ELTEX SBC-3000 User Manual
  1. Manuals
  2. Brands
  3. ELTEX Manuals
  4. Controller
  5. SBC-3000
  6. User manual

ELTEX SBC-3000 User Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Session border controllers
SBC-1000, SBC-2000, SBC-3000
User Manual, Firmware Version 1.10.0
www.eltex-co.com

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the SBC-3000 and is the answer not in the manual?

Questions and answers

Related Manuals for ELTEX SBC-3000

Summary of Contents for ELTEX SBC-3000

  • Page 1 Session border controllers SBC-1000, SBC-2000, SBC-3000 User Manual, Firmware Version 1.10.0 www.eltex-co.com...
  • Page 2 Firmware version: 1.10.0 Document version Issue date Revisions Version 1.11 12.11.2020 Changed: – the menu tree is reordered by function; – protection timeout limits for calls without media. Added: – the option for automatic response to OPTIONS; – the option for generating logs on request; –...
  • Page 3 Version 1.3 20.06.2016 Changed: – trunk and subscriber destinations are separated; – trunks can combine different destinations for redundancy/load bal- ancing purposes; – fail2ban functionality has been extended. Added: – active sessions monitoring; – adaptations for ZTE Softswitch and MTA M-200; –...
  • Page 4 TARGET AUDIENCE This operation manual is intended for technical personnel that performs device installation, configuration, monitoring, and maintenance using a web configurator. Qualified technical personnel should be familiar with the operation basics of ТСР/IP & UDP/IP protocol stacks and Ethernet networks design concepts. SBC session border controllers...

  • Page 5: Table Of Contents

    Power module installation ......................26 Removing the housing ........................27 Installation of ventilation units ...................... 30 SSD installation for SBC-1000 ......................31 SATA drive installation for SBC-2000 and SBC-3000 ..............32 RTC battery replacement ....................... 33 GENERAL SWITCH OPERATION GUIDELINES ....................35 DEVICE CONFIGURATION ..........................
  • Page 6 Saving configuration and 'Service' menu ..................103 Time and date configuration ....................... 104 Firmware update via web interface .................... 104 Licenses ............................104 The «Help» menu ........................105 View factory settings and system information ................105 Exit the configurator ........................105 SBC configuration via Telnet, SSH, or RS-232 ..................

  • Page 7: Introduction

    DEVICE DESCRIPTION 2.1 Purpose Eltex SBC is a component of the ECSS-10 hardware and software complex, which participates in the call service process as a session border controller. The device provides normalization of the signal protocol implementations, the set SLA level of quality, protection of the carrier's network from unauthorized access and various attacks, collection of statistics.
  • Page 8 – static address and DHCP support; – SIP, SIP-T, SIP-I IP protocols; – NTP support; – DNS support; – SNMP support; – bandwidth limit and QoS; – ToS and CoS for RTP and signalling – VLAN for RTP, signalling and management; –...

  • Page 9: Typical Application Diagrams

    2.2 Typical Application Diagrams This manual proposes several network layouts using SBC. Interaction between operators Figure 1 — Use case "Interaction between operators" Interaction between operator and corporate client Figure 2 — Use case "Operator — corporate client" SBC session border controllers...

  • Page 10: Interaction Between Operator And Private Customer

    G.711 μ-law (G.711U in text) G.729 A/B G.723.1 (6.3 Kbps, 5.3 Kbps) G.726 (32 Kbps) Video codecs H.263 H.263-1998 H.264 Electrical Ethernet interface specifications No. of interfaces SBC-1000 SBC-2000 SBC-3000 Electric port RJ-45 Data rate, Mbps Autodetection, 10/100/1000Mbps duplex Standards 10/100/1000BASE-T...
  • Page 11 Data transfer rate, baud 115200 Electric signal parameters According to ITU-T V.28 guidelines Other interfaces Interface Quantity 1 — for SBC-1000/2000; 2 — for SBC-3000 e-SATA General parameters Operating temperature range From 0 to 40°C Relative humidity Up to 80% Power options - single AC or DC power supply;...

  • Page 12: Design

    2.4 Design SBC-1000 Session border controller SBC-1000 has a metal case available for 19” form-factor rack-mount 1U shelf installation. The front panel of the device is shown in Figure 4. Figure 4 — The front panel of SBC-1000 (based on SMG-1016M) Connectors, LEDs and controls located on the front panel of the device are listed in Table 2.

  • Page 13: Sbc-2000

    The rear panel of the device is shown in Figure 5. Figure 5 — The rear panel of SBC-1000 (based on SMG-1016M) The Table below lists rear panel connectors of the device. Table 3 — Description of rear panel connectors of the switch №...
  • Page 14 E1 Line 0..15 16 x RJ-48 connectors for E1 streams Sync.0, Sync.1 2 x RJ-45 ports for connection of external synchronization sources Indicators Alarm Device alarm indicator Status Device operation indicator Sync.1 Sync.1 external synchronization interface operation indicator Sync.0 Sync.2 external synchronization interface operation indicator Power Device power indicator Device aux power indicator...

  • Page 15: Sbc-3000

    SBC-3000 Session border controller SBC-3000 has a metal case available for 19” form-factor rack-mount 1U shelf installation. The front panel of device is shown in the Figure below. Figure 8 — The front panel of SBC-3000 (based on SMG-3016) Connectors, LEDs and controls located on the front panel of the device are listed in Table 6. Table 6 —...

  • Page 16: Led Indication

    LED indicators located on the front panel represent the current state of the device. Device light indication in operation 2.5.1.1 SBC-1000 Light indication of the device in operation is shown in Table 8. Table 8 — Light indication of the device operational status...
  • Page 17 2.5.1.2 SBC-2000 Light indication of the device in operation is shown in Table 9. Table 9 — Light indication of the device in operation Indicator Indicator State Device Status flashes red critical device failure Alarm solid red non-critical device failure solid yellow no failures, non-critical warnings solid green...

  • Page 18: Light Indication Of Ethernet 1000/100 Interfaces

    A port runs in 10/100BASE-TX mode, data transfer available Light indication during device boot and reset to factory defaults 2.5.3.1 SBC-1000 For light indication during device boot and reset to factory defaults, see Table 12. Table 12 — Light indication during device boot and reset to factory defaults №...

