Page 1 User's Manual AudioCodes Mediant™ Family of Session Border Controllers (SBC) Mediant 4000 SBC Version 7.2...
Page 3: Table Of Contents
Customizing the Product Name ................65 6.2.3 Customizing the Favicon ..................65 6.2.4 Creating a Login Welcome Message ............... 67 Configuring Additional Management Interfaces ............. 67 Configuring Management User Accounts .............. 69 Displaying Login Information upon Login ............... 74 Version 7.2 Mediant 4000 SBC...
Page 4 Mediant 4000 SBC Viewing Logged-In User Information ..............75 Configuring Web Session and Access Settings ............. 75 Changing Login Password for Administrator and Monitor Users ......76 Configuring Secured (HTTPS) Web ............... 77 6.10 Web Login Authentication using Smart Cards ............78 6.11 Configuring Web and Telnet Access List ...............
Page 5 General VoIP Configuration ..................163 13 Security ......................165 13.1 Configuring Firewall Settings ................165 13.2 Configuring General Security Settings ..............170 13.3 Intrusion Detection System .................. 171 13.3.1 Enabling IDS ......................172 13.3.2 Configuring IDS Policies ..................172 Version 7.2 Mediant 4000 SBC...
Page 6 Mediant 4000 SBC 13.3.3 Assigning IDS Policies ...................176 13.3.4 Viewing IDS Alarms ....................178 14 Media ........................ 181 14.1 Configuring Voice Settings ................... 181 14.1.1 Configuring Voice Gain (Volume) Control .............181 14.1.2 Configuring Echo Cancellation ................181 14.2 Fax and Modem Capabilities ................183 14.2.1 Fax/Modem Operating Modes ................183...
Page 7 15.8.2.2 Adding ELINs to the Location Information Server ......... 294 15.8.2.3 Passing Location Information to the PSTN Emergency Provider ..295 15.8.3 AudioCodes ELIN Device for Skype for Business E9-1-1 Calls to PSTN .....296 15.8.3.1 Detecting and Handling E9-1-1 Calls ............ 297 15.8.3.2 Pre-empting Existing Calls for E9-1-1 Calls ..........
Page 8 Mediant 4000 SBC 15.8.3.4 Selecting ELIN for Multiple Calls within Same ERL ......300 15.8.4 Configuring AudioCodes ELIN Device ..............301 15.8.4.1 Enabling the E9-1-1 Feature ..............301 15.8.4.2 Configuring the E9-1-1 Callback Timeout ..........301 15.8.4.3 Configuring SBC IP-to-IP Routing Rule for E9-1-1 ....... 301 15.8.4.4 Viewing the ELIN Table .................
Page 9 21.9.3 Interworking SIP REFER Messages ..............476 21.9.4 Interworking SIP PRACK Messages ..............477 21.9.5 Interworking SIP Session Timer ................477 21.9.6 Interworking SIP Early Media ................477 21.9.7 Interworking SIP re-INVITE Messages ..............480 21.9.8 Interworking SIP UPDATE Messages ..............480 Version 7.2 Mediant 4000 SBC...
Page 10 Mediant 4000 SBC 21.9.9 Interworking SIP re-INVITE to UPDATE ..............481 21.9.10 Interworking Delayed Offer ..................481 21.9.11 Interworking Call Hold ....................481 21.9.12 Interworking SIP Via Headers ................482 21.9.13 Interworking SIP User-Agent Headers ..............482 21.9.14 Interworking SIP Record-Route Headers ..............482 21.9.15 Interworking SIP To-Header Tags in Multiple SDP Answers ........482 21.9.16 Interworking In-dialog SIP Contact and Record-Route Headers ......482...
Page 11 33.4 Monitoring IP Entity and HA Switchover upon Ping Failure ......... 613 34 HA Maintenance ....................615 34.1 Maintenance of Redundant Device ..............615 34.2 Replacing a Failed Device ................... 615 34.3 Initiating an HA Switchover .................. 615 Version 7.2 Mediant 4000 SBC...
Page 12 Mediant 4000 SBC 34.4 Resetting the Redundant Unit ................616 34.5 Software Upgrade ....................616 34.6 Disconnecting and Reconnecting HA ..............616 Maintenance ......................619 35 Basic Maintenance ..................621 35.1 Resetting the Device .................... 621 35.2 Remotely Resetting Device using SIP NOTIFY ........... 622 35.3 Locking and Unlocking the Device ...............
Page 13 41.1.1.1 Provisioning the Device using DHCP Option 160 ......... 662 41.1.2 HTTP-based Provisioning ..................663 41.1.3 FTP-based Provisioning ..................664 41.1.4 Provisioning using AudioCodes OVOC ..............664 41.2 HTTP/S-Based Provisioning using the Automatic Update Feature ...... 664 41.2.1 Files Provisioned by Automatic Update ..............665 41.2.2 File Location for Automatic Update ...............666...
Page 14 53.2.1 Syslog Message Format ..................764 53.2.1.1 Event Representation in Syslog Messages .......... 766 53.2.1.2 Identifying AudioCodes Syslog Messages using Facility Levels ..768 53.2.1.3 Syslog Fields for Answering Machine Detection (AMD) ....... 768 53.2.1.4 SNMP Alarms in Syslog Messages ............769 53.2.2 Enabling Syslog .....................769...
Page 15 60.3 Debugging and Diagnostics Parameters .............. 829 60.3.1 General Parameters ....................829 60.3.2 SIP Test Call Parameters ..................829 60.3.3 Syslog, CDR and Debug Parameters ..............830 60.3.4 Resource Allocation Indication Parameters............836 60.4 HA Parameters ..................... 836 60.5 Security Parameters ..................... 838 Version 7.2 Mediant 4000 SBC...
Page 16 60.13.4 Call Setup Rules Parameters ................919 60.13.5 HTTP-based Services ....................919 60.13.6 HTTP Proxy Parameters ..................920 61 Channel Capacity .................... 923 61.1 Mediant 4000 SBC ....................924 61.2 Mediant 4000B SBC ..................... 925 62 Technical Specifications ................927 User's Manual Document #: LTRT-40203...
Page 17 Customer Support Customer technical support and services are provided by AudioCodes or by an authorized AudioCodes Service Partner. For more information on how to buy technical support for AudioCodes products and for contact information, please visit our Web site at www.audiocodes.com/support.
Page 18 Some of the features listed in this document are available only if the relevant License Key has been purchased from AudioCodes and installed on the device. For a list of License Keys that can be purchased, please consult your AudioCodes sales representative.
Page 19 Buyer may receive such source code by contacting AudioCodes, by following the instructions available on AudioCodes website.
Page 20 Mediant 4000 SBC LTRT Description to-IP Routing (IP Group load balancing); MAC Address Placeholder in Configuration File Name; VoIPerfect; Technical Specifications (AMR-WB removed).  New sections: Configuring IP Group Sets.  Updated parameters: SIPInterface_SBCDirectMedia; IPProfile_SBCDirectMediaTag; IpProfile_DisconnectOnBrokenConnection; IP2IPRouting_DestType; IPOutboundManipulation_PrivacyRestrictionMode; BrokenConnectionEventTimeout. ...
Page 21 IpProfile_SBCPlayHeldTone; IP2IPRouting_Trigger (6); IP2IPRouting_DestType (12/13); DialPlanRule_Tag; SBCCDRFormat_FieldType (818); Test_Call_RouteBy; Test_Call_Play (tone); KeepAliveTrapPort (default); SBCtestID (removed); ProxyIPListRefreshTime; RegistrationRetryTime (note); EnablePChargingVector (removed); EnableSBCApplication (default); SNMPReadOnlyCommunityString_x (max. char.); SNMPReadWriteCommunityString_x (max. char.); SNMPTrapCommunityString (max. char.).  New parameters: DeviceTable_MTU; SRD_SBCDialPlanName; SIPInterface_PreParsingManSetName; IPGroup_Tags; Version 7.2 Mediant 4000 SBC...
Page 22 Mediant 4000 SBC LTRT Description Account_RegistrarStickiness; Account_RegistrarSearchMode; Account_RegEventPackageSubscription; IpProfile_SBCFaxReroutingMode; IP2IPRouting_RoutingTagName; IP2IPRouting_InternalAction; IPGroupSet_Tags; CustomerSN; MaxRegistrationBackoffTime; MaxSDPSessionVersionId; UseRandomUser; UnregisterOnStartup; PresencePublishIPGroupId; EnableMSPresence; PreParsingManipulationSets; PreParsingManipulationRules; MWINotificationTimeout; RoutingServerQualityStatus; RoutingServerQualityStatusRate.  Updated with patch version 7.20A.152. 40201  Updated sections: Configuring the LDAP Search Filter Attribute (Web path);...
Page 23 LoggingFilters_LogDestination (new option 3); LoggingFilters_CaptureType (new option 6); WebSessionTimeout (range); StaticNatIP (removed); SBCDBRoutingSearchMode; SBCKeepContactUserinRegister  New parameters: WebUsers_CliSessionLimit; SIPRecRouting_ConditionName; IPGroup_UserUDPPortAssignment; CallFlowReportMode; DhcpOption160Support; SIPRecTimeStamp  Miscellaneous: EMS/SEM replaced with One Voice Operations Center (OVOC) – text and screenshots Version 7.2 Mediant 4000 SBC...
Page 24 Mediant 4000 SBC Documentation Feedback AudioCodes continually strives to produce high quality documentation. If you have any comments (suggestions or errors) regarding this document, please fill out the Documentation Feedback form on our Web site at http://online.audiocodes.com/doc- feedback. User's Manual...
Page 25: Introduction
User's Manual 1. Introduction Introduction This User's Manual describes how to configure and manage your AudioCodes product (hereafter, referred to as device). This document is intended for the professional person responsible for installing, configuring and managing the device. Product Overview AudioCodes Mediant 4000 Session Border Controller (SBC), hereafter referred to as device, is a mid-to-high scale capacity member of AudioCodes’...
Page 26: Typographical Conventions
Mediant 4000 SBC Typographical Conventions This document uses the following typographical conventions to convey information: Table 1-1: Typographical Conventions Convention Description Example Boldface font Used for the following Web Click the Add button. interface elements:  Buttons  Selectable parameter values ...
Page 27: Getting Familiar With Configuration Concepts And Terminology
The Media Realm can be associated with the SIP entity, by assigning the Media Realm to the IP Group of the SIP entity, or by assigning it to the SIP Interface associated with the SIP entity. The SRD is a logical representation of your entire SIP-based VoIP Version 7.2 Mediant 4000 SBC...
Page 28 Mediant 4000 SBC Configuration Terms Description network (Layer 5) containing groups of SIP users and servers. The SRD is in effect, the foundation of your configuration to which all other previously mentioned configuration entities are associated. For example, if your VoIP network consists of three SIP entities -- a SIP Trunk, a LAN IP PBX, and remote WAN users -- the three SIP Interfaces defining these Layer-3 networks would all assigned to the same SRD.
Page 29 "served" IP Group. Authentication (SIP 401) is typically relevant for INVITE messages forwarded by the device to a "serving" IP Group. Registration is for REGISTER messages, which are initiated by the device on behalf of the "serving" SIP entity. Version 7.2 Mediant 4000 SBC...
Page 30 Mediant 4000 SBC The associations between the configuration entities are summarized in the following figure: Figure 1-1: Association of Configuration Entities The main configuration entities and their involvement in the call processing is summarized in following figure. The figure is used only as an example to provide basic understanding of the configuration terminology.
Page 31: Getting Started With Initial Connectivity
Part I Getting Started with Initial Connectivity...
Page 33: Introduction
User's Manual 2. Introduction Introduction This part describes how to initially access the device's management interface and change its default IP address to correspond with your networking scheme. Version 7.2 Mediant 4000 SBC...
Page 34 Mediant 4000 SBC This page is intentionally leftblank. User's Manual Document #: LTRT-40203...
Page 35: Default Oamp Ip Address
OAMP + Media + Control IP Address 192.168.0.2 (IP address assigned to the first Ethernet Port Group (top-left ports 1 & 2) Prefix Length 24 (255.255.255.0) Default Gateway 192.168.0.1 Ethernet Device vlan 1 Interface Name O+A+M+P Version 7.2 Mediant 4000 SBC...
Page 36 Mediant 4000 SBC This page is intentionally leftblank. User's Manual Document #: LTRT-40203...
Page 37: Configuring Voip Lan Interface For Oamp
Ethernet cable. Change the IP address and subnet mask of your computer to correspond with the default OAMP IP address and subnet mask of the device. Version 7.2 Mediant 4000 SBC...
Page 38 Mediant 4000 SBC Access the Web interface: On your computer, start a Web browser and in the URL address field, enter the default IP address of the device; the Web interface's Web Login screen appears: Figure 4-1: Web Login Screen In the 'Username' and 'Password' fields, enter the case-sensitive, default login username ("Admin") and password ("Admin").
Page 39: Cli
At the prompt, type the password (default is "Admin" - case sensitive): Password: Admin At the prompt, type the following: enable At the prompt, type the password again: Password: Admin Access the Network configuration mode: # configure network Access the IP Interfaces table: Version 7.2 Mediant 4000 SBC...
Page 40 Mediant 4000 SBC (config-network)# interface network-if 0 Configure the IP address: (network-if-0)# ip-address <IP address> Configure the prefix length: (network-if-0)# prefix-length <prefix length / subnet mask, e.g., 16> Configure the Default Gateway address: (network-if-0)# gateway <IP address> Apply your settings: (network-if-0)# activate Cable the device to your network.
Page 41: Management Tools
Part II Management Tools...
Page 43: Introduction
Configuration ini file - see ''INI File-Based Management'' on page 95 Note: • Some configuration settings can only be done using a specific management tool. • For a list and description of all the configuration parameters, see ''Configuration Parameters Reference'' on page 803. Version 7.2 Mediant 4000 SBC...
Page 44 Mediant 4000 SBC This page is intentionally leftblank. User's Manual Document #: LTRT-40203...
Page 45: Web-Based Management
(Versions 5.02 or later) • Google Chrome (Version 50 or later)  Recommended screen resolutions: 1024 x 768 pixels, or 1280 x 1024 pixels Note: Your Web browser must be JavaScript-enabled to access the Web interface. Version 7.2 Mediant 4000 SBC...
Page 46: Accessing The Web Interface
Mediant 4000 SBC 6.1.2 Accessing the Web Interface The following procedure describes how to access the Web interface.  To access the Web interface: Open a standard Web browser. In the Web browser, specify the OAMP IP address of the device (e.g., http://10.1.10.10);...
Page 47: Areas Of The Gui
10.31.4.47 ACL_280152 6.1.3 Areas of the GUI The areas of the Web interface's GUI are shown in the figure below and described in the subsequent table. Figure 6-2: Main Areas of the Web Interface GUI Version 7.2 Mediant 4000 SBC...
Page 48 Mediant 4000 SBC Table 6-1: Description of the Web GUI Areas Item # Description Company logo. Menu bar containing the menus. Toolbar providing frequently required command buttons.  Save: Saves configuration changes to the device's flash memory (without resetting the device). If you make a configuration change, the button is surrounded by a red-colored border as a reminder to save your settings to flash memory, by clicking the button.
Page 49: Accessing Configuration Pages From Navigation Tree
Figure 6-3: Navigation Tree (Example) The items of the Navigation tree depend on the menu-tab combination, selected from the menu bar and tab bar, respectively. The menus and their respective tabs are listed below: Version 7.2 Mediant 4000 SBC...
Page 50 Mediant 4000 SBC  Setup menu: • IP Network tab • Signaling & Media tab • Administration tab  Monitor menu: Monitor tab  Troubleshoot menu: Troubleshoot tab When you open the Navigation tree, folders containing commonly required items are opened by default, allowing quick access to their pages.
Page 51: Configuring Stand-Alone Parameters
Modify the parameter's value as desired. Click Apply; the changes are saved to the device's volatile memory (RAM). Save the changes to the device's non-volatile memory (flash): • If a device reset is not required: Version 7.2 Mediant 4000 SBC...
Page 52: Configuring Table Parameters
Mediant 4000 SBC On the toolbar, click Save; a confirmation message box appears: Figure 6-4: Save Configuration Confirmation Box Click Yes to confirm; the changes are save to flash memory. • If a device reset is required: On the toolbar, click Reset; the Maintenance Actions page opens.
Page 53: Adding Table Rows
Configure the parameters of the row as desired. For information on configuring parameters that are assigned a value which is a row referenced from another table, see ''Assigning Rows from Other Tables'' on page 54. Version 7.2 Mediant 4000 SBC...
Page 54 Mediant 4000 SBC Click Apply to add the row to the table or click Cancel to ignore your configuration. If the Save button is surrounded by a red border, you must save your settings to flash memory, otherwise they are discarded if the device resets (without a save to flash) or powers off.
Page 55: Modifying Table Rows
6.1.6.3 Deleting Table Rows The following procedure describes how to delete a row from a table.  To delete a table row: Select the row that you want to delete. Version 7.2 Mediant 4000 SBC...
Page 56: Invalid Value Indications
Mediant 4000 SBC Click the delete icon, located on the table's toolbar; a confirmation message box appears requesting you to confirm deletion, as shown in the example below: Click Yes, Delete; the row is removed from the table and the total number of configured rows that is displayed next to the page title and page item in the Navigation tree is updated to reflect the deletion.
Page 57 Proxy Set #0 with indicating that it has an invalid parameter value, and Proxy Set #1 with indicating that it has a parameter that is referenced to a row of another table that has an invalid value: Version 7.2 Mediant 4000 SBC...
Page 58: Viewing Table Rows
Mediant 4000 SBC Figure 6-13: Invalid Icon Display in Drop-Down List of Parameter Referencing Other Rows Note: If you assign a non-mandatory parameter with a referenced row and then later delete the referenced row (in the table in which the row is configured), the parameter's value automatically changes to an empty field (i.e., no row assigned).
Page 59: Sorting Tables By Column
Changing row position is supported only by certain tables (e.g., IP-to-IP Routing table).  To change the position of a row: Click the 'Index' column header so that the rows are sorted in ascending order (e.g., 0. Version 7.2 Mediant 4000 SBC...
Page 60: Searching Table Entries
Mediant 4000 SBC 1, 2, and so on). Select the row that you want to move. Do one of the following: • To move one index up (e.g., from Index 3 to 2): Click the up arrow; the row moves one index up in the table (e.g., to 2) and the row that originally occupied the index is moved one index down (e.g., to 3).
Page 61: Searching For Configuration Parameters
• Parameter's value • Brief description of parameter Figure 6-17: Search Result Window Click the link of the navigation path corresponding to the required found parameter to open the page on which the parameter appears. Version 7.2 Mediant 4000 SBC...
Page 62: Getting Help
(see the SIPSubject parameter). 6.2.1 Replacing the Corporate Logo You can replace the default corporate logo image (i.e., AudioCodes logo) that is displayed in the Web interface. The logo appears in the following Web areas: User's Manual Document #: LTRT-40203...
Page 63: Replacing The Corporate Logo With An Image
Save your new logo image file in a folder on the same PC that you are using to access the device's Web interface. In your browser's URL address field, append the case-sensitive suffix "/AdminPage" to the device's IP address (e.g., http://10.1.229.17/AdminPage). Log in with your credentials; the Admin page appears. Version 7.2 Mediant 4000 SBC...
Page 64: Replacing The Corporate Logo With Text
Mediant 4000 SBC On the left pane, click Image Load to Device; the right pane displays the following: Figure 6-23: Customizing Web Logo Use the Browse button to select your logo file, and then click Send File; the device loads the file.
Page 65: Customizing The Product Name
6.2.3 Customizing the Favicon You can replace the default favicon (i.e., AudioCodes) with your own personalized favicon. Depending on the browser, the favicon is displayed in various areas of your browser, for example, in the URL address bar, on the page tab, and when bookmarked: Version 7.2...
Page 66 Mediant 4000 SBC Figure 6-26: Favicon Display in Browser  To customize the favicon: Save your new favicon file (.ico) in a folder on the same PC that you are using to access the device's Web interface. In your browser's URL address field, append the case-sensitive suffix "/AdminPage" to the device's IP address (e.g., http://10.1.229.17/AdminPage).
Page 67: Creating A Login Welcome Message
Reset the device with a save-to-flash for your settings to take effect. Configuring Additional Management Interfaces The Additional Management Interfaces table lets you configure up to 16 management interfaces, in addition to the OAMP management interface in the IP Interfaces table. Version 7.2 Mediant 4000 SBC...
Page 68 Mediant 4000 SBC Multiple management interfaces lets you access the device's management interfaces (e.g., Web interface and CLI) remotely through different IP addresses. Each additional management interface can be configured to use a specific network interface (Control and/or Media type) and TLS Context, and can be configured to restrict access through HTTPS only.
Page 69: Configuring Management User Accounts
Security Administrator. Note: Only Master users can delete Master users. If only one Master user exists, it can be deleted only by itself. Administrator Read/write privileges for all Web pages, except security- Version 7.2 Mediant 4000 SBC...
Page 70 Mediant 4000 SBC Numeric User Level Representation in Privileges RADIUS related pages and the Local Users table where this user has read-only privileges. Monitor Read-only privileges and access to security-related pages is blocked. Note: Only Security Administrator and Master users can configure users in the Local Users table.
Page 71 $, #, %).  No spaces.  Contain at least four new characters that were not used in the previous password. Note:  To enforce the password complexity requirements mentioned above, configure the EnforcePasswordComplexity to 1. Version 7.2 Mediant 4000 SBC...
Page 72 Mediant 4000 SBC Parameter Description  For security, password characters are not shown in the Web interface and ini file. In the Web interface, they are displayed as dots when you enter the password and then once applied, the password is displayed as an asterisk (*) in the table. In the ini file, they are displayed as an encrypted string.
Page 73 (activities) in the Web interface for the configured timeout duration. The valid value is 0, or 2 to 100000. A value of 0 means no timeout. The default value is according to the settings of the Version 7.2 Mediant 4000 SBC...
Page 74: Displaying Login Information Upon Login
Mediant 4000 SBC Parameter Description WebSessionTimeout global parameter (see 'Configuring Web Session and Access Settings' on page 75). Block Duration Defines the duration (in seconds) for which the user is blocked when the user exceeds a user-defined number of failed login attempts.
Page 75: Viewing Logged-In User Information
Figure 6-33: Configuring Web User Sessions • 'Password Change Interval': Duration (in minutes) of the validity of the Web login passwords. When the duration expires, the user must change the password in order to log in again. Version 7.2 Mediant 4000 SBC...
Page 76: Changing Login Password For Administrator And Monitor Users
Mediant 4000 SBC • 'User Inactivity Timeout': If the user has not logged into the Web interface within this duration, the status of the user becomes inactive and the user can no longer access the Web interface. The user can only log in to the Web interface if its status is changed (to New or Valid) by a Security Administrator or Master user (see ''Configuring Management User Accounts'' on page 69).
Page 77: Configuring Secured (Https) Web
Click Apply, and then reset the device with a save-to-flash for your settings to take effect. For more information on secure Web-based management including TLS certificates, see ''TLS for Remote Device Management'' on page 116. Version 7.2 Mediant 4000 SBC...
Page 78: Web Login Authentication Using Smart Cards
This feature is enabled using the EnableMgmtTwoFactorAuthentication parameter. Note: For specific integration requirements for implementing a third-party smart card for Web login authentication, contact your AudioCodes representative.  To log in to the Web interface using CAC: Insert the Common Access Card into the card reader.
Page 79: Configuring Web And Telnet Access List
When deleting all the IP addresses, make sure that you delete the IP address of the computer from which you are currently logged into the device, last; otherwise, access from your computer will be immediately denied. Version 7.2 Mediant 4000 SBC...
Page 80 Mediant 4000 SBC  To delete an IP address from the Access List: Select the Delete Row check box corresponding to the IP address that you want to delete. Click Delete Selected Addresses. User's Manual Document #: LTRT-40203...
Page 81: Cli-Based Management
CLI Settings). Configure the following parameters: • 'Embedded Telnet Server': Select Enable Unsecured or Enable Secured (i.e, SSL) to enable Telnet. • 'Telnet Server TCP Port': Enter the port number of the embedded Telnet server. Version 7.2 Mediant 4000 SBC...
Page 82: Enabling Ssh With Rsa Public Key For Cli
Mediant 4000 SBC • 'Telnet Server Idle Timeout': Enter the duration of inactivity in the Telnet session after which the session automatically ends. Click Apply, and then reset the device with a save-to-flash for your settings to take effect. For a detailed description of the Telnet parameters, see ''Telnet Parameters'' on page 809.
Page 83 Under the 'Authentication parameters' group, click Browse and then locate the private key file that you created and saved in Step 4. Connect to the device with SSH using the username "Admin"; RSA key negotiation Version 7.2 Mediant 4000 SBC...
Page 84: Configuring Maximum Telnet/Ssh Sessions
Mediant 4000 SBC occurs automatically and no password is required.  To configure RSA public keys for Linux (using OpenSSH 4.3): Run the following command to create a new key in the admin.key file and to save the public portion to the admin.key.pub file: ssh-keygen -f admin.key -N ""...
Page 85: Viewing Current Cli Sessions
The current session from which this show command was run is displayed with an asterisk (*). Note: The device can display management sessions of up to 24 hours. After this time, the duration counter is reset. Version 7.2 Mediant 4000 SBC...
Page 86: Terminating A User's Cli Session
Mediant 4000 SBC Terminating a User's CLI Session You can terminate users that are currently logged in to the device's CLI. This applies to users logged in to the CLI through RS-232 (console), Telnet, or SSH.  To terminate the CLI session of a specific CLI user: Establish a CLI session with the device.
Page 87: Snmp-Based Management
8. SNMP-Based Management SNMP-Based Management The device provides an embedded SNMP agent that lets you manage it using AudioCodes One Voice Operations Center (OVOC) or a third-party SNMP manager. The SNMP agent supports standard and proprietary Management Information Base (MIBs). All supported MIB files are supplied to customers as part of the release.
Page 88 Mediant 4000 SBC For detailed descriptions of the SNMP parameters, see ''SNMP Parameters'' on page 810.  To configure SNMP community strings: Open the SNMP Community Settings page (Setup menu > Administration tab > SNMP folder > SNMP Community Settings).
Page 89: Configuring Snmp Trap Destinations With Ip Addresses
SNMPv3 destination. By default, traps are sent unencrypted using SNMPv2. The following procedure describes how to configure SNMP trap destinations through the Web interface. You can also configure it through ini file (SNMPManager) or CLI (configure system > snmp trap-destination). Version 7.2 Mediant 4000 SBC...
Page 90 Mediant 4000 SBC  To configure SNMP trap destinations: Open the SNMP Trap Destinations table (Setup menu > Administration tab > SNMP folder > SNMP Trap Destinations). Figure 8-2: SNMP Trap Destinations Table Configure the SNMP trap manager according to the table below.
Page 91: Configuring An Snmp Trap Destination With Fqdn
(as long as the community string is correct). The following procedure describes how to configure SNMP Trusted Managers through the Web interface. You can also configure it through ini file (SNMPTrustedMgr_x) or CLI (configure system > snmp settings > trusted-managers). Version 7.2 Mediant 4000 SBC...
Page 92: Enabling Snmp Traps For Web Activity
Mediant 4000 SBC  To configure SNMP Trusted Managers: Open the SNMP Trusted Managers table (Setup menu > Administration tab > SNMP folder > SNMP Trusted Managers). Figure 8-3: SNMP Trusted Managers Table Configure an IP address (in dotted-decimal notation) for one or more SNMP Trusted Managers.
Page 93 [0] None (default)  [1] DES [SNMPUsers_PrivProtocol]  [2] 3DES  [3] AES-128  [4] AES-192  [5] AES-256 Authentication Key Authentication key. Keys can be entered in the form of a text password Version 7.2 Mediant 4000 SBC...
Page 94 Mediant 4000 SBC Parameter Description auth-key or long hex string. Keys are always persisted as long hex strings and keys are localized. [SNMPUsers_AuthKey] Privacy Key Privacy key. Keys can be entered in the form of a text password or long hex string. Keys are always persisted as long hex strings and priv-key keys are localized.
Page 95: Ini File-Based Management
An exception is Index fields, which are mandatory. • The Format line must end with a semicolon ";".  Data line(s): Contain the actual values of the columns (parameters). The values are interpreted according to the Format line. Version 7.2 Mediant 4000 SBC...
Page 96 Mediant 4000 SBC • The first word of the Data line must be the table’s string name followed by the Index field. • Columns must be separated by a comma ",". • A Data line must end with a semicolon ";".
Page 97: General Ini File Formatting Rules
(!), for example: !CpMediaRealm 1 = "ITSP", "Voice", "", 60210, 2, 6030, 0, "", ""; • To restore the device to default settings through the ini file, see ''Restoring Factory Defaults'' on page 693. Version 7.2 Mediant 4000 SBC...
Page 98: Loading An Ini File To The Device
The file may be loaded to the device using HTTP. These protocols are not secure and are vulnerable to potential hackers. To overcome this security threat, the AudioCodes DConvert utility allows you to binary-encode (encrypt) the ini file before loading it to the device.
Page 99 $0$<plain text>: Password can be entered in plain text; useful for configuring a new password. When the ini file is loaded to the device and then later saved from the device to a PC, the password is displayed obscured (i.e., $1$<obscured password>). Version 7.2 Mediant 4000 SBC...
Page 100: Ini Viewer And Editor Utility
Mediant 4000 SBC INI Viewer and Editor Utility AudioCodes INI Viewer & Editor utility provides a user-friendly graphical user interface (GUI) that lets you easily view and modify the device's ini file. This utility is available from AudioCodes Web site at www.AudioCodes.com/downloads, and can be installed on any Windows-based PC.
Page 101: General System Settings
Part III General System Settings...
Page 103: Configuring Ssl/Tls Certificates
You can configure the device to check whether a peer's certificate has been revoked, using the OCSP. When OCSP is enabled, the device queries the OCSP server for revocation information whenever a Version 7.2 Mediant 4000 SBC...
Page 104 Mediant 4000 SBC peer certificate is received (TLS client mode, or TLS server mode with mutual authentication). Note: • The device does not query OCSP for its own certificate. • Some PKIs do not support OCSP, but generate Certificate Revocation Lists (CRLs).
Page 105 Defines the Datagram Transport Layer Security (DTLS) version, which is used to negotiate keys for SBC calls. [TLSContexts_DTLSVersion]  [0] Any (default)  [1] DTLSv1.0  [2] DTLSv1.2 DTLS secures UDP-based media streams (according to RFC 5763 Version 7.2 Mediant 4000 SBC...
Page 106 Mediant 4000 SBC Parameter Description and 5764). For more information on DTLS, see SRTP using DTLS Protocol on page 207. Cipher Server Defines the supported cipher suite for the TLS server (in OpenSSL cipher list format). ciphers-server The default is AES:RC4. For valid values, visit the OpenSSL website [TLSContexts_ServerCipherSt at https://www.openssl.org/docs/man1.0.2/apps/ciphers.html.
Page 107: Assigning Csr-Based Certificates To Tls Contexts
From the 'Signature Algorithm' drop-down list, select the hash function algorithm (SHA-1, SHA-256, or SHA-512) with which to sign the certificate. Fill in the rest of the request fields according to your security provider's instructions. Version 7.2 Mediant 4000 SBC...
Page 108 Mediant 4000 SBC Click the Create CSR button; a textual certificate signing request is displayed in the area below the button: Figure 10-1: Certificate Signing Request Group Copy the text and send it to your security provider (CA) to sign this request.
Page 109 • The certificate replacement process can be repeated whenever necessary (e.g., the new certificate expires). • You can also load the device certificate through the device's Automatic Provisioning mechanism, using the HTTPSCertFileName ini file parameter. Version 7.2 Mediant 4000 SBC...
Page 110: Viewing Certificate Information
Mediant 4000 SBC 10.3 Viewing Certificate Information You can view information of TLS certificates installed on the device per TLS Context.  To view certificate information: Open the TLS Contexts table (see ''Configuring TLS Certificate Contexts'' on page 103). Select a TLS Context row, and then click the Certificate Information link located below the table;...
Page 111: Assigning Externally Created Private Keys To Tls Contexts
Browse button corresponding to the 'Send Device Certificate file ...' text. After the files successfully load to the device, save the configuration with a device reset. Verify that the private key is correct: Open the TLS Contexts table. Version 7.2 Mediant 4000 SBC...
Page 112: Generating Private Keys For Tls Contexts
Mediant 4000 SBC Select the required TLS Context index row. Click the Certificate Information link located below the table. Make sure that the 'Private key' field displays "OK"; otherwise (i.e., displays "Does not match certificate"), consult with your security administrator.
Page 113: Creating Self-Signed Certificates For Tls Contexts
In the table, select the required TLS Context index row, and then click the Change Certificate link located below the table; the Change Certificates page appears. Under the Certificate Signing Request group, in the 'Subject Name [CN]' field, enter the fully-qualified DNS name (FQDN) as the certificate subject. Version 7.2 Mediant 4000 SBC...
Page 114: Importing Certificates Into Trusted Certificate Store
Mediant 4000 SBC Scroll down the page to the Generate New Private Key and Self-signed Certificate group: Figure 10-8: Generate new private key and self-signed certificate Group Click Generate Self-Signed Certificate; a message appears requesting you to confirm generation. Click OK to confirm generation; the device generates a new self-signed certificate...
Page 115 Save certificates to a folder on your PC: Select the required certificate, click Export, and then in the Export Certificate dialog box, browse to the folder on your PC where you want to save the file and click Export. Version 7.2 Mediant 4000 SBC...
Page 116: Configuring Mutual Tls Authentication
Mediant 4000 SBC 10.8 Configuring Mutual TLS Authentication This section describes how to configure mutual (two-way) TLS authentication. 10.8.1 TLS for SIP Clients When Secure SIP (SIPS) is implemented using TLS, it is sometimes required to use two- way (mutual) authentication between the device and a SIP user agent (client). When the device acts as the TLS server in a specific connection, the device demands the authentication of the SIP client’s certificate.
Page 117: Configuring Tls Server Certificate Expiry Check
