediaResponseType, IpProfile_SBCRemoteEarlyMediaSupport, IpProfile_EnableSymmetricMKI, IpProfile_MKISize, IpProfile_SBCEnforceMKISize, IpProfile_SBCRemoteEarlyMediaRTP, IpProfile_SBCRemoteSupportsRFC3960,...
Page 913: Channel Parameters
Global parameter enabling echo cancellation (i.e., echo configure voip > media voice > echo- from voice calls is removed). canceller-enable You can also configure this functionality per specific calls, [EnableEchoCanceller] using IP Profiles (IpProfile_EnableEchoCanceller). For a Version 7.2 Mediant 4000 SBC...
Page 914 Mediant 4000 SBC Parameter Description detailed description of the parameter and for configuring the functionality, see ''Configuring IP Profiles'' on page 424. Note: If the functionality is configured for a specific profile, the settings of this global parameter is ignored for calls associated with the profile.
Page 915: Coder Parameters
[1] Enable [SilkTxInbandFEC] Silk Max Average Bit Rate Defines the maximum average bit rate for the SILK coder. configure voip > media settings The valid value range is 6,000 to 50,000. The default is 50,000. Version 7.2 Mediant 4000 SBC...
Page 916: Dtmf Parameters
Mediant 4000 SBC Parameter Description > silk-max-average-bitrate The SILK coder is Skype's default audio codec used for Skype-to- Skype calls. [SilkMaxAverageBitRate] Opus Max Average Bitrate Defines the maximum average bit rate (in bps) for the Opus coder. configure voip > sip-definition The valid value range is 6000 to 50,000.
Page 917: Rtp, Rtcp And T.38 Parameters
61.10.4 RTP, RTCP and T.38 Parameters The RTP, RTCP and T.38 parameters are described in the table below. Table 61-37: RTP/RTCP and T.38 Parameters Parameter Description Broken Connection Mode Global parameter that defines the device's handling of calls if Version 7.2 Mediant 4000 SBC...
Page 918 Mediant 4000 SBC Parameter Description configure voip > sip-definition RTP packets are not received within a user-defined timeout settings > disc-broken-conn (configured by the BrokenConnectionEventTimeout parameter). You can also configure this functionality per specific calls, using [DisconnectOnBrokenConnection] IP Profiles (IpProfile_DisconnectOnBrokenConnection). For a...
Page 919 For the parameter to take effect, a device reset is required.  If the device is located in a network subnet which is connected to other gateways using a router that uses Virtual Router Redundancy Protocol (VRRP) for redundancy, then Version 7.2 Mediant 4000 SBC...
Page 920 Mediant 4000 SBC Parameter Description set the parameter to 0 or 2. FW Invalid Packet Handling Defines the device's handling of invalid RTP and RTCP packets. [RTPFWInvalidPacketHandling]  [0] Do Nothing = Forwards the invalid packets as is.  [1] Issue Warnings Only = (Default) Forwards the invalid packets and issues warnings (sent to the Syslog) to notify of the invalid packets.
Page 921 The default is -1 (i.e., no alerts are issued). R-Value Delay Threshold Defines the voice quality monitoring - end of call low quality alert threshold. [VQMonEOCRValTHR] The default is -1 (i.e., no alerts are issued). Version 7.2 Mediant 4000 SBC...
Page 922: Sbc Parameters
Mediant 4000 SBC Parameter Description RTCP XR Packet Interval Defines the time interval (in msec) between adjacent RTCP XR reports. This interval starts from call establishment. Thus, the configure voip > media rtp-rtcp > device can send RTCP XR reports during the call, in addition to rtcp-interval at the end of the call.
Page 923 IP party does not answer the call within this timeout user-defined interval, the device disconnects the [SBCAlertTimeout] session. The device starts the timeout count upon receipt of a SIP 180 Ringing response from the called Version 7.2 Mediant 4000 SBC...