  • Page 19: Light Indication Of Alarms

    2.5.3.2 SBC-2000 For light indication during device boot and reset to factory defaults, see Table 13. Table 13 — Light indication during device boot and reset to factory defaults Indication Reset to factory defaults procedure № (device in operation) Alarm Status Sync.1 Sync.2...

  • Page 20: F' Function Button Operation

    – Enter the sh command (the device will exit the CLI mode and enter the SHELL mode); – enter the save command; – reboot the device using the reboot command. The gateway will be restarted with the factory configuration. ********************************************* Welcome to SBC-1000 ********************************************* smg login: admin Password: rootpasswd ********************************************...

  • Page 21: Password Recovery

    If the device is rebooted without any further actions, the current configuration will be restored on the device without password recovery. The gateway will be restarted with the current configuration and an old password. ********************************************* Welcome to SBC-1000 ********************************************* smg login: admin...

  • Page 22: Delivery Package

    – The means to connect to the console: – for SBC-2000: RJ45-DB9 console port adapter; – for SBC-1000: DB9(F) — DB9(F) connection cable; – 2 x support brackets; – Operating manual on a CD (optional). If ordered, delivery package may also include: –...

  • Page 23: Safety Instructions

    2.10 Safety instructions General guidelines Any operations with the equipment should comply to the Safety Rules for Operation of Customers' Electrical Installations. Operations with the equipment should be carried out only by personnel authorised in accordance with the safety requirements. Before operating the device, all engineers should undergo special training.

  • Page 24: Sbc Installation

    When the power supply voltage is restored after being below the permissible threshold, the device specifications will be restored automatically. 2.10.4.3 Permissible interference requirements for DC power supply The equipment must function properly with power supply interference not exceeding that shown in Table 15. Table 15 —...

  • Page 25: Startup Procedure

    The delivery package includes support brackets for rack installation and mounting screws to fix the device case on the brackets. Figure 10 — Mounting brackets for SBC-1000 (left) and SBC-2000 (right) Figure 11 — Mounting brackets for SBC-3000 To install the support brackets: 1.

  • Page 26: Device Rack Installation

    4. To dismount the device, disconnect cables and remove support bracket screws from the rack. Remove the device from the rack. Figure 12 — Rack mounting of SBC-1000 (left) and SBC-2000 (right) Figure 13 — Rack mounting of SBC-3000 Power module installation Device can operate with one or two power modules.

  • Page 27: Removing The Housing

    First, disconnect the device from the power supply, disconnect all the cables and remove the device from the rack if necessary (see Section 2.11.3 Device rack installation). Figure 15 — Case opening procedure of SBC-1000 (based on SMG-1016M) SBC session border controllers...
  • Page 28 Figure 17 — Case opening procedure of SBC-3000 (based on SMG-3016) 1. Use a screwdriver to remove support brackets from the device housing. 2. For SBC-1000 only, the front panel retaining screws must be unscrewed, then pulled to separate from the top and side panels (Figure 15).
  • Page 29 3. Remove the screws on the top panel of the device 4. Pull the top panel (cover) of the device to remove it. For the device assembly, repeat all mentioned steps in the reverse order. Figure 18 — Screw types for SBC assembly (based on SMG) Fig.

  • Page 30: Installation Of Ventilation Units

    Installation of ventilation units The device design allows ventilation units replacement even when the terminal is on. Figure 20 — Ventilation unit in SBC-1000 based on SMG-1016M. Case mounting Figure 21 — Ventilation unit in SBC-2000 based on SMG-2016. Case mounting Figure 22 —...

  • Page 31: Ssd Installation For Sbc-1000

    Figure 23 — Fan connection socket in SBC-1000 based on SMG-1016M To install a ventilation unit, perform the following actions: 1. Connect the unit to the socket. 2. Insert the unit into the case. 3. Screw the ventilation unit to the rear panel.

  • Page 32: Sata Drive Installation For Sbc-2000 And Sbc-3000

    4. Open the casing of the device (more information in Sec- tion 2.11.5). 5. If the mounting sleeve (see Figure 24) is missing from the device board, use the removable stand: a. mount the SSD onto the fixing stand; b. Remove the top protective layer from the ad- hesive surface of the fixing stand;...

  • Page 33: Rtc Battery Replacement

    CR2032 (CR2024 installation is possible) Voltage Capacity 225mAh Diameter 20 mm Thickness 3.2mm Shelf life / expiration date 5 years Storage conditions from -20 to +35°С Figure 29 — RTC battery position for SBC-1000 (based on SMG-1016M) SBC session border controllers...
  • Page 34 Figure 30 — RTC battery position for SBC-2000 (based on SMG-2016) Figure 31 — RTC battery position for SBC-3000 (based on SMG-3016) If the battery shelf life is expired, replace it with a new one to ensure correct and continuous operation. The replacement procedure as follows: Check if the device is supplied with power.

  • Page 35: General Switch Operation Guidelines

    GENERAL SWITCH OPERATION GUIDELINES The easiest way to configure and monitor a device is to use the web configurator, so we recommend you to use it for these purposes. In order to prevent an unauthorized access to the device, we recommend changing the password for Telnet, SSH and console access (default username: admin, password: rootpasswd) and administrator password for web configurator access.

  • Page 36: Device Configuration

    DEVICE CONFIGURATION There are four ways to connect to the device: via web configurator, Telnet, SSH or via cable via RS-232 (access via RS-232, SSH or Telnet uses the CLI command console). To save changes made to configuration into the non-volatile memory, use «Service/Save configuration to flash»...
  • Page 37 Figure 32 — Web configurator navigation elements User interface window is divided into several areas. Navigation tree — is used to control the settings field. Navigation tree contains the hierarchy of management sections and nested menus. Settings field — based on user's choice. Allows viewing device settings and enter configuration data.

  • Page 38: System Settings

    Interface language — buttons for interface language switching. Management icons — controls for working with the settings field objects' management. They duplicate the 'Objects' menu on the control panel: — Add an object; — Edit object; — Delete an object; —...
  • Page 39 Basic settings – Device name — the device name displayed in the web configurator header (not used in this software version); – Local disk drive for traces — it is possible to save debugging information (traces) to RAM or to an installed SSD: –...
  • Page 40 Operating memory is low Operating memory is low. 3 levels of alarm possible — warning (less than 25% of free memory left), alarm (less than 10%), critical alarm (less than 5%) Failed to send CDR files via FTP Problem with sending a CDR file to an FTP server Device software startup Device software startup Alarm Indication...
  • Page 41 Autoupdate settings SBC can automatically retrieve configuration and software version files from the Auto-configuration server (hereinafter referred to as "server") with a set period of time. After downloading a configuration, SBC will wait for completion of all active calls before applying the new configuration.