Open the TLS Contexts table (see ''Configuring TLS Certificate Contexts'' on page 103). Select the required TLS Context index row, and then click the Change Certificate link located below the table; the Change Certificates page appears. Version 7.2 Mediant 4000 SBC...
Page 118 Mediant 4000 SBC Scroll down the page to the TLS Expiry Settings group: Figure 10-12: TLS Expiry Settings Group In the 'TLS Expiry Check Start' field, enter the number of days before the installed TLS server certificate is to expire when the device sends an SNMP trap event to notify of this.
Page 119: Network
The areas of the Network view is shown in the example below and described in the subsequent table. Note: The below figure is used only as an example; your device may show different Ethernet Groups and Ethernet ports. Figure 11-1: Network View (Example) Version 7.2 Mediant 4000 SBC...
Page 120 Mediant 4000 SBC Table 11-1: Description of Network View Item # Description Configures and displays IP Interfaces. The IP Interface appears as an icon, displaying the application type ("OCM" for OAMP, "C" for Control, and "M" for Media), row index number, name, and IP address, as shown in the...
Page 121 125. To open the Ethernet Groups table, click any Ethernet Group icon, and then from the drop- down menu, choose View List. You can then view and edit all the Ethernet Groups in the table. Version 7.2 Mediant 4000 SBC...
Page 122: Configuring Physical Ethernet Ports
Mediant 4000 SBC Item # Description Configures and displays the device's Ethernet ports. To configure an Ethernet port: Click the required port icon, and then from the drop-down menu, choose Edit; the Physical Ports table opens with a dialog box for editing the Ethernet port.
Page 123 Open the Physical Ports table (Setup menu > IP Network tab > Core Entities folder > Physical Ports). Select a port that you want to configure, and then click Edit; the following dialog box appears: Version 7.2 Mediant 4000 SBC...
Page 124 Mediant 4000 SBC Configure the port according to the parameters described in the table below. Click Apply, and then save your settings to flash memory. Table 11-2: Physical Ports Table Parameter Descriptions Parameter Description General Index (Read-only) Displays the index number for the table row.
Page 125: Configuring Ethernet Port Groups
Ports with the same MAC address (e.g., GE 1-4 ports) must each be connected to a different Layer-2 switch. • When implementing 1+1 Ethernet port redundancy, each port in the Ethernet Group (port pair) must be connected to a different switch (but in the same subnet). Version 7.2 Mediant 4000 SBC...
Page 126 Mediant 4000 SBC  To configure Ethernet Groups: Open the Ethernet Groups table (Setup menu > IP Network tab > Core Entities folder > Ethernet Groups). Select the Ethernet Group that you want to configure, and then click Edit; the following...
Page 127: Configuring Underlying Ethernet Devices
Note: You cannot delete an Ethernet Device that is associated with an IP network interface (in the IP Interfaces table). You can only delete it once you have disassociated it from the IP network interface. Version 7.2 Mediant 4000 SBC...
Page 128 Mediant 4000 SBC The following procedure describes how to configure Ethernet Devices through the Web interface. You can also configure it through ini file (DeviceTable) or CLI (configure network > network-dev).  To configure an Ethernet Device: Open the Ethernet Devices table (Setup menu > IP Network tab > Core Entities folder >...
Page 129: Configuring Ip Network Interfaces
This can be achieved by employing Layer-2 VLANs and Layer-3 subnets. The figure below illustrates a typical network architecture where the device is configured with three network interfaces, each representing the OAMP, call control, and media Version 7.2 Mediant 4000 SBC...
Page 130 Mediant 4000 SBC applications. The device is connected to a VLAN-aware switch for directing traffic from and to the device to the three separated Layer-3 broadcast domains according to VLAN tags (middle pane). Figure 11-2: Multiple Network Interfaces The device is shipped with a default OAMP interface (see ''Default OAMP IP Address'' on page 35).
Page 131 IP interface, lose their association with the interface ('Interface Name' field displays "None") and the row indices become invalid. • When editing or deleting the Maintenance interface for HA mode, you must reset the device for your changes to take effect. Version 7.2 Mediant 4000 SBC...
Page 132 Mediant 4000 SBC To view configured IP network interfaces that are currently active, click the IP Interface Status Table link located at the bottom of the table. For more information, see ''Viewing Active IP Interfaces'' on page 725. Table 11-5: IP Interfaces Table Parameters Description...
Page 133 Secondary DNS Defines the secondary DNS server's IP address (in dotted- decimal notation), which is used for translating domain names secondary-dns into IP addresses for the interface. [InterfaceTable_SecondaryDNSSer By default, no IP address is defined. verIPAddress] Version 7.2 Mediant 4000 SBC...
Page 134: Assigning Ntp Services To Application Types
Mediant 4000 SBC 11.5.1 Assigning NTP Services to Application Types You can associate the Network Time Protocol (NTP) application with the OAMP or Control application type. This is done using the EnableNTPasOAM ini file parameter. For more information on NTP, see ''Configuring Automatic Date and Time using SNTP'' on page 159.
Page 135: One Voip Interface For All Applications
Media IPv4 211.211.85.14 211.211.85.1 myMediaIF Manual Static Routes table: A routing rule is required to allow remote management from a host in 176.85.49.0 / 24: Table 11-9: Example Static Routes Table Destination Prefix Length Gateway Version 7.2 Mediant 4000 SBC...
Page 136: Voip Interfaces For Combined Application Types
Mediant 4000 SBC Destination Prefix Length Gateway 176.85.49.0 192.168.11.1 All other parameters are set to their respective default values. The NTP application remains with its default application types. 11.5.3.3 VoIP Interfaces for Combined Application Types This example describes the configuration of multiple interfaces for the following applications: ...
Page 137: Voip Interfaces With Multiple Default Gateways
You can also configure it through ini file (StaticRouteTable) or CLI (configure network > static).  To configure static IP routes: Open the Static Routes table (Setup menu > IP Network tab > Core Entities folder > Static Routes). Version 7.2 Mediant 4000 SBC...
Page 138 Mediant 4000 SBC Click New; the following dialog box appears: Configure a static route according to the parameters described in the table below. The address of the host/network you want to reach is determined by an AND operation that is applied to the fields 'Destination' and 'Prefix Length'. For example, to reach network 10.8.x.x, enter "10.8.0.0"...
Page 139 (using the 'Device Name' parameter - see above).  The IP network interface associated with the static route must be of the same IP address family (IPv4 or IPv6). Version 7.2 Mediant 4000 SBC...
Page 140: Configuration Example Of Static Ip Routes
Mediant 4000 SBC 11.6.1 Configuration Example of Static IP Routes An example of the use for static routes is shown in the figure below. In the example, the device needs to communicate with a softswitch at IP address 10.1.1.10. However, the IP network interface from which packets destined for 10.1.1.10 is sent, is configured to send...
Page 141: Troubleshooting The Static Routes Table
If configured, uses the NAT Translation table which configures NAT per IP network interface - see Configuring NAT Translation per IP Interface on page 142. If NAT is not configured by any of the above-mentioned methods, the device sends the packet according Version 7.2 Mediant 4000 SBC...
Page 142: Configuring Nat Translation Per Ip Interface
Mediant 4000 SBC The figure below illustrates the NAT problem faced by SIP networks when the device is located behind a NAT: Figure 11-5: Device behind NAT and NAT Issues 11.7.1.1 Configuring NAT Translation per IP Interface The NAT Translation table lets you configure up to 32 network address translation (NAT) rules for translating source IP addresses per VoIP interface (SIP control and RTP media traffic) into NAT IP addresses (global - public) when the device is located behind NAT.
Page 143 Defines the optional starting port range (0-65535) of the global address. If not configured, the ports are not replaced. target-start-port Matching source ports are replaced with the target ports. [NATTranslation_TargetStartPort] This address is set in the SIP Via and Contact headers and Version 7.2 Mediant 4000 SBC...
Page 144: Remote Ua Behind Nat
Mediant 4000 SBC Parameter Description in the 'o=' and 'c=' SDP fields. Target End Port Defines the optional ending port range (0-65535) of the global address. If not configured, the ports are not replaced. target-end-port Matching source ports are replaced with the target ports.
Page 145: Media (Rtp/Rtcp/T.38)
UA. • UA not behind NAT: The device sends the packets to the IP address:port specified in the SDP 'c=' line (Connection) of the first received SIP message. Version 7.2 Mediant 4000 SBC...
Page 146 Mediant 4000 SBC Note: If the SIP session is established (ACK) and the device (not the UA) sends the first packet, it sends it to the address obtained from the SIP message and only after the device receives the first packet from the UA does it determine whether the UA is behind NAT.
Page 147 STUN binding requests sent on the RTP and RTCP ports. ICE tries each candidate and selects the one that works (i.e., media can flow between the clients). The following figure shows a simple illustration of ICE: Version 7.2 Mediant 4000 SBC...
Page 148: Configuring Quality Of Service
Mediant 4000 SBC The device's support for ICE-Lite means that it does not initiate the ICE process. Instead, it supports remote endpoints that initiate ICE to discover their workable public IP address with the device. Therefore, the device supports the receipt of STUN binding requests for connectivity checks of ICE candidates and responds to them with STUN responses.
Page 149: Configuring Class-Of-Service Qos
Application Types'' on page 134):  OAMP  Control  To configure DiffServ (Layer-3 QoS) values per CoS: Open the QoS Settings page (Setup menu > IP Network tab > Quality folder > QoS Settings). Version 7.2 Mediant 4000 SBC...
Page 150: Configuring Diffserv-To-Vlan Priority Mapping
Mediant 4000 SBC Click New; the following dialog box appears: Figure 11-10: Configuring Class of Service Configure DiffServ values per CoS according to the parameters described in the table below. Click Apply, and then save your settings to flash memory.
Page 151: Configuring Icmp Messages
Send ICMP Destination Unreachable messages. The device sends this message in response to a packet that cannot be delivered to its destination for reasons other than congestion. The device sends a Destination Unreachable message upon any of the following: Version 7.2 Mediant 4000 SBC...
Page 152: Dns
Mediant 4000 SBC • Address unreachable • Port unreachable This feature is applicable to IPv4 and IPv6 addressing schemes. The following procedure describes how to configure ICMP messaging through the Web interface. You can also configure it through ini file - DisableICMPUnreachable (ICMP Unreachable messages) and DisableICMPRedirects (ICMP Redirect messages).
Page 153 Defines the second IP address (in dotted-decimal format notation) to which the host name is translated. second-ip-address [Dns2Ip_SecondIpAddress] Third IP Address Defines the third IP address (in dotted-decimal format notation) to which the host name is translated. third-ip-address [Dns2Ip_ThirdIpAddress] Version 7.2 Mediant 4000 SBC...
Page 154: Configuring The Internal Srv Table
Mediant 4000 SBC 11.10.2 Configuring the Internal SRV Table The Internal SRV table resolves host names to DNS A-Records. Three different A-Records can be assigned to each host name, where each A-Record contains the host name, priority, weight, and port.
Page 155 Defines a relative weight for records with the same priority. weight-1|2|3 By default, no value is defined. [Srv2Ip_Weight1/2/3] Port (1-3) Defines the TCP or UDP port on which the service is to be found. port-1|2|3 By default, no value is defined. [Srv2Ip_Port1/2/3] Version 7.2 Mediant 4000 SBC...
Page 156: Robust Receipt Of Media Streams By Media Latching
Mediant 4000 SBC 11.11 Robust Receipt of Media Streams by Media Latching The Robust Media mechanism (or media latching) is an AudioCodes proprietary mechanism to filter out unwanted media (RTP, RTCP, SRTP, SRTCP, and T.38) streams that are sent to the same port number of the device. Media ports may receive additional multiple unwanted media streams (from multiple sources of traffic) as result of traces of previous calls, call control errors, or deliberate malicious attacks (e.g., Denial of Service).
Page 157 User's Manual 11. Network Click Apply, and then save your settings to flash memory. Version 7.2 Mediant 4000 SBC...
Page 158: Multiple Routers Support
Mediant 4000 SBC 11.12 Multiple Routers Support Multiple routers support is designed to assist the device when it operates in a multiple routers network. The device learns the network topology by responding to Internet Control Message Protocol (ICMP) redirections and caches them as routing rules (with expiration time).
Page 159: Date And Time
• In the 'NTP Authentication Key Identifier' field, configure the NTP authentication key identifier. • In the 'NTP Authentication Secret Key' field, configure the secret authentication key shared between the device and the NTP server. Version 7.2 Mediant 4000 SBC...
Page 160: Configuring Date And Time Manually
Mediant 4000 SBC Verify that the device has received the correct date and time from the NTP server. The date and time is displayed in the 'UTC Time' read-only field under the Time Zone group. Note: If the device does not receive a response from the NTP server, it polls the NTP server for 10 minutes.
Page 161: Configuring The Time Zone
UTC. For example, if your region is GMT +1 (an hour ahead), enter "1" in the 'Hours' field. Click Apply; the updated time is displayed in the 'UTC Time' read-only field and the fields under the Local Time group. Version 7.2 Mediant 4000 SBC...
Page 162: Configuring Daylight Saving Time
Mediant 4000 SBC 12.4 Configuring Daylight Saving Time You can apply daylight saving time (DST) to the date and time of the device. DST defines a date range in the year (summer) where the time is brought forward so that people can experience more daylight.
Page 163: General Voip Configuration
Part IV General VoIP Configuration...
Page 165: Security
The matched rule can permit (allow) or deny (block) the packet. Once a rule in the table is located, subsequent rules further down the table are ignored. If the end of the table is reached without a match, the packet is accepted. Version 7.2 Mediant 4000 SBC...
Page 166 Mediant 4000 SBC Note: • The rules configured by the Firewall table apply to a very low-level network layer and overrides all other security-related configuration. Thus, if you have configured higher-level security features (e.g., on the Application level), you must also configure firewall rules to permit this necessary traffic.
Page 167 The IP address of the sender of the incoming packet is trimmed in accordance with the prefix length (in bits) and then compared to the parameter ‘Source IP’. The default is 0 (i.e., applies to all packets). You must change Version 7.2 Mediant 4000 SBC...
Page 168 Mediant 4000 SBC Parameter Description this value to any of the above options. Note: A value of 0 applies to all packets, regardless of the defined IP address. Therefore, you must set the parameter to a value other than 0.
Page 169 50000 Action Upon Match Allow Allow Allow Allow Block The firewall rules in the above configuration example do the following:  Rules 1 and 2: Typical firewall rules that allow packets ONLY from specified IP Version 7.2 Mediant 4000 SBC...
Page 170: Configuring General Security Settings
Mediant 4000 SBC addresses (e.g., proxy servers). Note that the prefix length is configured.  Rule 3: A more "advanced” firewall rule - bandwidth rule for ICMP, which allows a maximum bandwidth of 40,000 bytes/sec with an additional allowance of 50,000 bytes.
Page 171: Intrusion Detection System
IDS rules. Each rule defines a type of malicious attack to detect and the number of attacks during an interval (threshold) before an SNMP trap is sent. Each policy is then applied to a target under attack (SIP interface) and/or source of attack (Proxy Set and/or subnet address). Version 7.2 Mediant 4000 SBC...
Page 172: Enabling Ids
Mediant 4000 SBC 13.3.1 Enabling IDS The following procedure describes how to enable IDS.  To enable IDS: Open the IDS General Settings page (Setup menu > Signaling & Media tab > Intrusion Detection folder >IDS General Settings). Figure 13-3: Enabling IDS From the 'Intrusion Detection System' drop-down list, select Enable.
Page 173 The valid value is a string of up to 100 characters. [IDSPolicy_Description] In the IDS Policies table, select the required IDS Policy row, and then click the IDS Rule link located below the table; the IDS Rule table opens. Version 7.2 Mediant 4000 SBC...
Page 174 Mediant 4000 SBC Click New; the following dialog box appears: Figure 13-6: IDS Rule Table - Add Dialog Box The figure above shows a configuration example: If 15 malformed SIP messages ('Reason') are received within a period of 30 seconds ('Threshold Window'), a minor alarm is sent ('Minor-Alarm Threshold').
Page 175 [IDSRule_MajorAlarmThreshold] defined. Critical-Alarm Threshold Defines the threshold that if crossed a critical severity alarm is sent. critical-alrm-thr The valid range is 1 to 1,000,000. A value of 0 or -1 means not [IDSRule_CriticalAlarmThreshold] defined. Deny Version 7.2 Mediant 4000 SBC...
Page 176: Assigning Ids Policies
Mediant 4000 SBC Parameter Description Deny Threshold Defines the threshold that if crossed, the device blocks (blacklists) the remote host (attacker). deny-thr The default is -1 (i.e., not configured). [IDSRule_DenyThreshold] Note: The parameter is applicable only if the 'Threshold Scope' parameter is set to IP or IP+Port.
Page 177 !10.1.0.0/16 & !10.2.2.2: includes all addresses except those of subnet 10.1.0.0/16 and IP address 10.2.2.2. Note that the exclamation mark "!" appears before each subnet.  10.1.0.0/16 & !10.1.1.1: includes subnet 10.1.0.0/16, except IP address 10.1.1.1. Version 7.2 Mediant 4000 SBC...
Page 178: Viewing Ids Alarms
Mediant 4000 SBC Parameter Description Policy Assigns an IDS Policy (configured in ''Configuring IDS Policies'' on page 172). policy [IDSMatch_Policy] 13.3.4 Viewing IDS Alarms For the IDS feature, the device sends the following SNMP traps:  Traps that notify the detection of malicious attacks: •...
Page 179 Malicious signature pattern detected establish-malicious- signature-db-reject   Requests and responses without a matching flow-no-match-tu Abnormal Flow transaction user (except ACK requests)  flow-no-match-  Requests and responses without a matching transaction transaction (except ACK requests) Version 7.2 Mediant 4000 SBC...
Page 180 Mediant 4000 SBC This page is intentionally left blank. User's Manual Document #: LTRT-40203...
Page 181: Media
(non-linear) of the received signal (i.e., from the speaker) which find their way from multiple reflections such as walls and windows into the transmitted signal (i.e., microphone). Therefore, the party at the far end hears his / her Version 7.2 Mediant 4000 SBC...
Page 182 Mediant 4000 SBC echo. The device removes these echoes and sends only the near-end’s desired speech signal to the network (i.e., to the far-end party). The echo is composed of a linear part and a nonlinear part. However, in the Acoustic Echo Canceler, a substantial part of the echo is non-linear echo.
Page 183: Fax And Modem Capabilities
During a call, when a fax/modem signal is detected, transition from voice to VBD (or T.38) is automatically performed and no additional SIP signaling is required. If negotiation fails (i.e., no match is achieved for Version 7.2 Mediant 4000 SBC...
Page 184: Fax/Modem Transport Modes
Mediant 4000 SBC any of the transport capabilities), fallback to existing logic occurs (according to the parameter IsFaxUsed). 14.2.2 Fax/Modem Transport Modes The device supports the following transport modes for fax per modem type (V.22/V.23/Bell/V.32/V.34):  T.38 fax relay (see ''T.38 Fax Relay Mode'' on page 184) ...
Page 185 T.38 Relay (FaxTransportMode = 1). Configure the following optional parameters: • 'Fax Relay Redundancy Depth' (FaxRelayRedundancyDepth) • 'Fax Relay Enhanced Redundancy Depth' (FaxRelayEnhancedRedundancyDepth) • 'Fax Relay ECM Enable' (FaxRelayECMEnable) • 'Fax Relay Max Rate' (FaxRelayMaxRate) Version 7.2 Mediant 4000 SBC...
Page 186: Fax / Modem Transport Mode
RTP method is used, whereby the device encapsulates the entire T.38 packet (payload with all its headers) in the sent RTP. For T.38 over RTP, AudioCodes devices use the proprietary identifier "AcUdptl" in the 'a=ftmp' line of the SDP. For example: o=AudiocodesGW 1357424688 1357424660 IN IP4 10.8.6.68...
Page 187: Fax Fallback
When the device initiates a fax session using G.711, a ‘gpmd’ attribute is added to the SDP according to the following format:  For G.711A-law: a=gpmd:0 vbd=yes;ecan=on  For G.711 µ-law: a=gpmd:8 vbd=yes;ecan=on In this mode, the 'Fax Transport Mode' (FaxTransportMode) parameter is ignored and automatically set to Disable (transparent mode). Version 7.2 Mediant 4000 SBC...
Page 188: Fax/Modem Bypass Mode
Mediant 4000 SBC  To configure fax fallback mode: Open the Gateway General Settings page (Setup menu > Signaling & Media tab > Gateway folder > Gateway General Settings), and then from the 'Fax Signaling Method' drop-down list (IsFaxUsed), select Fax Fallback: Figure 14-8: Configuring Fax Signaling to Fallback Click Apply.
Page 189: Fax / Modem Nse Mode
INVITE messages are sent. The voice channel is optimized for fax/modem transmission (same as for usual bypass mode). The parameters defining payload type for AudioCodes proprietary Bypass mode -- 'Fax Bypass Payload Type' (RTP/RTCP Settings page) and ModemBypassPayloadType (ini file) -- are not used with NSE Bypass.
Page 190: Fax / Modem Transparent With Events Mode
Mediant 4000 SBC Set the 'V.22 Modem Transport Type' parameter to Enable Bypass (V22ModemTransportType = 2). Set the 'V.23 Modem Transport Type' parameter to Enable Bypass (V23ModemTransportType = 2). Set the 'V.32 Modem Transport Type' parameter to Enable Bypass (V32ModemTransportType = 2).
Page 191: Rfc 2833 Ans Report Upon Fax/Modem Detection
V.34 fax machines can transmit data over IP to the remote side using various methods. The device supports the following modes for transporting V.34 fax data over IP:  Bypass mechanism for V.34 fax transmission (see ''Bypass Mechanism for V.34 Fax Transmission'' on page 192) Version 7.2 Mediant 4000 SBC...
Page 192: Bypass Mechanism For V.34 Fax Transmission
Mediant 4000 SBC  T.38 Version 0 relay mode, i.e., fallback to T.38 (see ''Relay Mode for T.30 and V.34 Faxes'' on page 192) Note: The CNG detector is disabled in all the subsequent examples. To disable the CNG detector, set the 'CNG Detector Mode' parameter (CNGDetectorMode) to Disable.
Page 193: Support
To minimize this problem, the device uses a jitter buffer. The jitter buffer collects voice packets, stores them and sends them to the voice processor in evenly spaced intervals. The device uses a dynamic jitter buffer that can be configured with the following: Version 7.2 Mediant 4000 SBC...
Page 194 Mediant 4000 SBC  Minimum delay: Defines the starting jitter capacity of the buffer. For example, at 0 msec, there is no buffering at the start. At the default level of 10 msec, the device always buffers incoming packets by at least 10 msec worth of voice frames.
Page 195: Configuring Rfc 2833 Payload
However, the port range of the Media Realm must be within the range configured by the BaseUDPPort parameter. The following procedure describes how to configure the RTP base UDP port through the Web interface. Version 7.2 Mediant 4000 SBC...
Page 196: Event Detection And Notification Using X-Detect Header
Mediant 4000 SBC  To configure the RTP base UDP port: Open the RTP/RTCP Settings page (Setup menu > Signaling & Media tab > Media folder > RTP/RTCP Settings). In the 'RTP Base UDP Port' field, configure the lower boundary of the UDP port range.
Page 197: Detecting Answering Machine Beeps
(Tone Type #46) that is also defined in the installed CPT file and the received INVITE message contains an X-Detect header with the value "Request=CPT": X-Detect: Request=CPT For more information on the CPT file, see ''Call Progress Tones File'' on page 629. Version 7.2 Mediant 4000 SBC...
Page 198: Sip Call Flow Examples Of Event Detection And Notification
Mediant 4000 SBC The device reports beep detections to application servers, by sending a SIP INFO message that contains a body with one of the following values, depending on the method used for detecting the beep:  AMD-detected Beep: Type= AMD SubType= Beep ...
Page 199 The device detects the beep of an answering machine and sends an INFO message to the remote party: INFO sip:101@10.33.2.53;user=phone SIP/2.0 Via: SIP/2.0/UDP 10.33.2.53;branch=z9hG4bKac5906 Max-Forwards: 70 From: "anonymous" <sip:anonymous@anonymous.invalid>;tag=1c25298 To: <sip:101@10.33.2.53;user=phone> Call-ID: 11923@10.33.2.53 CSeq: 1 INVITE Version 7.2 Mediant 4000 SBC...
Page 200: Answering Machine Detection (Amd)
AudioCodes sales representative for more information on this service. You will be typically required to provide AudioCodes with a database of recorded voices (calls) in the language on which the device's AMD feature can base its voice detector algorithms.
Page 201 User's Manual 14. Media Once you have provided AudioCodes with your database of recordings, AudioCodes compiles it into a loadable file. For a brief description of the file format and for installing the file on the device, see ''AMD Sensitivity File'' on page 639.
Page 202: Configuring Amd
Mediant 4000 SBC Table 14-3: Approximate AMD High Detection Sensitivity - Parameter Suite 1 (Based on North American English) Performance AMD Detection Sensitivity Success Rate for Live Calls Success Rate for Answering Machine 0 (Best for Answering Machine) 15 (Best for Live Calls) 14.5.1 Configuring AMD...
Page 203: Automatic Gain Control (Agc)
AGCDisableFastAdaptation. After Fast Mode is used, the signal should be off for two minutes in order to have the feature turned on again. The following procedure describes how to configure AGC using the Web interface: Version 7.2 Mediant 4000 SBC...
Page 204: Configuring Media (Srtp) Security
Mediant 4000 SBC  To configure AGC using the Web interface: Open the DSP Settings page (Setup menu > Signaling & Media tab > Media folder > DSP Settings): Figure 14-12: AGC Parameters Configure the following parameters: • 'Enable AGC' (EnableAGC) - Enables the AGC mechanism.
Page 205 For a detailed description of the SRTP parameters, see ''Configuring IP Profiles'' on page 418 and ''SRTP Parameters'' on page 841. • When SRTP is used, the channel capacity may be reduced. The procedure below describes how to configure SRTP through the Web interface. Version 7.2 Mediant 4000 SBC...
Page 206 Mediant 4000 SBC  To enable and configure SRTP: Open the Media Security page (Setup menu > Signaling & Media tab > Media folder > Media Security). Figure 14-13: Configuring Media Security From the 'Media Security' drop-down list (EnableMediaSecurity), select Enable to enable SRTP.
Page 207: Srtp Using Dtls Protocol
Open the IP Profiles table (see ''Configuring IP Profiles'' on page 418) and for the IP Profile associated with the SIP entity, configure the following: • Configure the 'SBC Media Security Mode' parameter (IPProfile_SBCMediaSecurityBehavior) to SRTP or Both. • Configure the 'Media Security Method' parameter (IPProfile_SBCMediaSecurityMethod) to DTLS. Version 7.2 Mediant 4000 SBC...
Page 208 Mediant 4000 SBC • Configure the 'RTCP Mux' parameter (IpProfile_SBCRTCPMux) to Supported. Multiplexing is required as the DTLS handshake is done for the port used for RTP and thus, RTCP and RTP must be multiplexed onto the same port. •...
Page 209: Services
DHCP Server Identifier Option 51 IP Address Lease Time Option 1 Subnet Mask Option 3 Router Option 6 Domain Name Server Option 44 NetBIOS Name Server Option 46 NetBIOS Node Type Option 42 Network Time Protocol Server Version 7.2 Mediant 4000 SBC...
Page 210 Mediant 4000 SBC DHCP Option Code DHCP Option Name Option 2 Time Offset Option 66 TFTP Server Name Option 67 Boot file Name Option 120 SIP Server Once you have configured the DHCP server, you can configure the following: ...
Page 211 Note: The IP address must belong to the same subnet as the associated interface’s IP address. End IP Address Defines the ending IP address (IPv4 address in dotted-decimal format) of the IP address pool range used by the DHCP server end-address Version 7.2 Mediant 4000 SBC...
Page 212 Mediant 4000 SBC Parameter Description [DhcpServer_EndIPAddress] to allocate addresses. The default value is 192.168.0.149. Note: The IP address must belong to the same subnet as the associated interface’s IP address and must be "greater or equal" to the starting IP address defined in 'Start IP Address'.
Page 213 SIP requests. The value is sent in DHCP [DhcpServer_SipServer] Option 120 (SIP Server). After defining the parameter, use the 'SIP server type' parameter (see below) to define the type of Version 7.2 Mediant 4000 SBC...
Page 214: Configuring The Vendor Class Identifier
The VCI is a string that identifies the vendor and functionality of a DHCP client to the DHCP server. For example, Option 60 can show the unique type of hardware (e.g., "AudioCodes 440HD IP Phone") or firmware of the DHCP client. The DHCP server can then differentiate between DHCP clients and process their requests accordingly.
Page 215: Configuring Additional Dhcp Options
Open the DHCP Servers table (see ''Configuring the DHCP Server'' on page 209). Select the row of the desired DHCP server for which you want to configure additional DHCP Options, and then click the DHCP Option link located below the table; the DHCP Option table opens. Version 7.2 Mediant 4000 SBC...
Page 216 Mediant 4000 SBC Click New; the following dialog box appears: Figure 15-3: DHCP Option Table - Add Dialog Box Configure additional DHCP Options for the DHCP server according to the parameters described in the table below. Click Apply. Table 15-4: DHCP Option Table Parameter Descriptions...
Page 217: Configuring Static Ip Addresses For Dhcp Clients
Select the row of the desired DHCP server for which you want to configure static IP addresses for DHCP clients, and then click the DHCP Static IP link located below the table; the DHCP Static IP table opens. Version 7.2 Mediant 4000 SBC...
Page 218: Viewing And Deleting Dhcp Clients
Mediant 4000 SBC Click New; the following dialog box appears: Figure 15-4: DHCP Static IP Table - Add Dialog Box Configure a static IP address for a specific DHCP client according to the parameters described in the table below. Click Apply.
Page 219: Sip-Based Media Recording
SIP that will manage delivery of RTP media to a recording device. The siprec protocol is based on RFC 6341 (Use Cases and Requirements for SIP-Based Media Recording), Session Recording Protocol (draft-ietf-siprec-protocol-02), and Architecture (draft-ietf-siprec-architecture-03). Version 7.2 Mediant 4000 SBC...
Page 220 Mediant 4000 SBC Warning for Deployments in France: The device supports SIP-based Media Recording (SIPREC) according to RFC 6341. As such, you must adhere to the Commission Nationale Informatique Libert‫’י‬s (CNIL) directive (https://www.cnil.fr/en/rights-and-obligations) and be aware that article R226-15 applies penalties to the malicious interception, diversion, use or disclosure of correspondence sent, transmitted or received by means of telecommunication, or the setting up of a device designed to produce such interceptions.
Page 221 SRS instead (which now becomes the active SRS). For new calls, if the device receives no response or a reject response from the active SRS to its' sent INVITE message, the device sends the recorded call to the standby SRS. Figure 15-7: Multiple SRSs (Standalone and Redundancy) Version 7.2 Mediant 4000 SBC...
Page 222 Mediant 4000 SBC Note: • The device can send recordings (media) to up to three active SRSs. In other words, any one of the following configurations are supported: √ Up to three standalone (active) SRSs. √ Up to three active-standby SRS pairs (i.e., six SRSs, but recordings are sent only to the three active SRSs).
Page 223 0-15 m=audio 6030 RTP/AVP 8 96 c=IN IP4 10.33.8.70 a=ptime:20 a=sendonly a=label:2 a=rtpmap:8 PCMA/8000 a=rtpmap:96 telephone-event/8000 a=fmtp:96 0-15 --boundary_ac1fffff85b Content-Type: application/rs-metadata Content-Disposition: recording-session <?xml version="1.0" encoding="UTF-8"?> <recording xmlns='urn:ietf:params:xml:ns:recording'> <datamode>complete</datamode> <group id="00000000-0000-0000-0000-00003a36c4e3"> <associate-time>2010-01-24T01:11:57Z</associate-time> </group> <session id="0000-0000-0000-0000-00000000d0d71a52"> Version 7.2 Mediant 4000 SBC...
Page 224: Enabling Sip-Based Media Recording
Mediant 4000 SBC <group-ref>00000000-0000-0000-0000-00003a36c4e3</group-ref> <start-time>2010-01-24T01:11:57Z</start-time> <ac:AvayaUCID xmlns="urn:ietf:params:xml:ns:Avaya">FA080030C4E34B5B9E59</ac:Avay aUCID> </session> <participant id="1056" session="0000-0000-0000-0000- 00000000d0d71a52"> <nameID aor="1056@192.168.241.20"></nameID> <associate-time>2010-01-24T01:11:57Z</associate-time> <send>00000000-0000-0000-0000-1CF23A36C4E3</send> <recv>00000000-0000-0000-0000-BF583A36C4E3</recv> </participant> <participant id="182052092" session="0000-0000-0000-0000- 00000000d0d71a52"> <nameID aor="182052092@voicelab.local"></nameID> <associate-time>2010-01-24T01:11:57Z</associate-time> <recv>00000000-0000-0000-0000-1CF23A36C4E3</recv> <send>00000000-0000-0000-0000-BF583A36C4E3</send> </participant> <stream id="00000000-0000-0000-0000-1CF23A36C4E3" session="0000- 0000-0000-0000-00000000d0d71a52"> <label>1</label> </stream> <stream id="00000000-0000-0000-0000-BF583A36C4E3" session="0000- 0000-0000-0000-00000000d0d71a52"> <label>2</label>...
Page 225: Configuring Sip Recording Rules
IP Group "SRS-1" is the active SRS and IP Group "SRS-2" the standby SRS. Configure a SIP recording rule according to the parameters described in the table below. Click Apply, and then save your settings to flash memory. Version 7.2 Mediant 4000 SBC...
Page 226 Mediant 4000 SBC Table 15-6: SIP Recording Rules Table Parameter Descriptions Parameter Description General Index Defines an index number for the new table record. [SIPRecRouting_Index] Recorded IP Group Defines the IP Group participating in the call and the recording is done on the leg interfacing with this recorded-ip-group-name IP Group.
Page 227: Using Conditions For Starting A Siprec Session
'Call Setup Rules Set ID': 1 In the Message Conditions table (see Configuring Message Condition Rules on page 400), click New, and then configure a Message Condition rule with the following properties: • 'Index': 0 • 'Name': CallRec Version 7.2 Mediant 4000 SBC...
Page 228: Configuring Sip User Part For Srs
SIP message, typically in the INVITE and the first 18x response. If the device receives a SIP message with Genesys SIP header, it adds the header's information to AudioCodes' proprietary tag in the XML metadata of the SIP INVITE that it sends to the recording server, as shown below: <ac:GenesysUUID...
Page 229: Radius-Based Services
When the primary RADIUS server is down, the device sends a RADIUS request twice (one retransmission) and if both fail (i.e., no response), the device considers the server as down and attempts to send requests to the next server. The device continues Version 7.2 Mediant 4000 SBC...
Page 230 Mediant 4000 SBC sending RADIUS requests to the redundant RADIUS server even if the primary server returns to service later on. However, if a device reset occurs or a switchover occurs in a High-Availability (HA) system, the device sends RADIUS requests to the primary RADIUS server.
Page 231 When set to 0, RADIUS-based login authentication is not implemented. The valid value is 0 to any integer. The default is 1645. Accounting Port Defines the port of the RADIUS Accounting server to where the Version 7.2 Mediant 4000 SBC...