Page 924 [NumOfSubscribes] The valid value is any value between 0 and the maximum supported SUBSCRIBE sessions. When set to -1, the device uses the default value. For more information, contact your AudioCodes sales representative. Note:  For the parameter to take effect, a device reset is required.
Page 925 UA by sending the SIP message with the 'refresher=' parameter in the Session-Expires header set to 'uas'.  [1] SBC Refresher = The device performs the session refresh requests. The device indicates this Version 7.2 Mediant 4000 SBC...
Page 926 Mediant 4000 SBC Parameter Description to the UA by sending the SIP message with the 'refresher=' parameter in the Session-Expires header set to 'uac'. Note: The time values of the Session-Expires (session refresh interval) and Min-SE (minimum session refresh interval) headers can be configured using the SBCSessionExpires and SBCMinSE parameters, respectively.
Page 927 IP Profiles table, see ''Configuring IP Profiles'' on page 424. Note: If this functionality is configured for a specific IP Profile, the settings of this global parameter is ignored for calls associated with the IP Profile. Version 7.2 Mediant 4000 SBC...
Page 928 Mediant 4000 SBC Parameter Description configure voip > sbc settings > sbc-xfer- When the SBCReferBehavior is set to 1, the device, prefix while interworking the SIP REFER message, adds the prefix "T~&R-" to the user part of the URI in the Refer- [SBCXferPrefix] To header.
Page 929 This option does not authenticate the message body (i.e., SDP).  [1] 1 = The device sends 'qop=auth-int' in the SIP response, indicating required authentication and authentication with integrity (e.g., checksum). This Version 7.2 Mediant 4000 SBC...
Page 930 Mediant 4000 SBC Parameter Description option restricts the client to authenticating the entire SIP message, including the body, if present.  [2] 2 = (Default) The device sends 'qop=auth, auth-int' in the SIP response, indicating either authentication or integrity. This enables the client to choose 'auth' or 'auth-int'.
Page 931 (parsing of call identifiers in XML body) in SIP configure voip > sbc settings > sbc-dialog- NOTIFY messages received from a remote info-interwork application server. [EnableSBCDialogInfoInterworking]  [0] Disable (default)  [1] Enable For more information, see ''Interworking Dialog Version 7.2 Mediant 4000 SBC...
Page 932 Mediant 4000 SBC Parameter Description Information in SIP NOTIFY Messages'' on page 491. configure voip > sbc settings > sbc-keep-call- Global parameter that enables the device to use the same call identification (SIP Call-ID header value) received in incoming messages for the call [SBCKeepOriginalCallId] identification in outgoing messages.
Page 933 > sbc settings > transcoding- functionality per specific calls, using IP Profiles mode (IpProfile_TranscodingMode). For a detailed [TranscodingMode] description of the parameter and for configuring this functionality in the IP Profiles table, see Configuring Version 7.2 Mediant 4000 SBC...
Page 934 Mediant 4000 SBC Parameter Description IP Profiles on page 424. Note: If this functionality is configured for a specific IP Profile, the settings of this global parameter is ignored for calls associated with the IP Profile. Preferences Mode Determines the order of the Extension coders (coders added if there are no common coders between SDP configure voip >...
Page 935 SBC Fax Detection Timeout Defines the duration (in seconds) for which the device attempts to detect fax (CNG tone) immediately upon configure voip > sbc settings > sbc-fax- the establishment of a voice session. The interval detection-timeout Version 7.2 Mediant 4000 SBC...
Page 936 Mediant 4000 SBC Parameter Description [SBCFaxDetectionTimeout] starts from the establishment of the voice call. The valid value is 1 to any integer. The default is 10. The feature applies to faxes that are sent immediately after the voice channel is established (i.e., after 200 OK).