  • Page 42: Monitoring

    This section contains information on the device telemetric sensor readings as well as the information on power supplies and fans installed. Monitoring –> Telemetry Temperature sensors For SBC-1000: – TempSensor #0 — CPU temperature; – TempSensor #1 — switch temperature.
  • Page 43 Fans – Fan #N — information on the status of the N fan and its speed (e.g. 9600 rpm). SBC-1000 has 2 fans, SBC-2000 has 4 fans and SBC-3000 has 4 fans. Voltage – Internal voltage (+12V) — 12V voltage sensor status details.
  • Page 44 Monitoring –> CPU load graph To navigate between specific parameters in monitoring charts, use the buttons . To facilitate visual identification, all charts have different colors. – TOTAL — the total percentage of CPU load; – IO — the percentage of CPU time spent on I/O operations; –...
  • Page 45 Monitoring –> Front-ports – Link — the status of the cable connection on the port (UP/DOWN); – Speed — committed rate on the port; – Duplex — data transmission mode (half-full-duplex); – LACP group — the LACP channel the port is included in and its status (UP/DOWN) –...
  • Page 46 Table 18 — Alarm types Type Meaning Configuration has not been read Configuration file read error MSP-module lost MSP module connection loss CDR-FTP Error in transferring CDR files to the FTP server. There are 3 levels of failure — warning (5 MB of data accumulated), alarm (5-15 MB), critical alarm (15-30 MB) Operating memory is low Operating memory is low.
  • Page 47 – Ethernet — Ethernet interface name; – Network name — the name to which the specified network settings are associated; – VLAN ID — a virtual network identifier (for a tagged interface); – DHCP — the status of using DHCP to obtain network settings automatically (requires a DHCP server in the operator's network);...
  • Page 48 – User-Agent — a SIP client of a subscriber, a value passed in the header User-Agent header of the request REGISTER; – Contacts — private addresses of a registered subscriber, values passed in Contact headers of the request REGISTER; – Expires —...
  • Page 49 – Monitoring is enabled/disabled — monitoring current status. The Enable/Disable button can be used to control the monitor's status. When monitoring is enabled, calls already established will not be displayed, only new calls will be displayed. There are two monitoring tables in the menu. The left table contains general information on all active ses- sions.
  • Page 50 The information in the blocks can be hidden/expanded by left-clicking on the relevant subtitle. 4.1.2.9 SIP calls graph This submenu displays the maximum, current and minimum number of calls made in the last five minutes on the graph. The graph is updated every three seconds. Monitoring –>...
  • Page 51 4.1.2.11 SIP statistics The section contains the call statistics accumulated by SBC. If statistics are disabled, they can be switched on in the section 4.1.1 System settings. On the left is a list of all SIP Transports, SIP Destinations and SIP Users configured on SBC.

  • Page 52: Sbc Configuration

    – 403, 603 prohibitions — the call was rejected with the reason "call prohibition"; – 4xx except aforecited codes — other calls with SIP responses 400-499 received on them that do not fall into the categories above; – 5хх system failure — calls with SIP responses 500-599 received on them; –...
  • Page 53 General SBC configuration algorithm 1. Create a SIP transport in those subnets between which the switching will take place. 2. Create SIP destinations and users, link transports to them. For destinations, specify addresses of terminal nodes. 3. Create rule sets according to the desired call-switching scheme between the terminal nodes. 4.
  • Page 54 4.1.3.2 SIP Destination This submenu allows editing the list of destinations for receiving and sending calls to end nodes. Up to 256 destinations can be created. To create, edit or remove interfaces, use 'Objects' — 'Add an object', 'Objects' — 'Edit an object' and 'Objects' —...
  • Page 55 – Transport protocol — selection of the transport layer protocol used to receive and transmit SIP messages: – TCP-prefer — reception via UDP and TCP. Transmission via TCP. If connection is not established via TCP, the transmission will be performed via UDP; –...
  • Page 56 – RTCP control timeout, s — the voice frequency path monitor function, takes on values from 10-300 c. Defines the period of time, during which the opposite side will wait for RTCP protocol packets. If no packets are received within a given time period, if at least one RTCP packet has previously been sent by the opposite party, the established connection is terminated;...
  • Page 57 When enabled, the setting will disable built-in firewall rules for the SIP transport bound to the SIP destination on which the option is enabled to ensure that redirects work correctly! If the transport is used on other SIP destinations, built-in Firewall rules will also be disabled for them. It is recommended to allocate a separate SIP transport for those SIP destinations from which redirects are allowed to be processed, or restrict access manually if necessary (more details in section 4.1.8.5).
  • Page 58 Concurrent sessions restriction – No restriction — the number of sessions is not limited; – Deny all — total prohibition of sessions; – Maximum N sessions, where N is the number of simultaneous sessions. Additional settings – Ignore source port for incoming calls —...
  • Page 59 Modification rules Modification rules are described by symbols: – $ — leave the following text; – ! — remove the following text; – +(ABC) — add the specified text; – -(ABC) — remove the specified text. Examples of operation rules implementation are shown in the Table below. Table 19 —...
  • Page 60 Remove text Accept: [sipheader:accept=-(application/SDP,)$] Accept: application/ISUP application/SDP,applicatio n/ISUP Remove, Accept: [sipheader:accept=-(,text)!] Accept: application/SDP starting from application/SDP,text/plain the specified text Replace the text Accept: [sipheader:accept=+(application/ISUP)!] Accept: application/ISUP completely application/SDP Replace the text Accept: [sipheader:accept=-(SDP)+(ISUP)$] Accept: application/SDP,text/plain application/ISUP,text/plain Replace the text Accept: [sipheader:accept=-(SDP)+(ISUP)!] Accept: application/ISUP by discarding...
  • Page 61 SBC Configuration –> SIP Users –> "Add" or "Edit" User direction parameters – Name — an arbitrary name for identification, convenient for the operator; – SIP transport — transport to be used to receive calls to and from the destination; –...
  • Page 62 opposite device for the duration of the timeout and the last packet was not a silence suppression packet, the call will be rejected; – RTP-loss timeout after Silence-Suppression indication (multiplier) — RTP packet timeout for the silence suppression option utilization. Permitted value range is from 1 to 30. Coefficient is a multiplier and determines how many times the value of this timeout is greater than the "RTP-loss timeout".
  • Page 63 Concurrent sessions restriction – For registered subscribers — limit the number of simultaneous sessions for registered subscribers: – No restriction — the number of sessions is not limited; – Deny all — total prohibition of sessions; – Maximum N sessions, where N is the number of simultaneous sessions; –...
  • Page 64 SBC Configuration –> SBC Trunk –> "Add" or "Delete" Trunk parameters – Name — an arbitrary name for identification, convenient for the operator; – Load balance mode — type of load balancing between SIP servers: – Active-active — the load is balanced between SIP servers in a 50/50 ratio;...
  • Page 65 Rules configuration To create, edit and delete rules, the buttons "Add", "Edit" and "Delete" are used. The green arrows next to the edit buttons allow moving the highlighted entries in the table, adjusting the order of the rules created. SBC Configuration –> Rule set –> "Edit" –...
  • Page 66 – To address URI — the URI from the To header is checked, it is possible to check via a regular expression; – Request-URI User Part — the name from the Request-URI header is checked, it is possible to check via a regular expression;...
  • Page 67 Example: 45+ — strings that contain the sequence: 45, 455 etc; Example: ^2.+ — a string that begins with two and continues with one or more of any number of characters. Curly braces may indicate the exact range of character repetitions: –...
  • Page 68 SBC Configuration –> SIP statistics To configure a group, select it in the table and click the «Edit» button. To reset the group to its default state, select it and click the «Default» button. When editing, the following window will open depending on the type of group: with visibility editing only and with full editing.
  • Page 69 Parameters for saving CDR records – Enable CDR — when checked the gateway will generate CDR records; CDR files settings – Create files — select CDR file creation mode:  periodically — CDR file is created after a specified period of time since the device was booted. ...
  • Page 70 Add header — when checked, the header of the CDR file is written to the beginning of the CDR file in the form of: SBC-1000. CDR. File started at 'YYYYMMDDhhmmss', where 'YYYYMMDDhhmmss' — the time to start saving the records to the file;...
  • Page 71 – Server port — reserve FTP port TCP port; – Path on server — specifies the path to the folder on the reserve FTP server, where the CDR records will be saved; – Login — user name for accessing the reserve FTP server; –...