Page 232: Configuring Interface For Radius Communication
Mediant 4000 SBC Parameter Description acc-port device sends accounting data of SIP calls as call detail records (CDR). When set to any value other than 0, the RADIUS server [RadiusServers_AccountingPort] is used by the device for RADIUS-based accounting (CDR). When set to 0, RADIUS-based accounting is not implemented.
Page 233: Configuring The Radius Vendor Id
Local Users table (see ''Configuring Management User Accounts'' on page 69). However, you can configure the device to use the Local Users table as a fallback mechanism if the RADIUS server does not respond. Version 7.2 Mediant 4000 SBC...
Page 234: Setting Up A Third-Party Radius Server
Mediant 4000 SBC When RADIUS authentication is used, the RADIUS server stores the user accounts - usernames, passwords, and access levels (authorization). When a management user (client) tries to access the device, the device sends the RADIUS server the user's username and password for authentication.
Page 235: Configuring Radius-Based User Authentication
RADIUS servers, see ''Configuring Management User Accounts'' on page 69. # AudioCodes VSA dictionary VENDOR AudioCodes 5003 ATTRIBUTE ACL-Auth-Level 35 integer AudioCodes VALUE ACL-Auth-Level ACL-Auth-UserLevel 50 VALUE ACL-Auth-Level ACL-Auth-AdminLevel 100 VALUE ACL-Auth-Level ACL-Auth-SecurityAdminLevel 200 Define the list of users authorized to use the device, using one of the password authentication methods supported by the server implementation.
Page 236 Mediant 4000 SBC • If the RADIUS server response includes the access level attribute: In the 'RADIUS VSA Access Level Attribute' field, enter the code that indicates the access level attribute in the VSA section of the received RADIUS packet. For defining the RADIUS server with access levels, see ''Setting Up a Third-Party RADIUS Server'' on page 234.
Page 237: Securing Radius Communication
For the device to run a search, the path to the directory’s subtree, known as the distinguished name (DN), where the search is to be done must be configured (see ''Configuring LDAP DNs (Base Paths) per LDAP Server'' on page 245). The search Version 7.2 Mediant 4000 SBC...
Page 238 Mediant 4000 SBC key (filter), which defines the exact DN to search and one or more attributes whose values must be returned to the device must also be configured. For more information on configuring these attributes and search filters, see ''AD-based Routing for Microsoft Skype for Business'' on page 259.
Page 239: Enabling The Ldap Service
Figure 15-22: Enabling LDAP-based Login Authentication Under the LDAP group, from the 'Use LDAP for Web/Telnet Login' drop-down list, select Enable. Click Apply, and then reset the device with a save-to-flash for your settings to take effect. Version 7.2 Mediant 4000 SBC...
Page 240: Configuring Ldap Server Groups
Mediant 4000 SBC 15.4.3 Configuring LDAP Server Groups The LDAP Server Groups table lets you configure up to 250 LDAP Server Groups. An LDAP Server Group is a logical configuration entity that contains up to two LDAP servers. LDAP servers are assigned to LDAP Server Groups in the LDAP Servers table (see ''Configuring LDAP Servers'' on page 242).
Page 241 Defines the duration (in hours) after which the LDAP entry is deleted from the device's LDAP cache. cache-entry-removal- timeout The valid range is 0 to 596. The default is 0 (i.e., the entry is never deleted). [LdapServerGroups_CacheEntr yRemovalTimeout] Version 7.2 Mediant 4000 SBC...
Page 242: Configuring Ldap Servers
Mediant 4000 SBC 15.4.4 Configuring LDAP Servers The LDAP Servers table lets you configure up to 500 LDAP servers. The table defines the address and connectivity settings of the LDAP server. The LDAP server can be configured for SIP-related queries (e.g., routing and manipulation) or LDAP-based management user login authentication and authorization (username-password).
Page 243 Note: If the response time expires, you can configure the device to ServerMaxRespondTime] use the Local Users table for authenticating the user. For more information, see ''Configuring Local Database for Management User Authentication'' on page 253. Version 7.2 Mediant 4000 SBC...
Page 244 Mediant 4000 SBC Parameter Description LDAP Server Domain Name Defines the domain name (FQDN) of the LDAP server. The device tries to connect to the LDAP server according to the IP address listed domain-name in the received DNS query. If there is no connection to the LDAP...
Page 245: Configuring Ldap Dns (Base Paths) Per Ldap Server
Web interface. You can also configure it through ini file (LdapServersSearchDNs) or CLI (configure system > ldap ldap-servers-search-dns).  To configure an LDAP base path per LDAP server: Open the LDAP Servers table (Setup menu > IP Network tab > RADIUS & LDAP folder > LDAP Servers). Version 7.2 Mediant 4000 SBC...
Page 246: Configuring The Ldap Search Filter Attribute
Mediant 4000 SBC In the table, select the row of the LDAP server for which you want to configure DN base paths, and then click the LDAP Servers Search Based DNs link located below the table; the LDAP Server Search Base DN table opens.
Page 247: Configuring Access Level Per Management Groups Attributes
(see ''Configuring LDAP Servers'' on page 242). Group objects represent groups in the LDAP server of which the user is a member. The access level represents the user account's permissions and rights in the device's Version 7.2 Mediant 4000 SBC...
Page 248 Mediant 4000 SBC management interface (e.g., Web and CLI). The access level can either be Monitor, Administrator, or Security Administrator. For an explanation on the privileges of each level, see ''Configuring Management User Accounts'' on page 69. When the username-password authentication with the LDAP server succeeds, the device searches the LDAP server for all groups of which the user is a member.
Page 249: Configuring The Device's Ldap Cache
Improves routing decision performance by using local cache for subsequent LDAP queries  Reduces number of queries performed on an LDAP server and corresponding bandwidth consumption  Provides partial survivability in case of intermittent LDAP server failure (or network isolation) Version 7.2 Mediant 4000 SBC...
Page 250 Mediant 4000 SBC The handling of LDAP queries using the device's LDAP cache is shown in the flowchart below: Figure 15-28: LDAP Query Process with Local LDAP Cache If an LDAP query is required for an Attribute of a key that is already cached with that same Attribute, instead of sending a query to the LDAP server, the device uses the cache.
Page 251: Refreshing The Ldap Cache
LDAP cache. The device sends an LDAP query to the LDAP server for the cached Attributes of the specified search key and replaces the old values in the cache with the new values received in the LDAP response. Version 7.2 Mediant 4000 SBC...
Page 252 Mediant 4000 SBC For example, assume the cache contains a previously queried LDAP Attribute "telephoneNumber=1004" whose associated Attributes include "displayName", "mobile" and "ipPhone". If you perform a cache refresh based on the search key "telephoneNumber=1004", the device sends an LDAP query to the server requesting values for the "displayName", "mobile"...
Page 253: Clearing The Ldap Cache
(if the server is up, the device authenticates the user with the server). ♦ Always: First attempts to authenticate the user using the Local Users table, Version 7.2 Mediant 4000 SBC...
Page 254 Mediant 4000 SBC but if not found, it authenticates the user with the LDAP/RADIUS server. Configure whether the Local Users table must be used to authenticate login users upon connection timeout with the server. From the 'Behavior upon Authentication Server Timeout' drop-down list, select one of the following: ♦...
Page 255: Ldap-Based Login Authentication Example
The LDAP server's entry data structure schema in the example is as follows:  DN (base path): OU=testMgmt,OU=QA,DC=testqa,DC=local. The DN path to search for the username in the directory is shown below: Figure 15-33: Base Path (DN) in LDAP Server Version 7.2 Mediant 4000 SBC...
Page 256 Mediant 4000 SBC  Search Attribute Filter: (sAMAccountName=$). The login username is found based on this attribute (where the attribute's value equals the username): Figure 15-34: Username Found using sAMAccount Attribute Search Filter  Management Attribute: memberOf. The attribute contains the member groups of the...
Page 257 Figure 15-37: Configuring LDAP Server Group for Management  The DN is configured in the LDAP Server Search Base DN table (see ''Configuring LDAP DNs (Base Paths) per LDAP Server'' on page 245): Figure 15-38: Configuring DN Version 7.2 Mediant 4000 SBC...
Page 258 Mediant 4000 SBC  The search attribute filter based on username is configured by the 'LDAP Authentication Filter' parameter (see ''Configuring the LDAP Search Filter Attribute'' on page 246): Figure 15-39: Configuring Search Attribute Filter  The group management attribute is configured by the 'Management Attribute'...
Page 259: Enabling Ldap Searches For Numbers With Characters
PBX or IP PBX - users not yet migrated to Skype for Business  Mobile - mobile number  Private - private telephone line for Skype for Business users (in addition to the primary telephone line) Version 7.2 Mediant 4000 SBC...
Page 260: Querying The Ad And Routing Priority
Mediant 4000 SBC 15.4.12.1 Querying the AD and Routing Priority The device queries the AD using the initial destination number (i.e., called number). The query can return up to four user phone numbers, each pertaining to one of the IP domains (i.e., private number, Skype for Business number, PBX / IP PBX number, and mobile...
Page 261 - call busy), the device can route the call to an alternative destination if an alternative routing rule is configured. "Redundant" route: If the query failed (i.e., no attribute found in the AD), the device uses the routing rule matching the "LDAP_ERR" prefix destination number value. Version 7.2 Mediant 4000 SBC...
Page 262 Mediant 4000 SBC The flowchart below summarizes the device's process for querying the AD and routing the call based on the query results: Figure 15-42: Querying AD in Skype for Business Environment Note: If you are using the device's local LDAP cache, see ''Configuring the Device's LDAP Cache'' on page 249 for the LDAP query process.
Page 263: Configuring Ad-Based Routing Rules
LDAP server. For alternative routing, enable the alternative routing mechanism and configure corresponding SIP reasons for alternative routing. For this feature, alternative routing starts from the table row located under the LDAP query row. Version 7.2 Mediant 4000 SBC...
Page 264 Mediant 4000 SBC The table below shows an example for configuring AD-based SBC routing rules in the IP- to-IP Routing Table: Table 15-14: AD-Based SBC IP-to-IP Routing Rule Configuration Examples Destination Username Destination Index Destination Type Prefix Address PRIVATE: Dest Address 10.33.45.60...
Page 265: Least Cost Routing
This example shows four defined Cost Groups and the total call cost if the average call duration is 10 minutes: Table 15-15: Call Cost Comparison between Cost Groups for different Call Durations Total Call Cost per Duration Connection Cost Group Minute Cost Cost 1 Minute 10 Minutes 80.3 Version 7.2 Mediant 4000 SBC...
Page 266 Mediant 4000 SBC If four matching routing rules are located in the routing table and each one is assigned a different Cost Group as listed in the table above, then the rule assigned Cost Group "D" is selected. Note that for one minute, Cost Groups "A" and "D" are identical, but due to the average call duration, Cost Group "D"...
Page 267: Configuring Lcr
Time Bands per Cost Group. The following procedure describes how to configure Cost Groups through the Web interface. You can also configure it through ini file (CostGroupTable) or CLI (configure voip > sip-definition least-cost-routing cost-group). Version 7.2 Mediant 4000 SBC...
Page 268 Mediant 4000 SBC  To configure a Cost Group: Open the Cost Groups table (Setup menu > Signaling & Media tab > SIP Definitions folder > Least Cost Routing > Cost Groups). Click New; the following dialog box appears: Configure a Cost Group according to the parameters described in the table below.
Page 269 (i.e., SUN, MON, TUE, WED, THU, FRI, or SAT).  hh and mm denote the time of day, where hh is the hour (00-23) and mm the minutes (00-59) Version 7.2 Mediant 4000 SBC...
Page 270: Assigning Cost Groups To Routing Rules
Mediant 4000 SBC Parameter Description For example, SAT:22:00 denotes Saturday at 10 pm. End Time Defines the day and time of day until when this time band is applicable. For a description of the valid values, see the end-time parameter above.
Page 271: Remote Web Services
 Capture: Recording of signaling and RTP packets, and Syslog. The remote host can be, for example, a Syslog server or AudioCodes OVOC.  QoS: Call routing based on QoS. For more information, see Configuring QoS-Based Routing by Routing Server on page 281.
Page 272 Mediant 4000 SBC Note: • You can configure only one Remote Web Service for each of the following server types: Routing, Call Status, Topology Status, and QoS. • The Routing service also includes the Call Status and Topology Status services.
Page 273 [0] Round Robin = (Default) Load balancing of traffic across all configured hosts. Every consecutive message is sent to the next available host.  [1] Sticky Primary = Device always attempts to send traffic to Version 7.2 Mediant 4000 SBC...
Page 274 Mediant 4000 SBC Parameter Description the first (primary) host. If the host does not respond, the device sends the traffic to the next available host. If the primary host becomes available again, the device sends the traffic to the primary host.
Page 275: Configuring Remote Http Hosts
Services folder > Remote Web Services). In the table, select the required remote Web service index row, and then click the HTTP Remote Hosts link located below the table; the HTTP Remote Hosts table appears. Version 7.2 Mediant 4000 SBC...
Page 276 Mediant 4000 SBC Click New; the following dialog box appears: Figure 15-46: HTTP Remote Hosts Table - Add Dialog Box Configure an HTTP remote host according to the parameters described in the table below. Click Apply, and then save your settings to flash memory.
Page 277: Enabling Topology Status Services
Open the Web Service Settings page (Setup menu > IP Network tab > Web Services folder > Web Service Settings). From the 'Topology Status' drop-down list (RoutingServerGroupStatus), select Enable: Figure 15-47: Enabling Topology Status Web-based Service Click Apply. Version 7.2 Mediant 4000 SBC...
Page 278: Centralized Third-Party Routing Server
15.6.3 Centralized Third-Party Routing Server You can employ a remote, third-party Routing server to handle call routing decisions in deployments consisting of multiple AudioCodes devices. Employing a Routing server replaces the need for the device's routing tables (IP-to-IP Routing table) to determine call destination.
Page 279 (disconnected). The device can also report when an IP Group (Proxy Set) is unavailable, detected by the keep-alive mechanism, or when the CAC thresholds permitted per IP Group have Version 7.2 Mediant 4000 SBC...
Page 280 Mediant 4000 SBC been crossed.  Credentials for Authentication: The Routing Server can provide user (e.g., IP Phone caller) credentials (username-password) in the Get Route response, which can be used by the device to authenticate outbound SIP requests if challenged by the outbound peer, for example, Microsoft Skype for Business (per RFC 2617 and RFC 3261).
Page 281: Configuring Qos-Based Routing By Routing Server
Enable voice quality monitoring and RTCP XR, using the 'Enable RTCP XR' (VQMonEnable) parameter (see Configuring RTCP XR on page 729). Note: For media metrics calculations, the device's License Key must include voice quality monitoring and RTCP XR. Version 7.2 Mediant 4000 SBC...
Page 282: Http-Based Proxy Services
 HTTP-based OVOC Services for AudioCodes Equipment behind NAT: You can configure the device to act as an HTTP Proxy that enables AudioCodes OVOC to manage AudioCodes equipment (such as IP Phones) over HTTP when the equipment is located behind NAT (e.g., in the LAN) and OVOC is located in a public domain (e.g., in the WAN).
Page 283: Enabling The Http Proxy Application
The HTTP Proxy application is a license-dependent feature and is available only if it is included in the License Key installed on the device. For ordering the feature, please contact your AudioCodes sales representative. For installing a new License Key, see License Key on page 641.
Page 284: Configuring Http Interfaces
The HTTP Interfaces table lets you configure up to 10 HTTP Interfaces. An HTTP Interface represents a local, listening interface for receiving HTTP/S requests from HTTP-based (Web) clients such as managed equipment (e.g., IP Phones) and/or AudioCodes OVOC management tool for HTTP/S-based services.
Page 285: Configuring Http Proxy Services
You can also configure it through ini file (HTTPProxyService) or CLI (configure network > http-proxy http-proxy-serv).  To configure an HTTP Proxy Service: Open the HTTP Proxy Services table (Setup menu > IP Network tab > HTTP Proxy folder > HTTP Proxy Services). Version 7.2 Mediant 4000 SBC...
Page 286 Mediant 4000 SBC Click New; the following dialog box appears: Figure 15-55: HTTP Proxy Services Table - Add Dialog Box Configure an HTTP Proxy service according to the parameters described in the table below. Click Apply, and then save your settings to flash memory.
Page 287: Configuring Http Proxy Hosts
HTTP Proxy Hosts link located below the table; the HTTP Proxy Hosts table appears. Click New; the following dialog box appears: Figure 15-56: HTTP Proxy Hosts Table - Add Dialog Box Configure an HTTP Proxy Host according to the parameters described in the table below. Version 7.2 Mediant 4000 SBC...
Page 288 Mediant 4000 SBC Click Apply, and then save your settings to flash memory. Table 15-22: HTTP Proxy Hosts Table Parameter Descriptions Parameter Description General Index Defines an index number for the new table row. Note:  Each row must be configured with a unique index.
Page 289: Configuring An Http-Based Ovoc Service
Table 15-23: OVOC Services Table Parameter Descriptions Parameter Description General Index Defines an index number for the new table row. [EMSService_Index] Note:  Each row must be configured with a unique index.  The parameter is mandatory. Version 7.2 Mediant 4000 SBC...
Page 290 Mediant 4000 SBC Name Defines a descriptive name, which is used when associating the row in other tables. service-name The valid value is a string of up to 40 characters. By default, no value [EMSService_ServiceNam is defined. Note:  Each row must be configured with a unique name.
Page 291: E9-1-1 Support For Microsoft Skype For Business
E9-1-1 due to the difficulty in accurately locating the E9-1-1 caller. This section describes the E9-1-1 solution provided by Microsoft Skype for Business and AudioCodes' device's ELIN interworking capabilities, which provides the SIP Trunk to the E9-1-1 emergency service provider. This section also describes the configuration of the device for interoperating between the Skype for Business environment and the E9-1-1 emergency provider.
Page 292: Microsoft Skype For Business And E9-1-1
The figure below illustrates the routing of an E9-1-1 call to the PSAP: The VoIP user dials 9-1-1. AudioCodes' ELIN device sends the call to the emergency service provider over the SIP Trunk (PSAP server). The emergency service provider identifies the call is an emergency call and sends it to an E9-1-1 Selective Router in the Emergency Services provider's network.
Page 293: Gathering Location Information Of Skype For Business Clients For
• Immediately after startup and registering the user with Skype for Business • Approximately every four hours after initial registration • Whenever a network connection change is detected (such as roaming to a new WAP) Version 7.2 Mediant 4000 SBC...
Page 294: Adding Elins To The Location Information Server
Mediant 4000 SBC The Skype for Business client includes in its location request the following known network connectivity information: • Always included: ♦ IPv4 subnet ♦ Media Access Control (MAC) address • Depends on network connectivity: ♦ Wireless access point (WAP) Basic Service Set Identifier (BSSID) ♦...
Page 295: Passing Location Information To The Pstn Emergency Provider
(for example, less than 7000 square feet per ERL). Typically, you would have an ERL for each floor of the building. The ELIN is used as the phone number for 911 callers within this ERL. Version 7.2 Mediant 4000 SBC...
Page 296: Audiocodes Elin Device For Skype For Business E9-1-1 Calls To Pstn
Therefore, IP phones, for example, on a specific floor are in the same subnet and therefore, use the same ELIN when dialing 9-1-1. 15.8.3 AudioCodes ELIN Device for Skype for Business E9-1-1 Calls to PSTN Microsoft Mediation Server sends the location information of the E9-1-1 caller in the XML- based PIDF-LO body contained in the SIP INVITE message.
Page 297: Detecting And Handling E9-1-1 Calls
PSAP, based on ELIN-address match lookup in the emergency service provider's ALI database. The figure below illustrates an AudioCodes ELIN device deployed in the Skype for Business environment for handling E9-1-1 calls between the Enterprise and the emergency service provider.
Page 298 Mediant 4000 SBC ELIN Time Count Index Call From 4257275999 22:11:57 4258359444 4257275615 22:12:03 4258359555 4257275616 22:11:45 4258359777 The ELIN table stores this information for a user-defined period (see ''Configuring the E9-1-1 Callback Timeout'' on page 301), starting from when the E9-1-1 call, established with the PSAP, terminates.
Page 299: Pre-Empting Existing Calls For E9-1-1 Calls
If a match is found in the ELIN table, it routes the call to the Mediation Sever by sending a SIP INVITE, where the values of the To and Request-URI are taken from Version 7.2 Mediant 4000 SBC...
Page 300: Selecting Elin For Multiple Calls Within Same Erl
Mediant 4000 SBC the value of the original From header that is stored in the ELIN table (in the Call From column). The device updates the Time in the ELIN table. (The Count is not affected). The PSAP callback can be done only within a user-defined period (see ''Configuring the E9-1-1 Callback Timeout'' on page 301), started from after the original E9-1-1 call established with the PSAP is terminated.
Page 301: Configuring Audiocodes Elin Device
User's Manual 15. Services 15.8.4 Configuring AudioCodes ELIN Device This section describes E9-1-1 configuration of the AudioCodes ELIN Gateway deployed in the Skype for Business environment. 15.8.4.1 Enabling the E9-1-1 Feature By default, the ELIN device feature for E9-1-1 emergency call handling in a Skype for Business environment is disabled.
Page 302: Viewing The Elin Table
Mediant 4000 SBC 15.8.4.4 Viewing the ELIN Table To view the ELIN table:  # show voip e911 ELIN Time Count Index Call From ------------------------------------------------------------ 4257275678 22:11:52 0 4258359333 4257275999 22:11:57 0 4258359444 4257275615 22:12:03 0 4258359555 4257275616 22:11:45 0...
Page 303 SIP-ETag value of last 200 OK) and Expires header value set to "0", as shown in the following example: PUBLISH sip:john.doe@sfb.example SIP/2.0 From: <sip:john.doe@sfb.example>;tag=1c1654434948 To: <sip:john.doe@sfb.example> CSeq: 1 PUBLISH Contact: <sip:john.doe@10.33.221.57:5061;transport=tls> Event: presence Expires: 0 User-Agent: sur1-vg1.ecarecenters.net/v.7.20A.001.080 SIP-If-Match: 2545777538-1-1 Content-Length: 0 Version 7.2 Mediant 4000 SBC...
Page 304: Configuring Skype For Business Server For Presence
Mediant 4000 SBC The following figure shows a basic illustration of the device's integration into Microsoft Skype for Business Presence feature for third-party endpoints. 15.9.1 Configuring Skype for Business Server for Presence On the Skype for Business Server side, you need to define the device in the Skype for Business Topology as a Trusted Application.
Page 305: Configuring The Device For Skype For Business Presence
When the call ends, the device sends another SIP PUBLISH message to the Skype for Business Server, clearing the users' "On-the-Phone" status (the presence status changes to what it was before the call was connected). Version 7.2 Mediant 4000 SBC...
Page 306 Mediant 4000 SBC  To configure the device for Skype for Business presence: Enable the Microsoft presence feature: open the SIP Definitions General Settings page (Setup menu > Signaling & Media tab > SIP Definitions folder > SIP Definitions General Settings), and then from the 'Enable MsPresence message'...
Page 307 Configure routing rules to route the calls in the network. Configure IP Groups to represent your call party entities, and assign them the group of Call Setup Rules (Set ID) that you configured in Step 7 (above). Version 7.2 Mediant 4000 SBC...
Page 308 Mediant 4000 SBC This page is intentionally left blank. User's Manual Document #: LTRT-40203...
Page 309: Quality Of Experience
Reporting Voice Quality of Experience to OVOC The device can be configured to report voice (media) Quality of Experience (QoE) to AudioCodes' One Voice Operations Center (OVOC) server, a plug-in for AudioCodes OVOC. The reports include real-time metrics of the quality of the actual call experience, which are then processed by the OVOC.
Page 310: Configuring Clock Synchronization Between Device And Ovoc
In other words, you need to configure them with the same NTP server. The NTP server can be one of the following:  AudioCodes OVOC server (also acting as an NTP server)  Third-party, external NTP server Once you have determined the NTP server, all the elements--deviceand OVOC--must be configured with the same NTP server address.
Page 311: Configuring Quality Of Experience Profiles
The device also uses hysteresis to determine whether the threshold has indeed being crossed. Hysteresis defines the amount of fluctuation from the threshold in order for the threshold to be considered as crossed (i.e., change in color state). Hysteresis is used to Version 7.2 Mediant 4000 SBC...
Page 312  Report the change in the measured metrics to AudioCodes' One Voice Operations Center (OVOC) server. The OVOC displays this call quality status for the associated OVOC link (IP Group, Media Realm, or Remote Media Subnet). To configure the OVOC server's address, see ''Configuring the OVOC Server'' on page 309.
Page 313 Note: Each row must be configured with a unique index. Profile Name Defines a descriptive name, which is used when associating the row in other tables. name The valid value is a string of up to 20 characters. [QOEProfile_Name] Version 7.2 Mediant 4000 SBC...
Page 314 Mediant 4000 SBC Parameter Description Sensitivity Level Defines the pre-configured threshold profile to use.  sensitivity-level [0] User Defined = Need to define thresholds per monitored parameter in the Quality of Experience Color Rules table. [QOEProfile_SensitivityLevel]  [1] Low = Pre-configured low sensitivity thresholds.
Page 315 (Red)' parameter (see below). The valid threshold values are as follows:  MOS values are in multiples of 10. For example, to denote a MOS of 3.2, the value 32 (i.e., 3.2*10) must be entered. Version 7.2 Mediant 4000 SBC...
Page 316: Configuring Bandwidth Profiles
Mediant 4000 SBC Parameter Description  Delay values are in msec.  Packet Loss values are in percentage (%).  Jitter is in msec.  Echo measures the Residual Echo Return Loss (RERL) in Major Hysteresis (Red) Defines the amount of fluctuation (hysteresis) from the Major...
Page 317 Major threshold with [64,000 - (10% x hysteresis. 64,000)] Yellow to Green (alarm The change occurs if the current bandwidth 25,600 Kbps cleared) crosses the configured Minor threshold with [32,000 - (10% x hysteresis. 64,000)] Version 7.2 Mediant 4000 SBC...
Page 318 Mediant 4000 SBC Threshold based on Threshold Crossing Calculation Example Red to Green (alarm cleared) The change occurs if the current bandwidth 25,600 Kbps crosses the configured Minor threshold with [32,000 - (10% x hysteresis. 64,000)] The following procedure describes how to configure Bandwidth Profiles through the Web interface.
Page 319 Yellow-to-Green (Green-alarm cleared): 25,600 Kbps [32,000 - (10% x 64,000)] Generate Alarm Enables the device to send an SNMP alarm if a bandwidth threshold is crossed. generate-alarms  [0] Disable (default) [BWProfile_GenerateAlarms]  [1] Enable Version 7.2 Mediant 4000 SBC...
Page 320: Configuring Quality Of Service Rules
Mediant 4000 SBC 16.4 Configuring Quality of Service Rules The Quality of Service Rules table lets you configure up to 3,125 Quality of Service rules. A Quality of Service rule defines an action to perform when the threshold (major or minor) of a specific performance monitoring call metric is crossed for a specific IP Group.
Page 321  [0] Major (Default) [QualityOfServiceRules_Severit  [1] Minor Note: If you configure the 'Rule Metric' parameter to ACD, ASR or NER, you must configure the parameter to Major. For all other Version 7.2 Mediant 4000 SBC...
Page 322 Mediant 4000 SBC Parameter Description 'Rule Metric' parameter values, you can configure the parameter to any value. Action Rule Action Defines the action to be done if the rule is matched.  rule-action [0] Reject Calls = (Default) New calls destined to the specified IP Group are rejected for a user-defined duration.
Page 323: Control Network
You can also configure it through ini file (CpMediaRealm) or CLI (configure voip > realm).  To configure a Media Realm: Open the Media Realms table (Setup menu > Signaling & Media tab > Core Entities folder > Media Realms). Version 7.2 Mediant 4000 SBC...
Page 324 Mediant 4000 SBC Click New; the following dialog box appears: Figure 17-1: Media Realms Table - Add Dialog Box Configure the Media Realm according to the parameters described in the table below. Click Apply. Table 17-1: Media Realms table Parameter Descriptions...
Page 325 For more information on local UDP port range, see ''Configuring RTP Base UDP Port'' on page 195. Default Media Realm Defines the Media Realm as the default Media Realm. The default Media Realm is used for SIP Interfaces and IP Groups is-default Version 7.2 Mediant 4000 SBC...
Page 326: Configuring Remote Media Subnets
Mediant 4000 SBC Parameter Description [CpMediaRealm_IsDefault] for which you have not assigned a Media Realm.  [0] No (default)  [1] Yes Note:  You can configure the parameter to Yes for only one Media Realm; all the other Media Realms must be configured to ...
Page 327 Open the Media Realms table (see ''Configuring Media Realms'' on page 323). Select the Media Realm row for which you want to add Remote Media Subnets, and then click the Remote Media Subnet link located below the table; the Remote Media Subnet table appears. Version 7.2 Mediant 4000 SBC...
Page 328 Mediant 4000 SBC Click New; the following dialog box appears: Figure 17-3: Remote Media Subnet Table - Add Dialog Box Configure the Remote Media Subnet according to the parameters described in the table below. Click Apply. Table 17-2: Remote Media Subnet Table Parameter Descriptions...
Page 329: Configuring Media Realm Extensions
Open the Media Realms table (see ''Configuring Media Realms'' on page 323). Select the Media Realm for which you want to add Remote Media Extensions, and then click the Media Realm Extension link located below the table; the Media Realm Extension table appears. Version 7.2 Mediant 4000 SBC...
Page 330 Mediant 4000 SBC Click New; the following dialog box appears: Figure 17-5: Media Realm Extension Table - Add Dialog Box Configure the Media Realm Extension according to the parameters described in the table below. Click Apply. Table 17-3: Media Realm Extension Table Parameter Descriptions...
Page 331: Configuring Srds
SRD, you can use the default SRD instead of creating a new one. When only one SRD is employed and you create other related configuration entities (e.g., SIP Interfaces), the default SRD is automatically assigned to the new configuration entity. Version 7.2 Mediant 4000 SBC...
Page 332 Mediant 4000 SBC Therefore, when employing a single-SRD configuration topology, there is no need to handle SRD configuration (i.e., transparent). SRDs are associated with the following configuration entities:  SIP Interface (mandatory) - see ''Configuring SIP Interfaces'' on page 341 ...
Page 333 Open the SRDs table (Setup menu > Signaling & Media tab > Core Entities folder > SRDs). Click New; the following dialog box appears: Figure 17-7: SRDs Table - Add Dialog Box Configure an SRD according to the parameters described in the table below. Click Apply. Version 7.2 Mediant 4000 SBC...
Page 334 Mediant 4000 SBC Table 17-4: SRDs table Parameter Descriptions Parameter Description General Index Defines an index for the new table row. [SRD_Index] Note: Each row must be configured with a unique index. Name Defines a descriptive name, which is used when associating the row in other tables.
Page 335  When the device rejects a call, it sends a SIP 500 "Server Internal Error" response to the user. In addition, it reports the rejection Version 7.2 Mediant 4000 SBC...
Page 336 Mediant 4000 SBC Parameter Description (Dialog establish failure - Classification failure) using the Intrusion Detection System (IDS) feature (see Configuring IDS Policies on page 172), by sending an SNMP trap.  When the corresponding parameter in the SIP Interfaces table...
Page 337: Filtering Tables In Web Interface By Srd
Tenant size in a multi-tenant architecture can vary and therefore, the instance CPU, memory and interface allocations should be optimized so as not to waste resources for small-sized Version 7.2 Mediant 4000 SBC...
Page 338 Mediant 4000 SBC tenants on the one hand, and not to allocate too many instances for a single tenant/customer on the other. For example, it would be a waste to allocate a capacity of 100 concurrent sessions to a small tenant for which 10 concurrent sessions suffice.
Page 339: Cloning Srds
To exit the tenant view: # no srd-view 17.2.3 Cloning SRDs You can clone (duplicate) existing SRDs. This is especially useful when operating in a multi-tenant environment and you need to add new tenants (SRDs). The new tenants can Version 7.2 Mediant 4000 SBC...
Page 340: Color-Coding Of Srds In Web Interface
Mediant 4000 SBC quickly and easily be added by simply cloning one of the existing SRDs. Once cloned, all you need to do is tweak configuration entities associated with the SRD clone. When an SRD is cloned, the device adds the new SRD clone to the next available index row in the SRDs table.
Page 341: Automatic Configuration Based On Srd
Interface. For more information, see ''Configuring IDS Policies'' on page 172.  SBC application: • IP-to-IP Routing rules for specifying the destination SIP Interface to where you want to route the call. For more information, see Configuring SBC IP-to-IP Routing Rules on page 499. Version 7.2 Mediant 4000 SBC...
Page 342 Mediant 4000 SBC • Classification rules for specifying the SIP Interface as a matching characteristic of the incoming call. This is especially useful for the single SRD-configuration topology, where each SIP Interface represents a Layer-3 network (SIP entity). Therefore, classification of calls to IP Groups (SIP entities) can be based on SIP Interface.
Page 343 6000 to 6999, the SIP port can either be less than 6000 or greater than 6999.  Each SIP Interface must have a unique signaling port (i.e., no two SIP Interfaces can share the same port - no port overlapping). Version 7.2 Mediant 4000 SBC...
Page 344 Mediant 4000 SBC Parameter Description TCP Port Defines the device's listening port for SIP signaling traffic over TCP. tcp-port The valid range is 1 to 65534. The default is 5060. [SIPInterface_TCPPort] Note:  The port must be different from ports configured for RTP traffic (i.e., ports configured for Media Realms).
Page 345 500 (Server Internal Error). ilureResponseType] This feature is important for preventing Denial of Service (DoS) attacks, typically initiated from the WAN. Malicious attackers can use SIP scanners to detect ports used by SIP devices. These scanners Version 7.2 Mediant 4000 SBC...