Page 937 Classification_SRDName, Classification_SrcSIPInterfaceName, Classification_SrcAddress, Classification_SrcPort, Classification_SrcTransportType, Classification_SrcUsernamePrefix, Classification_SrcHost, Classification_DestUsernamePrefix, Classification_DestHost, Classification_ActionType, Classification_SrcIPGroupName, Classification_DestRoutingPolicy, Classification_IpProfileName; [ \Classification ] For more information, see ''Configuring Classification Rules'' on page 497. Condition Table Condition Table Defines SIP Message Condition rules. Version 7.2 Mediant 4000 SBC...
Page 938 Mediant 4000 SBC Parameter Description configure voip > sbc routing condition-table [ ConditionTable ] FORMAT ConditionTable_Index = [ConditionTable] ConditionTable_Condition, ConditionTable_Description; [ \ConditionTable ] For more information, see ''Configuring Message Condition Rules'' on page 406. SBC IP-to-IP Routing Table IP-to-IP Routing Table Defines SBC IP-to-IP routing rules.
Page 939 Outbound Manipulations Table Outbound Manipulations Defines outbound manipulation rules. configure voip > sbc manipulation ip- The format of the ini file table parameter is as follows: outbound-manipulation [IPOutboundManipulation] [IPOutboundManipulation] FORMAT IPOutboundManipulation_Index = IPOutboundManipulation_ManipulationName, IPOutboundManipulation_RoutingPolicyName, IPOutboundManipulation_IsAdditionalManipulation, Version 7.2 Mediant 4000 SBC...
Page 940 Mediant 4000 SBC Parameter Description IPOutboundManipulation_SrcIPGroupName, IPOutboundManipulation_DestIPGroupName, IPOutboundManipulation_SrcUsernamePrefix, IPOutboundManipulation_SrcHost, IPOutboundManipulation_DestUsernamePrefix, IPOutboundManipulation_DestHost, IPOutboundManipulation_CallingNamePrefix, IPOutboundManipulation_MessageConditionName, IPOutboundManipulation_RequestType, IPOutboundManipulation_ReRouteIPGroupName, IPOutboundManipulation_Trigger, IPOutboundManipulation_ManipulatedURI, IPOutboundManipulation_RemoveFromLeft, IPOutboundManipulation_RemoveFromRight, IPOutboundManipulation_LeaveFromRight, IPOutboundManipulation_Prefix2Add, IPOutboundManipulation_Suffix2Add, IPOutboundManipulation_PrivacyRestrictionMode, IPOutboundManipulation_DestTags, IPOutboundManipulation_SrcTags; [\IPOutboundManipulation] For more information, see ''Configuring IP-to-IP Outbound Manipulations'' on page 539. Routing Policies Table Routing Policies Defines Routing Policies.
Page 941: Supplementary Services
This is included in the SIP Resource-Priority configure voip > sbc settings > header. sbc-emerg-sig-diffserv The valid value is 0 to 63. The default is 40. [SBCEmergencySignalingDiffServ] 61.12 IP Media Parameters The IP media parameters are described in the table below. Version 7.2 Mediant 4000 SBC...
Page 942 Mediant 4000 SBC Table 61-40: IP Media Parameters Parameter Description IPMedia Detectors Enables the device's DSP detectors for detection features such as AMD. configure voip > media ipmedia >  ipm-detectors-enable [0] Disable (default)  [1] Enable [EnableDSPIPMDetectors] Note: ...
Page 943 IP Profiles table, see ''Configuring IP parameter-suit Profiles'' on page 424. [AMDSensitivityParameterSuit] Note: If this functionality is configured for a specific IP Profile, the settings of this global parameter is ignored for calls Version 7.2 Mediant 4000 SBC...
Page 944 Mediant 4000 SBC Parameter Description associated with the IP Profile. Answer Machine Detector Global parameter that defines the AMD detection sensitivity Sensitivity Level level of the selected AMD Parameter Suite. You can also configure this functionality per specific calls, using IP Profiles configure voip >...
Page 945: Services