  • Page 72: Network Subsystem

    Network subsystem This section specifies the network settings of the device and the IP packet routing table. DHCP — protocol that allows automatically obtaining IP address and other settings required for operation in TCP/IP network. Allows the gateway to obtain all necessary network settings from DHCP server. DNS —...
  • Page 73 Network subsystem –> Routing table –> «Add» To add a new route, set the following parameters:  Enable — when checked, the route is available for use;  Destination — IP network, IP address or default (to set the «default» gateway); ...
  • Page 74 To create, edit or remove interfaces, use 'Objects' — 'Add an object', 'Objects' — 'Edit an object' and 'Objects' — 'Remove an object' and the following buttons: – «Add»; – «Edit»; – «Delete». To add a network interface, click the «Add» button and fill in the parameters: Network subsystem –>...
  • Page 75 Front-ports — external front port configuration This setting is only available for tagged VLAN interfaces (the «Type» parameter is set to «Tagged»).  Default VLAN ID — when a packet without VLAN ID tag comes to the port, this packet will be tagged with VLAN ID tag of the selected network interface, if the packet is received with VLAN ID tag, this tag remains unchanged;...

  • Page 76: Network Services

    Network services 4.1.5.1 This submenu configures the time synchronization service. NTP — protocol designed for synchronization of real-time clock of the device. Allows synchronising date and time used by the gateway against their reference values. Network services –> NTP – Enable —...
  • Page 77 – Caller IP address – Caller number – Callee MAC address – Callee IP address – Callee number – Channel engagement duration 4.1.5.2.1 SNMP settings Network services –> SNMP – Sys Name — device system name; – Sys Contact — device manufacturer contacts; –...
  • Page 78 Network services –> SNMP (SNMP traps settings) – Restart SNMPd — SNMP client restarts when the button is clicked; Network services –> SNMP (SNMP traps settings) –> «Add» Up to 16 traps can be created. To create, edit or remove trap parameters, use the following buttons: –...
  • Page 79 The «Start» and «Stop» buttons are used to control the PPTP server. When stopped, new client connections will not be created, but those already created will continue to work. Server status information is updated by clicking the «Update» button next to the header. 4.1.5.4 L2TP server Network services –>...

  • Page 80: Network Switch

    The «Network switch» menu is intended to configure switch ports. 4.1.6.1.1 LACP settings In this section, you may configure LACP groups. You can set up to 5 groups for SBC-1000. Link Aggregation Control Protocol (LACP) — protocol, designed for combining multiple physical channels into one logical channel.
  • Page 81 Network switch –> Ports settings In factory configuration, switch ports may not access each other. SBC-1000 switch is equipped with 3 electrical Ethernet ports, 2 optic ports and 1 port for CPU interactions: – GE port 0, port 1, port 2 — electrical Ethernet ports of the device;...
  • Page 82 Switch settings – Enable VLAN — when checked, enable «Default VLAN ID», «Override» and «Egress» settings for this port, otherwise they will be disabled; – Default VLAN ID — when an untagged packet is received at the port, this will be its VID; when a tagged packet is received at that port, its VID is considered to be specified in its VLAN tag.
  • Page 83 4.1.6.3 802.1q In '802.1q' submenu, you may define the configuration of packet routing rules for switch operation in 802.1q mode. The table may contain up to 1024 characters. Gateway switch is equipped with 3 electrical Ethernet ports, 2 optical ports and 1 port for CPU interactions: –...
  • Page 84 4.1.6.4 QoS and bandwidth control In the section "QoS and bandwidth control", Quality of Service (QoS) functions are configured. Ethernet switch –> QoS and bandwidth control – VLAN priority (default) — 802.1р priority assigned to untagged packets, received by this port. If 802.1р or IP diffserv priority is already assigned to the packet, this setting will not be used ('default vlan priority' will not be applied to packets containing IP header, when one of the QoS modes is in use: DSCP only, DSCP preferred, 802.1p preferred, and also to untagged packets;...
  • Page 85 – Speed limit for ingress queued packets 0 — bandwidth restriction for traffic incoming to a queue 0 port. Permitted values—from 70 to 250000kbps. – Speed limit for ingress queued packets 1 — bandwidth restriction for traffic incoming to a queue 1 port. You can double the bandwidth (prev prio *2) of priority 0, or leave it unchanged (same as prev prio).