Page 346 Mediant 4000 SBC Parameter Description scan devices by sending UDP packets containing a SIP request to a range of specified IP addresses, listing those that return a valid SIP response. Once the scanner finds a device that supports SIP, it extracts information from the response and identifies the type of device (IP address and name) and can execute DoS attacks.
Page 347 [0] Accept All = Accepts requests from registered and unregistered users.  [1] Accept Registered Users = Accepts requests only from users registered with the device. Requests from users not registered are rejected.  [2] Accept Registered Users from Same Source = Accepts Version 7.2 Mediant 4000 SBC...
Page 348 Mediant 4000 SBC Parameter Description requests only from registered users whose source address is the same as that registered with the device (during the REGISTER message process). All other requests are rejected. If the transport protocol is UDP, the device verifies the IP address and port;...
Page 349: Configuring Ip Groups
IP Group are removed from the device's users database. The following procedure describes how to configure IP Groups through the Web interface. You can also configure it through ini file (IPGroup) or CLI (configure voip > ip-group). Version 7.2 Mediant 4000 SBC...
Page 350 Mediant 4000 SBC  To configure an IP Group: Open the IP Groups table (Setup menu > Signaling & Media tab > Core Entities folder > IP Groups). Click New; the following dialog box appears: Configure an IP Group according to to the parameters described in the table below.
Page 351 REGISTER refresh request arrives, the device updates the new location (i.e., IP address) of the IP Group. If the REGISTER fails, no update is performed. If an UN-REGISTER request arrives, the IP address associated with the IP Group is deleted and therefore, Version 7.2 Mediant 4000 SBC...
Page 352 Mediant 4000 SBC Parameter Description no routing to the IP Group is done. You can view the registration status of the Gateway-type IP Group in the 'GW Group Registered Status' field, and view the IP address of the IP Group in the 'GW Group Registered IP Address' field if it is registered with the device.
Page 353 To support the feature, you must enable the keep-alive mechanism of the Proxy Set that is associated with the IP Group (see ''Configuring Proxy Sets'' on page 363).  If the Proxy Set is configured with multiple proxies (addresses) and Version 7.2 Mediant 4000 SBC...
Page 354 Mediant 4000 SBC Parameter Description at least one of them is "alive", the displayed status is "Connected". To view the connected proxy server, see ''Viewing Proxy Set Status'' on page 720.  The "Connected" status also applies to scenarios where the device rejects calls with the IP Group due to low QoE (e.g., low MOS),...
Page 355 [IPGroup_UUIFormat]  [1] Enabled This provides support for interworking with Avaya equipment by generating Avaya's UCID value in outgoing INVITE messages sent to Avaya's network. The device adds the UCID in the User-to-User SIP header. Version 7.2 Mediant 4000 SBC...
Page 356 Mediant 4000 SBC Parameter Description Avaya's UCID value has the following format (in hexadecimal): 00 + FA + 08 + node ID (2 bytes) + sequence number (2 bytes) + timestamp (4 bytes) This is interworked in to the SIP header as follows: User-to-User: 00FA080019001038F725B3;encoding=hex...
Page 357 IP address. The device rejects initial registration requests that have the same IP address, as the necessary key is already used for another registration.  [2] Classify by IP and Contact = For initial registrations from the IP Version 7.2 Mediant 4000 SBC...
Page 358 Mediant 4000 SBC Parameter Description Group, the device adds a key representing the user to its registration database, based on the URI of the Contact header, source IP address, port (if UDP) and SIP Interface ID (e.g., "user@host.com#10.33.3.3:5010#1"). The device classifies incoming non-REGISTER SIP dialog requests (e.g., INVITEs) from...
Page 359 Assigns a Message Manipulation Set (rule) to the IP Group for SIP Manipulation Set message manipulation on the outbound leg. outbound-mesg- By default, no value is defined. manipulation-set To configure Message Manipulation rules, see ''Configuring SIP Version 7.2 Mediant 4000 SBC...
Page 360 Mediant 4000 SBC Parameter Description [IPGroup_OutboundManSet] Message Manipulation'' on page 395. Note: If you assign a Message Manipulation Set ID that includes rules for manipulating the host name in the Request-URI, To, and/or From SIP headers, the parameter overrides the IPGroup_SIPGroupName parameter.
Page 361 SIP messages. Therefore, the parameter must be gnment] enabled for the IP Group of the proxy server.  [0] Disable = (Default) The device uses the same local UDP port for Version 7.2 Mediant 4000 SBC...
Page 362 Mediant 4000 SBC Parameter Description all the registered users. This single port is configured for the SIP Interface ('UDP Port' parameter) associated with the Proxy Set of the proxy server.  [1] Enable = The device assigns each registered user a unique local port, chosen from a configured UDP port range.
Page 363: Configuring Proxy Sets
(Proxy Hot-Swap feature) between multiple servers. Each Proxy Set can be assigned a specific SSL/TLS certificate the (TLS Context), enabling you to use different TLS certificates per SIP entity (IP Group). In addition, each Proxy Set must be Version 7.2 Mediant 4000 SBC...
Page 364 Mediant 4000 SBC assigned a SIP Interface (and SRD), which determines, amongst others, the device's local network interface through which communication with the Proxy Set is done. You can enable the device's keep-alive feature per Proxy Set, which determines whether proxies (addresses) configured for the Proxy Set are online or offline.
Page 365 Configure the address of the Proxy Set according to the parameters described in the table below. Click Apply. Table 17-7: Proxy Sets Table and Proxy Address Table Parameter Description Parameter Description Assigns an SRD to the Proxy Set. Version 7.2 Mediant 4000 SBC...
Page 366 Mediant 4000 SBC Parameter Description voip-network proxy-set > srd- Note:  The parameter is mandatory and must be configured first before [ProxySet_SRDName] you can configure the other parameters in the table.  To configure SRDs, see Configuring SRDs on page 331.
Page 367 Note: The SIP 200 response code is not supported for this feature. Success Detection Retries Defines the minimum number of consecutive, successful keep-alive messages that the device sends to an offline proxy, before the success-detect-retries device considers the proxy as being online. The interval between the Version 7.2 Mediant 4000 SBC...
Page 368 Mediant 4000 SBC Parameter Description [ProxySet_SuccessDetection sending of each consecutive successful keep-alive is configured by Retries] the 'Success Detection Interval' parameter (see below). For an example of using this parameter, see the 'Success Detection Interval' parameter. The valid range is 1 to 100. The default is 1.
Page 369 (see the 'Proxy Load Balancing Method' parameter, above). Advanced Classification Input Defines how the device classifies incoming IP calls to the Proxy Set.  classification-input [0] IP Address Only = (Default) Classifies calls to the Proxy Set Version 7.2 Mediant 4000 SBC...
Page 370 Mediant 4000 SBC Parameter Description [ProxySet_ClassificationInput] according to IP address only.  [1] IP Address, Port & Transport Type = Classifies calls to the Proxy Set according to IP address, port, and transport type. Note:  The parameter is applicable only if the IP Groups table's parameter, 'Classify by Proxy Set' is set to Enable (see Configuring IP Groups on page 349).
Page 371 You can configure the device to use the port indicated in the Request-URI of the incoming message, instead of the port configured for the parameter. To enable this, use the IPGroup_SBCRouteUsingRequestURIPort parameter for the IP Group that is associated with the Proxy Set (Configuring IP Version 7.2 Mediant 4000 SBC...
Page 372: Building And Viewing Sip Entities In Topology View
Mediant 4000 SBC Parameter Description Groups on page 349). Transport Type Defines the transport type for communicating with the proxy.  transport-type [0] UDP  [1] TCP [ProxyIp_TransportType]  [2] TLS  [-1] = (Default) The transport type is according to the settings of the global parameter, SIPTransportType.
Page 373 Configured SIP Interfaces. Each SIP Interface is displayed using the following "SIP Interface"-titled icon, which includes the name and row index number: If you hover your mouse over the icon, a pop-up appears displaying the following basic information (example): Version 7.2 Mediant 4000 SBC...
Page 374 Mediant 4000 SBC Item # Description If you click the icon, a drop-down menu appears listing the following commands:  Edit: Opens a dialog box in the SIP Interfaces table to modify the SIP Interface.  Show List: Opens the SIP Interfaces table.
Page 375 The IP Groups table opens with a new dialog box for adding a IP Group to the next available index row. Configure the IP Group as desired, and then click Apply; the IP Groups table closes Version 7.2 Mediant 4000 SBC...
Page 376 Mediant 4000 SBC Item # Description and you are returned to the Topology View, displaying the new IP Group. For more information on configuring IP Groups, see ''Configuring IP Groups'' on page 349. IP Group icons also display connectivity status with Server-type IP Groups: ...
Page 377: Sip Definitions
You can also configure it through ini file (Account) or CLI (configure voip > sip-definition account).  To configure an Account: Open the Accounts table (Setup menu > Signaling & Media tab > SIP Definitions folder > Accounts). Version 7.2 Mediant 4000 SBC...
Page 378 Mediant 4000 SBC Click New; the following dialog box appears: Figure 18-1: Accounts Table - Add Dialog Box Configure an account according to the parameters described in the table below. Click Apply. Once you have configured Accounts, you can register or un-register them, as described below: ...
Page 379 [Account_ContactUser] ContactUser@<device's IP address>. Note:  If the parameter is not configured, the 'Contact User' parameter in the IP Groups table is used instead.  If registration fails, the user part in the INVITE Contact Version 7.2 Mediant 4000 SBC...
Page 380 Mediant 4000 SBC Parameter Description header contains the source party number. Registrar Stickiness Enables the Registrar Stickiness feature, whereby the device always routes SIP requests of a registered registrar-stickiness Account to the same registrar server to where the last [Account_RegistrarStickiness] successful REGISTER request was routed.
Page 381  'Registrar Stickiness' parameter to Enable. Credentials User Name Defines the digest MD5 Authentication username. user-name The valid value is a string of up to 50 characters. [Account_Username] Password Defines the digest MD5 Authentication password. Version 7.2 Mediant 4000 SBC...
Page 382: Regular Registration Mode
Mediant 4000 SBC Parameter Description password The valid value is a string of up to 50 characters. [Account_Password] 18.1.1 Regular Registration Mode When you configure the registration mode in the Accounts table to Regular, the device sends REGISTER requests to the Serving IP Group. The host name (in the SIP From/To headers) and contact user (user in From/To and Contact headers) are taken from the configured Accounts table upon successful registration.
Page 383: Registrar Stickiness
(as defined in RFC 3680) with the registrar to which the Account is registered and binded. The service allows the device to receive notifications of the Accounts registration state change with the registrar. Version 7.2 Mediant 4000 SBC...
Page 384: Configuring Proxy And Registration Parameters
The REGISTER request is sent to a Registrar/Proxy server for registration: REGISTER sip:10.2.2.222 SIP/2.0 Via: SIP/2.0/UDP 10.1.1.200 From: <sip: 122@10.1.1.200>;tag=1c17940 To: <sip: 122@10.1.1.200> Call-ID: 634293194@10.1.1.200 User-Agent: Sip-Gateway/Mediant 4000 SBC/v.7.20A.000.038 CSeq: 1 REGISTER Contact: sip:122@10.1.1.200: Expires:3600 Upon receipt of this request, the Registrar/Proxy returns a 401 Unauthorized response:...
Page 385 • The password from the ini file is "AudioCodes". • The equation to be evaluated is "122:audiocodes.com:AudioCodes". According to the RFC, this part is called A1. • The MD5 algorithm is run on this equation and stored for future usage.
Page 386: Configuring Call Setup Rules
Mediant 4000 SBC Authorization: Digest, username: 122, realm="audiocodes.com”, nonce="11432d6bce58ddf02e3b5e1c77c010d2", uri=”10.2.2.222”, response=“b9c45d0234a5abf5ddf5c704029b38cf” Upon receiving this request and if accepted by the Proxy, the Proxy returns a 200 OK response, completing the registration transaction: SIP/2.0 200 OK Via: SIP/2.0/UDP 10.1.1.200 From: <sip: 122@10.1.1.200>;tag=1c23940 To: <sip: 122@10.1.1.200>...
Page 387 “true”: Indicates that if the condition is met, the device routes the call according to the selected routing rule. Note that if the condition is not met, the device also uses the selected routing rule, unless the next Call Setup rule in the Set ID has an Exit option Version 7.2 Mediant 4000 SBC...
Page 388 Mediant 4000 SBC configured to “false” for an empty condition.  “false”: Indicates that if the condition is met, the device attempts to route the call to the next matching routing rule (if configured). If the condition is not met, the device routes the call according to the selected routing rule.
Page 389 The valid value is a string of up to 100 characters. Combined strings and values can be configured like in the Message Manipulations table, using the '+' operator. Single quotes (') can be used for specifying a constant string (e.g., '12345'). Examples: Version 7.2 Mediant 4000 SBC...
Page 390 Mediant 4000 SBC Parameter Description  To LDAP query the AD attribute "mobile" that has the value of the destination user part of the incoming call: 'mobile=' + param.call.dst.user  To LDAP query the AD attribute "telephoneNumber" that has a redirect number: 'telephoneNumber=' + param.call.redirect +...
Page 391 Action Value Defines a value that you want to use in the action. action-value The valid value is a string of up to 300 characters (case- insensitive). [CallSetupRules_ActionValue] Examples:  '+9723976'+ldap.attr.alternateNumber  '9764000'  srctags Version 7.2 Mediant 4000 SBC...
Page 392: Call Setup Rule Examples
Mediant 4000 SBC Parameter Description  enum.result.url  ldap.attr.displayName  true (if the 'Action Type' is set to Exit)  false (if the 'Action Type' is set to Exit) 18.3.1 Call Setup Rule Examples Below are configuration examples for using Call Setup Rules.
Page 393 'Rules Set ID': 4 ♦ 'Query Type': LDAP ♦ 'Query Target': LDAP-DC-CORP ♦ 'Search Key': 'telephoneNumber='+param.call.dst.user ♦ 'Attributes to Get': ofiSBCRouting ♦ 'Row Role': Use Current Condition ♦ 'Condition': ldap.found exists ♦ 'Action Subject': dsttags Version 7.2 Mediant 4000 SBC...
Page 394 Mediant 4000 SBC ♦ 'Action Type': Modify ♦ 'Action Value': ldap.attr.ofiSBCrouting • IP Groups table: 'Call Setup Rules Set ID': 4 • IP-to-IP Routing table: ♦ Index 1: 'Destination Tag': dep-sales 'Destination IP Group': SALES ♦ Index 2: 'Destination Tag': dep-mkt 'Destination IP Group': MKT ♦...
Page 395: Sip Message Manipulation
Translating one SIP response code to another  Topology hiding (generally present in SIP headers such as Via, Record Route, Route and Service-Route).  Configurable identity hiding (information related to identity of subscribers, for example, P-Asserted-Identity, Referred-By, Identity and Identity-Info) Version 7.2 Mediant 4000 SBC...
Page 396 Mediant 4000 SBC  Multiple manipulation rules on the same SIP message  Apply conditions per rule - the condition can be on parts of the message or call’s parameters  Multiple manipulation rules using the same condition. The following figure shows a...
Page 397 Open the Message Manipulations page (Setup menu > Signaling & Media tab > Message Manipulation folder > Message Manipulations). Click New; the following dialog box appears: Figure 19-3: Message Manipulations Table - Add Dialog Box Version 7.2 Mediant 4000 SBC...
Page 398 Mediant 4000 SBC Configure a Message Manipulation rule according to the parameters described in the table below. Click Apply. An example of configured message manipulation rules are shown in the figure below: Figure 19-4: Example of Configured Message Manipulation Rules ...
Page 399 [7] Normalize = Removes unknown SIP message elements before forwarding the message. Action Value Defines a value that you want to use in the manipulation. The default value is a string (case-insensitive) in the following Version 7.2 Mediant 4000 SBC...
Page 400: Configuring Message Condition Rules
Mediant 4000 SBC Parameter Description action-value syntax:  [MessageManipulations_Action string/<message-element>/<call-param> + Value]  string/<message-element>/<call-param> For example:  'itsp.com'  header.from.url.user  param.call.dst.user  param.call.dst.host + '.com'  param.call.src.user + '<' + header.from.url.user + '@' + header.p-asserted-id.url.host + '>' Note: Only single quotation marks must be used.
Page 401: Configuring Sip Message Policy Rules
Message Policy rules are used to block (blacklist) unwanted incoming SIP messages or permit (whitelist) receipt of desired SIP messages. You can configure legal and illegal characteristics of SIP messages. This feature is helpful against VoIP fuzzing (also known Version 7.2 Mediant 4000 SBC...
Page 402 Mediant 4000 SBC as robustness testing), which sends different types of packets to its "victims" for finding bugs and vulnerabilities. For example, the attacker might try sending a SIP message containing either an oversized parameter or too many occurrences of a parameter.
Page 403 [MessagePolicy_MaxMessageLength] Max Header Length Defines the maximum SIP header length. max-header-length The valid value is up to 512 characters. The default is 512. [MessagePolicy_MaxHeaderLength] Max Body Length Defines the maximum SIP message body length. This Version 7.2 Mediant 4000 SBC...
Page 404 Mediant 4000 SBC Parameter Description max-body-length is the value of the Content-Length header. [MessagePolicy_MaxBodyLength] The valid value is up to 1,024 characters. The default is 1,024. Max Num Headers Defines the maximum number of SIP headers. max-num-headers The valid value is any number up to 32. The default is...
Page 405: Configuring Pre-Parsing Manipulation Rules
Pre-Parsing Manipulation Rules table: ini file (PreParsingManipulationRules) or CLI (configure voip > message pre-parsing-manip-rules)  To configure Pre-Parsing Manipulation Sets: Open the Pre-Parsing Manipulation Sets table (Setup menu > Signaling & Media tab > Message Manipulation folder > Pre-Parsing Manipulation Sets). Version 7.2 Mediant 4000 SBC...
Page 406 Mediant 4000 SBC Click New; the following dialog box appears: Figure 19-8: Pre-Parsing Manipulation Sets Table - Add Dialog Box Configure a Pre-Parsing Manipulation Set name according to the parameters described in the table below. Click Apply. Pre-Parsing Manipulation Set Table Parameter Descriptions...
Page 407 For more information on regex, refer to the Message [PreParsingManipulationRules_P Manipulation Reference Guide. attern] Replace-With Defines a pattern, based on regex, to replace the matched pattern (defined above). replace-with For more information on regex, refer to the Message [PreParsingManipulationRules_R Manipulation Reference Guide. eplaceWith] Version 7.2 Mediant 4000 SBC...
Page 408 Mediant 4000 SBC This page is intentionally left blank. User's Manual Document #: LTRT-40203...
Page 409: Coders And Profiles
IpProfile_SBCAllowedCodersMode parameter to Restriction or Restriction and Preference). The following procedure describes how to configure the Coder Groups table through the Web interface. You can also configure it through ini file (AudioCodersGroups and AudioCoders) or CLI (configure voip > coders-and-profiles audio-coders-groups). Version 7.2 Mediant 4000 SBC...
Page 410 For supported audio coders, see ''Supported Audio Coders'' on page 411. • Some coders are license-dependent and are available only if purchased from AudioCodes and included in the License Key installed on your device. For more information, contact your AudioCodes sales representative. •...
Page 411: Supported Audio Coders
Note: The AMR payload type can be configured globally using the AmrOctetAlignedEnable parameter. However, the Coder Group configuration overrides the global parameter. 20.1.1 Supported Audio Coders The table below lists the coders supported by the device. Version 7.2 Mediant 4000 SBC...
Page 412 Mediant 4000 SBC Table 20-2: Supported Audio Coders Coder Name Packetization Time Rate (kbps) Payload Silence (msec) Type Suppression [1] 10, [2] 20, [3] 30, [4] 40, [5] 50, [6] 60, [8] 80, [9] 90, [10] 100, [12] 120 ...
Page 413: Configuring Various Codec Attributes
Open the Coder Settings page (Setup menu > Signaling & Media tab > Coders & Profiles folder > Coder Settings). Configure the following parameters: • AMR coder: ♦ 'AMR Payload Format' (AmrOctetAlignedEnable): Defines the AMR payload format type: Version 7.2 Mediant 4000 SBC...
Page 414: Configuring Allowed Audio Coder Groups
Mediant 4000 SBC • SILK coder (Skype's default audio codec): ♦ 'Silk Tx Inband FEC': Enables forward error correction (FEC) for the SILK coder. ♦ 'Silk Max Average Bit Rate': Defines the maximum average bit rate for the SILK coder.
Page 415 Configure a name for the Allowed Audio Coders Group according to the parameters described in the table below. Click Apply. Select the new row that you configured, and then click the Allowed Audio Coders link located below the table; the Allowed Audio Coders table opens. Version 7.2 Mediant 4000 SBC...
Page 416 Mediant 4000 SBC Click New; the following dialog box appears: Figure 20-5: Allowed Audio Coders Table - Add Dialog Box Configure coders for the Allowed Audio Coders Group according to the parameters described in the table below. Click Apply. Table 20-3: Allowed Audio Coders Groups and Allowed Audio Coders Tables Parameter...
Page 417: Configuring Allowed Video Coder Groups
Configure a name for the Allowed Video Coders Group according to the parameters described in the table below. Click Apply. Select the new row that you configured, and then click the Allowed Video Coders link located below the table; the Allowed Video Coders table opens. Version 7.2 Mediant 4000 SBC...
Page 418: Configuring Ip Profiles
Mediant 4000 SBC Click New; the following dialog box appears: Figure 20-7: Allowed Video Coders Table - Add Dialog Box Configure coders for the Allowed Video Coders Group according to the parameters described in the table below. Click Apply. Table 20-4: Allowed Video Coders Groups and Allowed Video Coders Tables Parameter...
Page 419 Click New; the following dialog box appears: Figure 20-8: IP Profiles Table - Add Dialog Box Configure an IP Profile according to the parameters described in the table below. Click Apply. Table 20-5: IP Profiles Table Parameter Descriptions Parameter Description General Version 7.2 Mediant 4000 SBC...
Page 420 Mediant 4000 SBC Parameter Description Index Defines an index number for the new table row. [IpProfile_Index] Note: Each row must be configured with a unique index. Name Defines a descriptive name, which is used when associating the row in other tables.
Page 421 RTP. Therefore, RTCP and RTP should be multiplexed over the same port.  The device does not support forwarding of DTLS transparently between endpoints (SIP entities).  As DTLS has been defined by the WebRTC standard as mandatory Version 7.2 Mediant 4000 SBC...
Page 422 Mediant 4000 SBC Parameter Description for encrypting media channels for SRTP key exchange, the support is important for deployments implementing WebRTC. For more information on WebRTC, see WebRTC on page 566. Reset SRTP Upon Re-key Enables synchronization of the SRTP state between the device and a server when a new SRTP key is generated upon a SIP session expire.
Page 423 SDP answers (with different To-header tags). In this case, the SBCRemoteMultipleAnswersMode parameter is ignored. Note: If the parameter and the SBCRemoteMultipleAnswersMode parameter are disabled, multiple SDP answers are not reflected to the Version 7.2 Mediant 4000 SBC...
Page 424 Mediant 4000 SBC Parameter Description SIP entity (i.e., the device sends the same SDP answer in multiple 18x and 200 responses). Remote Multiple Answers Enables interworking multiple SDP answers within the same SIP Mode dialog (non-standard). The parameter enables the device to forward multiple answers to the SIP entity associated with the IP Profile.
Page 425 Allowed Audio Coders Group or Allowed Video Coders Group. The coders in the original SDP offer are listed after the Allowed coders.  [2] Restriction and Preference = Performs both Restriction and Version 7.2 Mediant 4000 SBC...
Page 426 Mediant 4000 SBC Parameter Description Preference. Note:  The parameter is applicable only if Allowed coders are assigned to the IP Profile (see the 'Allowed Audio Coders' or 'Allowed Video Coders' parameters).  For more information on the Allowed Coders feature, see Restricting Coders on page 464.
Page 427 SIP re-INVITE (or UPDATE) from the SIP entity to where the SIP INFO is being sent (and keep sending the DTMF digits using the RFC 2833 method). This is done using AudioCodes proprietary SIP header X-AC-Action and a Message Manipulation rule (inbound)
Page 428 Mediant 4000 SBC Parameter Description SIP entity and stops sending it SIP INFO messages. You can also configure an additional Message Manipulation rule to re-start the sending of the SIP INFO. For example, you can configure two Message Manipulation rules where the sending of both SIP INFO and...
Page 429 SDP answer from the SIP entity. The device does not modify the incoming SDP offer received from the SIP entity, but if RTP redundancy is required, it will be supported. Select the option if the Version 7.2 Mediant 4000 SBC...
Page 430  This functionality may require DSP resources. For more information, contact your AudioCodes sales representative. ICE Mode Enables Interactive Connectivity Establishment (ICE) Lite for the SIP entity associated with the IP Profile. ICE is a methodology for NAT...
Page 431 ICE and multiplexed RTP-RTCP are used, the initial SDP offer must also include the "a=candidate:" attribute for both RTP and RTCP along with the "a=rtcp:" attribute, indicating a fallback port for RTCP in case the answerer does not support RTP and RTCP multiplexing. Version 7.2 Mediant 4000 SBC...
Page 432 Mediant 4000 SBC Parameter Description  [0] Not Supported = (Default) RTP and RTCP packets use different ports.  [1] Supported = Device multiplexes RTP and RTCP packets onto a single port. Note: As RTP multiplexing has been defined by the WebRTC standard as mandatory, the support is important for deployments implementing WebRTC.
Page 433 [2] Acoustic For a detailed description of the Echo Cancellation feature, see Configuring Echo Cancellation on page 181. Note: The corresponding global parameter is EnableEchoCanceller. Input Gain Defines the pulse-code modulation (PCM) input gain control (in Version 7.2 Mediant 4000 SBC...
Page 434 Mediant 4000 SBC Parameter Description input-gain decibels). [IpProfile_InputGain] The valid range is -32 to 31 dB. The default is 0 dB. Note: The corresponding global parameter is InputGain. Voice Volume Defines the voice gain control (in decibels). voice-volume The valid range is -32 to 31 dB. The default is 0 dB.
Page 435 Note: For the parameter to function, you need to assign extension coders to the IP Profile of the SIP entity that does not support delayed offer (using the IpProfile_SBCExtensionCodersGroupName parameter). Remote Representation Enables interworking SIP in-dialog, Contact and Record-Route Version 7.2 Mediant 4000 SBC...
Page 436 Mediant 4000 SBC Parameter Description Mode headers between SIP entities. The parameter defines the device's handling of in-dialog, Contact and Record-Route headers for sbc-rmt-rprsntation messages sent to the SIP entity associated with the IP Profile. [IpProfile_SBCRemoteRepre  [-1] According to Operation Mode = (Default) Depends on the...
Page 437 [1] Spirou = SPIROU (ISUP France) [IpProfile_SBCISUPVariant] Max Call Duration Defines the maximum duration (in minutes) per SBC call that is associated with the IP Profile. If the duration is reached, the device sbc-max-call-duration terminates the call. Version 7.2 Mediant 4000 SBC...
Page 438 Mediant 4000 SBC Parameter Description [IpProfile_SBCMaxCallDurati The valid range is 0 to 35,791, where 0 is unlimited duration. The default is the value configured for the global parameter, SBCMaxCallDuration. SBC Registration User Registration Time Defines the registration time (in seconds) that the device responds to...
Page 439 [0] Standard = (Default) The SIP entity supports INVITE messages containing Replaces headers. The device forwards the INVITE message containing the Replaces header to the SIP entity. The device may change the value of the Replaces header to reflect the Version 7.2 Mediant 4000 SBC...
Page 440 Mediant 4000 SBC Parameter Description call identifiers of the leg.  [1] Handle Locally = The SIP entity does not support INVITE messages containing Replaces headers. The device terminates the received INVITE containing the Replaces header and establishes a new call between the SIP entity and the new call party. It then disconnects the call with the initial call party, by sending it a SIP BYE request.
Page 441 [0] Transparent = (Default) Device forwards SDP as is. [IPProfile_SBCRemoteHoldF  [1] Send Only = Device sends SDP with 'a=sendonly'. ormat]  [2] Send Only Zero ip = Device sends SDP with 'a=sendonly' and 'c=0.0.0.0'. Version 7.2 Mediant 4000 SBC...
Page 442 Mediant 4000 SBC Parameter Description  [3] Inactive = Device sends SDP with 'a=inactive'.  [4] Inactive Zero ip = Device sends SDP with 'a=inactive' and 'c=0.0.0.0'.  [5] Not Supported = This option can be used when the remote side does not support call hold.
Page 443 SIP entity fully supports fax renegotiation upon fax detection.  [1] Only on Answer Side = The SIP entity supports fax renegotiation upon fax detection only if it is the terminating Version 7.2 Mediant 4000 SBC...
Page 444 Mediant 4000 SBC Parameter Description (answering) fax, and does not support renegotiation if it is the originating fax.  [2] No = The SIP entity does not support fax re-negotiation upon fax detection when it is the originating or terminating fax.
Page 445 RTP Redundancy Depth Enables the device to generate RFC 2198 redundant packets. This can be used for packet loss where the missing information (audio) can rtp-redundancy-depth be reconstructed at the receiver's end from the redundant data that Version 7.2 Mediant 4000 SBC...
Page 446 [2] 2 to [7]7 = Optional Parameter Suites that you can create based on any language (16 sensitivity levels, from 0 to 15). This requires a customized AMD Sensitivity file that needs to be installed on the device. For more information, contact your AudioCodes sales representative. Note: ...
Page 447 (value of -1), the device plays a default held tone. To play user-defined tones, you need to record your tones and then install them on the device using a loadable Prerecorded Tones (PRT) file. For more information, see Prerecorded Tones File on page 632. Version 7.2 Mediant 4000 SBC...
Page 448 Mediant 4000 SBC This page is intentionally left blank. User's Manual Document #: LTRT-40203...
Page 449: Session Border Controller Application
Part V Session Border Controller Application...
Page 451: Sbc Overview
For example, IP addresses of ITSPs' equipment (e.g. proxies, gateways, and application servers) can be hidden from outside parties. The device's topology hiding is provided by implementing back-to-back user agent (B2BUA) leg routing: Version 7.2 Mediant 4000 SBC...
Page 452: B2Bua And Stateful Proxy Operating Modes
Mediant 4000 SBC • Strips all incoming SIP Via header fields and creates a new Via value for the outgoing message. • Each leg has its own Route/Record Route set. • User-defined manipulation of SIP To, From, and Request-URI host names.
Page 453 Some SIP functionalities are achieved by conveying the SIP call identifiers either in SIP specific headers (e.g., Replaces) or in the message bodies (e.g. Dialog Info in an XML body). Version 7.2 Mediant 4000 SBC...
Page 454 Mediant 4000 SBC  In some setups, the SIP client authenticates using a hash that is performed on one or more of the headers that B2BUA changes (removes). Therefore, implementing B2BUA would cause authentication to fail.  For facilitating debugging procedures, some administrators require that the value in the Call-ID header remains unchanged between the inbound and outbound SBC legs.
Page 455: Call Processing Of Sip Dialog Requests
The device obtains the source and destination URLs from certain SIP headers. Once the URLs are determined, the user and host parts of the URLs can be used as matching rule characteristics for classification, message manipulation, and call routing. Version 7.2 Mediant 4000 SBC...
Page 456 Mediant 4000 SBC • All SIP requests (e.g., INVITE) except REGISTER: ♦ Source URL: Obtained from the From header. If the From header contains the value 'Anonymous', the source URL is obtained from the P-Preferred- Identity header. If the P-Preferred-Identity header does not exist, the source URL is obtained from the P-Asserted-Identity header.
Page 457: User Registration
You can configure Call Admission Control (CAC) rules for incoming and outgoing REGISTER messages. For example, you can limit REGISTER requests from a specific IP Group or SRD. Note that this applies only to concurrent REGISTER dialogs and not concurrent registrations in the device's registration database. Version 7.2 Mediant 4000 SBC...
Page 458: Classification And Routing Of Registered Users
Mediant 4000 SBC The device provides a dynamic registration database that it updates according to registration requests traversing it. Each database entry for a user represents a binding between an AOR (obtained from the SIP To header), optional additional AORs, and one or more contacts (obtained from the SIP Contact headers).
Page 459: General Registration Request Processing
If you configure this grace period, the device keeps the user in the database (and does not send an un-register to the registrar server), allowing the user to send a "late" re-registration to the device. The device removes the Version 7.2 Mediant 4000 SBC...
Page 460: Registration Restriction Control
Mediant 4000 SBC user from the database only when this additional time expires.  The graceful period is also used before removing a user from the registration database when the device receives a successful unregister response (200 OK) from the registrar/proxy server. This is useful in scenarios, for example, in which users (SIP user agents) such as IP Phones erroneously send unregister requests.
Page 461: Media Anchoring
SDP:  Origin: IP address, session and version id  Session connection attribute ('c=' field)  Media connection attribute ('c=' field)  Media port number  RTCP media attribute IP address and port Version 7.2 Mediant 4000 SBC...
Page 462: Direct Media
Mediant 4000 SBC The device uses different local ports (e.g., for RTP, RTCP and fax) for each leg (inbound and outbound). The local ports are allocated from the Media Realm associated with each leg. The Media Realm assigned to the leg's IP Group (in the IP Groups table) is used. If not assigned to the IP Group, the Media Realm assigned to the leg's SIP Interface (in the SIP Interfaces table) is used.
Page 463 Microsoft Server (direct media is required in the Skype for Business environment). For more information, see ''Configuring IP Groups'' on page 349. IP Groups of the endpoints use the same SIP Interface and the SIP Interface's 'SBC Version 7.2 Mediant 4000 SBC...
Page 464: Restricting Audio Coders
Mediant 4000 SBC Direct Media' parameter is set to Enable (SIPInterface_SBCDirectMedia = 1). IP Groups of the endpoints use the same SIP Interface and the SIP Interface's 'SBC Direct Media' parameter Enable When Single (SIPInterface_SBCDirectMedia = 2), and the endpoints are located behind the same NAT.
Page 465: Coder Transcoding
SDP answer from the WAN IP phone includes the G.729 coder as the chosen coder. Since this coder was not included in the original incoming SDP offer from the LAN IP phone, the device performs G.729-G.711 transcoding between the inbound and outbound legs. Version 7.2 Mediant 4000 SBC...
