AudioCodes Mediant 3000 User Manual page 942
Gateway & enterprise sbc, family of media gateways & session border controllers
Hide thumbs
Also See for Mediant 3000:
- User manual (1070 pages) ,
- Installation manual (90 pages) ,
- Hardware installation manual (88 pages)
Table of Contents
Advertisement
Parameter
Web: SBC Server Auth Mode
[SBCServerAuthMode]
Web: Lifetime of the nonce in
seconds
[AuthNonceDuration]
Web: Authentication Challenge
Method
[AuthChallengeMethod]
Web: Authentication Quality of
Protection
[AuthQOP]
Web: SBC User Registration
Time
User's Manual
used. The SBCDiversionMode and SBCHistoryInfoMode
parameters in the IP Profile table determine the call redirection
(diversion) SIP header to use - History-Info or Diversion.
Defines whether authentication of the SIP client is done locally (by
the device) or by a RADIUS server.
[0] (default) = Authentication is done by the device (locally).
[1] = Authentication is done by the RFC 5090 compliant
RADIUS server
[2] = Authentication is done according to the Draft Sterman-aaa-
sip-01 method.
Note: Currently, option [1] is not supported.
Defines the lifetime (in seconds) that the current nonce is valid for
server-based authentication. The device challenges a message
that attempts to use a server nonce beyond this period. This
parameter is used to provide replay protection (i.e., ensures that
old communication streams are not used in replay attacks).
The valid value range is 30 to 600. The default is 300.
Defines the type of server-based authentication challenge.
[0] 0 = (Default) Send SIP 401 "Unauthorized" with a WWW-
Authenticate header as the authentication challenge response.
[1] 1 = Send SIP 407 "Proxy Authentication Required" with a
Proxy-Authenticate header as the authentication challenge
response.
Defines the authentication and integrity level of quality of protection
(QoP) for digest authentication offered to the client. When the
device challenges a SIP request (e.g., INVITE), it sends a SIP 401
response with the Proxy-Authenticate header or WWW-
Authenticate header containing the 'qop' parameter. The QoP
offered in the 401 response can be 'auth', 'auth-int', both 'auth' and
'auth-int', or the 'qop' parameter can be omitted from the 401
response. In response to the 401, the client needs to send the
device another INVITE with the MD5 hash of the INVITE message
and indicate the selected auth type.
[0] 0 = The device sends 'qop=auth' in the SIP response,
requesting authentication (i.e., validates user by checking user
name and password). This option does not authenticate the
message body (i.e., SDP).
[1] 1 = The device sends 'qop=auth-int' in the SIP response,
indicating required authentication and authentication with
integrity (e.g., checksum). This option restricts the client to
authenticating the entire SIP message, including the body, if
present.
[2] 2 = (Default) The device sends 'qop=auth, auth-int' in the
SIP response, indicating either authentication or integrity. This
enables the client to choose 'auth' or 'auth-int'. If the client
chooses 'auth-int', then the body is included in the
authentication. If the client chooses 'auth', then the body is not
authenticated.
[3] 3 = No 'qop' parameter is offered in the SIP 401 challenge
message.
Global parameter that defines the duration (in seconds) of the
periodic registrations that occur between the user and the device
942
Description
Document #: LTRT-89738
Mediant 3000
Advertisement
Table of Contents