  • Page 86: Network Utilities

     QoS 802.1p priority settings—allows distributing packets into queues depending on the 802.1р priority.  802.1р — 802.1р priority value;  Queue — egress queue number.  Diffserv queue mapping — allows distributing packets into queues depending on the IP diffserv priority. ...
  • Page 87 Periodic ping — used for periodic device network connection control. – Run at startup — when set, ping requests to the addresses in the host list will be activated immediately after the device is started; – Period, min — a time interval between requests in minutes; –...

  • Page 88: Security

    After entering the IP address of the network device for which the connection quality and setting the options are evaluated, click the «Check» button. As a result, the utility displays a table containing: – the node number and its IP address (or network name) –...
  • Page 89 4.1.8.2 SSL/TLS configuration This section is intended for downloading or creating a self-signed SSL/TLS certificate that allows using an encrypted connection to the gateway and uploading/downloading configuration files via HTTPS. Security –> SSL/TLS settings – Protocol for WEB-interface — the mode for connection to the web configurator: ...
  • Page 90 4.1.8.3 Dynamic firewall Dynamic firewall — a utility that tracks attempts of access to various services. When constantly repeated unsuccessful access attempts from the same IP address/host are discovered, the dynamic firewall blocks all further access attempts from this IP address/host. The following actions may be identified as an unsuccessful access attempt: –...
  • Page 91 Blocked addresses list — a list of addresses banned by a dynamic firewall. Up to 8192 records can be created for SBC-1000 and 16384 records for SBC-2000. In the header of the lists, there are two buttons for downloading and updating them: ...
  • Page 92 Table 20 — Blocking messages Message in the list Reason for the occurrence SIP message Request error: REGISTER failed : Dynamic user registration limit reached Response 403 Resource limit overflow Request error: REGISTER failed : Requesting the registration of an unknown Response 403 Unknown user or registration domain user...
  • Page 93 Firewall profiles Security –> Static firewall To create, edit or remove a firewall profile, use «Objects» — «Add object», «Objects» — «Edit object» and «Objects» — «Remove object» menus and the following buttons: – «Add»; – «Edit»; – "Delete". Software allows you to configure firewall rules for incoming, outgoing and transit traffic as well as for specific network interfaces.
  • Page 94 Firewall rule menu depending on the type of rule selected – Packet source — defines the packet source network address either for all addresses or a particular IP ad- dress or network: – any — for all addresses (checkbox is selected). –...
  • Page 95 – ICMP message type — ICMP message type that the rule will be used for. This field is active, when ICMP is selected in the «Protocol» field; – Action — action executed by this rule: – Accept — packets falling under this rule will be accepted by the firewall; –...
  • Page 96 4.1.8.7 DoS protection This menu is used to configure DoS protection settings. Security –> DoS protection On SBC, the following attacks are countered: – ICMP flood — attack with multiple ICMP requests; – Port Scan — port scanning; – SIP flood — attacks via SIP in order to brute-force user passwords, flooding with requests to forbidden direction, protection against scanning actual numbers;...
  • Page 97 SIP flood – Enable SIP flood defense — protection against brute-forcing user passwords and flooding with requests to the forbidden direction. – Hits to block — after exceeding the number of attempts, the user will be blocked. You can set from 1 to 32 attempts;...

  • Page 98: Radius Configuration

    To do this, create three static firewall rules in the following order: 1. A rule for ingress traffic with «GeoIP» type and «Russian Federation (RU)» country. Action — Accept; 2. A rule for ingress traffic with «Normal» type and IP address and source mask «34.92.128.128/255.255.255.240».
  • Page 99 The device supports up to 8 authorization servers. – Server reply timeout — the time for which the server is expected to respond; – Request sending attempts — the number of times the request to the server is repeated. If all attempts are unsuccessful, the server is considered inactive and the request is redirected to another server, if specified, otherwise an error is detected;...

  • Page 100: Traces

    Traces 4.1.10.1 PCAP traces The menu is used to configure parameters for network traffic analysis and TDM network protocols. Traces –> PCAP traces TCP-dump — TCP–dump utility settings: – Interface — interface for network traffic capture; – Capture length limit (0 — no limit) — size limit for captured packets, in bytes; –...
  • Page 101 Destination port for ingress packets — destination port for copied frames received by selected source ports; – Destination port for egress packets — destination port for copied frames sent by selected source ports; Only for SBC-1000 SBC session border controllers...
  • Page 102 System log should be used only when problems in gateway operation occur, and you have to identify the reason. To define the necessary debug levels, consult a Eltex Service Centre Specialist. Traces — allows saving the log of device components operation and interaction, as well as message exchange via various protocols.

  • Page 103: Working With Objects And 'Objects' Menu

    To update the software via the web interface, select the menu «Service» - «Firmware upgrade», see Section 4.1.14 Firmware update via web interface. To update/add licenses, select «Service»—«License update» menu; see Section 4.1.15 Licenses. Only for SBC-1000 SBC session border controllers...

  • Page 104: Time And Date Configuration

    Licenses To update/add licenses, you should obtain a license file. Contact Eltex marketing department by email eltex@eltex-co.ru or phone +7 (383) 274-48-48 and provide device serial number and MAC address (see Section 4.1.17). Next, select «License upgrade» parameter from the «Service» menu.

  • Page 105: The "Help" Menu

    The menu provides information on the current firmware version, factory defaults and other system information, as well as the ability to retrieve the latest documentation from http://eltex.org. View factory settings and system information To view it, use the menu «Help» - «System info».

  • Page 106: Sbc Configuration Via Telnet, Ssh, Or Rs-232

    4.2 SBC configuration via Telnet, SSH, or RS-232 To configure the device, you should connect to it via Telnet or SSH protocol, or by the RS-232 cable (for access via console). At factory defaults address: 192.168.1.2, mask: 255.255.255.0. Configuration is stored in text files located in the /etс/config directory (to exit execute the sh command) that you can edit with the integrated text editor 'joe' (these changes will take effect after the device is restarted).