Page 466 Mediant 4000 SBC Figure 21-5: Transcoding using Extended Coders (Example) Note: • If you assign a SIP entity an Allowed Audio Coders Group for coder restriction (allowed coders) and a Coders Group for extension coders, the allowed coders take precedence over the extension coders. In other words, if an extension coder is not listed as an allowed coder, the device does not add the extension coder to the SDP offer.
Page 467 G.729 and G.726, but removes the G.711 coder as it does not appear in the Allowed Audio Coders Group for coder restriction. m=audio 6050 RTP/AVP 18 96 96 a=rtpmap:18 G729/8000 a=rtpmap:96 G726-32/8000 a=fmtp:4 annexa=no Version 7.2 Mediant 4000 SBC...
Page 468: Transcoding Mode
Mediant 4000 SBC a=rtpmap:96 telephone-event/8000 a=fmtp:96 0-15 a=ptime:20 a=sendrecv The device includes only the G.729 and G.726 coders in the SDP offer that it sends from the outgoing leg to the outbound SIP entity. The G.729 is listed first as the Allowed Audio Coders Group for coder restriction takes precedence over the extension coder.
Page 469: Srtp-Rtp And Srtp-Srtp Transcoding
It supports the negotiation of up to five media streams ('m=' line) in the SDP offer/answer model per session. The media can include a combination of any of the following types:  Audio, indicated in the SDP as 'm=audio' Version 7.2 Mediant 4000 SBC...
Page 470: Interworking Miscellaneous Media Handling
Mediant 4000 SBC  Video, indicated in the SDP as 'm=video'  Text, indicated in the SDP as 'm=text'  Fax, indicated in the SDP as 'm=image'  Binary Floor Control Protocol (BFCP), indicated in the SDP as 'm=application <port>...
Page 471: Interworking Rtp-Rtcp Multiplexing
SIP entity. The IP Profiles table also defines the negotiation method used between the incoming and outgoing fax legs, using the following fax-related parameters:  IPProfile_SBCFaxBehavior: defines the offer negotiation method - pass fax Version 7.2 Mediant 4000 SBC...
Page 472: Limiting Sbc Call Duration
Mediant 4000 SBC transparently, negotiate fax according to fax settings in IP Profile, or enforce remote UA to first establish a voice channel before fax negotiation.  IPProfile_SBCFaxCodersGroupName: defines the supported fax coders (from the Coder Groups table).  IPProfile_SBCFaxOfferMode: determines the fax coders sent in the outgoing SDP offer.
Page 473: User Authentication Based On Radius
The SIP client sends the SIP request with the Authorization header to the device. The device sends an Access-Request message to the RADIUS server. The RADIUS server verifies the client's credentials and sends an Access-Accept (or Version 7.2 Mediant 4000 SBC...
Page 474: Interworking Sip Signaling
Mediant 4000 SBC Access-Reject) response to the device. The device accepts the SIP client's request (sends a SIP 200 OK or forwards the authenticated request) or rejects it (sends another SIP 407 to the SIP client). To configure this feature, set the SBCServerAuthMode ini file parameter to 2.
Page 475: Local Handling Of Sip 3Xx
Routing table rules. (where the 'Call Trigger' field is set to 3xx). It is also possible to specify the IP Group that sent the 3xx request as matching criteria for the re-routing rule in this table ('ReRoute IP Group ID' field). Version 7.2 Mediant 4000 SBC...
Page 476: Interworking Sip Diversion And History-Info Headers
Mediant 4000 SBC 21.9.2 Interworking SIP Diversion and History-Info Headers This device can be configured to interwork between the SIP Diversion and History-Info headers. This is important, for example, to networks that support the Diversion header but not the History-Info header, or vice versa. Therefore, mapping between these headers is crucial for preserving the information in the SIP dialog regarding how and why (e.g., call...
Page 477: Interworking Sip Prack Messages
21.9.6 Interworking SIP Early Media The device supports early media. Early media is when the media flow starts before the SIP call is established (i.e., before the 200 OK response). This occurs when the first SDP offer- Version 7.2 Mediant 4000 SBC...
Page 478 Mediant 4000 SBC answer transaction completes. The offer-answer options can be included in the following SIP messages:  Offer in first INVITE, answer on 180, and no or same answer in the 200 OK  Offer in first INVITE, answer on 180, and a different answer in the 200 OK (not standard) ...
Page 479 Media RTP Detection Mode', 'SBC Remote Supports RFC 3960', and 'SBC Remote Can Play Ringback'. See the flowcharts below for the device's handling of such scenarios: Figure 21-8: SBC Early Media RTP 18x without SDP Version 7.2 Mediant 4000 SBC...
Page 480: Interworking Sip Re-Invite Messages
Mediant 4000 SBC Figure 21-9: Early Media RTP - SIP 18x with SDP 21.9.7 Interworking SIP re-INVITE Messages The device supports interworking of SIP re-INVITE messages. This enables communication between endpoints that generate re-INVITE requests and those that do not support the receipt of re-INVITEs.
Page 481: Interworking Sip Re-Invite To Update
Interworking generation of held tone where the device generates the tone to the held party instead of the call hold initiator. This is configured by the IP Profile parameter, 'SBC Reliable Held Tone Source'. To configure IP Profiles, see ''Configuring IP Profiles'' on page 418. Version 7.2 Mediant 4000 SBC...
Page 482: Interworking Sip Via Headers
Mediant 4000 SBC 21.9.12 Interworking SIP Via Headers The device supports the interworking of SIP Via headers between SIP entities. For the outgoing message sent to a SIP entity, the device can remove or retain all the Via headers received in the incoming SIP request from the other side. Employing IP Profiles, you can configure this interworking feature per SIP entity, using the IpProfile_SBCKeepVIAHeaders parameter (see ''Configuring IP Profiles'' on page 418).
Page 483: Enabling The Sbc Application
Open the Applications Enabling page (Setup menu > Signaling & Media tab > Core Entities folder > Applications Enabling). From the 'SBC Application' drop-down list, select Enable: Click Apply, and then reset the device with a save-to-flash for your settings to take effect. Version 7.2 Mediant 4000 SBC...
Page 484 Mediant 4000 SBC This page is intentionally left blank. User's Manual Document #: LTRT-40203...
Page 485: Configuring General Sbc Settings
XML body. Below is an example of an XML body where the call-id, tags, and URIs have been replaced by the device: <?xml version="1.0"?> <dialog-info xmlns="urn:ietf:params:xml:ns:dialog-info" version="10" state="partial" entity="sip:alice@example.com"> <dialog id="zxcvbnm3" call-id="67402270@10.132.10.150" local-tag="1c137249965" Version 7.2 Mediant 4000 SBC...
Page 486 Mediant 4000 SBC remote-tag="CCDORRTDRKIKWFVBRWYM" direction="initiator"> <state event="replaced">terminated</state> </dialog> <dialog id="sfhjsjk12" call-id="67402270@10.132.10.150" local-tag="1c137249965" remote-tag="CCDORRTDRKIKWFVBRWYM" direction="receiver"> <state reason="replaced">confirmed</state> <replaces call-id="67402270@10.132.10.150" local-tag="1c137249965" remote-tag="CCDORRTDRKIKWFVBRWYM"/> <referred-by> sip:bob-is-not-here@vm.example.net </referred-by> <local> <identity display="Jason Forster"> sip:jforsters@home.net </identity> <target uri="sip:alice@pc33.example.com"> <param pname="+sip.rendering" pval="yes"/> </target> </local> <remote> <identity display="Cathy Jones">...
Page 487: Configuring Admission Control
(e.g., of 200). Requests that reach the user-defined call limit (maximum concurrent calls and/or call rate) are sent to an alternative route if configured in the IP-to-IP Routing table. If no alternative Version 7.2 Mediant 4000 SBC...
Page 488 Mediant 4000 SBC routing rule exists, the device rejects the SIP request with a SIP 480 "Temporarily Unavailable" response. Note: The device applies the CAC rule for the incoming leg immediately after the Classification process. If the call/request is rejected at this stage, no routing is performed.
Page 489 'Reserved Capacity' parameter at its' default (i.e., 0).  Reserved call capacity is applicable only to INVITE and SUBSCRIBE messages.  Reserved call capacity must be less than the maximum capacity (limit) configured for the CAC rule (see the 'Limit' parameter below). Version 7.2 Mediant 4000 SBC...
Page 490 Mediant 4000 SBC Parameter Description  The total reserved call capacity configured for all CAC rules must be within the device's total call capacity support. Limit Defines the maximum number of concurrent SIP dialogs per IP Group, SIP Interface or SRD. You can also use the following special...
Page 491: Routing Sbc
 To configure the action for unclassified calls: Open the SBC General Settings (Setup menu > Signaling & Media tab > SBC folder > SBC General Settings). Version 7.2 Mediant 4000 SBC...
Page 492 Mediant 4000 SBC From the 'Unclassified Calls' drop-down list, select Reject to reject unclassified calls or Allow to accept unclassified calls: Figure 25-1: Configuring Action for Classification Failure Click Apply. If you configure the parameter to Allow, the incoming SIP dialog is assigned to an IP Group as follows: The device determines on which SIP listening port (e.g., 5061) the incoming SIP...
Page 493 Proxy Set feature). • The device saves incoming SIP REGISTER messages in its registration database. If the REGISTER message is received from a User-type IP Group, the device sends the message to the configured destination. Version 7.2 Mediant 4000 SBC...
Page 494 Mediant 4000 SBC The flowchart below illustrates the classification process: Figure 25-2: Classification Process (Identifying IP Group or Rejecting Call) The following procedure describes how to configure Classification rules through the Web interface. You can also configure it through ini file (Classification) or CLI (configure voip >...
Page 495 Source SIP Interface Assigns a SIP Interface to the rule as a matching characteristic for the incoming SIP dialog. src-sip-interface-name The default is Any (i.e., all SIP Interfaces belonging to the SRD [Classification_SrcSIPInterfac assigned to the rule). Version 7.2 Mediant 4000 SBC...
Page 496 Mediant 4000 SBC Parameter Description eName] Note: The SIP Interface must belong to the SRD assigned to the rule (see the 'SRD' parameter in the table). Source IP Address Defines a source IP address as a matching characteristic for the incoming SIP dialog.
Page 497 Note: The IP Group must be associated with the assigned SRD (see the 'SRD' parameter in the table). IP Profile Assigns an IP Profile to the matched incoming SIP dialog. The assigned IP Profile overrides the IP Profile assigned to the IP Version 7.2 Mediant 4000 SBC...
Page 498: Classification Based On Uri Of Selected Header Example
Mediant 4000 SBC Parameter Description ip-profile-id Group (in the IP Groups table) to which the SIP dialog is classified. Therefore, assigning an IP Profile during classification allows you to [Classification_IpProfileName] assign different IP Profiles to specific users (calls) that belong to the same IP Group (User or Server type).
Page 499: Configuring Sbc Ip-To-Ip Routing
Request-URI of incoming SIP dialog-initiating requests.  Any registered user in the registration database. If the Request-URI of the incoming INVITE exists in the database, the call is sent to the corresponding contact address specified in the database. Version 7.2 Mediant 4000 SBC...
Page 500 Mediant 4000 SBC  According to result of an ENUM query.  Hunt Group - used for call survivability of call centers (see ''Configuring Call Survivability for Call Centers'' on page 581).  According to result of LDAP query (for more information on LDAP-based routing, see ''Routing Based on LDAP Active Directory Queries'' on page 237).
Page 501 (call forking). The incoming call can be routed to multiple destinations of any type such as an IP Group or IP address. The device forks the call by sending simultaneous INVITE messages to all the specified destinations. It handles Version 7.2 Mediant 4000 SBC...
Page 502 Mediant 4000 SBC the multiple SIP dialogs until one of the calls is answered and then terminates the other SIP dialogs. Call forking is configured by creating a Forking group. A Forking group consists of a main routing rule ('Alternative Route Options' set to Route Row) whose 'Group Policy' is set to Forking, and one or more associated routing rules ('Alternative Route Options' set to Group Member Ignore Inputs or Group Member Consider Inputs).
Page 503 Determines whether this routing rule is the main routing rule or an alternative routing rule (to the rule defined directly above it in the table). alt-route-options  [0] Route Row = (Default) Main routing rule - the device first attempts Version 7.2 Mediant 4000 SBC...
Page 504 Mediant 4000 SBC Parameter Description [IP2IPRouting_AltRouteOp to route the call to this route if the incoming SIP dialog's input tions] characteristics matches this rule.  [1] Alternative Route Ignore Inputs = If the call cannot be routed to the main route (Route Row), the call is routed to this alternative route regardless of the incoming SIP dialog's input characteristics.
Page 505 The valid value is a string of up to 20 characters. The tag is case [IP2IPRouting_DestTags] insensitive. To configure prefix tags, see ''Configuring Dial Plans'' on page 541. Note:  Make sure that you assign the Dial Plan in which you have Version 7.2 Mediant 4000 SBC...
Page 506 Mediant 4000 SBC Parameter Description configured the prefix tag, to the related IP Group or SRD.  Instead of using tags and configuring the parameter, you can use the 'Destination Username Prefix' parameter to specify a specific URI destination user or all destinations users.
Page 507 [13] Internal = Instead of sending the incoming SIP dialog to another destination, the device replies to the sender of the dialog with a SIP response code or a redirection response, configured by the 'Internal Version 7.2 Mediant 4000 SBC...
Page 508 Mediant 4000 SBC Parameter Description Action' (IP2IPRouting_InternalAction) parameter in this table (see below). Note: Use option [5] Dial Plan only for backward compatibility purposes; otherwise, use prefix tags as described in ''Configuring Dial Plans'' on page 541. Destination IP Group Defines the IP Group to where you want to route the call.
Page 509 20 routing rules can be configured for the same Forking Group. Cost Group Assigns a Cost Group to the routing rule for determining the cost of the call. cost-group By default, no value is defined. [IP2IPRouting_CostGroup] Version 7.2 Mediant 4000 SBC...
Page 510 Mediant 4000 SBC Parameter Description To configure Cost Groups, see ''Configuring Cost Groups'' on page 267. Note:  To implement LCR and its Cost Groups, you must enable LCR for the Routing Policy assigned to the routing rule (see ''Configuring SBC Routing Policy Rules'' on page 518).
Page 511: Configuring Rerouting Of Calls To Fax Destinations
Configure a Coder Group with T.38, which allows fax transmission over IP (see Configuring Coder Groups on page 409). Configure an IP Profile (see Configuring IP Profiles on page 418): ♦ Assign it the Coder Group. ♦ Configure the 'Fax Rerouting Mode' parameter to Rerouting without delay: Version 7.2 Mediant 4000 SBC...
Page 512: Configuring Specific Udp Ports Using Tag-Based Routing
Mediant 4000 SBC Assign the IP Profile to IP Group#2. Configure two adjacent IP-to-IP Routing rules in the IP-to-IP Routing table (see Configuring SBC IP-to-IP Routing Rules on page 499): • IP-to-IP Routing Rule #0 - routes voice calls from IP Group #0 to IP Group #1:...
Page 513 IP Group for the first IP PBX ("Type" and "Port" tags are later used to identify the IP PBX and assign it a local UDP port 6001 on the leg interfacing with the proxy server): General Index Version 7.2 Mediant 4000 SBC...
Page 514 Mediant 4000 SBC Name PBX-1 Type Server SBC Advanced Tags Type=PBX;Port=6001 • IP Group for the second IP PBX ("Type" and "Port" tags are later used to identify the IP PBX and assign it a local UDP port 6002 on the leg interfacing with the...
Page 515 Open the IP-to-IP Routing table (see Configuring SBC IP-to-IP Routing Rules on page 499), and then configure the following IP-to-IP Routing rules: • Routes calls from the IP PBXs (identified by the source tag name-value "Type=PBX") to the ITSP (identified as an IP Group): General Index Version 7.2 Mediant 4000 SBC...
Page 516: Configuring Sip Response Codes For Alternative Routing Reasons
Mediant 4000 SBC Name PBX-to-ITSP Match Source Tag Type=PBX Action Destination Type IP Group Destination IP Group ITSP • Routes calls from the ITSP (identified by the source tag name-value "Type=ITSP") to the IP PBXs (identified by the specific port assigned to the IP PBX by the value of the destination tag name "Port"):...
Page 517 (SBCAlternativeRoutingReasons) or CLI (configure voip > sbc routing sbc-alt-routing- reasons).  To configure SIP reason codes for alternative IP routing: Open the Alternative Routing Reasons table (Setup menu > Signaling & Media tab > SBC folder > Routing > Alternative Reasons). Version 7.2 Mediant 4000 SBC...
Page 518: Configuring Sbc Routing Policy Rules
Mediant 4000 SBC Click New; the following dialog box appears: Figure 25-7: Alternative Routing Reasons Table - Dialog Box Configure a SIP response code for alternative routing according to the parameters described in the table below. Click Apply. Table 25-3: Alternative Routing Reasons Table Parameter Descriptions...
Page 519 SRD. In such scenarios, you need to configure multiple Classification rules for the same SRD, where for some rules no Routing Policy is assigned Version 7.2 Mediant 4000 SBC...
Page 520 Mediant 4000 SBC (i.e., the SRD's assigned Routing Policy is used) while for others a different Routing Policy is specified to override the SRD's assigned Routing Policy. In multi-tenant environments employing multiple SRDs and Routing Policies, the IP Groups that can be used in routing rules (in the IP-to-IP Routing table) are as follows: ...
Page 521 25. Routing SBC Click New; the following dialog box appears: Figure 25-8: Routing Policies Table - Add Dialog Box Configure the Routing Policy rule according to the parameters described in the table below. Click Apply. Version 7.2 Mediant 4000 SBC...
Page 522 Mediant 4000 SBC Table 25-4: Routing Policies table Parameter Descriptions Parameter Description General Index Defines an index number for the new table row. Note: Each row must be configured with a unique index. Name Defines a descriptive name, which is used when associating the row in other tables.
Page 523: Configuring Ip Group Sets
You can assign up to five IP Groups per IP Group Set. The following procedure describes how to configure IP Group Sets through the Web interface. You can also configure it through other management platforms: Version 7.2 Mediant 4000 SBC...
Page 524 Mediant 4000 SBC  IP Group Set Table: ini file (IPGroupSet) or CLI (configure voip > sbc routing ip- group-set)  IP Group Set Member Table: ini file (IPGroupSetMember) or CLI (configure voip > sbc routing ip-group-set-member)  To configure an IP Group Set: Open the IP Group Set table (Setup menu >...
Page 525 Figure 25-10: IP Group Set Member Table - Dialog Box Configure IP Group Set members according to the parameters described in the table below. Click Apply, and then save your settings to flash memory. IP Group Set Member Table Parameter Descriptions Parameter Description Version 7.2 Mediant 4000 SBC...
Page 526 Mediant 4000 SBC Parameter Description Index Defines an index number for the new table row. index Note: Each row must be configured with a unique index. [IPGroupSetMember_IPGroupSe tMemberIndex] IP Group Assigns an IP Group to the IP Group Set. ip-group-name To configure IP Groups, see Configuring IP Groups.
Page 527: Sbc Manipulations
IP Groups respectively (if any, in the IP Groups table). Below is an example of a call flow and consequent SIP URI manipulations:  Incoming INVITE from LAN: INVITE sip:1000@10.2.2.3;user=phone;x=y;z=a SIP/2.0 Via: SIP/2.0/UDP 10.2.2.6;branch=z9hGLLLLLan From:<sip:7000@10.2.2.6;user=phone;x=y;z=a>;tag=OlLAN;paramer1 =abe To: <sip:1000@10.2.2.3;user=phone> Call-ID: USELLLAN@10.2.2.3 Version 7.2 Mediant 4000 SBC...
Page 528 Mediant 4000 SBC CSeq: 1 INVITE Contact: <sip:7000@10.2.2.3> Supported: em,100rel,timer,replaces Allow: REGISTER,OPTIONS,INVITE,ACK,CANCEL,BYE,NOTIFY,PRACK User-Agent: Sip Message Generator V1.0.0.5 Content-Type: application/sdp Content-Length: 155 o=SMG 791285 795617 IN IP4 10.2.2.6 s=Phone-Call c=IN IP4 10.2.2.6 t=0 0 m=audio 6000 RTP/AVP 8 a=rtpmap:8 pcma/8000 a=sendrecv a=ptime:20 ...
Page 529: Configuring Ip-To-Ip Inbound Manipulations
Routing Policy ("Default_SBCRoutingPolicy"), when only one Routing Policy is required, the device automatically assigns the default Routing Policy to the routing rule. If you are implementing LDAP-based routing (with or without Call Setup Rules) and/or Version 7.2 Mediant 4000 SBC...
Page 530 Mediant 4000 SBC Least Cost Routing (LCR), you need to configure these settings for the Routing Policy (regardless of the number of Routing Policies employed). For more information on Routing Policies, see ''Configuring SBC Routing Policy Rules'' on page 518.
Page 531  [2] REGISTER = Only REGISTER messages.  [3] SUBSCRIBE = Only SUBSCRIBE messages.  [4] INVITE and REGISTER = All SIP messages except SUBSCRIBE.  [5] INVITE and SUBSCRIBE = All SIP messages except Version 7.2 Mediant 4000 SBC...
Page 532 Mediant 4000 SBC Parameter Description REGISTER. Source IP Group Defines the IP Group from where the incoming INVITE is CLI: src-ip-group-name received. [IPInboundManipulation_SrcIpGr The default is Any (i.e., any IP Group). oupName] Source Username Prefix Defines the prefix of the source SIP URI user name (usually in CLI: src-user-name-prefix the From header).
Page 533: Configuring Ip-To-Ip Outbound Manipulations
IP Groups, respectively. The following procedure describes how to configure Outbound Manipulations rules through the Web interface. You can also configure it through ini file (IPOutboundManipulation) or CLI (configure voip > sbc manipulation ip-outbound-manipulation). Version 7.2 Mediant 4000 SBC...
Page 534 Mediant 4000 SBC  To configure Outbound Manipulation rules: Open the Outbound Manipulations table (Setup menu > Signaling & Media tab > SBC folder > Manipulation > Outbound Manipulations). Click New; the following dialog box appears: Figure 26-3: Outbound Manipulations Table- Add Dialog Box Configure an Outbound Manipulation rule according to the parameters described in the table below.
Page 535 Defines the prefix of the source SIP URI user name, typically used in the SIP From header. src-user-name-prefix The default value is the asterisk (*) symbol (i.e., any source [IPOutboundManipulation_SrcUsern username prefix). The prefix can be a single digit or a range of amePrefix] Version 7.2 Mediant 4000 SBC...
Page 536 Mediant 4000 SBC Parameter Description digits. For available notations, see ''Dialing Plan Notation for Routing and Manipulation'' on page 799. Note: If you need to manipulate calls of many different source URI user names, you can use tags (see 'Source Tags' parameter below) instead of this parameter.
Page 537 Prefix to Add Defines the number or string to add in the front of the manipulated item. For example, if you enter 'user' and the user prefix-to-add name is "john", the new user name is "userjohn". [IPOutboundManipulation_Prefix2Ad Version 7.2 Mediant 4000 SBC...
Page 538 Mediant 4000 SBC Parameter Description If you set the 'Manipulated Item' parameter to Source URI or Destination URI, you can configure the parameter to a string of up 49 characters. If you set the 'Manipulated Item' parameter to Calling Name, you can configure the parameter to a string of up 36 characters.
Page 539: Using The Proprietary Sip X-Ac-Action Header
26.3 Using the Proprietary SIP X-AC-Action Header You can use AudioCodes proprietary SIP header, X-AC-Action in message manipulation rules to trigger certain actions. These actions can be used to support, for example, interworking of SIP-I and SIP endpoints for the ISUP SPIROU variant (see Enabling Interworking of SIP and SIP-I Endpoints on page 563).
Page 540 Mediant 4000 SBC receiving this manipulated message, the device starts using IP Profile "ITSP-Profile-2" instead of "ITSP-Profile-1", for the IP Group. User's Manual Document #: LTRT-40203...
Page 541: Configuring Dial Plans
Dial Plan for a rule that matches the destination number. If matching dial plan rules are found, the tags configured for these rules are used in the routing and/or manipulation processes as source and/or destination tags. Version 7.2 Mediant 4000 SBC...
Page 542 Mediant 4000 SBC Note: When tags are used in the IP-to-IP Routing table to determine destination IP Groups (i.e., 'Destination Type' parameter configured to Destination Tag), the device searches the Dial Plan for a matching destination (called) prefix number only.
Page 543 532[1-9] 532[2-4]  For incoming calls with prefix number "53124", the rule with tag C is chosen (longest suffix - C has three digits, B two digits and A one digit): Prefix 53([2-4]) 53([01-99]) 53([001-999]) Version 7.2 Mediant 4000 SBC...
Page 544 Mediant 4000 SBC  For incoming calls with prefix number "53124", the rule with tag B is chosen (suffix is more specific for digit "4"): Prefix 53([2-4]) 53(4),B Dial Plans are configured using two tables with parent-child type relationship: ...
Page 545 For example, "54324#" represents a 5-digit number that starts with the digits 54324.  .: (Period) Denotes any letter or digit.  [n-m], (n-m), or ([n1-m1,n2-m2,a,b,c,n3-m3]): Represents a Version 7.2 Mediant 4000 SBC...
Page 546: Importing And Exporting Dial Plans
Mediant 4000 SBC Parameter Description mixed notation of single numbers and multiple ranges. To represent the prefix, the notation is enclosed by square brackets [...]; to represent the suffix, the notation is enclosed by square brackets which are enclosed by parenthesis ([...]).
Page 547 The following procedures describe how to import a Dial Plan file.  To overwrite all existing Dial Plans with imported Dial Plan file:  Web interface (from a local folder): Open the Dial Plan table. Version 7.2 Mediant 4000 SBC...
Page 548 Mediant 4000 SBC From the 'Action' drop-down menu, choose Import; the following dialog box appears: Figure 27-5: Importing Dial Plan Rules for Specific Dial Plan Use the Browse button to select the Dial Plan file on your PC, and then click OK.
Page 549: Creating Dial Plan Files
Name: Name of the dial plan rule belonging to the Dial Plan.  Prefix: Source or destination number prefix.  Tag: Result of the user categorization and can be used as matching characteristics for routing and outbound manipulation For example: DialPlanName,Name,Prefix,Tag PLAN1,rule_100,5511361xx,A PLAN1,rule_101,551136184[4000-9999]#,B MyDialPlan,My_rule_200,5511361840000#,itsp_1 MyDialPlan,My_rule_201,66666#,itsp_2 Version 7.2 Mediant 4000 SBC...
Page 550: Using Dial Plan Tags For Ip-To-Ip Routing
Mediant 4000 SBC 27.3 Using Dial Plan Tags for IP-to-IP Routing You can use Dial Plan tags with IP-to-IP Routing rules in the IP-to-IP Routing table, where tags can be used for the following:  Matching routing rules by source and/or destination prefix numbers (see Using Dial Plan Tags for Matching Routing Rules on page 550) ...
Page 551: Using Dial Plan Tags For Routing Destinations
The device searches the IP Groups table and IP Group Set table for an IP Group whose 'Tags' parameter is configured with the same tag as selected from the Dial Plan rule. If found, the device routes the call to this IP Group. Version 7.2 Mediant 4000 SBC...
Page 552 Mediant 4000 SBC The following figure displays the device's SIP dialog processing when Dial Plan tags are used to determine the destination IP Group: Figure 27-7: SIP Dialog Handling for Tag-Based Routing The following procedure describes how to configure routing to destination IP Groups determined by Dial Plan tags.
Page 553 Destination Tag and the 'Routing Tag Name' to one of your Dial Plan tags. In our example, the tag "Country" is used: Parameter Index 0 Name Europe Source IP Group Destination Type Destination Tag Routing Tag Name Country Version 7.2 Mediant 4000 SBC...
Page 554: Dial Plan Backward Compatibility
Mediant 4000 SBC Note: • For configuring Dial Plan tags, see Configuring Dial Plans on page Error! Bookmark not defined.. • Configure the 'Routing Tag Name' parameter with only the name of the tag (i.e., without the value, if exists). For example, instead of "Country=England", configure it as "Country"...
Page 555: Using Dial Plan Tags For Outbound Manipulation
SRDs'' on page 331 In the Outbound Manipulations table (see ''Configuring IP-to-IP Outbound Manipulations'' on page 533), configure a rule with the required manipulation and whose matching characteristics include the tag(s) that you configured in your Dial Plan Version 7.2 Mediant 4000 SBC...
Page 556 Mediant 4000 SBC in Step 1. The tags are assigned using the following parameters: • 'Source Tags' parameter (IPOutboundManipulation_SrcTags): tag denoting the calling users • 'Destination Tags' parameter (IPOutboundManipulation_DestTags): tag denoting the called users User's Manual Document #: LTRT-40203...
Page 557: Using Dial Plan Tags For Call Setup Rules
For example, you can configure a rule that adds the SIP header "City" with the value "ny" (i.e., City: ny) to all outgoing SIP INVITE messages associated with the source tag "ny": Note: You cannot modify Dial Plan tags using Message Manipulation rules. Version 7.2 Mediant 4000 SBC...
Page 558 Mediant 4000 SBC This page is intentionally leftblank. User's Manual Document #: LTRT-40203...
Page 559: Configuring Malicious Signatures
(i.e., IP Group). To configure Message Policies, see ''Configuring SIP Message Policy Rules''. The following procedure describes how to configure Malicious Signatures through the Web interface. You can also configure it through ini file (MaliciousSignatureDB) or CLI (configure voip > sbc malicious-signature-database). Version 7.2 Mediant 4000 SBC...
Page 560 Mediant 4000 SBC  To configure a Malicious Signature: Open the Malicious Signature table (Setup menu > Signaling & Media tab > SBC folder > Malicious Signature). Click New; the following dialog box appears: Figure 28-1: Malicious Signature Table - Add Dialog Box Configure a Malicious Signature according to the parameters described in the table below.
Page 561: Advanced Sbc Features
The device does not monitor emergency calls with regards to Quality of Experience (QoE).  To configure SBC emergency call preemption: In the Message Conditions table (see ''Configuring Message Condition Rules'' on page 400), configure a Message Condition rule to identify incoming emergency calls. See Version 7.2 Mediant 4000 SBC...
Page 562: Emergency Call Routing Using Ldap To Obtain Elin
Mediant 4000 SBC above for examples. Open the SBC General Settings page (Setup menu > Signaling & Media tab > SIP Definitions folder > Priority and Emergency), and then scroll down to the Call Priority and Preemption group: Figure 29-2: Configuring Emergency SBC Call Preemption From the 'Preemption Mode' drop-down list (SBCPreemptionMode), select Enable to enable call preemption.
Page 563: Enabling Interworking Of Sip And Sip-I Endpoints
SIP-I is SIP encapsulated with ISUP and the interworking is between SIP signaling and ISUP signaling. This allows you to deploy the device in a SIP environment where part of the call path involves the PSTN. Version 7.2 Mediant 4000 SBC...
Page 564 Mediant 4000 SBC The SIP-I sends calls, originating from the SS7 network, to the SIP network by adding ISUP messaging in the SIP INVITE message body. The device can receive such a message from the SIP-I and remove the ISUP information before forwarding the call to the SIP endpoint.
Page 565 ''Configuring SIP Message Manipulation'' on page 395). For a complete description of the ISUP manipulation syntax, refer to the SIP Message Manipulation Reference Guide. In addition, you can use AudioCodes proprietary SIP header X-AC-Action in Message Manipulation rules to support various call actions (e.g., SIP-I SUS and RES messages) for the ISUP SPIROU variant.
Page 566: Webrtc
The WebRTC feature is a license-dependent feature and is available only if it is included in the License Key that is installed on the device. For ordering the feature, please contact your AudioCodes sales representative. User's Manual Document #: LTRT-40203...
Page 567 WebRTC components and the device's interworking of these components between the WebRTC client and the SIP user agent: The call flow process for interworking WebRTC with SIP endpoints by the device is illustrated below and subsequently described: Version 7.2 Mediant 4000 SBC...
Page 568: Sip Over Websocket
Mediant 4000 SBC The WebRTC client uses a Web browser to visit the Web site page. The Web page receives Web page elements and JavaScript code for WebRTC from the Web hosting server. The JavaScript code runs locally on the Web browser.
Page 569 The SIP messages over WebSocket are indicated by the "ws" value, as shown in the example below of a SIP REGISTER request received from a client: REGISTER sip:10.132.10.144 SIP/2.0 Via: SIP/2.0/WS v6iqlt8lne5c.invalid;branch=z9hG4bK7785666 Max-Forwards: 69 To: <sip:101@10.132.10.144> From: "joe" <sip:101@10.132.10.144>;tag=ub50pqjgpr Call-ID: fhddgc3kc3hhu32h01fghl CSeq: 81 REGISTER Version 7.2 Mediant 4000 SBC...
Page 570: Configuring Webrtc
For the WebRTC deployment environment, you need to install a signed certificate by a Certificate Authority (CA) on you Web server machine (hosting the WebRTC JavaScript) and on your AudioCodes SBC device (i.e., WebSocket server). Note: • Google announced a security policy change that impacts new versions of the Chrome Web browser.
Page 571 From the 'TLS Context Name' drop-down list, assign the TLS Context that you configured in Step 1 (e.g., "WebRTC"). Figure 29-7: Configuring SIP Interface for WebRTC Clients Click Apply. Configure an IP Profile for the WebRTC clients: Version 7.2 Mediant 4000 SBC...
Page 572 Mediant 4000 SBC Open the IP Profiles table (see ''Configuring IP Profiles'' on page 418). Do the following: ♦ From the 'ICE Mode' drop-down list (IPProfile_SBCIceMode), select Lite to enable ICE. ♦ From the 'RTCP Mux' drop-down list (IPProfile_SBCRTCPMux), select Supported to enable RTCP multiplexing.
Page 573: Handling Registered Aors With Same Contact Uris
Some SIP entities (e.g., IP Phones) are setup to register with two registrar/proxy servers (primary and secondary). The reason for this is to provide call redundancy for the SIP entity in case one of the proxy servers fail. When the SIP entity registers with the proxy servers, it Version 7.2 Mediant 4000 SBC...
Page 574 Mediant 4000 SBC sends two identical REGISTER messages - one to the primary proxy and one to the secondary proxy. When the device is located between the SIP entity and the two proxy servers, it needs to differentiate between these two REGISTER messages even though they are identical.
Page 575 Keep user; add unique identifier as URI parameter. In the Message Manipulations table, configure the following rules: • Index 0: ♦ Manipulation Set ID: 1 ♦ Action Subject: header.contact.url.ac-int ♦ Action Type: Modify ♦ Action Value: '1' • Index 1: Version 7.2 Mediant 4000 SBC...
Page 576 Mediant 4000 SBC ♦ Manipulation Set ID: 2 ♦ Action Subject: header.contact.url.ac-int ♦ Action Type: Modify ♦ Action Value: '2' In the SIP Interfaces table, configure the following SIP Interfaces: • Index 0 (SIP Interface for IP Phone A): ♦...
Page 577: Call Forking
29.7.2 Configuring SIP Forking Initiated by SIP Proxy The device can handle the receipt of multiple SIP 18x responses as a result of SIP forking initiated by a proxy server. This occurs when the device forwards an INVITE, received from Version 7.2 Mediant 4000 SBC...
Page 578: Configuring Call Forking-Based Ip-To-Ip Routing Rules
Mediant 4000 SBC a user agent (UA), to a proxy server and the proxy server then forks the INVITE request to multiple UAs. Several UAs may answer and the device may therefore, receive several replies (responses) for the single INVITE request. Each response has a different 'tag' value in the SIP To header.
Page 579: Enabling Auto-Provisioning Of Subscriber-Specific Information Of Broadworks Server For Survivability