SIP Recording Application Enables the SIP-based Media Recording feature:  [0] Disable (default) configure voip > sip-definition sip-recording settings >  [1] Enable enable-sip-rec Note: For the parameter to take effect, a device reset is required. [EnableSIPRec] Version 7.2 Mediant 4000 SBC...
Page 946: Radius And Ldap Parameters
Mediant 4000 SBC Parameter Description Recording Server (SRS) Defines the SIP user part for the recording server. This user part is Destination Username added in the SIP To header of the INVITE message that the device sends to the recording server.
Page 947: Radius Parameters
RADIUS VSA Vendor ID Defines the vendor ID that the device accepts when parsing a RADIUS response packet. configure system > radius settings > vsa-vendor-id The valid range is 0 to 0xFFFFFFFF. The default is 5003. Version 7.2 Mediant 4000 SBC...
Page 948 Mediant 4000 SBC Parameter Description [RadiusVSAVendorID] [MaxRADIUSSessions] Defines the number of concurrent calls that can communicate with the RADIUS server (optional). The valid range is 0 to 240. The default is 240. RADIUS Packets Defines the number of RADIUS retransmission retries when no Retransmission response is received from the RADIUS server.
Page 949: Ldap Parameters
"(sAMAccountName=$)" and the user logs in with the username "SueM", the LDAP query is run for sAMAccountName=SueM. Use LDAP for Web > Telnet Login Enables LDAP-based management-user login authentication and authorization. configure system > ldap settings > Version 7.2 Mediant 4000 SBC...
Page 950 Mediant 4000 SBC Parameter Description  [0] Disable (default) enable-mgmt-login  [1] Enable [MgmtLDAPLogin] Note: For the parameter to take effect, a device reset is required. [LDAPDebugMode] Determines whether to enable the LDAP task debug messages. This is used for providing debug information regarding LDAP tasks.
Page 951 Management LDAP Groups Table Defines the users group attribute in the AD and corresponding management access level. configure system > ldap mgmt-ldap- groups The format of the ini file table parameter is as follows: [ MgmntLDAPGroups ] Version 7.2 Mediant 4000 SBC...
Page 952: Least Cost Routing Parameters
Mediant 4000 SBC Parameter Description [MgmntLDAPGroups] FORMAT MgmntLDAPGroups_Index = MgmntLDAPGroups_LdapConfigurationIndex, MgmntLDAPGroups_GroupIndex, MgmntLDAPGroups_Level, MgmntLDAPGroups_Group; [ \MgmntLDAPGroups ] For more information, see ''Configuring Access Level per Management Groups Attributes'' on page 248. LDAP Server Groups Table LDAP Server Groups Table Defines LDAP Server Groups.
Page 953: Call Setup Rules Parameters
For more information, see ''Configuring HTTP Services'' on page 271. Remote Web Services Table Remote Web Services Defines remote Web services. configure system > http-services The format of the ini file table parameter is as follows: > http-remote-services [HTTPRemoteServices] Version 7.2 Mediant 4000 SBC...
Page 954: Http Proxy Parameters
Mediant 4000 SBC Parameter Description [HTTPRemoteServices] FORMAT HTTPRemoteServices_Index = HTTPRemoteServices_Name, HTTPRemoteServices_Path, HTTPRemoteServices_HTTPType, HTTPRemoteServices_Policy, HTTPRemoteServices_LoginNeeded, HTTPRemoteServices_PersistentConnection, HTTPRemoteServices_NumOfSockets, HTTPRemoteServices_AuthUserName, HTTPRemoteServices_AuthPassword, HTTPRemoteServices_TLSContext, HTTPRemoteServices_VerifyCertificate, HTTPRemoteServices_TimeOut, HTTPRemoteServices_KeepAliveTimeOut, HTTPRemoteServices_ServiceStatus; [\HTTPRemoteServices] For more information, see ''Configuring Remote Web Services'' on page 271. HTTP Remote Hosts Table HTTP Remote Hosts Defines remote HTTP hosts per remote Web service.
Page 955 OVOC Services Table OVOC Services Defines an HTTP-based OVOC Service so that the device can act as an HTTP Proxy that enables AudioCodes OVOC to manage configure network > AudioCodes equipment (such as IP Phones) over HTTP when the http-proxy ems-serv equipment is located behind NAT (e.g., in the LAN) and OVOC is...