  • Page 107: Change Device Access Password

    Server IP address in AAA.BBB.CCC.DDD format license update Update the licence license reset no/yes Delete all installed licenses password Change access password via CLI quit Terminate this CLI session reboot <YES_NO> yes/no Reboot device Go to Linux Shell from CLI show environment Viewing hardware status information show system info...

  • Page 108: View Active Registrations

    4.2.3.2 Viewing active sessions To work with these commands, it is necessary to enable monitoring of active sessions (section 4.2.3.1). Command Parameter Value Action show call list View list of active connections show call info CALL_ID 0-65520.0-5 View general information about the selected call show call info CALL_ID...

  • Page 109: Configuration Mode

    Configuration mode 4.2.7.1 General device parameter configuration mode To proceed to device parameter configurations/monitoring, execute config command. SBC> config Entering configuration mode. SBC-[CONFIG]> Command Parameter Value Action Show the list of available commands. alarm show View alarm display settings alarm set cps invite/other/subsc yes/no Change the INVITE/OTHER/SUBSCRIBE...
  • Page 110 ports start START_PORT 1024-65535 Set the start port for RTP ports range RANGE_PORT 1-65535 Set number of ports for RTP ports show View configuration of ports for RTP quit Terminate this CLI session radius Enter the RADIUS configuration mode reserve Enter the reserve management mode route Enter the static route configuration...
  • Page 111 set enable on/off Enable autoupdate set manifest- MANIFEST_NAME String, 63 Set firmware versions file. The name must be in name characters max. «.manifest» format set protocol PROTO tftp Specify the protocol to be used for the update http https set source NET_IFACE_IDX 0-39 Set the interface from which the server address (DHCP...
  • Page 112 4.2.7.4 Dynamic firewall parameters configuration mode To enter this mode, execute firewall dynamic command in the configuration mode. SBC-[CONFIG]> firewall dynamic Entering dynamic firewall mode. SBC-[CONFIG]-[DYN-FIREWALL]> Command Parameter Value Action Show the list of available commands. blacklist add <BLACKIP> IP address in Add an address to the list of blocked addresses AAA.BBB.CCC.DDD format or subnet...
  • Page 113 blocklist show Show the list of automatically blocked addresses blocklist show Show the number of entries in the list of automatically count blocked addresses blocklist show <BLACKIP> IP address in Find the specified address in the list of automatically address AAA.BBB.CCC.DDD blocked addresses format or subnet...
  • Page 114 whitelist <WHITEIP> subnet in CIDR Add a subnet to the list of addresses banned for subnet AAA.BBB.CCC.DDD/FF automatic blocking and remove addresses and subnets notation included in the added subnet 4.2.7.5 Static firewall parameters configuration mode To enter this mode, execute firewall static command in the configuration mode. SBC-[CONFIG]>...
  • Page 115 host-precedence- violation precedence-cutoff source-quench redirect network-redirect host-redirect TOS-network-redirect TOS-host-redirect echo-request router-advertisement router-solicitation time-exceeded ttl-zero-during- transit ttl-zero-during- reassembly parameter-problem ip-header-bad required-option- missing timestamp-request timestamp-reply address-mask-request address-mask-reply <ACTION> accept, drop, reject Action — action executed by this rule: – ACCEPT — packets falling under this rule will be accepted by the firewall;...
  • Page 116 none echo-reply destination- unreachable network-unreachable host-unreachable protocol-unreachable port-unreachable fragmentation-needed source-route-failed network-unknown host-unknown network-prohibited host-prohibited TOS-network- unreachable TOS- host-unreachable communication- prohibited host-precedence- violation precedence-cutoff source-quench redirect network-redirect host-redirect TOS-network-redirect TOS-host-redirect echo-request router-advertisement router-solicitation time-exceeded ttl-zero-during- transit ttl-zero-during- reassembly parameter-problem ip-header-bad required-option- missing timestamp-request timestamp-reply...
  • Page 117 <RULE_NAME> Text, 63 characters max. The text string that should be in the packet <CONTENT> Text, 127 characters max. Source IP address <S_IP> AAA.BBB.CCC.DDD Source subnet mask <S_MASK> AAA.BBB.CCC.DDD Destination IP address <R_IP> AAA.BBB.CCC.DDD Destination subnet mask <R_MASK> AAA.BBB.CCC.DDD Protocol type <PROTO>...
  • Page 118 timestamp-request timestamp-reply address-mask-request address-mask-reply Action — action executed by this rule: <ACTION> – ACCEPT — packets falling under this rule will accept, drop, reject be accepted by the firewall; – DROP — packets falling under this rule will be rejected by the firewall without informing the party that has sent these packets;...
  • Page 119 4.2.7.6 Configuration and operation with the PING utility To enter this mode, execute hostping command in the configuration mode. SBC1000-[CONFIG]> hostping Entering hostping mode. SBC1000-[CONFIG]-[HOSTPING]> Command Parameter Value Action Show the list of available commands. exit Return from this configuration submenu to the upper level.
  • Page 120 add interface dynamic/static Add a new network interface untagged <LABEL> you may use letters, LABEL — interface name; numbers, '_', '.', '-', ':' characters, 255 characters max. IP address in IPADDR — PPTP server IP address; <IPADDR> AAA.BBB.CCC.DDD format network mask in format <NETMASK>...
  • Page 121 set interface ssh <NET_IFACE_IDX> 0-39 Allow ssh session via interface <ON_OFF> on/off set interface <NET_IFACE_IDX> 0-39 Allow telnet session via interface telnet <ON_OFF> on/off set interface <NET_IFACE_IDX> 0-39 Enable/disable encryption (VPN interface only) use_mppe <ON_OFF> on/off set interface <NET_IFACE_IDX> 0-39 Set user name (VPN interface only) user_name <USER>...
  • Page 122 restart ntp no/yes Restart NTP process set ntp dhcp off/on Obtain NTP settings via DHCP period 10-1440 Set synchronization period server IP address in Set NTP server AAA.BBB.CCC.DDD usage format Do not use/use NTP off/on show config Show timezone set GMT/GMT+1/GMT- Set the time zone in relation to universal time 1/GMT+2/GMT-...
  • Page 123 modify type <IDX> 0-15 Change the SNMP trap transmission rule (SNMP message type) <TYPE> trapsink/ trap2sink/ informsink quit Terminate this CLI session remove <IDX> 0-15 Remove SNMP trap transmission rule restart snmpd Yes/no Restart SNMP client <RO> string, 63 Set the password for reading the parameters characters max.
  • Page 124 SBC-[CONFIG]-RADIUS> profile 0 Entering RADIUS-Profile-mode. SBC-[CONFIG]-RADIUS-PROFILE[0]> Command Parameter Value Action Show the list of available commands. auth <DIGESTAUTH> rfc5090/ Select the algorithm of subscriber digestauth rfc5090-no-challenge/ authorization with dynamic registration draft-sterman through the RADIUS server. With digest authentication, the password is transmitted as a hash code and cannot be intercepted when traffic is scanned auth...