To enable the BroadWorks survivability feature: Open the SBC General Settings page (Setup menu > Signaling & Media tab > SBC folder > SBC General Settings). From 'BroadWorks Survivability Feature' drop-down list (SBCExtensionsProvisioningMode), select Enable: Click Apply. Version 7.2 Mediant 4000 SBC...
Page 580: Configuring Broadsoft's Shared Phone Line Call Appearance For Survivability
Mediant 4000 SBC 29.8.2 Configuring BroadSoft's Shared Phone Line Call Appearance for Survivability The device can provide redundancy for BroadSoft's Shared Call Appearance feature. When the BroadSoft application server switch (AS) fails or does not respond, or when the network connection between the device and the BroadSoft AS is down, the device manages the Shared Call Appearance feature for the SIP clients.
Page 581: Configuring Call Survivability For Call Centers
(such as IVR), the device routes the incoming calls received from the customer (i.e., from the TDM gateway) to the call center agents. Version 7.2 Mediant 4000 SBC...
Page 582 Mediant 4000 SBC In normal operation, the device registers the agents in its users registration database. Calls received from the TDM gateway are forwarded by the device to the application server, which processes the calls and sends them to specific call center agents, through the device.
Page 583: Enabling Survivability Display On Aastra Ip Phones
LCD screens. If you enable the feature and the device is in Survivability mode, it responds to SIP REGISTER messages from the IP phones with a SIP 200 OK containing the following XML body: Version 7.2 Mediant 4000 SBC...
Page 584 Mediant 4000 SBC Content-Type: application/xml <?xml version="1.0" encoding="utf-8"?> <LMIDocument version="1.0"> <LocalModeStatus> <LocalModeActive>true</LocalModeActive> <LocalModeDisplay>StandAlone Mode</LocalModeDisplay> </LocalModeStatus> </LMIDocument>  To enable survivability display on Aastra phones: Load an ini file to the device that includes the following parameter setting: SBCEnableSurvivabilityNotice = 1...
Page 585: Alternative Routing On Detection Of Failed Sip Response
If the device does not receive a SIP ACK in response to this, it sends a new 200 OK to the next alternative destination. This new destination can be the next given IP address resolved from a DNS from the Contact or Record-Route header in the request related to the response. Version 7.2 Mediant 4000 SBC...
Page 586: Voiperfect
25%. ISPs can therefore offer service level agreements (SLAs) to their customers based on the VoIPerfect feature. For more information, contact your AudioCodes sales representative. In addition, by ensuring high call quality even in adverse network conditions, VoIPerfect may reduce costs for ISPs such...
Page 587 ♦ RTCP Feedback: Feedback On ♦ Voice Quality Enhancement: Enable ♦ Max Opus Bandwidth: 80000 • Quality of Service Rules (see Configuring Quality of Service Rules on page 320): ♦ Rule Metric: Poor InVoice Quality Version 7.2 Mediant 4000 SBC...
Page 588 Mediant 4000 SBC ♦ Alternative IP Profile Name: name of Alternative IP Profile (above) Configuration of the Access SBC for both methods:  Coder Groups: • Coders Group with G.711 and Opus • Coders Group with Opus  Allowed Audio Coders Group with Opus ...
Page 589: Cloud Resilience Package
Part VI Cloud Resilience Package...
Page 591: Crp Overview
 Short number dialog (short numbers are learned dynamically in the registration process)  Survivability indication to IP phone  Call hold and retrieve Version 7.2 Mediant 4000 SBC...
Page 592 Mediant 4000 SBC Survivability Quality of Experience/Service Security  Call transfer (if IP phone initiates REFER)  Basic Shared Line Appearance (excluding correct busy line indications)  Call waiting (if supported by IP phone) One of the main advantages of CRP is that it enables quick-and-easy configuration. This is accomplished by its pre-configured routing entities, whereby only minimal configuration is required.
Page 593: Crp Configuration
Open the Applications Enabling page (Setup menu > Signaling & Media tab > Core Entities folder > Applications Enabling). From the 'CRP Application' drop-down list, select Enable. Click Apply, and then reset the device with a save-to-flash for your settings to take effect. Version 7.2 Mediant 4000 SBC...
Page 594: Configuring Call Survivability Mode
Mediant 4000 SBC 31.2 Configuring Call Survivability Mode The CRP can be configured to operate in one of the following call survivability modes:  Normal (Default): The CRP interworks between the branch users and the IP PBX located at headquarters. The CRP forwards all requests (such as for registration) from the branch users to the IP PBX, and routes the calls based on the IP-to-IP routing rules.
Page 595: Pre-Configured Ip Groups
The IP Groups can be edited, except for the fields listed above, which are read-only. • For accessing the IP Groups table and for a description of its parameters, see ''Configuring IP Groups'' on page 349. Version 7.2 Mediant 4000 SBC...
Page 596: Pre-Configured Ip-To-Ip Routing Rules
Mediant 4000 SBC 31.4 Pre-Configured IP-to-IP Routing Rules For the CRP application, the IP-to-IP Routing table is pre-configured with IP-to-IP routing rules. These rules depend on the configured Call Survivability mode, as described in ''Configuring Call Survivability Mode'' on page 594.
Page 597: Emergency Mode
Route Ignore Inputs #1 [CRP IP Group #3 [CRP Alternative Users] Gateway] Route Ignore Inputs #2 [CRP IP Group #1 [CRP Route Row Proxy] Users] #2 [CRP IP Group #3 [CRP Route Row Proxy] Gateway] Version 7.2 Mediant 4000 SBC...
Page 598: Configuring Pstn Fallback
Mediant 4000 SBC Mode Index Source IP Request Type Destination Destination Destination Alternative Group Type IP Group Address Route Options #3 [CRP IP Group #2 [CRP Route Row Gateway] Proxy] #3 [CRP IP Group #1 [CRP Alternative Gateway] Users] Route Ignore...
Page 599: High-Availability System
Part VII High-Availability System...
Page 601: Ha Overview
(.cmp) if the redundant device is running a different software version. Once loaded to the redundant device, the redundant device reboots to apply the new configuration and/or software. This ensures that the two units are synchronized regarding configuration and software. Version 7.2 Mediant 4000 SBC...
Page 602: Device Switchover Upon Failure
Mediant 4000 SBC Note: If the active unit runs an earlier version (e.g., 7.0) than the redundant unit (e.g., 7.2), the redundant unit is downgraded to the same version as the active unit (e.g., 7.0). Thus, under normal operation, one of the devices is in active state while the other is in redundant state, where both devices share the same configuration and software.
Page 603: Viewing Ha Status On Monitor Web Page
Title above device is "Active Device". The default name is "Device 1".  Redundant device: • Color of border surrounding device is blue. • Title above device is "Redundant Device". The default name is "Device 2". Version 7.2 Mediant 4000 SBC...
Page 604 Mediant 4000 SBC The Monitor page also displays the HA operational status of the device to which you are currently logged in. This is displayed in the 'HA Status' field under the Device Information:  "Synchronizing": Redundant device is synchronizing with Active device ...
Page 605: Ha Configuration
This is enabled by configuring the Ethernet Group associated with the Maintenance interface with two ports. The required receive (Rx) and transmit (TX) mode for the port pair in the Ethernet Group used by the Maintenance interface is as follows (not applicable to Mediant VE): Version 7.2 Mediant 4000 SBC...
Page 606 Mediant 4000 SBC  (Recommended Physical Connectivity) If the Maintenance ports of both devices are connected directly to each other without intermediation of switches, configure the mode to 2RX/1TX: Figure 33-1: Rx/Tx Mode for Direct Connection  If the two devices are connected through two (or more) isolated LAN switches (i.e.,...
Page 607: Configuring The Ha Devices
Assigning the OAMP IP Address on page Open the IP Interfaces table (see ''Configuring IP Network Interfaces'' on page 129). Change the default OAMP network settings to suit your networking scheme. Configure the Control and Media network interfaces, as required. Version 7.2 Mediant 4000 SBC...
Page 608 Mediant 4000 SBC Add the HA Maintenance interface (i.e., the MAINTENANCE Application Type). Note: Make sure that the Maintenance interface uses an Ethernet Device and Ethernet Group that is not used by any other IP network interface. The Ethernet Group is associated with the Ethernet Device, which is assigned to the interface.
Page 609: Step 2: Configure The Second Device
Configure the same Ethernet port Tx / Rx mode of the Ethernet Group used by the Maintenance interface as configured for the first device. Configure HA parameters in the HA Settings page: In the 'HA Remote Address' field, enter the Maintenance IP address of the first device. Version 7.2 Mediant 4000 SBC...
Page 610: Step 3: Initialize Ha On The Devices
Mediant 4000 SBC (Optional) Enable the HA Preempt feature by configuring the 'Preempt Mode' parameter to Enable, and then setting the priority level of the device in the 'Preempt Priority' field. Make sure that you configure different priority levels for the two devices.
Page 611 After it synchronizes with the active device, it initiates a switchover and becomes the new active device (the former active device resets and becomes the new redundant device). Version 7.2 Mediant 4000 SBC...
Page 612: Configuring Firewall Allowed Rules
Mediant 4000 SBC 33.3 Configuring Firewall Allowed Rules If you want to configure firewall rules (see 'Configuring Firewall Rules' on page 165) that block specific network traffic, you must first configure firewall rules that allow traffic needed in your deployment. Therefore, in addition to allowing basic traffic (such as OAMP,...
Page 613: Monitoring Ip Entity And Ha Switchover Upon Ping Failure
In the 'Source Interface Name' field, enter the device's IP network interface from where you want to ping the destination entity. • In the 'Ping Timeout' field, enter the timeout for which the ping request waits for a response. Version 7.2 Mediant 4000 SBC...
Page 614 Mediant 4000 SBC • In the 'Ping Retries' field, enter the number of ping requests that the device sends after no ping response is received from the destination, before it considers the destination as unavailable. Figure 33-7: Configuring HA Network Reachability Click Apply.
Page 615: Ha Maintenance
• Navigation tree: Setup menu > Administration tab > Maintenance folder > High Availability Maintenance. Figure 34-1: Performing a Device HA Switchover Click Switch Over; a confirmation box appears requesting you to confirm. Click OK. Version 7.2 Mediant 4000 SBC...
Page 616: Resetting The Redundant Unit
Mediant 4000 SBC 34.4 Resetting the Redundant Unit You can reset the Redundant device, if necessary. Note: When resetting the Redundant device, the HA mode becomes temporarily unavailable.  To reset the Redundant device: Open the High Availability Maintenance page: •...
Page 617 Reset the redundant device. Note: The procedure assumes that no network changes were made to both devices' HA Maintenance interface or Ethernet Devices (VLAN); otherwise, the devices may not be able to communicate with each other. Version 7.2 Mediant 4000 SBC...
Page 618 Mediant 4000 SBC This page is intentionally leftblank. User's Manual Document #: LTRT-40203...
Page 619: Maintenance
Part VIII Maintenance...
Page 621: Basic Maintenance
Timeout' field (see next step). During this interval, no new traffic is accepted. If no traffic exists and the time has not yet expired, the device resets immediately. • No: Reset begins immediately, regardless of traffic. Any existing traffic is immediately terminated. Version 7.2 Mediant 4000 SBC...
Page 622: Remotely Resetting Device Using Sip Notify
Remotely Resetting Device using SIP NOTIFY The device can be remotely reset upon the receipt of a SIP NOTIFY that contains an Event header that is set to 'check-sync;reboot=true' (proprietary to AudioCodes), as shown in the example below: NOTIFY sip:<user>@<dsthost> SIP/2.0 To: sip:<user>@<dsthost>...
Page 623 'Gateway Operational State' read-only field displays "LOCKED" and the device does not process any calls.  To unlock the device:  Click the UNLOCK button; the device unlocks immediately and accepts new incoming calls. The 'Gateway Operational State' read-only field displays "UNLOCKED". Version 7.2 Mediant 4000 SBC...
Page 624: Saving Configuration
Mediant 4000 SBC 35.4 Saving Configuration When you configure parameters and tables in the Web interface and then click the Apply button on the pages in which the configurations are done, changes are saved to the device's volatile memory (RAM). These changes revert to their previous settings if the device subsequently resets (hardware or software) or powers down.
Page 625: Channel Maintenance
You can forcibly disconnect all active calls, or disconnect specific calls based on Session  To disconnect calls through CLI:  Disconnect all active calls: # clear voip calls  Disconnect active calls belonging to a specified Session ID: # clear voip calls <Session ID> Version 7.2 Mediant 4000 SBC...
Page 626 Mediant 4000 SBC This page is intentionally left blank. User's Manual Document #: LTRT-40203...
Page 627: Auxiliary Files
''Locking and Unlocking the Device'' on page 622. 37.1.1 Loading Auxiliary Files through Web Interface The following procedure describes how to load Auxiliary files through the Web interface. Version 7.2 Mediant 4000 SBC...
Page 628: Loading Auxiliary Files Through Cli
Mediant 4000 SBC Note: • When loading an ini file through the Auxiliary Files page (as described in this section), only parameter settings specified in the ini file are applied to the device; all other parameters remain at their current settings.
Page 629: Deleting Auxiliary Files
(in any standard text editor) to suit your specific requirements and then convert the modified ini file into binary dat file format, using AudioCodes DConvert utility. For more information, refer to the DConvert Utility User's Guide.
Page 630 Mediant 4000 SBC Only eight AM tones, in the range of 1 to 128 kHz, can be configured (the detection range is limited to 1 to 50 kHz). Note that when a tone is composed of a single frequency, the second frequency field must be set to zero.
Page 631 High Freq [Hz]=0 Low Freq Level [-dBm]=10 (-10 dBm) High Freq Level [-dBm]=32 (use 32 only if a single tone is required) First Signal On Time [10msec]=300; the dial tone is detected after 3 sec Version 7.2 Mediant 4000 SBC...
Page 632: Prerecorded Tones File
Audition), and then combined into a single and loadable PRT file (.dat) using the latest version of AudioCodes DConvert utility (refer to the DConvert Utility User's Guide). Once created, you need to install the PRT file on the device (flash memory), using the Web interface (see 'Loading Auxiliary Files' on page 627) or CLI.
Page 633: Dial Plan File
Plans as required. Save the file with the ini file extension name (e.g., mydialplanfile.ini). Convert the ini file to a dat binary file, using AudioCodes DConvert utility. For more information, refer to DConvert Utility User's Guide. Load the converted file to the device, as described in ''Loading Auxiliary Files'' on page 627.
Page 634: Obtaining Ip Destination From Dial Plan File
Mediant 4000 SBC 37.5.2 Obtaining IP Destination from Dial Plan File You can use a Dial Plan index listed in a loaded Dial Plan file for determining the IP destination of SBC (see note below) calls. This enables the mapping of called numbers to IP addresses (in dotted-decimal notation) or FQDNs (up to 15 characters).
Page 635: User Information File
636  CLI - see Configuring SBC User Info Table through CLI on page 637  Loadable User Info file - see ''Configuring SBC User Info Table in Loadable Text File'' on page 638 Version 7.2 Mediant 4000 SBC...
Page 636: Configuring Sbc User Info Table Through Web Interface
Mediant 4000 SBC 37.6.2.1 Configuring SBC User Info Table through Web Interface The following procedure describes how to configure the SBC User Info table through the Web interface. Note: • To configure the User Info table, make sure that you have enabled the feature as described in Enabling the User Info Table on page 635.
Page 637: Configuring Sbc User Info Table Through Cli
(SuePark) username (userSue) password (t6sn+un=) ip-group-id (1) status (not-resgistered)  To view a specific entry (example): (sip-def-proxy-and-reg)# user-info sbc-user-info <index, e.g., 0> (sbc-user-info-0)# display local-user (JohnDee) username (userJohn) password (s3fn+fn=) ip-group-id (1) status (not-resgistered) Version 7.2 Mediant 4000 SBC...
Page 638: Configuring Sbc User Info Table In Loadable Text File
Mediant 4000 SBC  To search a user by local-user: (sip-def-proxy-and-reg)# user-info find <local-user, e.g., JohnDoe> JohnDee: Found at index 0 in SBC user info table, not registered Note: To configure the User Info table, make sure that you have enabled the feature as described in Enabling the User Info Table on page 635.
Page 639: Viewing The Installed User Info File Name
The XML-to-binary format conversion can be done using AudioCodes DConvert utility. For more information on using this utility, refer to DConvert Utility User's Guide. Only one AMD Sensitivity file can be installed on the device.
Page 640 Mediant 4000 SBC This page is intentionally leftblank. User's Manual Document #: LTRT-40203...
Page 641: License Key
License Key The License Key determines the device's supported features and call capacity, as ordered from your AudioCodes sales representative. You can upgrade or change your device's supported features and capacity, by purchasing and installing a new License Key that match your requirements.
Page 642: Installing A New License Key
 Serial Number: Device's serial number.  Board Type: AudioCodes internal identification number of the type of your device.  Remote License Server / Remote License Server IP: For more information, see Upgrading SBC Capacity Licenses by License Pool Manager Server on page 649.
Page 643: Installing A License Key String
The License Key page uses color-coded icons to indicate the changes between the previous License Key and the newly loaded License Key (for more information, see Installing License Key through Web Interface on page 642). Version 7.2 Mediant 4000 SBC...
Page 644: Installing A License Key File
Mediant 4000 SBC Click Apply New License Key; the following message box appears: Figure 38-4: Apply New License Key Message Click Reset; the device begins to save the file to flash memory with a reset and the following progress message box appears:...
Page 645 Figure 38-7: Apply New License Key Message Click Reset; the device begins to save the file to flash memory with a reset and the following progress message box appears: Figure 38-8: Reset in Progress for License Key Version 7.2 Mediant 4000 SBC...
Page 646 Mediant 4000 SBC When installation completes, the following message box appears: Figure 38-9: Reset and Save-to-Flash Success Message Clock Close to close the message box; you are logged out of the Web interface and prompted to log in again. The features and capabilities displayed on the License Key page now reflect the newly installed License Key.
Page 647 HA switchover mechanism. When you click the button, the process starts and a message box is displayed indicating the installation progress: Figure 38-10: Hitless License Key Upgrade - Progress When installation completes, the following message box appears: Figure 38-11: Hitless License Upgrade Successfully Completed Version 7.2 Mediant 4000 SBC...
Page 648: Installing License Key Through Cli
Mediant 4000 SBC • Non-Hitless Upgrade: Installs the License Key simultaneously on both devices where both undergo a reset and therefore, current calls are terminated. When you click the button, the process starts and the following progress message box appears:...
Page 649: Upgrading Sbc Capacity Licenses By License Pool Manager Server
Manager Server The device can receive SBC capacity (session) licenses from a centralized pool of SBC resources managed by the License Pool Manager Server running on AudioCodes OVOC. The License Pool Manager Server can dynamically allocate and de-allocate SBC licenses from the pool to devices in the network to meet capacity demands of each device, whenever required.
Page 650 Mediant 4000 SBC  Remote License Server IP: IP address of the License Server. The device periodically checks with the License Pool Manager Server for SBC capacity licenses. The License Pool Manager Server identifies the device by serial number. If it has an SBC license for the device, it sends it to the device.
Page 651: Backing Up The License Key
: Saves the License Key as a file to a folder on your computer. By default, the device names the file "license". • : Copies the License Key as a string to your computer's clipboard. You can then paste the string into any application, for example, an e-mail message. Version 7.2 Mediant 4000 SBC...
Page 652: Viewing The Device's Product Key
Viewing the Device's Product Key The Product Key identifies a specific purchase of your device installation for the purpose of subsequent communication with AudioCodes (e.g., for support and software upgrades). The Product Key is your chassis' serial number--"S/N(Product Key)"--which also appears on the product label affixed to the chassis.
Page 653: Software Upgrade Wizard
An HA switchover occurs from active device (i.e., the initial redundant device) to redundant device (i.e., the initial active device) to return the devices to their original HA state. Only the initial redundant deviceundergoes a reset to return to redundant state. Version 7.2 Mediant 4000 SBC...
Page 654 Mediant 4000 SBC Note: • You can obtain the latest software files from AudioCodes Web site at http://www.audiocodes.com/downloads. • When you start the wizard, the rest of the Web interface is unavailable. After the files are successfully installed with a device reset, access to the full Web interface is restored.
Page 655 Cancel. However, if you continue with the wizard and start loading the cmp file, the upgrade process must be completed with a device reset. Click Browse, and then navigate to and select the .cmp file. Version 7.2 Mediant 4000 SBC...
Page 656 Mediant 4000 SBC Click Load File; the device begins to install the .cmp file and a progress bar displays the status of the loading process: Figure 39-2: CMP File Loading Progress Bar When the file is loaded, a message is displayed to inform you.
Page 657 (according to the .cmp file) and thereby, overwrite values previously configured for these parameters. Click Reset; a progress bar is displayed, indicating the progress of saving the files to flash and device reset. Figure 39-4: Progress Bar Indicating Burning Files to Flash Version 7.2 Mediant 4000 SBC...
Page 658 Mediant 4000 SBC Note: Device reset may take a few minutes (even up to 30 minutes), depending on .cmp file version. When the device finishes the installation process and resets, the wizard displays the following, which lists the installed .cmp software version and other files that you may...
Page 659: Configuration File
The following procedure describes how to load a configuration file from a folder on your PC to the device. You can load any of the following configuration file types:  ini file  CLI Script file  CLI Startup Script file Version 7.2 Mediant 4000 SBC...
Page 660 Mediant 4000 SBC Warning: • When loading an ini file as described in this section, parameters not included in the ini file are restored to default settings. If you want to keep the device's current configuration settings and also apply the settings specified in the ini file, load the file through the Auxiliary Files page, as described in Loading Auxiliary Files through Web Interface on page 627.
Page 661: Automatic Provisioning
Open the Network Settings page (Setup menu > IP Network tab > Advanced folder > Network Settings). From the 'Enable DHCP" drop-down list, select Enable. Figure 41-1: Enabling DHCP Client Functionality Click Apply. To activate the DHCP process, reset the device. Version 7.2 Mediant 4000 SBC...
Page 662: Provisioning The Device Using Dhcp Option 160
Mediant 4000 SBC The following shows an example of a configuration file for a Linux DHCP server (dhcpd.conf). The devices are allocated temporary IP addresses in the range 10.31.4.53 to 10.31.4.75. TFTP is assumed to be on the same computer as the DHCP server (alternatively, the "next-server"...
Page 663: Http-Based Provisioning
The only configuration required is to preconfigure the device(s) with the URL of the initial (master) ini file. This can be done using one of the following methods:  DHCP, as described in ''DHCP-based Provisioning'' on page 661 or via TFTP at a Version 7.2 Mediant 4000 SBC...
Page 664: Ftp-Based Provisioning
Provisioning'' on page 663 is that the protocol in the URL is "ftp" (instead of "http"). 41.1.4 Provisioning using AudioCodes OVOC AudioCodes OVOC server functions as a core-network provisioning server. The device's SNMP Manager should be configured with the IP address of the OVOC server, using one of the methods detailed in the previous sections.
Page 665: Files Provisioned By Automatic Update
Automatic Update settings and other configuration settings that require a device reset. The URL of the server where this file is located is configured by the AUPDStartupScriptURL ini file parameter or CLI command, configure system > automatic-update > startup-script <URL>. Version 7.2 Mediant 4000 SBC...
Page 666: File Location For Automatic Update
Mediant 4000 SBC 41.2.2 File Location for Automatic Update The files for updating the device can be stored on any standard Web (HTTP/S), TFTP, or FTP, server. The files can be loaded periodically to the device using HTTP/S, TFTP, or FTP, .
Page 667: File Template For Automatic Provisioning
URL is replaced with the filename and extension, as listed in the below table. For example, if you configure the AupdFilesList parameter as in Step 1 and the TemplateUrl parameter to: • ini File: TemplateUrl = 'http://10.8.8.20/Site1_<FILE>' • CLI: Version 7.2 Mediant 4000 SBC...
Page 668: Triggers For Automatic Update
Mediant 4000 SBC # configure system (config-system)# automatic update (automatic-update)# template-url http://10.8.8.20/Site1_<FILE> The device sends HTTP requests to the following URLs: • http://10.8.8.20/Site1_device.ini • http://10.8.8.20/Site1_fk.ini • http://10.8.8.20/Site1_cpt.data Place the files to download on the provisioning server. Make sure that their file names and extensions are based on the hardcoded string values specific to the file type for the <FILE>...
Page 669: Access Authentication With Http Server
Upon receipt of an SNMP request from the provisioning server. • Upon receipt of a special SIP NOTIFY message from the provisioning server. The NOTIFY message includes an Event header with the AudioCodes proprietary value, "check-sync;reboot=false", as shown in the example below: NOTIFY sip:<user>@<dsthost> SIP/2.0 To: sip:<user>@<dsthost>...
Page 670: Querying Provisioning Server For Updated Files
Mediant 4000 SBC 41.2.7 Querying Provisioning Server for Updated Files Each time the Automatic Update feature is triggered, for each file and its configured URL the device does the following: If you have configured the device to authenticate itself to the HTTP/S server for secure...
Page 671 Below is an example of how to configure URLs for some of these files: Auxiliary Files: ♦ ini: CptFileURL = 'https://www.company.com/call_progress.dat' FeatureKeyURL = 'https://www.company.com/License_Key.txt' ♦ CLI: (config-system)# automatic-update (automatic-update)# call-progress-tones http://www.company.com/call_progress.dat (automatic-update)# tls-root-cert https://company.com/root.pem Software (.cmp) File: ♦ ini: CmpFileUrl = 'https://www.company.com/device/v.7.20A.000.038.cmp' Version 7.2 Mediant 4000 SBC...
Page 672: File Download Sequence
Mediant 4000 SBC ♦ CLI: (config-system)# automatic-update (automatic-update)# firmware https://www.company.com/device/v.7.20A.000.038.cmp Note: • For one-time file download, the HTTP Get request sent by the device does not include the If-Modified-Since header. Instead, the HTTP-User-Agent header can be used in the HTTP Get request to determine whether firmware update is required.
Page 673: Cyclic Redundancy Check On Downloaded Configuration Files
For enabling CRC, use the ini file parameter AUPDCheckIfIniChanged or CLI command, configure system > automatic-update > crc-check regular. By default, CRC is disabled. For more information on the parameter, see ''Automatic Update Parameters'' on page 816. Version 7.2 Mediant 4000 SBC...
Page 674: Automatic Update Configuration Examples
Mediant 4000 SBC 41.2.10 Automatic Update Configuration Examples This section provides a few examples on configuring the Automatic Update feature. 41.2.10.1 Automatic Update for Single Device This simple example describes how to configure the Automatic Update feature for updating a single device. In this example, the device queries the provisioning server for software, configuration and Auxiliary files every 24 hours.
Page 675: Automatic Update From Remote Servers
'ftps://root:wheel@ftpserver.corp.com/feature_key.txt' Software (.cmp) and ini files: Set up an HTTP Web server and copy the .cmp and configuration files to the server. Configure the device with the URL paths of the .cmp and ini files: Version 7.2 Mediant 4000 SBC...
Page 676: Automatic Update For Mass Deployment
Mediant 4000 SBC ♦ ini File: AutoCmpFileUrl = 'http://www.company.com/device/sw.cmp' IniFileURL = 'http://www.company.com/device/inifile.ini' ♦ CLI: # configure system (config-system)# automatic update (automatic-update)# auto-firmware 'http://www.company.com/sw.cmp' (automatic-update)# startup-script https://company.com/files/startup_script.txt Configure the device with the IP address of the DNS server for resolving the domain...
Page 677 (e.g., http://www.company.com) that is used in the URL for the provisioning server. This is done in the IP Interfaces table: ♦ ini File: [ InterfaceTable ] FORMAT InterfaceTable_Index = InterfaceTable_ApplicationTypes, InterfaceTable_InterfaceMode, InterfaceTable_IPAddress, InterfaceTable_PrefixLength, InterfaceTable_Gateway, InterfaceTable_VlanID, InterfaceTable_InterfaceName, InterfaceTable_PrimaryDNSServerIPAddress, InterfaceTable_SecondaryDNSServerIPAddress, InterfaceTable_UnderlyingDevice; Version 7.2 Mediant 4000 SBC...
Page 678 Mediant 4000 SBC InterfaceTable 0 = 6, 10, 10.15.7.95, 16, 10.15.0.1, 1, "Voice", 80.179.52.100, 0.0.0.0, "vlan 1"; [ \InterfaceTable ] ♦ CLI: # configure network (config-network)# interface network-if 0 (network-if-0)# primary-dns 80.179.52.100 Power down and then power up the device.
Page 679: Sbc Configuration Wizard
SBC Configuration Wizard, their new settings are used. • On some wizard pages, the availability of certain fields depends on the selected application. Version 7.2 Mediant 4000 SBC...
Page 680: Starting The Sbc Configuration Wizard
Figure 42-1: SBC Configuration Wizard - Welcome Page If desired, the SBC Configuration Wizard allows you to share usage statistics with AudioCodes in order to help us improve our software. To agree, select the 'Report usage statistics' check box, and then fill in the subsequent fields.
Page 681: General Setup Page
SIP REGISTER, SUBSCRIBE and NOTIFY messages. If you selected the SIP Trunk application in Step 1, do the following: From the 'IP-PBX' drop-down list, select the IP PBX model. If the model is not listed, select Generic IP-PBX. Version 7.2 Mediant 4000 SBC...
Page 682 Mediant 4000 SBC From the 'SIP-Trunk' drop-down list, select the SIP trunk provider. If the provider is not listed, select Generic SIP Trunk. To generate a configuration template based on the individual properties of the selected IP PBX and SIP Trunk, instead of using the existing template for the specific combination, select the 'Override template' check box.
Page 683: System Page
DNS server and the IP PBX or ITSP require the use of hostnames instead of IP addresses. Select the 'Apply local DNS' check box, and then configure the following parameters: Version 7.2 Mediant 4000 SBC...
Page 684: Interfaces Page
Mediant 4000 SBC ♦ 'Domain Name': Domain name to resolve into an IP address. ♦ 'First IP address': IP address of the domain name. ♦ 'Secondary IP address': Second IP address of the domain name (optional). For more information on configuring the device's DNS table, see Configuring the Internal DNS Table on page 152.
Page 685: Ip-Pbx Page
'NAT Public IP': Displays the public IP address (of the Enterprise router) for communicating with the IP PBX. The field is applicable only when the device is connected to a router that performs NAT.  To configure IP PBX settings: Under the IP-PBX group, configure the following: Version 7.2 Mediant 4000 SBC...
Page 686 Mediant 4000 SBC • 'Address': Configure the IP address (or hostname) of the IP PBX. Note that for the One port: WAN network topology, when the device is assigned a public IP address, you must use the public IP address (of the Enterprise router) instead of the private address of the IP PBX, and configure the Enterprise router to forward VoIP traffic from the device to the IP PBX.
Page 687: Sip Trunk Page
Under the SIP Trunk group, configure the following: • 'Address': Configures the IP address or hostname of the SIP Trunk. • 'Backup Address': (Optional) Configures the backup IP address or hostname of the SIP Trunk. Version 7.2 Mediant 4000 SBC...
Page 688 Mediant 4000 SBC • 'SIP Domain': Configures the SIP domain name for communicating with the SIP Trunk. The domain name is used in the following SIP message headers: ♦ Outbound calls: Request-URI and To headers ♦ Inbound calls: From header •...
Page 689: Number Manipulation Page
'Password': Password for communication with ARM. Click Next; the Remote Users (FEU) page appears (see Remote Users Page on page 690). The example below changes the number "+15033311432" to "03311432":  Prefix: "+1503"  Remove:"4"  Add: "0" Version 7.2 Mediant 4000 SBC...
Page 690: Remote Users Page
Mediant 4000 SBC 42.8 Remote Users Page The Remote Users (FEU) wizard page configures the remote users settings. Note: This page is applicable only to IP PBXs that support such configuration. Figure 42-8: SBC Configuration Wizard - Remote Users Page ...
Page 691: Summary Page
To save the configuration as an ini file to a folder on your PC, click the Save INI file button. You can later load the file to the device (see Loading an ini File to the Device on page 659). Click Next; the Congratulations page appears (see Congratulations Page on page 692). Version 7.2 Mediant 4000 SBC...
Page 692: Congratulations Page
Mediant 4000 SBC 42.10 Congratulations Page The Congratulations wizard page is the last wizard page and allows you to complete configuration. Figure 42-10: SBC Configuration Wizard - Congratulations Page  To complete the SBC Configuration Wizard:  Click Apply & Reset to apply configuration to the device or click Save INI File to save configuration as an ini file on your PC.
Page 693: Restoring Factory Defaults
# enable At the prompt, type the password again, and then press Enter: # Password: Admin At the prompt, type the following to reset the device to default settings, and then press Enter: # write factory Version 7.2 Mediant 4000 SBC...
Page 694: Restoring Factory Defaults Through Web Interface
Mediant 4000 SBC 43.2 Restoring Factory Defaults through Web Interface You can restore the device to factory defaults through the Web interface. Note: When restoring to factory defaults, you can preserve your IP network settings that are configured in the IP Interfaces table (see ''Configuring IP Network Interfaces'' on page 129), as described in the procedure below.
Page 695: Status, Performance Monitoring And Reporting
Part IX Status, Performance Monitoring and Reporting...
Page 697: System Status
Product Key, which identifies the specific device purchase. The Product Key also appears on the product label that is affixed to the chassis, as "S/N(Product Key)". For more information, see Viewing the Device's Product Key on page 652. Version 7.2 Mediant 4000 SBC...