Page 956 Mediant 4000 SBC Parameter Description EMSService_PrimaryServer, EMSService_SecondaryServer, EMSService_DeviceLoginInterface, EMSService_EMSInterface; [ \EMSService ] For more information, see ''Configuring an HTTP-based OVOC Service'' on page 289. User's Manual Document #: LTRT-42025...
Page 957: Channel Capacity
The figures listed in the table are accurate at the time of publication of this document. However, these figures may change due to a later software update. For the latest figures, please contact your AudioCodes sales representative. • "GW" refers to Gateway functionality.
Page 958: Mediant 4000 Sbc
957. These SBC sessions also support SRTP and RTCP XR. When DSP capabilities are required, the number of sessions that can use DSP capabilities is reduced, as shown in the table below. Table 62-2: Transcoding Capacity per Coder-Capability Profile for Mediant 4000 SBC Session Coders Max. Sessions...
Page 959: Mediant 4000B Sbc
Profile 1 Profile 2 + SILK-NB 1,200 1,600 2,850 4,050 Profile 2 Profile 2 + SILK-NB 1,050 1,400 2,500 3,600 Profile 1 Profile 2 + SILK-WB 1,650 2,400 Profile 2 Profile 2 + SILK-WB 1,650 2,400 Version 7.2 Mediant 4000 SBC...
Page 960 Profile 2: G.711, G.726, G.729, G.723.1, AMR-NB, T.38 with fax detection, In-band signaling (in voice channel), and Silence Compression. • Acoustic Echo Suppressor reduces performance by about 30%. For more information, contact your AudioCodes sales representative. • MPMB is the optional, Media Processing Module that provides additional DSPs, allowing greater capacity.
Page 961: Technical Specifications
The device's technical specifications are listed in the table below. Note: • All specifications in this document are subject to change without prior notice. • The compliance and regulatory information can be downloaded from AudioCodes Web site at http://www.audiocodes.com/library. Table 63-1: Technical Specifications Function Specification...
Page 962 Direct Media (No Media Hair-pinning of local calls to avoid unnecessary media delays and Anchoring) bandwidth consumption Voice Quality Monitoring RTCP-XR, AudioCodes One Voice Operations Center (OVOC) High Availability SBC high availability with two-box redundancy, active calls (Redundancy) preserved Quality of Experience...
Page 963 100-240 VAC, 50-60 Hz, 7A max.  Environmental Operational: 0 to 40°C (32 to 104°F)  Storage: -20 to 70°C (-4 to 158°F)  Relative Humidity: 10 to 85% non-condensing Version 7.2 Mediant 4000 SBC...
Page 964 Website: ©2018 AudioCodes Ltd. All rights reserved. AudioCodes, AC, HD VoIP, HD VoIP Sounds Better, IPmedia, Mediant, MediaPack, What’s Inside Matters, OSN, SmartTAP, User Management Pack, VMAS, VoIPerfect, VoIPerfectHD, Your Gateway To VoIP, 3GX, VocaNom, AudioCodes One Voice and CloudBond are trademarks or registered trademarks of AudioCodes Limited.

This manual is also suitable for:

Mediant 4000b sbc

AudioCodes Mediant 4000 SBC User Manual

1 Introduction

Getting Started with Initial Connectivity

2 Introduction

3 Default OAMP IP Address

4 Configuring Voip LAN Interface for OAMP

Management Tools

5 Introduction

6 Web-Based Management

7 CLI-Based Management

8 SNMP-Based Management

9 INI File-Based Management

General System Settings

10 Configuring SSL/TLS Certificates

11 Network

12 Date and Time

General Voip Configuration

13 Security

14 Media

15 Services

16 Quality of Experience

17 Control Network

18 SIP Definitions

19 SIP Message Manipulation

20 Coders and Profiles

Session Border Controller Application

21 SBC Overview

Quick Links

Related Manuals for AudioCodes Mediant 4000 SBC

Summary of Contents for AudioCodes Mediant 4000 SBC