  • Page 125 trunk — use the name of the trunk over which the incoming connection is made as a value config Return to Configuration menu. exit Exit from this configuration submenu to the upper level. history View history of entered commands. name <PRF_NAME>...
  • Page 126 IFACE_NAME — network interface <ENABLE> disable/enable ENABLE — enable/disable network route route del <IDX> 0-4095 Delete route: IDX — network route index route modify <IDX> 0-4095 Change the destination address destination <DESTINATION> route modify <IDX> 0-4095 Change the network interface <IFACE_NAME>...
  • Page 127 edit rule set id PREFIX_SIGN 1-65535 Edit a rule set with a specified ID edit rule set index PREFIX_SIGN 0-65534 Edit a rule set with a specified index exit Exit from this configuration submenu to the upper level. quit Terminate this CLI session remove by id rule SBC_RULE_SET_ID 1-65535...
  • Page 128 set condition type <CONDITION_TYPE> from-address- Set a condition of a certain type user-part/ from-address-user-part — name from the from-address- From header host-part/ from-address-host-part — domain from the from-address-URI/ From header to-address-user- from-address-URI — URI from the From part/ header to-address-host- to-address-user-part —...
  • Page 129 SIP_DESTINATION_NAME String, 63 Set the name. characters max. SIP_TRANSPORT_ID 1-65535 Set ID for the used SIP transport Oncoming side IP address and port. If no port is specified, port 5060 will be SIP_REMOTE_IP_ADDR AAA.BBB.CCC.DDD/ used. AAA.BBB.CCC.DDD:port where port = 1-65535 edit destination PREFIX_SIGN 0-65534...
  • Page 130 set ignore ON_OFF on/off Enable ignoring source port source port set keep-alive KEEP_ALIVE_TIMEOUT_0_1 0-1000 Period of checking the operating server server by OPTIONS messages set keep-dead KEEP_ALIVE_TIMEOUT_5_1 5-1000 Period of checking the non-operating server server by OPTIONS messages set name SIP_DESTINATION_NAME String, 63 Set SIP destination name...
  • Page 131 set trunk USERNAME_NUMBER String, 63 The user name used for registration username/number characters max. set verify media ON_OFF on/off Enable the RTP source IP and port remote address control option show info Show settings show rule set Show list of configured rule set list show sip Show list of available SIP transports...
  • Page 132 Transport index SBC_SIP_TRANSPORT_INDE 1-65535 New transport name String, 63 SBC_SIP_TRANSPORT_NAME characters max. set netiface Change the network interface for SIP signalling SBC_SIP_TRANSPORT_INDE 1-65535 Transport index 1-65535 Network interface ID IFACE_ID set port Change the port for signalling SBC_SIP_TRANSPORT_INDE 1-65535 Transport index 1-65535 Port for signalling PORT...
  • Page 133 4.2.7.21 SIP users configuration To enter this mode, in the SIP destination list configuration mode, execute the edit user <ID> or edit user index <INDEX> command, where <ID> and <INDEX> — ID or index of the edited user. SBC1000-[CONFIG]-SIP-USERS> edit user id 1 Entering SBC SIP user edit mode.
  • Page 134 set rtp-loss TIMEOUT_MULTIPLIER 1-30 Set the RTP waiting multiplier in the on multiplier silence suppression mode. silence- suppression set rule set id RULE_SET_ID 1-65535 Assign rule set set rule set Remove rule set none set session- SESSION_EXPIRES_OR_OFF 90-64800/off Requested period of session control expires according to RFC4028, seconds.
  • Page 135 Exit from this configuration submenu to the upper level. history View history of entered commands. LACP Enter the LACP parameter configuration mode Only for SBC-1000 Not supported in the current firmware version SBC session border controllers...
  • Page 136 QoS_control Enter the QoS parameter configuration mode quit Terminate this CLI session save mirroring Save mirroring settings without applying save vlan Save VLAN settings without applying set mirroring <PORT> GE_PORT0(0)/ Configure port mirroring: GE_PORT1(1)/ GE_PORT2(2)/ PORT — port type; CPU(4)/ SFP0(6)/ SFP1(7) NAME —...
  • Page 137 GE_PORT2(2)/ CPU(4)/ SFP0(6)/ SFP1(7) <IEEE> fallback/ IEEE — packet control mode: check/ secure – Fallback — if a packet with VLAN tag is received through this port, and there is a record in a routing table for this packet, then it falls within a scope of routing rules, specified in the record of this table;...
  • Page 138 <PORT> GE_PORT0/GE_PORT1/ GE_PORT2 set port vlan <PORT> CPU/ Enable/disable VLAN on this port enabling GE_PORT0/ GE_PORT1/ GE_PORT2/ SFP0/ SFP1 on/off <ENABLE> set port vlan <PORT> CPU/ Set the VLAN ID override mode for this port to override GE_PORT0/ standard GE_PORT1/ GE_PORT2/ SFP0/ SFP1...
  • Page 139 confirm Confirm VTU settings. You have 1 minute to confirm settings, or the previous values will be restored. exit Return from this configuration submenu to the upper level. QoS_control Go to the QoS configuration mode quit Terminate this CLI session remove VTU <NUMBER>...
  • Page 140 untagged/ tagged/ – Unmodified — packets will be sent by the not_member port without any changes; – untagged — packets will always be sent without VLAN tag by this port; – tagged — packets will always be sent with VLAN tag by this port; –...
  • Page 141 confirm Confirm QoS settings. You have 1 minute to confirm settings, or the previous values will be restored. exit Return from this configuration submenu to the upper level. quit Terminate this CLI session save Save QoS settings without applying <PRIO> Distribute packets into queues depending on the 802.1p_prio_mapping 802.1р...
  • Page 142 SFP1(7) <INGPRIO> 0-250000 set QoS_mode <PORT> GE_PORT0(0)/ Set QoS usage mode. GE_PORT1(1)/ GE_PORT2(2)/ QOSMODE — usage mode: CPU(4)/ – DSCP only — distribute packets into SFP0(6)/ queues based on IP diffserv priority only; SFP1(7) – 802.1p only — distribute packets into <QOSMODE>...
  • Page 143 dispatcher DISPATCHER 0-99 Enable Dispatcher tracing exit Return from this configuration submenu to the upper level. manager MANAGER 0-99 Enable Manager tracing quit Terminate this CLI session show Show information on Syslog configuration start Enable data transmission to the syslog server stop Disable data transmission to the syslog server userlog...
  • Page 144 set by id SBC_TRUNK_ID 1-65535 Assign redundant destination to trunk by ID destination secondary SBC_SIP_DESTINATI 1-65535 ON_ID set by id load SBC_TRUNK_ID 1-65535 Assign balancing mode by trunk ID balance mode LOAD_BALANCE_MODE active-active/ active-backup set by id load SBC_TRUNK_ID 1-65535 Assign balancing timeout by trunk ID, sec balance timeout LOAD_BALANCE_TIME...
  • Page 145 friendly-request/ VaxIPUserAgent/ VaxSIPUserAgent/ siparmyknife/ Test_Agent/ SIPBomber/ Siprogue add other USER_AGENT_NAME String, 31 Add your User-Agent mask to the list characters max. exit Return from this configuration submenu to the upper level. quit Terminate this CLI session remove by id USER_AGENT_ID 1-65535 Remove User-Agent from list by its ID user agent...