Page 698 Mediant 4000 SBC Parameter Description Board Type Product name of the device. Device Up Time Duration that the device has been up and running since the last reset. The duration is displayed in the following format: dd:hh:mm:ss:100th of a second Device Administrative State Administrative status ("Unlocked"...
Page 699: Viewing Device Status On Monitor Page
MIB is PM_gwActiveSIPTransacionsPerSecond. The counter is applicable to SBC and Gateway calls. • Registered Users: Number of users registered with the device. The corresponding SNMP performance monitoring MIB is PM_gwSBCRegisteredUsers. Figure 44-2: Viewing Call Statistics on Monitor Page Version 7.2 Mediant 4000 SBC...
Page 700 Mediant 4000 SBC  Graphical display of the device with color-coded status icons, as shown in the figure below and described in the subsequent table: Note: For a description of the Monitor page when the device is in High Availability (HA) mode, see HA Status Display on Monitor Web Page on page 603.
Page 701 (green): Ethernet link is working  (gray): Ethernet link is not connected To view detailed Ethernet port information, click these icons to open the Ethernet Port Information page (see Viewing Ethernet Port Information on page 725). Version 7.2 Mediant 4000 SBC...
Page 702 Mediant 4000 SBC This page is intentionally left blank. User's Manual Document #: LTRT-40203...
Page 703: Reporting Dsp Utilization Through Snmp Mib
SNMP MIB table, acPMDSPUsage. You can also configure low and high DSP utilization thresholds this MIB, that crossed, SNMP trap event, acPerformanceMonitoringThresholdCrossing is sent by the device. For more information on this MIB, refer to the SNMP Reference Guide. Version 7.2 Mediant 4000 SBC...
Page 704 Mediant 4000 SBC This page is intentionally left blank. User's Manual Document #: LTRT-40203...
Page 705: Viewing Carrier-Grade Alarms
Critical (red)  Major (orange)  Minor (yellow) Source Component of the device from which the alarm was raised. Description Brief description of the alarm. Date Date (DD/MM/YYYY) and time (HH:MM:SS) the alarm was raised. Version 7.2 Mediant 4000 SBC...
Page 706: Viewing History Alarms
Mediant 4000 SBC 46.2 Viewing History Alarms You can view all SNMP alarms, in the Web interface's Alarms History table, that have been raised (active alarms) as well as cleared (resolved). One of the benefits of this is that you can view alarms that may have been raised and then cleared on a continuous basis.
Page 707 Description Date Date (DD/MM/YYYY) and time (HH:MM:SS) the alarm was raised.  To delete all the alarms in the table: Click the Delete History Table button; a confirmation message box appears. Click OK to confirm. Version 7.2 Mediant 4000 SBC...
Page 708 Mediant 4000 SBC This page is intentionally left blank. User's Manual Document #: LTRT-40203...
Page 709: Viewing Management User Activity Logs
Username of the user account that performed the activity. Interface Protocol used for connecting to the management interface (e.g., Telnet, SSH, Web, or HTTP). Client IP address of the client PC from where the user accessed the management interface. Version 7.2 Mediant 4000 SBC...
Page 710 Mediant 4000 SBC This page is intentionally left blank. User's Manual Document #: LTRT-40203...
Page 711: Viewing Performance Monitoring
From the 'SRD/IP Group' drop-down list, select whether you want to view statistic for an SRD or IP Group. From the 'Index' drop-down list, select the SRD or IP Group index. From the 'Direction' drop-down list, select the call direction: Version 7.2 Mediant 4000 SBC...
Page 712 Mediant 4000 SBC • In: incoming calls • Out: outgoing calls • Both: incoming and outgoing calls From the 'Type' drop-down list, select the SIP message type: • INVITE: INVITE • SUBSCRIBE: SUBSCRIBE • Other: all SIP messages If there is no data for the charts, the chart appears gray and "No Data" is displayed to the right of the chart.
Page 713: Viewing Average Call Duration
The minimum resolution is about 30 seconds; the maximum resolution is about an hour. To pause the graph, click the Pause button; click Play to resume. Version 7.2 Mediant 4000 SBC...
Page 714: Configuring Performance Profiles
Mediant 4000 SBC 48.3 Configuring Performance Profiles The Performance Profile table lets you configure up to 2628 Performance Profile rules. A Performance Profile rule defines thresholds of performance monitoring call metrics for Major and Minor severity alarms. If the threshold is crossed, the device raises the corresponding severity alarm.
Page 715 92 (i.e., 90 + 2) crosses the configured Minor threshold with hysteresis. Yellow to Green (alarm The change occurs if the measured metric 92 (i.e., 90 + 2) cleared) crosses the configured Minor threshold with hysteresis. Version 7.2 Mediant 4000 SBC...
Page 716 Mediant 4000 SBC Note: • Forwarded calls are not considered in the calculation for ASR and NER. • If you don't configure thresholds for a specific metric, the device still provides current performance monitoring values of the metric, but does not raise any threshold alarms for it.
Page 717 For example, if you configure the 'Major Threshold' parameter to 70% and the 'Hysteresis' parameter to 2%, the device considers a threshold crossing from Red to Yellow only if the ASR crosses 72% (i.e., 70% + 2%). Version 7.2 Mediant 4000 SBC...
Page 718 Mediant 4000 SBC Parameter Description Minimum Samples Defines the minimum number of call sessions (sample) that is required for the device to calculate the performance minimum-samples monitoring metrics (per window size). If the number of call [PerformanceProfile_MinimumSample] sessions is less than the configured value, no calculation is done.
Page 719: Viewing Voip Status
10 seconds from the proxy/registrar server.  CLI: • SBC users: # show voip register db sbc list • SBC contacts of a specified AOR: # show voip register db sbc user <Address Of Record> Version 7.2 Mediant 4000 SBC...
Page 720: Viewing Proxy Set Status
Mediant 4000 SBC 49.2 Viewing Proxy Set Status You can view the status of Proxy Sets that are used in your call routing topology. Proxy Sets that are not associated with any routing rule are not displayed. To configure proxy Sets, see Configuring Proxy Sets on page 363.
Page 721 "NOT RESOLVED": Proxy address is configured as an FQDN, but the DNS resolution has failed.  Empty field: Keep-alive for the proxy is disabled or the device has yet to send a keep-alive to the proxy. Version 7.2 Mediant 4000 SBC...
Page 722: Viewing Registration Status
Mediant 4000 SBC 49.3 Viewing Registration Status You can view the registration status of the device's SIP Accounts.  To view registration status:  Open the Registration Status table (Monitor menu > Monitor tab > VoIP Status folder > Registration Status).
Page 723: Viewing Sbc Cdr History
4,096 CDRs. If the table reaches maximum capacity of entries and a new CDR is added, the last CDR entry is removed from the table. Note: If the device is reset, all CDRs are deleted from memory and from the table. Version 7.2 Mediant 4000 SBC...
Page 724 Mediant 4000 SBC  To view SBC CDR history:  Web: Open the SBC CDR History table (Monitor menu > Monitor tab > VoIP Status folder > SBC CDR History). Figure 49-4: SBC CDR History Table  CLI: • All CDR history: # show voip calls history sbc •...
Page 725: Viewing Network Status
Navigation tree: Monitor menu > Monitor tab > Network Status folder > Ethernet Port Information. • Monitor home page: Click an Ethernet port on the graphical display of the device (see ''Viewing Device Status on Monitor Page'' on page 699). Version 7.2 Mediant 4000 SBC...
Page 726: Viewing Static Routes Status
Mediant 4000 SBC Table 50-1: Ethernet Port Information Table Description Parameter Description Port Name Displays the name of the port. Active Displays whether the port is active ("Yes") or not ("No"). Speed Displays the speed of the Ethernet port. Duplex Mode Displays whether the port is half- or full-duplex.
Page 727: Viewing Hardware Status
Navigation tree: Monitor menu > Monitor tab > Hardware folder > Components Status. • Monitor home page: Click a power supply or fan tray icon (see ''Viewing Device Status on Monitor Page'' on page 699). Version 7.2 Mediant 4000 SBC...
Page 728 Mediant 4000 SBC This page is intentionally leftblank. User's Manual Document #: LTRT-40203...
Page 729: Reporting Information To External Party
Description CallID Call ID - call ID from the SIP dialog LocalID Local ID - identifies the reporting endpoint for the media session Remote ID - identifies the remote endpoint of the media session RemoteID Version 7.2 Mediant 4000 SBC...
Page 730 Mediant 4000 SBC Metric Parameter Description OrigID Originating ID - Identifies the endpoint which originated the session LocalAddr Local Address - IP address, port, and SSRC of the endpoint/UA which is the receiving end of the stream being measured RemoteAddr...
Page 731 MOSCQEstAlg MOS-CQ Est. Algorithm - name (string) of the algorithm used to estimate MOSCQ QoEEstAlg QoE Est. Algorithm - name (string) of the algorithm used to estimate all voice quality metrics DialogID Identification of the SIP dialog with which the media session is related Version 7.2 Mediant 4000 SBC...
Page 732 Mediant 4000 SBC Below shows an example of a SIP PUBLISH message sent with RTCP XR and QoE information: PUBLISH sip:172.17.116.201 SIP/2.0 Via: SIP/2.0/UDP 172.17.116.201:5060;branch=z9hG4bKac2055925925 Max-Forwards: 70 From: <sip:172.17.116.201>;tag=1c2055916574 To: <sip:172.17.116.201> Call-ID: 20559160721612201520952@172.17.116.201 CSeq: 1 PUBLISH Contact: <sip:172.17.116.201:5060> Allow: REGISTER,OPTIONS,INVITE,ACK,CANCEL,BYE,NOTIFY,PRACK,REFER,INFO,SUB...
Page 733: Generating Call Detail Records
In addition, CDRs can be generated for SIP signaling and/or media. The device can send CDRs to any of the following:  Syslog server. The CDR Syslog message complies with RFC 3164 and is identified by Facility 17 (local1) and Severity 6 (Informational). Version 7.2 Mediant 4000 SBC...
Page 734: Cdr Field Description
Mediant 4000 SBC  RADIUS server. For CDR in RADIUS format, see ''Configuring RADIUS Accounting'' on page 750. To configure RADIUS servers for CDR reporting, see ''Configuring RADIUS Servers'' on page 229. Note: To view SBC CDRs stored on the device's memory, see Viewing SBC CDR History on page 723.
Page 735 "2" and outgoing leg to the user's mobile phone is "3". If the call is then transferred, the leg ID for the transfer leg is "4". Orig Call originator: String  "LCL": local Version 7.2 Mediant 4000 SBC...
Page 736 Mediant 4000 SBC CDR Field Description CDR Report Type Format (SBCReportType)  "RMT": remote SourceIp Source IP address String (up to characters) SourcePort Source UDP port String (up to characters) DestIp Destination IP address String (up to characters) DestPort Destination UDP port...
Page 737 Redirect reason "CALL_END" String (up to characters) RedirectURINum Redirection URI "CALL_END" String (up to characters) RedirectURINumB Redirect URI number before manipulation "CALL_END" String (up to eforeMap characters) TxSigIPDiffServ Signaling IP DiffServ String (up to characters) Version 7.2 Mediant 4000 SBC...
Page 738 Mediant 4000 SBC CDR Field Description CDR Report Type Format (SBCReportType) IPGroup IP Group ID and name String (up to characters) SrdId SRD ID and name String (up to characters) SIPInterfaceId SIP Interface ID String (up to characters) Proxy Set ID...
Page 739: Cdr Fields For Sbc Media
The CDR types for SBC media and the SIP dialog stages are shown in the following figure: Figure 52-4: SBC CDR Types for Media Table 52-3: Default CDR Fields for SBC Media CDR Field Range Description MediaReportType Report type: Version 7.2 Mediant 4000 SBC...
Page 740 Mediant 4000 SBC CDR Field Range Description  "MEDIA_START": CDR is sent upon 200 OK response or early media  "UPDATE": CDR is sent upon a re- INVITE message  "END": CDR sent is upon a BYE message SIPCallId Unique call ID...
Page 741: Cdr Fields For Sbc Local Storage
52.2.1.3 CDR Fields for SBC Local Storage The CDR fields for SBC calls that are stored locally (history) on the device are listed in the table below. For storing CDRs locally, see ''Storing CDRs on the Device'' on page 747. Version 7.2 Mediant 4000 SBC...
Page 742 Mediant 4000 SBC Table 52-4: Default CDR Fields for Locally Stored (History) CDRs CDR Field Title Report Type SBCReportType Endpoint Type EPTyp Call Id SIPCallId Session ID SessionId Leg ID LegId Call Orig Orig Source IP SourceIp Source Port SourcePort...
Page 743: Customizing Cdrs For Sbc Calls
You can also configure it through ini file (SBCCDRFormat) or CLI (configure troubleshoot > cdr > cdr-format sbc-cdr-format).  To customize SBC-related CDRs: Open the SBC CDR Format table (Troubleshoot menu > Troubleshoot tab > Call Detail Record folder > SBC CDR Format). Version 7.2 Mediant 4000 SBC...
Page 744 Mediant 4000 SBC Click New; the following dialog box appears: Figure 52-5: SBC CDR Format Table - Add Dialog Box Configure the CDR according to the parameters described in the table below. Click Apply. Examples of configured CDR customization rules are shown below:...
Page 745 CDR field name to appear as 'Phone Duration', you must configure the parameter to 'Phone Duration'. You can also configure the CDR field name with an equals (=) sign, for example "call-connect-time=". Note: Version 7.2 Mediant 4000 SBC...
Page 746: Configuring Cdr Reporting
Mediant 4000 SBC Parameter Description  For VSA's that do not require a prefix name, leave the parameter undefined.  The parameter's value is case-sensitive. For example, if you want the CDR field name to be Phone-Duration, you must configure the parameter to "Phone-Duration" (i.e., upper case "P"...
Page 747: Storing Cdrs On The Device
When the device is reset or powered off, locally stored CDRs on RAM are deleted. You can specify the calls (configuration entities) for which you wish to create CDRs and store locally. This is done using Logging Filter rules in the Logging Filters table. For Version 7.2 Mediant 4000 SBC...
Page 748 Mediant 4000 SBC example, you can configure a rule to create CDRs for traffic belonging only to IP Group 2 and store the CDRs locally. The locally stored CDRs are saved in a comma-separated values file (*.csv), where each CDR is shown on a dedicated row. An example of a CSV file with two CDRs are shown below: ...
Page 749 50 to 10), the device stores the remaining files (e.g., 40) in its memory (i.e., unused files). • When the device operates in High-Availability mode, stored CDRs are deleted upon device switchover. • For customizing CDR fields for SBC calls, see Customizing CDRs for SBC Calls on page 743. Version 7.2 Mediant 4000 SBC...
Page 750: Configuring Radius Accounting
Mediant 4000 SBC 52.3 Configuring RADIUS Accounting The device can send accounting data of SIP calls as call detail records (CDR) to a RADIUS Accounting server. CDR-based accounting messages can be sent upon call release, call connection and release, or call setup and release. This section lists the CDR attributes for RADIUS accounting.
Page 751 Customizing CDRs for SBC Calls on page 743. To configure the address of the RADIUS Accounting server, see ''Configuring RADIUS Servers'' on page 229. For all RADIUS-related configuration, see ''RADIUS-based Services'' on page 229. Version 7.2 Mediant 4000 SBC...
Page 752 Mediant 4000 SBC  To configure RADIUS accounting: Open the Call Detail Record Settings page (Troubleshoot menu > Troubleshoot tab > Call Detail Record folder > Call Detail Record Settings). Configure the following parameters: • From the 'Enable RADIUS Access Control' drop-down list (EnableRADIUS), select Enable.
Page 753 String h323-gw-id=<SIP Start gateway ID string> Stop sip-call-id SIP Call ID String sip-call- Start id=abcde@ac.com Stop call-terminator Terminator of the String call-terminator=yes Stop call:  "yes": Call terminated by the outgoing leg  "no": Call Version 7.2 Mediant 4000 SBC...
Page 754 Mediant 4000 SBC Vendor- Attribute Attribute Specific Value Description Example Name Attribute Format (VSA) ID terminated by the incoming leg terminator Terminator of the String terminator=originate Stop call:  "answer": Call originated from the incoming leg  "originate": Call originated from...
Page 755 (4923 23) h323-remote-address = 212.179.22.214 (4923 1) h323-ivr-out = h323-incoming-conf-id:02102944 600a1899 3fd61009 0e2f3cc5 (4923 30) h323-disconnect-cause = 22 (0x16) (4923 27) h323-call-type = VOIP (4923 26) h323-call-origin = Originate (4923 24) h323-conf-id = 02102944 600a1899 3fd61009 0e2f3cc5 Version 7.2 Mediant 4000 SBC...
Page 756 Mediant 4000 SBC This page is intentionally leftblank. User's Manual Document #: LTRT-40203...
Page 757: Diagnostics
Part X Diagnostics...
Page 759: Syslog And Debug Recording
Syslog messages, or CDRs. Disabling a rule is useful, for example, if you no longer require the rule, but may need it in the future. Thus, instead of deleting the rule entirely, you can simply disable it. Version 7.2 Mediant 4000 SBC...
Page 760 Mediant 4000 SBC Note: • If you want to configure a Log Filter rule that logs Syslog messages to a Syslog server (i.e., not to a Debug Recording server), you must enable Syslog functionality, using the 'Enable Syslog' (EnableSyslog) parameter (see ''Enabling Syslog'' on page 769).
Page 761 IP Group at Index 2 with the name "SIP Trunk", configure the parameter to either "2" or "SIP Trunk" (without apostrophes).  For IP trace expressions, see ''Filtering IP Network Traces'' on Version 7.2 Mediant 4000 SBC...
Page 762 Mediant 4000 SBC Parameter Description page 763. Log Destination Defines where the device sends the log file.  log-dest [0] Syslog Server = The device generates Syslog messages based on the configured log filter and sends them to a user- [LoggingFilters_LogDestination] defined Syslog server.
Page 763: Filtering Ip Network Traces
IP protocol type (PDU) entered as an enumeration value (e.g., 1 is ICMP, 6 is TCP, 17 is UDP) udp, tcp, icmp, sip, ldap, http, https Single expressions for protocol type udp.port, tcp.port Transport layer Version 7.2 Mediant 4000 SBC...
Page 764: Configuring Syslog
Mediant 4000 SBC Expression Description udp.srcport, tcp.srcport Transport layer for source port udp.dstport, tcp.dstport Transport layer for destination port and, &&, ==, <, > Between expressions Below are examples of configured expressions for the 'Value' parameter:  udp && ip.addr==10.8.6.55 ...
Page 765 In addition, the benefit of unique numbering is that it enables you to filter the information (such as SIP, Syslog, and media) according to device or session ID. The syntax of the session and device identifiers are as follows: Version 7.2 Mediant 4000 SBC...
Page 766: Event Representation In Syslog Messages
Mediant 4000 SBC Message Item Dscription [SID=<last 6 characters of device's MAC address>:<number of times device has reset>:<unique SID counter indicating the call session; increments consecutively for each new session; resets to 1 after a device reset>] For example: 14:32:52.028: 10.33.8.70: NOTICE: [S=9369] [SID=2ed1c8:96:5] (lgr_psbrdex)(274) recv <--...
Page 767 Counts the number of BFI Frames Received From The Host No Available Release Descriptor RTP Reorder Unknown RTP Payload Type RTP SSRC Error Unrecognized Fax Relay Command Invalid Accumulated Packets Counter Invalid Channel ID Invalid Header Length Invalid Codec Type Version 7.2 Mediant 4000 SBC...
Page 768: Identifying Audiocodes Syslog Messages Using Facility Levels
Unknown Aggregation Payload Type Invalid Routing Flag Received 53.2.1.2 Identifying AudioCodes Syslog Messages using Facility Levels The device’s Syslog messages can easily be identified and distinguished from Syslog messages from other equipment, by setting its Facility level. The Facility levels of the device's Syslog messages are numerically coded with decimal values.
Page 769: Snmp Alarms In Syslog Messages
The following procedure describes how to enable Syslog.  To enable Syslog: Open the Syslog Settings page (Troubleshoot menu > Troubleshoot tab > Logging folder > Syslog Settings). From the 'Enable Syslog' drop-down list, select Enable. Figure 53-2: Enabling Syslog Version 7.2 Mediant 4000 SBC...
Page 770: Configuring The Syslog Server Address
Mediant 4000 SBC Click Apply. 53.2.3 Configuring the Syslog Server Address The following procedure describes how to configure the Syslog server's address to where the device sends Syslog messages.  To configure the Syslog server address: Open the Syslog Settings page (Troubleshoot menu > Troubleshoot tab > Logging folder >...
Page 771: Configuring Reporting Of Management User Activities
Actions that are not related to parameter changes (for example, file uploads, file delete, lock-unlock maintenance actions, LDAP clear cache, register-unregister, and start-stop trunk. In the Web, these actions are typically done by clicking a button (e.g., the LOCK button). Version 7.2 Mediant 4000 SBC...
Page 772: Viewing Syslog Messages
When debug recording is enabled and Syslog messages are also included in the debug recording, to view Syslog messages using Wireshark, you must install AudioCodes' Wireshark plug-in (acsyslog.dll). Once the plug-in is installed, the Syslog messages are decoded as "AC SYSLOG" and displayed using the "acsyslog" filter (instead of the regular "syslog"...
Page 773: Configuring Debug Recording
You can select the Syslog messages displayed on the page, and copy and paste them into a text editor such as Notepad. This text file (txt) can then be sent to AudioCodes Technical Support for diagnosis and troubleshooting. 53.3 Configuring Debug Recording This section describes how to configure debug recording and how to collect debug recording packets.
Page 774: Configuring The Debug Recording Server Address
Click Apply. 53.3.2 Collecting Debug Recording Messages To collect debug recording packets, use the open source packet capturing program, Wireshark. AudioCodes proprietary plug-in files for Wireshark are required. Note: • The default debug recording port is 925. You can change the port in Wireshark (Edit menu >...
Page 775: Debug Capturing On Physical Voip Interfaces
Note that the source IP address of the messages is always the OAMP IP address of the device. The device adds the header "AUDIOCODES DEBUG RECORDING" to each debug recording message, as shown below: 53.3.3 Debug Capturing on Physical VoIP Interfaces You can capture traffic on the device's physical (Ethernet LAN) VoIP interfaces (Layer-2 VLAN tagged packets).
Page 776 Mediant 4000 SBC # debug capture VoIP physical get_last_capture <TFTP/FTP server IP address> The file is saved to the device's memory (not flash) and erased after a device reset.  Marks the captured file (useful for troubleshooting process): # debug capture VoIP physical insert-pad Before running this command, the debug capture must be started.
Page 777: Enabling Sip Call Flow Diagrams In Ovoc
54. Enabling SIP Call Flow Diagrams in OVOC Enabling SIP Call Flow Diagrams in OVOC You can configure the device to send SIP messages of SIP call dialogs to AudioCodes One Voice Operations Centers (OVOC) so that OVOC management users can view the call dialog as a call flow in graphical format.
Page 778 Mediant 4000 SBC Note: • The feature does not support SIPRec messages and REGISTER messages. • For HA systems, during a switchover the device stops sending the SIP call flow messages of current SIP dialogs and continues sending them after the switchover (even though OVOC does not display the continuation of the call after switchover).
Page 779: Debugging Web Services
Open the Web Service Settings page (Setup menu > IP Network tab > Web Services folder > Web Service Settings). In the 'Debug Level' field (RestDebugMode), enter the debug level (or disable debugging by configuring it to 0): Click Apply. Version 7.2 Mediant 4000 SBC...
Page 780 Mediant 4000 SBC This page is intentionally leftblank. User's Manual Document #: LTRT-40203...
Page 781: Creating Core Dump And Debug Files Upon Device Crash
The files may assist you in identifying the cause of the crash. The core dump can either be included in or excluded from the debug file, or alternatively, sent separately to a TFTP server. You can then provide the files to AudioCodes support team for troubleshooting. ...
Page 782 Mediant 4000 SBC You can also delete the core dump file through CLI, as described in the following procedure:  To delete the core dump file:  Navigate to the root CLI directory (enable mode), and then enter the following...
Page 783: Testing Sip Signaling Calls
By default, you can configure up to five test calls. However, this number can be increased by installing the relevant License Key. For more information, contact your AudioCodes sales representative. The following procedure describes how to configure test calls through the Web interface.
Page 784 Mediant 4000 SBC Click New; the following dialog box appears: Figure 57-1: Test Call Rules Table - Add Dialog Box Configure a test call according to the parameters described in the table below. Click Apply, and then save your settings to flash memory.
Page 785 To configure QoE Profiles, see ''Configuring Quality of Experience Profiles'' on page 311. Bandwidth Profile Assigns a Bandwidth Profile to the test call. bandwidth-profile By default, no value is defined. To configure Bandwidth Profiles, see ''Configuring Bandwidth Version 7.2 Mediant 4000 SBC...
Page 786 Mediant 4000 SBC Parameter Description [Test_Call_BWProfile] Profiles'' on page 316. Authentication Note: These parameters are applicable only if the 'Call Party' parameter (see below) is configured to Caller. Auto Register Enables automatic registration of the endpoint. The endpoint can register to the device itself or to the 'Destination Address' or 'IP auto-register Group' parameter settings (see above).
Page 787: Starting And Stopping Test Calls
Dial: Starts the test call (applicable only if the test call party is the caller). • Drop Call: Stops the test call. • Restart: Ends all established calls and then starts the test call session again. Version 7.2 Mediant 4000 SBC...
Page 788: Viewing Test Call Status
Mediant 4000 SBC 57.3 Viewing Test Call Status You can view the status of test call rules in the 'Test Status' field of the Test Call Rules table. The status can be one of the following: Table 57-2: Test Call Status Description...
Page 789 "Done - Established Calls: <number of established calls>, ASR: <ASR>%": Test call has been successfully completed (or was prematurely stopped by clicking the Drop Call command) and shows the following:  Total number of test calls that were established. Version 7.2 Mediant 4000 SBC...
Page 790: Configuring Dtmf Tones For Test Calls
Mediant 4000 SBC Statistics Field Description  Number of successfully answered calls out of the total number of calls attempted (ASR). MOS Status MOS count and color threshold status of local and remote sides according to the assigned QoE Profile.
Page 791: Test Call Configuration Examples
Single Test Call Scenario: This example describes the configuration of a simple test call scenario that includes a single test call between a simulated test endpoint on the device and a remote endpoint. Figure 57-6: Single Test Call Example • Test Call Rules table configuration: Version 7.2 Mediant 4000 SBC...
Page 792 The test call is done between two AudioCodes devices - Device A and Device B - with simulated test endpoints. This eliminates the need for phone users, who would otherwise need to answer and end calls many times for batch testing.
Page 793 Route By: Dest Address ♦ Destination Address: "10.13.4.12" (this is the IP address of the device itself) ♦ SIP Interface: SIPInterface_0 ♦ Auto Register: Enable ♦ User Name: "testuser" ♦ Password: "12345" ♦ Call Party: Caller Version 7.2 Mediant 4000 SBC...
Page 794 Mediant 4000 SBC This page is intentionally leftblank. User's Manual Document #: LTRT-40203...
Page 795: Pinging A Remote Host Or Ip Address
IPv4 address. The ping is done using the following CLI command: # ping <IPv4 ip address or host name> source [voip] interface For a complete description of the ping command, refer to the CLI Reference Guide. Version 7.2 Mediant 4000 SBC...
Page 796 Mediant 4000 SBC This page is intentionally leftblank. User's Manual Document #: LTRT-40203...
Page 797: Appendix
Part XI Appendix...
Page 799: Dialing Plan Notation For Routing And Manipulation
4 to 8, and suffix is 234, 235, or 236. The entered value would be the following: [4-8](23[4,5,6]). [n-m] or (n-m) Represents a range of numbers. Examples:  To depict prefix numbers from 5551200 to 5551300: Version 7.2 Mediant 4000 SBC...
Page 800 Mediant 4000 SBC Notation Description  [5551200-5551300]#  To depict prefix numbers from 123100 to 123200:  123[100-200]#  To depict prefix and suffix numbers together:  03(100): for any number that starts with 03 and ends with 100. ...
Page 801 User's Manual 59. Dialing Plan Notation for Routing and Manipulation Notation Description Version 7.2 Mediant 4000 SBC...
Page 802 Mediant 4000 SBC This page is intentionally leftblank. User's Manual Document #: LTRT-40203...
Page 803: Configuration Parameters Reference
(i.e., the [WebAccessList_x] device can be accessed from any IP address). The default is 0.0.0.0 (i.e., the device can be accessed from any IP address). For example: Version 7.2 Mediant 4000 SBC...
Page 804: Web Parameters
Mediant 4000 SBC Parameter Description WebAccessList_0 = 10.13.2.66 WebAccessList_1 = 10.13.77.7 For a description of the parameter, see ''Configuring Web and Telnet Access List'' on page 79. Local Users Table Local Users The table defines management users. configure system >...
Page 805 The valid value is 0 to 100000, where 0 means that login is not denied regardless of number of failed login attempts. The default is 60. Display Last Login Information Enables display of user's login information on each successful login attempt. [DisplayLoginInformation] Version 7.2 Mediant 4000 SBC...
Page 806 Mediant 4000 SBC Parameter Description  [0] Disable (default)  [1] Enable [EnableMgmtTwoFactorAuthentication] Enables Web login authentication using a third-party, smart card.  [0] = Disable (default)  [1] = Enable When enabled, the device retrieves the Web user’s login username from the smart card, which is automatically displayed (read-only) in the Web Login screen;...
Page 807 For more information, see Customizing the Product Name on page 65. [UserProductName] Defines a name for the device instead of the default name. The value can be a string of up to 29 characters. For more information, see Customizing the Product Name Version 7.2 Mediant 4000 SBC...
Page 808 Defines the name of the image file that you want loaded to the device. This image is displayed as the logo in the Web interface (instead of AudioCodes logo). The file name can be up to 47 characters. For more information, see Replacing the Corporate Logo with an Image on page 63.
Page 809: Telnet Parameters
“—MORE—" prompt is displayed (at which you can press the spacebar to display the next four output lines). Note: You can override this parameter for a specific CLI session Version 7.2 Mediant 4000 SBC...
Page 810: Ini File Parameters
> snmp trap > auto- Enables the device to send NAT keep-alive traps to the port send-keep-alive of the SNMP network management station (e.g., AudioCodes OVOC). This is used for NAT traversal, and allows SNMP [SendKeepAliveTrap] communication with AudioCodes OVOC management...
Page 811 The parameter can be controlled by the Config Global Entry Limit MIB (located in the Notification Log MIB). The valid range is 50 to 1000. The default is 500. Note: For the parameter to take effect, a device reset is required. Version 7.2 Mediant 4000 SBC...
Page 812 Mediant 4000 SBC Parameter Description [ActiveAlarmTableMaxSize] Defines the maximum number of currently active alarms that can be displayed in the Active Alarms table. When the table reaches this user-defined maximum capacity (i.e., full), the device sends the SNMP trap event, acActiveAlarmTableOverflow.
Page 813 SNMP V3 Users Table SNMP V3 Users The table defines SNMP v3 users. configure system > snmp v3-users The format of the ini file table parameter is: [SNMPUsers] [SNMPUsers] FORMAT SNMPUsers_Index = SNMPUsers_Username, SNMPUsers_AuthProtocol, SNMPUsers_PrivProtocol, SNMPUsers_AuthKey, SNMPUsers_PrivKey, Version 7.2 Mediant 4000 SBC...
Page 814: Serial Parameters
Mediant 4000 SBC Parameter Description SNMPUsers_Group; [\SNMPUsers] For example: SNMPUsers 1 = v3admin1, 1, 0, myauthkey, -, 1; The example above configures user 'v3admin1' with security level authNoPriv(2), authentication protocol MD5, authentication text password 'myauthkey', and ReadWriteGroup2. For more information, see ''Configuring SNMP V3 Users'' on page 92.
Page 815: Auxiliary And Configuration File Name Parameters
Note: For the parameter to take effect, a device reset is required. Dial Plan File Defines the name of the Dial Plan file. This file should be created using AudioCodes DConvert utility (refer to DConvert Utility User's [DialPlanFileName] Guide). For the ini file, the name must be enclosed by single apostrophes, for example, 'dial_plan.dat'.
Page 816: Automatic Update Parameters
Mediant 4000 SBC 60.1.8 Automatic Update Parameters The automatic update of software and configuration files parameters are described in the table below. Table 60-8: Automatic Update of Software and Configuration Files Parameters Parameter Description General Automatic Update Parameters CLI path: configure system > automatic-update update-firmware Enables the Automatic Update mechanism for the cmp file.
Page 817 [1] = Enable CRC for the entire file, including line order (i.e., same text must be on the same lines). If there are differences between the files, the device installs the downloaded file. If there are no Version 7.2 Mediant 4000 SBC...
Page 818 Mediant 4000 SBC Parameter Description differences, the device discards the newly downloaded file.  [2] = Enable CRC for individual lines only. Same as option [1], except that the CRC ignores the order of lines (i.e., same text can be on different lines).
Page 819 Defines the name of the License Key file and the URL address of the feature-key server on which the file is located. [FeatureKeyURL] template-url Defines the URL address in the File Template for automatic updates, Version 7.2 Mediant 4000 SBC...
Page 820: Networking Parameters
Mediant 4000 SBC Parameter Description [TemplateUrl] of the provisioning server on which the files to download are located. For more information, see ''File Template for Automatic Provisioning'' on page 667. Defines the list of file types in the File Template for automatic template-files-list updates, to download from the provisioning server.
Page 821: Multiple Voip Network Interfaces And Vlan Parameters
Note: For the parameter to take effect, a device reset is required. 60.2.3 Routing Parameters The IP network routing parameters are described in the table below. Table 60-11: IP Network Routing Parameters Parameter Description Send ICMP Unreachable Enables sending of ICMP Unreachable messages. Version 7.2 Mediant 4000 SBC...
Page 822: Quality Of Service Parameters
Mediant 4000 SBC Parameter Description  Messages [0] Enable = (Default) Device sends these messages.  [1] Disable = Device does not send these messages. configure network > network-settings > icmp- disable-unreachable [DisableICMPUnreachable] Send and Receive ICMP Enables sending and receiving of ICMP Redirect messages.
Page 823: Nat Parameters
Note: If the SIP session is established (ACK) and the device (not the UA) sends the first packet, it sends it to the address obtained from the SIP message and only after the device receives the first Version 7.2 Mediant 4000 SBC...
Page 824: Dns Parameters
1. The parameter is used to allow SNMP communication with AudioCodes OVOC management platform, located in the WAN, when the device is located behind NAT. It is needed to keep the NAT pinhole open for the SNMP messages sent from OVOC to the device.
Page 825: Dhcp Parameters
The parameter is a "hidden" parameter. Once defined and saved to flash memory, its value doesn't revert to default even if the parameter doesn't appear in the ini file. [DHCP120OptionMode] Enables the acceptance of DHCP Option 120 in DHCP responses sent Version 7.2 Mediant 4000 SBC...
Page 826 Mediant 4000 SBC Parameter Description by a DHCP server.  [0] = DHCP Option 120 is not supported and ignored if received in the DHCP response.  [1] = (Default) DHCP Option 120 is supported and if received, the device adds the SIP server information to the Proxy Set.
Page 827: Ntp And Daylight Saving Time Parameters
NTP server fails, then this NTP server is used. secondary-server The default IP address is 0.0.0.0. [NTPSecondaryServerIP] NTP Update Interval Defines the time interval (in seconds) that the NTP client requests for a time update. update-interval Version 7.2 Mediant 4000 SBC...
Page 828 Mediant 4000 SBC Parameter Description [NTPUpdateInterval] The default interval is 86400 (i.e., 24 hours). The range is 0 to 214783647. Note: It is not recommend to set the parameter to beyond one month (i.e., 2592000 seconds). NTP Authentication Key Defines the NTP authentication key identifier for authenticating NTP Identifier messages.
Page 829: Debugging And Diagnostics Parameters
[EnableAutoRAITransmitBER] Enables the device to send a remote alarm indication (RAI) when the bit error rate (BER) is greater than 0.001.  [0] Disable (default)  [1] Enable 60.3.2 SIP Test Call Parameters The SIP Signaling Test Call parameters are described in the table below. Version 7.2 Mediant 4000 SBC...
Page 830: Syslog, Cdr And Debug Parameters
Mediant 4000 SBC Table 60-18: SIP Test Call Parameters Parameter Description Test Call DTMF String Defines the DTMF tone that is played for answered test calls (incoming and outgoing). configure troubleshoot > test-call settings > testcall- The DTMF string can be up to 15 strings. The default is "3212333". If no dtmf-string string is defined (empty), DTMF is not played.
Page 831 T.38. A CDR is also sent upon termination (end) of the media in the call.  [4] Start & End & Update Media = Sends a CDR at the start of the Version 7.2 Mediant 4000 SBC...
Page 832 Mediant 4000 SBC Parameter Description media, upon an update in the media (if occurs), and at the end of the media. Note: To enable CDR generation as well as enable signaling-related CDRs, use the CDRReportLevel parameter. Local Storage Defines the location for local storage of CDRs.
Page 833 Therefore, in addition to filtering Syslog messages according to IP address, the messages can be filtered according to Facility level.  [16] = (Default) local use 0 (local0)  [17] = local use 1 (local1)  [18] = local use 2 (local2) Version 7.2 Mediant 4000 SBC...
Page 834 Mediant 4000 SBC Parameter Description  [19] = local use 3 (local3)  [20] = local use 4 (local4)  [21] = local use 5 (local5)  [22] = local use 6 (local6)  [23] = local use 7 (local7)
Page 835 For more information, see ''Configuring Log Filter Rules'' on page 759. SBC CDR Format Table SBC CDR Format Table The table defines CDR customization rules for SBC calls. configure troubleshoot > cdr > The format of the ini file table parameter is: Version 7.2 Mediant 4000 SBC...
Page 836: Resource Allocation Indication Parameters
Mediant 4000 SBC Parameter Description cdr-format sbc-cdr-format [ SBCCDRFormat ] FORMAT SBCCDRFormat_Index = SBCCDRFormat_CDRType, [SBCCDRFormat] SBCCDRFormat_FieldType, SBCCDRFormat_Title, SBCCDRFormat_RadiusType, SBCCDRFormat_RadiusID; [ \SBCCDRFormat ] For more information, see Customizing CDRs for SBC Calls on page 743. 60.3.4 Resource Allocation Indication Parameters The Resource Allocation Indication (RAI) parameters are described in the table below.
Page 837  You must configure each device in the HA system with different parameter values (priorities). HA Network Reachability Parameters HA Network Reachability Enables the pinging of an active IP network destination in HA mode to Version 7.2 Mediant 4000 SBC...
Page 838: Security Parameters
Mediant 4000 SBC Parameter Description configure network > high- test reachability from one of the device's IP network interfaces. If no availability > net-mon- reply is received from a ping and the previous ping was successful, a enable switchover occurs to the redundant device.
Page 839 The device does not change this stream unless a packet is later received from the original source. Note: If you configure the parameter to [0] Strict, the device cannot perform NAT traversal. In this setup, configure the NATMode Version 7.2 Mediant 4000 SBC...
Page 840: Https Parameters
Mediant 4000 SBC Parameter Description parameter to [1] Disable NAT. New RTP Stream Packets Defines the minimum number of continuous RTP packets received by the device's channel to allow latching onto the new incoming [NewRtpStreamPackets] stream. The valid range is 0 to 20. The default is 3. If set to 0, the device is left exposed to attacks against multiple packet streams.
Page 841: Srtp Parameters
IP Profiles table, see ''Configuring IP Profiles'' on size page 418. [SRTPTxPacketMKISize] Note: If this functionality is configured for a specific IP Profile, the settings of this global parameter is ignored for calls associated with Version 7.2 Mediant 4000 SBC...
Page 842 Mediant 4000 SBC Parameter Description the IP Profile. Symmetric MKI Negotiation Global parameter that enables symmetric MKI negotiation. You can also configure this functionality per specific calls, using IP Profiles configure voip > media (IpProfile_EnableSymmetricMKI). For a detailed description of the security >...
Page 843: Tls Parameters
Defines the time interval (in minutes) between TLS Re- Interval Handshakes initiated by the device. configure network/security- The interval range is 0 to 1,500 minutes. The default is 0 (i.e., no settings/tls-re-hndshk-int TLS Re-Handshake). [TLSReHandshakeInterval] Version 7.2 Mediant 4000 SBC...
Page 844 Mediant 4000 SBC Parameter Description TLS Mutual Authentication Defines the device's mode of operation regarding mutual authentication and certificate verification for TLS connections. [SIPSRequireClientCertificate]  [0] Disable = (Default)  Device acts as a client: Verification of the server’s certificate depends on the VerifyServerCertificate parameter.
Page 845: Ssh Parameters
Range is any valid port number. The default port is 22. > ssh-port [SSHServerPort] SSH Admin Key Defines the RSA public key for strong authentication for logging in to the SSH interface (if enabled). configure system > cli-settings Version 7.2 Mediant 4000 SBC...
Page 846: Ids Parameters
Mediant 4000 SBC Parameter Description > ssh-admin-key The value should be a base64-encoded string. The value can be a maximum length of 511 characters. [SSHAdminKey] Note: The parameter is overridden by the SSH public key configured for a specific management user in the Local Users table (see Configuring Management User Accounts on page 69).
Page 847: Ocsp Parameters
Parameter Description Enable OCSP Server Enables or disables certificate checking using OCSP.  configure network > ocsp > [0] Disable (default) enable  [1] Enable [OCSPEnable] For a description of OCSP, see Configuring Certificate Revocation Version 7.2 Mediant 4000 SBC...
Page 848: Quality Of Experience Parameters
Mediant 4000 SBC Parameter Description Checking (OCSP). Primary Server IP Defines the IP address of the OCSP server. configure network > ocsp > The default IP address is 0.0.0.0. server-ip [OCSPServerIP] Secondary Server IP Defines the IP address (in dotted-decimal notation) of the secondary OCSP server (optional).
Page 849 FORMAT BWProfile_Index = BWProfile_Name, BWProfile_EgressAudioBandwidth, BWProfile_IngressAudioBandwidth, BWProfile_EgressVideoBandwidth, BWProfile_IngressVideoBandwidth, BWProfile_TotalEgressBandwidth, BWProfile_TotalIngressBandwidth, BWProfile_WarningThreshold, BWProfile_hysteresis, BWProfile_GenerateAlarms; [\BWProfile] For more information, see ''Configuring Bandwidth Profiles'' on page 316. Note: For the parameter to take effect, a device reset is required. Version 7.2 Mediant 4000 SBC...
Page 850: Control Network Parameters
Mediant 4000 SBC Parameter Description Quality of Service Rules Table Quality of Service Rules Defines Quality of Service rules. configure voip > qoe The format of the ini file table parameter is as follows: quality-of-service-rules [ QualityOfServiceRules ] [QualityOfServiceRules] FORMAT QualityOfServiceRules_Index =...
Page 851 If the parameter is disabled and the device registers to an IP Group (i.e., proxy server), it uses the string configured by the ProxyName parameter as the host name in the REGISTER's Request-URI and uses the string configured by the IP Groups Version 7.2 Mediant 4000 SBC...
Page 852 Mediant 4000 SBC Parameter Description table parameter, SIPGroupName as the host name in the To and From headers. If the IP Group is configured with a Proxy Set that has multiple IP addresses, all the REGISTER messages sent to these proxies are sent with the same host name.
Page 853 [0] No = (Default) Device's IP address is used in keep-alive OPTIONS messages.  [1] Yes = Device's "gateway name" is used in keep-alive OPTIONS messages.  [2] Server = Device's IP address is used in the From and To headers in keep-alive OPTIONS messages. Version 7.2 Mediant 4000 SBC...
Page 854 Mediant 4000 SBC Parameter Description Password Defines the password for Basic/Digest authentication with a Proxy/Registrar server. A single password is used for all device configure voip > sip-definition ports. proxy-and-registration > password-4-auth The default is 'Default_Passwd'. [Password] Cnonce Defines the Cnonce string used by the SIP server and client to provide mutual authentication.
Page 855 Endpoints or the device itself) with a SIP proxy server (registrar). registration-backoff-time The valid value is 0 to 3000000 (i.e., 3 million seconds). The [MaxRegistrationBackoffTime] default is 0 (i.e., disabled). In contrast to the RegistrationRetryTime parameter, which defines Version 7.2 Mediant 4000 SBC...
Page 856 Mediant 4000 SBC Parameter Description a fixed time to wait between registration attempts due to registration failure, this parameter configures the device to increase the time-to-wait interval for each subsequent registration attempt (per RFC 5626, Section 4.5) for a specific registration flow.
Page 857 Enables the use of the carriage-return and line-feed sequences settings > ping-pong-keep-alive (CRLF) Keep-Alive mechanism, according to RFC 5626 “Managing Client-Initiated Connections in the Session Initiation [UsePingPongKeepAlive] Protocol (SIP)” for reliable, connection-orientated transport types such as TCP. Version 7.2 Mediant 4000 SBC...
Page 858 Mediant 4000 SBC Parameter Description  [0] Disable (default)  [1] Enable The SIP user agent/client (i.e., device) uses a simple periodic message as a keep-alive mechanism to keep their flow to the proxy or registrar alive (used for example, to keep NAT bindings open).
Page 859: Network Application Parameters
Defines the interval (in sec) between the last data packet sent and the configure voip > sip- first keep-alive probe to send. definition settings > tcp- keepalive-time The valid value is 10 to 65,000. The default is 60. [TCPKeepAliveTime] Note: Version 7.2 Mediant 4000 SBC...
Page 860 Mediant 4000 SBC Parameter Description  Simple ACKs such as keepalives are not considered data packets.  TCP keepalive is enabled per SIP Interface in the SIP Interfaces table. configure voip > Defines the interval (in sec) between consecutive keep-alive probes, sip-definition regardless of what the connection has exchanged in the meantime.
Page 861: General Sip Parameters
When enabled again, new random user parts are assigned to the Accounts.  [0] = (Default) Disable  [1] = Enable To configure Accounts, see Configuring Registration Accounts on page 377. Version 7.2 Mediant 4000 SBC...
Page 862 (if Automatic Update has been enabled on the device)  'check-sync;reboot=true': triggers a device reset Note: The Event header value is proprietary to AudioCodes. Max SIP Message Defines the maximum size (in Kbytes) for each SIP message that can be Length [KB] sent over the network.
Page 863 OR=<voice octets received>  PL=<receive packet loss>  JI=<jitter in ms>  LA=<latency in ms> Below is an example of the X-RTP-Stat header in a SIP BYE message: BYE sip:302@10.33.4.125 SIP/2.0 Via: SIP/2.0/UDP 10.33.4.126;branch=z9hG4bKac2127550866 Max-Forwards: 70 Version 7.2 Mediant 4000 SBC...
Page 864 Mediant 4000 SBC Parameter Description From: <sip:401@10.33.4.126;user=phone>;tag=1c2113553324 To: <sip:302@company.com>;tag=1c991751121 Call-ID: 991750671245200001912@10.33.4.125 CSeq: 1 BYE X-RTP-Stat: PS=207;OS=49680;;PR=314;OR=50240;PL=0;JI=600;LA=40; Supported: em,timer,replaces,path,resource-priority Allow: REGISTER,OPTIONS,INVITE,ACK,CANCEL,BYE,NOTIFY,PRACK, REFER,INFO,SUBSCRIBE,UPDATE User-Agent: Sip-Gateway-/v.7.20A.000.038 Reason: Q.850 ;cause=16 ;text="local" Content-Length: 0 Enable Early Media Global parameter enabling the Early Media feature for sending media (e.g., ringing) before the call is established.
Page 865 (TLS) to outgoing messages that are received without a port. This condition also applies to manipulated messages where the resulting configure voip > sip- message has no port number. The device adds the default port number to Version 7.2 Mediant 4000 SBC...
Page 866 Mediant 4000 SBC Parameter Description definition settings > the following SIP headers: Request-Uri, To, From, P-Asserted-Identity, P- display-default-sip-port Preferred-Identity, and P-Called-Party-ID. If the message is received with a port number other than the default, for example, 5070, the port number [DisplayDefaultSIPPort] is not changed.
Page 867 There are a number of contexts in which it is desirable to have an identifier that addresses a single UA (using GRUU) rather than the group of UA’s indicated by an Address of Record (AOR). Version 7.2 Mediant 4000 SBC...
Page 868 Defines the string that is used in the SIP User-Agent and Server response headers. When configured, the string <UserAgentDisplayInfo configure voip > sip- value>/software version' is used, for example: definition settings > user-agent-info User-Agent: myproduct/v.7.20A.000.038 If not configured, the default string, <AudioCodes product-name>/software [UserAgentDisplayInfo] User's Manual Document #: LTRT-40203...
Page 869 Defines the Subject header value in outgoing INVITE messages. If not specified, the Subject header isn't included (default). configure voip > sip- definition settings > usr- The maximum length is up to 50 characters. def-subject [SIPSubject] Version 7.2 Mediant 4000 SBC...
Page 870 Mediant 4000 SBC Parameter Description Multiple Packetization Determines whether the 'mptime' attribute is included in the outgoing Time Format SDP.  configure voip > sip- [0] None = (Default) Disabled. definition settings >  [1] PacketCable = Includes the 'mptime' attribute in the outgoing SDP - mult-ptime-format PacketCable-defined format.
Page 871 [1] = Sets the IP address of the outgoing SDP c= field to the IP address of the device. If the incoming SDP doesn’t contain the "a=inactive" line, the returned SDP contains the "a=recvonly" line. Version 7.2 Mediant 4000 SBC...
Page 872 Mediant 4000 SBC Parameter Description Enable Delayed Offer Determines whether the device sends the initial INVITE message with or without an SDP. Sending the first INVITE without SDP is typically done by configure voip > sip- clients for obtaining the far-end's full list of capabilities before sending definition settings >...
Page 873 > sip- The valid value range is1 to 0x7FFF. The default is 0. definition settings > net- Note: node-id  To use this feature, you must set the parameter to any value other Version 7.2 Mediant 4000 SBC...
Page 874 Mediant 4000 SBC Parameter Description [NetworkNodeId] than 0.  To enable the generation by the device of the Avaya UCID value and adding it to the outgoing INVITE sent to the IP Group (Avaya entity), use the IP Groups table's parameter 'UUI Format'.
Page 875 For more information on WebSocket, see SIP over WebSocket on page epAlivePeriod] 568. Note: The device always replies to WebSocket ping control messages with pong messages. Retransmission Parameters SIP T1 Retransmission Defines the time interval (in msec) between the first transmission of a SIP Version 7.2 Mediant 4000 SBC...
Page 876 Mediant 4000 SBC Parameter Description Timer message and the first retransmission of the same message. configure voip > sip- The default is 500. definition settings > t1- Note: The time interval between subsequent retransmissions of the same re-tx-time SIP message starts with SipT1Rtx. For INVITE requests, it is multiplied by [SipT1Rtx] two for each new retransmitted message.
Page 877 The format of the ini file table parameter is as follows: configure voip > [ PreParsingManipulationRules ] message pre- FORMAT PreParsingManipulationRules_Index = parsing-manip- PreParsingManipulationRules_PreParsingManSetName, rules PreParsingManipulationRules_RuleIndex, [PreParsingManipulatio PreParsingManipulationRules_MessageType, nRules] PreParsingManipulationRules_Pattern, PreParsingManipulationRules_ReplaceWith; [ \PreParsingManipulationRules ] For more information, see Configuring Pre-parsing Manipulation Rules on page 405. Version 7.2 Mediant 4000 SBC...
Page 878: Coders And Profile Parameters
Mediant 4000 SBC 60.9 Coders and Profile Parameters The profile parameters are described in the table below. Table 60-33: Profile Parameters Parameter Description Coder Groups Table Coder Groups Defines the device's coders. Each group can consist of up to 10 coders.
Page 879: Channel Parameters
IpProfile_SBCRemoteMultipleEarlyDialogs, IpProfile_SBCRemoteMultipleAnswersMode, IpProfile_SBCDirectMediaTag, IpProfile_SBCAdaptRFC2833BWToVoiceCoderBW, IpProfile_CreatedByRoutingServer, IpProfile_SBCFaxReroutingMode, IpProfile_SBCMaxCallDuration, IpProfile_SBCGenerateRTP, IpProfile_SBCISUPBodyHandling, IpProfile_SBCISUPVariant, IpProfile_SBCVoiceQualityEnhancement, IpProfile_SBCMaxOpusBW, IpProfile_LocalRingbackTone, IpProfile_LocalHeldTone; [\IPProfile] For more information, see ''Configuring IP Profiles'' on page 418. 60.10 Channel Parameters This subsection describes the device's channel parameters. Version 7.2 Mediant 4000 SBC...
Page 880: Voice Parameters
Mediant 4000 SBC 60.10.1 Voice Parameters The voice parameters are described in the table below. Table 60-34: Voice Parameters Parameter Description Input Gain Global parameter defining the pulse-code modulation (PCM) input (received) gain control level (in decibels). configure voip > media voice > input-...
Page 881 Note: For the parameter to take effect, a device reset is required. configure voip > media RTP-RTCP > Defines the number of spectral coefficients added to an number-of-SID-coefficients SID packet being sent according to RFC 3389. Version 7.2 Mediant 4000 SBC...
Page 882: Coder Parameters
Mediant 4000 SBC Parameter Description [RTPSIDCoeffNum] The valid values are [0] (default), [4], [6], [8] and [10]. Answer Detector (AD) Parameters Enable Answer Detector Currently, not supported. [EnableAnswerDetector] Answer Detector Activity Delay Defines the time (in 100-msec resolution) between activating the Answer Detector and the time that the configure voip >...
Page 883: Dtmf Parameters
Note: The parameter is automatically updated if the parameters FirstTxDTMFOption or RxDTMFOption are configured. DTMF Volume (-31 to 0 dB) Global parameter defining the DTMF gain control value (in decibels). configure voip > media voice > DTMF-volume [DTMFVolume] Version 7.2 Mediant 4000 SBC...
Page 884: Rtp, Rtcp And T.38 Parameters
Mediant 4000 SBC Parameter Description DTMF Generation Twist Defines the range (in decibels) between the high and low frequency components in the DTMF signal. Positive decibel values cause the configure voip > media voice > higher frequency component to be stronger than the lower one.
Page 885 Defines the RTP redundancy packet payload type (according to RFC 2198). configure voip > media rtp-rtcp > RTP-redundancy-payload-type The valid value is 96 to 127. The default is 104. [RFC2198PayloadType] Note: The parameter is applicable only if the Version 7.2 Mediant 4000 SBC...
Page 886 Mediant 4000 SBC Parameter Description RTPRedundancyDepth parameter is set to 1. Packing Factor N/A. Controlled internally by the device according to the selected coder. [RTPPackingFactor] RFC 2833 TX Payload Type Defines the Tx RFC 2833 DTMF relay dynamic payload type for outbound calls.
Page 887 Defines the voice quality monitoring - minimum gap size (number of frames). [VQMonGMin] The default is 16. Burst Threshold Defines the voice quality monitoring - excessive burst alert threshold. [VQMonBurstHR] The default is -1 (i.e., no alerts are issued). Version 7.2 Mediant 4000 SBC...
Page 888: Sbc Parameters
Mediant 4000 SBC Parameter Description Delay Threshold Defines the voice quality monitoring - excessive delay alert threshold. [VQMonDelayTHR] The default is -1 (i.e., no alerts are issued). R-Value Delay Threshold Defines the voice quality monitoring - end of call low quality alert threshold.
Page 889 IP Profiles table, see ''Configuring IP Profiles'' on page 418. If this functionality is configured for a specific IP Profile, the settings of this global parameter is ignored for calls associated with the IP Profile. Version 7.2 Mediant 4000 SBC...
Page 890 [NumOfSubscribes] The valid value is any value between 0 and the maximum supported SUBSCRIBE sessions. When set to -1, the device uses the default value. For more information, contact your AudioCodes sales representative. Note:  For the parameter to take effect, a device reset is required.
Page 891 In such a scenario, the device can be configured to perform the session refresh requests.  [0] Remote Refresher = (Default) The UA (proxy) Version 7.2 Mediant 4000 SBC...
Page 892 Mediant 4000 SBC Parameter Description performs the session refresh requests. The device indicates this to the UA by sending the SIP message with the 'refresher=' parameter in the Session-Expires header set to 'uas'.  [1] SBC Refresher = The device performs the session refresh requests.
Page 893 Global parameter that defines the handling of SIP REFER requests. You can also configure this configure voip > sbc settings > sbc-refer-bhvr functionality per specific calls, using IP Profiles [SBCReferBehavior] (IpProfile_SBCRemoteReferBehavior). For a detailed description of the parameter and for configuring this Version 7.2 Mediant 4000 SBC...
Page 894 Mediant 4000 SBC Parameter Description functionality in the IP Profiles table, see ''Configuring IP Profiles'' on page 418. Note: If this functionality is configured for a specific IP Profile, the settings of this global parameter is ignored for calls associated with the IP Profile.
Page 895 401, the client needs to send the device another INVITE with the MD5 hash of the INVITE message and indicate the selected auth type.  [0] 0 = The device sends 'qop=auth' in the SIP response, requesting authentication (i.e., validates Version 7.2 Mediant 4000 SBC...
Page 896 Mediant 4000 SBC Parameter Description user by checking user name and password). This option does not authenticate the message body (i.e., SDP).  [1] 1 = The device sends 'qop=auth-int' in the SIP response, indicating required authentication and authentication with integrity (e.g., checksum). This option restricts the client to authenticating the entire SIP message, including the body, if present.
Page 897 Survivability mode.  [SBCEnableSurvivabilityNotice] [0] = Disable  [1] = Enable For more information, see ''Enabling Survivability Display on Aastra IP Phones'' on page 583. SBC Dialog-Info Interworking Enables the interworking of dialog information Version 7.2 Mediant 4000 SBC...
Page 898 Mediant 4000 SBC Parameter Description configure voip > sbc settings > sbc-dialog- (parsing of call identifiers in XML body) in SIP info-interwork NOTIFY messages received from a remote application server. [EnableSBCDialogInfoInterworking]  [0] Disable (default)  [1] Enable For more information, see ''Interworking Dialog Information in SIP NOTIFY Messages'' on page 485.
Page 899 SIP Interface (in the SIP Interfaces table), calls between endpoints belonging to the SIP Interface employ direct media.  For more information on No Media Anchoring, see ''Direct Media'' on page 462. Version 7.2 Mediant 4000 SBC...
Page 900 Mediant 4000 SBC Parameter Description Transcoding Mode Global parameter that defines the voice transcoding mode (media negotiation). You can also configure this configure voip > sbc settings > transcoding- functionality per specific calls, using IP Profiles mode (IpProfile_TranscodingMode). For a detailed...
Page 901  [0] = (Default) The device replaces “sips:” with “sip:” for the Request-URI and Contact headers only (and retains “sips:” for all other headers).  [1] = The device replaces “sips:” with “sip:” for the Version 7.2 Mediant 4000 SBC...
Page 902 Mediant 4000 SBC Parameter Description Request-URI, Contact, From, To, P-Asserted, P- Preferred, and Route headers. SBC Fax Detection Timeout Defines the duration (in seconds) for which the device attempts to detect fax (CNG tone) immediately upon configure voip > sbc settings > sbc-fax- the establishment of a voice session.
Page 903 The format of the ini file table parameter is as follows: [Classification] [ Classification ] FORMAT Classification_Index = Classification_ClassificationName, Classification_MessageConditionName, Classification_SRDName, Classification_SrcSIPInterfaceName, Classification_SrcAddress, Classification_SrcPort, Classification_SrcTransportType, Classification_SrcUsernamePrefix, Classification_SrcHost, Classification_DestUsernamePrefix, Classification_DestHost, Classification_ActionType, Classification_SrcIPGroupName, Classification_DestRoutingPolicy, Classification_IpProfileName; [ \Classification ] Version 7.2 Mediant 4000 SBC...
Page 904 Mediant 4000 SBC Parameter Description For more information, see ''Configuring Classification Rules'' on page 491. Condition Table Condition Table Defines SIP Message Condition rules. configure voip > sbc routing condition-table [ ConditionTable ] FORMAT ConditionTable_Index = [ConditionTable] ConditionTable_Condition, ConditionTable_Description; [ \ConditionTable ] For more information, see ''Configuring Message Condition Rules'' on page 400.
Page 905 For more information, see ''Configuring IP-to-IP Inbound Manipulations'' on page 529. Outbound Manipulations Table Outbound Manipulations Defines outbound manipulation rules. configure voip > sbc manipulation ip- The format of the ini file table parameter is as follows: Version 7.2 Mediant 4000 SBC...
Page 906 Mediant 4000 SBC Parameter Description outbound-manipulation [IPOutboundManipulation] FORMAT IPOutboundManipulation_Index = [IPOutboundManipulation] IPOutboundManipulation_ManipulationName, IPOutboundManipulation_RoutingPolicyName, IPOutboundManipulation_IsAdditionalManipulation, IPOutboundManipulation_SrcIPGroupName, IPOutboundManipulation_DestIPGroupName, IPOutboundManipulation_SrcUsernamePrefix, IPOutboundManipulation_SrcHost, IPOutboundManipulation_DestUsernamePrefix, IPOutboundManipulation_DestHost, IPOutboundManipulation_CallingNamePrefix, IPOutboundManipulation_MessageConditionName, IPOutboundManipulation_RequestType, IPOutboundManipulation_ReRouteIPGroupName, IPOutboundManipulation_Trigger, IPOutboundManipulation_ManipulatedURI, IPOutboundManipulation_RemoveFromLeft, IPOutboundManipulation_RemoveFromRight, IPOutboundManipulation_LeaveFromRight, IPOutboundManipulation_Prefix2Add, IPOutboundManipulation_Suffix2Add, IPOutboundManipulation_PrivacyRestrictionMode, IPOutboundManipulation_DestTags, IPOutboundManipulation_SrcTags; [\IPOutboundManipulation] For more information, see ''Configuring IP-to-IP Outbound Manipulations'' on page 533.
Page 907: Supplementary Services
Defines DiffServ bits sent in SIP signaling messages for SBC emergency calls. This is included in the SIP Resource-Priority configure voip > sbc settings > header. sbc-emerg-sig-diffserv The valid value is 0 to 63. The default is 40. [SBCEmergencySignalingDiffServ] Version 7.2 Mediant 4000 SBC...
Page 908: Ip Media Parameters
Mediant 4000 SBC 60.12 IP Media Parameters The IP media parameters are described in the table below. Table 60-40: IP Media Parameters Parameter Description IPMedia Detectors Enables the device's DSP detectors for detection features such as AMD. configure voip > media ipmedia >...
Page 909 You can also configure this functionality per specific calls, using IP Profiles (IpProfile_AMDSensitivityParameterSuit). For a configure voip > media detailed description of the parameter and for configuring this ipmedia > amd-sensitivity- functionality in the IP Profiles table, see ''Configuring IP parameter-suit Version 7.2 Mediant 4000 SBC...
Page 910 Mediant 4000 SBC Parameter Description [AMDSensitivityParameterSuit] Profiles'' on page 418. Note: If this functionality is configured for a specific IP Profile, the settings of this global parameter is ignored for calls associated with the IP Profile. Answer Machine Detector Global parameter that defines the AMD detection sensitivity Sensitivity Level level of the selected AMD Parameter Suite.
Page 911: Services
The SIP-based media recording parameters are described in the table below. Table 60-41: SIP-based Media Recording Parameters Parameter Description SIP Recording Application Enables the SIP-based Media Recording feature:  configure voip > sip-definition [0] Disable (default) sip-recording settings >  [1] Enable Version 7.2 Mediant 4000 SBC...
Page 912: Radius And Ldap Parameters
Mediant 4000 SBC Parameter Description enable-sip-rec Note: For the parameter to take effect, a device reset is required. [EnableSIPRec] Recording Server (SRS) Defines the SIP user part for the recording server. This user part is Destination Username added in the SIP To header of the INVITE message that the device sends to the recording server.
Page 913: Radius Parameters
Note: If set to Control, only one Control interface must be configured in the IP Interfaces table; otherwise, RADIUS communication will fail. RADIUS VSA Vendor ID Defines the vendor ID that the device accepts when parsing a RADIUS Version 7.2 Mediant 4000 SBC...
Page 914 Mediant 4000 SBC Parameter Description configure system > radius response packet. settings > vsa-vendor-id The valid range is 0 to 0xFFFFFFFF. The default is 5003. [RadiusVSAVendorID] [MaxRADIUSSessions] Defines the number of concurrent calls that can communicate with the RADIUS server (optional).
Page 915: Ldap Parameters
You can use the dollar ($) sign to represent the username. [LDAPAuthFilter] For example, if the parameter is set to "(sAMAccountName=$)" and the user logs in with the username "SueM", the LDAP query is run for sAMAccountName=SueM. Version 7.2 Mediant 4000 SBC...
Page 916 Mediant 4000 SBC Parameter Description Use LDAP for Web > Telnet Login Enables LDAP-based management-user login authentication and authorization. configure system > ldap settings >  enable-mgmt-login [0] Disable (default)  [1] Enable [MgmtLDAPLogin] Note: For the parameter to take effect, a device reset is required.
Page 917 Management LDAP Groups Table Defines the users group attribute in the AD and corresponding management access level. configure system > ldap mgmt-ldap- groups The format of the ini file table parameter is as follows: [ MgmntLDAPGroups ] Version 7.2 Mediant 4000 SBC...
Page 918: Least Cost Routing Parameters
Mediant 4000 SBC Parameter Description [MgmntLDAPGroups] FORMAT MgmntLDAPGroups_Index = MgmntLDAPGroups_LdapConfigurationIndex, MgmntLDAPGroups_GroupIndex, MgmntLDAPGroups_Level, MgmntLDAPGroups_Group; [ \MgmntLDAPGroups ] For more information, see ''Configuring Access Level per Management Groups Attributes'' on page 247. LDAP Server Groups Table LDAP Server Groups Table Defines LDAP Server Groups.
Page 919: Call Setup Rules Parameters
For more information, see ''Configuring HTTP Services'' on page 271. Remote Web Services Table Remote Web Services Defines remote Web services. configure system > http-services The format of the ini file table parameter is as follows: > http-remote-services [HTTPRemoteServices] Version 7.2 Mediant 4000 SBC...
Page 920: Http Proxy Parameters
Mediant 4000 SBC Parameter Description [HTTPRemoteServices] FORMAT HTTPRemoteServices_Index = HTTPRemoteServices_Name, HTTPRemoteServices_Path, HTTPRemoteServices_HTTPType, HTTPRemoteServices_Policy, HTTPRemoteServices_LoginNeeded, HTTPRemoteServices_PersistentConnection, HTTPRemoteServices_NumOfSockets, HTTPRemoteServices_AuthUserName, HTTPRemoteServices_AuthPassword, HTTPRemoteServices_TLSContext, HTTPRemoteServices_VerifyCertificate, HTTPRemoteServices_TimeOut, HTTPRemoteServices_KeepAliveTimeOut, HTTPRemoteServices_ServiceStatus; [\HTTPRemoteServices] For more information, see ''Configuring Remote Web Services'' on page 271. HTTP Remote Hosts Table HTTP Remote Hosts Defines remote HTTP hosts per remote Web service.
Page 921 OVOC Services Table OVOC Services Defines an HTTP-based OVOC Service so that the device can act as an HTTP Proxy that enables AudioCodes OVOC to manage configure network > AudioCodes equipment (such as IP Phones) over HTTP when the http-proxy ems-serv equipment is located behind NAT (e.g., in the LAN) and OVOC is...
Page 922 Mediant 4000 SBC Parameter Description EMSService_PrimaryServer, EMSService_SecondaryServer, EMSService_DeviceLoginInterface, EMSService_EMSInterface; [ \EMSService ] For more information, see ''Configuring an HTTP-based OVOC Service'' on page 289. User's Manual Document #: LTRT-40203...
Page 923: Channel Capacity
The figures listed in the table are accurate at the time of publication of this document. However, these figures may change due to a later software update. For the latest figures, please contact your AudioCodes sales representative. • "GW" refers to Gateway functionality.
Page 924: Mediant 4000 Sbc
923. These SBC sessions also support SRTP and RTCP XR. When DSP capabilities are required, the number of sessions that can use DSP capabilities is reduced, as shown in the table below. Table 61-2: Transcoding Capacity per Coder-Capability Profile for Mediant 4000 SBC Session Coders Max. Sessions...
Page 925: Mediant 4000B Sbc
Profile 1 Profile 2 + SILK-NB 1,200 1,600 2,850 4,050 Profile 2 Profile 2 + SILK-NB 1,050 1,400 2,500 3,600 Profile 1 Profile 2 + SILK-WB 1,650 2,400 Profile 2 Profile 2 + SILK-WB 1,650 2,400 Version 7.2 Mediant 4000 SBC...
Page 926 Profile 2: G.711, G.726, G.729, G.723.1, AMR-NB, T.38 with fax detection, In-band signaling (in voice channel), and Silence Compression. • Acoustic Echo Suppressor reduces performance by about 30%. For more information, contact your AudioCodes sales representative. • MPMB is the optional, Media Processing Module that provides additional DSPs, allowing greater capacity.
Page 927: Technical Specifications
The device's technical specifications are listed in the table below. Note: • All specifications in this document are subject to change without prior notice. • The compliance and regulatory information can be downloaded from AudioCodes Web site at http://www.audiocodes.com/library. Table 62-1: Technical Specifications Function Specification...
Page 928 Direct Media (No Media Hair-pinning of local calls to avoid unnecessary media delays and Anchoring) bandwidth consumption Voice Quality Monitoring RTCP-XR, AudioCodes One Voice Operations Center (OVOC) High Availability SBC high availability with two-box redundancy, active calls (Redundancy) preserved Quality of Experience...
Page 929 100-240 VAC, 50-60 Hz, 7A max.  Operational: 0 to 40°C (32 to 104°F) Environmental  Storage: -20 to 70°C (-4 to 158°F)  Relative Humidity: 10 to 85% non-condensing Version 7.2 Mediant 4000 SBC...
Page 930 Website: ©2017 AudioCodes Ltd. All rights reserved. AudioCodes, AC, HD VoIP, HD VoIP Sounds Better, IPmedia, Mediant, MediaPack, What’s Inside Matters, OSN, SmartTAP, User Management Pack, VMAS, VoIPerfect, VoIPerfectHD, Your Gateway To VoIP, 3GX, VocaNom, AudioCodes One Voice and CloudBond are trademarks or registered trademarks of AudioCodes Limited.

This manual is also suitable for:

Mediant 4000b sbc

AudioCodes Mediant 4000 SBC User Manual

1 Introduction

Getting Started with Initial Connectivity

2 Introduction

3 Default OAMP IP Address

4 Configuring Voip LAN Interface for OAMP

Management Tools

5 Introduction

6 Web-Based Management

7 CLI-Based Management

8 SNMP-Based Management

9 INI File-Based Management

General System Settings

10 Configuring SSL/TLS Certificates

11 Network

12 Date and Time

General Voip Configuration

13 Security

14 Media

15 Services

16 Quality of Experience

17 Control Network

18 SIP Definitions

19 SIP Message Manipulation

20 Coders and Profiles

Session Border Controller Application

21 SBC Overview

Quick Links

Related Manuals for AudioCodes Mediant 4000 SBC

Summary of Contents for AudioCodes Mediant 4000 SBC