  • Page 146: Sbc-2000 Switch Configuration

    4.3 SBC-2000 switch configuration The configuration is performed from the switch configuration mode. SBC2000> config Entering configuration mode. SBC2000-[CONFIG]> switch SBC2000-[CONFIG]-[SWITCH]> Switch structure SBC-2000 switch has the following interfaces: – front-port — external ethernet ports of the switch, which are brought out on the front panel. Possible values: 0 - 3.

  • Page 147: Sbc-2000 Switch Interface Management Commands

    Possible value: 1. – sm-port — internal ports of the SBC-2000 switch designed to communicate with SM-VP submodules. Possible values: 0 – 5. When working with the switch, a unit number value of 1 is used. SBC-2000 switch interface management commands interface This command allows entering the configuration mode of the SBC-2000 switch interfaces.
  • Page 148 Syntax [no] bridging to <interface> <range> Parameters <interface> — interface type:  cpu-port;  front-port — external uplink interfaces;  host-channel;  host-port;  port-channel — LAG uplink interface aggregation groups;  sm-port. <range> — number of the port/ports with which traffic exchange is allowed: ...
  • Page 149 Example SBC2000-[CONFIG]-[SWITCH]-[if]> flow-control on frame-types The command allows assigning specific rules for receiving packets for the interface:  receive tagged and untagged packages;  receive only packets with VLAN tag. Syntax frame-types <act> Parameters <act> — allocated action:  all — receive tagged and untagged packages; ...
  • Page 150 Syntax speed auto Parameters Command contains no arguments. Example SBC2000-[CONFIG]-[SWITCH]-[if]> speed auto The speed for the port will be set automatically. show interfaces configuration This command is used to view the configuration of the SBC-2000 switch interfaces Syntax show interfaces configuration <interface> <number> Parameters <interface>...
  • Page 151 show interfaces status This command allows viewing information about the status of an interface, a group of interfaces. Syntax show interfaces status <interface> <number> Parameters <interface> — interface type:  front-port — external uplink interfaces;  host-channel  host-port ; ...
  • Page 152 Parameters <interface> — interface type:  cpu-port;  front-port — external uplink interfaces;  host-channel;  host-port;  port-channel — LAG uplink interface aggregation groups;  sm-port. <range> — number of the port/ports with which traffic exchange is allowed:  for cpu-port: <1/0>, where: ...

  • Page 153: Aggregation Group Configuration Commands

    Aggregation group configuration commands channel-group This command adds FRONT-PORT interfaces to the aggregation group. The use of the negative form of the command (no) removes FRONT-PORT interface from the aggregation group. Syntax channel-group <id> [force] no channel-group Parameters <id> — sequence number of the aggregation group, to which the port will be added, takes values [1 ... 4]; ...
  • Page 154 lacp port-priority This command sets the priority for the configurable port. The priority is set in the range [1 .. 65535]. 1 is the highest priority. The use of a negative form (no) of the command sets the default priority value. Syntax lacp port-priority <priority>...

  • Page 155: Vlan Interface Management Commands

    VLAN interface management commands pvid This command sets the default VID value for packets received by the port. When an untagged packet or a packet with VID value in the VLAN tag equal to 0 is received, the packet is assigned a VID value equal to PVID.
  • Page 156 Syntax spanning-tree pathcost <pathcost> no spanning-tree pathcost Parameters <pathcost> — path cost, may take values [0.. 200000000]. Default value path cost value = 0 Command mode INTERFACE FRONT-PORT INTERFACE PORT-CHANNEL Example SBC2000-[CONFIG]-[SWITCH]-[if]> spanning-tree pathcost 1 Path cost 1 is set. spanning-tree priority This command sets the STP priority for the configurable port.
  • Page 157 Syntax [no] spanning-tree admin-edge Parameters Command contains no arguments. Default value Command mode INTERFACE FRONT-PORT INTERFACE PORT-CHANNEL Example SBC2000-[CONFIG]-[SWITCH]-[if]> spanning-tree admin-edge For the configured port, the type of edge-link connection is enabled. spanning-tree admin-p2p This command defines the type of p2p connection definition. The use of a negative form (no) of the command sets the default p2p connection definition type.

  • Page 158: Mac Table Configuration Commands

    Syntax [no] spanning-tree auto-edge Parameters Command contains no arguments. Command mode INTERFACE FRONT-PORT INTERFACE PORT-CHANNEL Example SBC2000-[CONFIG]-[SWITCH]-[if]> spanning-tree auto-edge The automatic bridge detection feature is enabled. MAC table configuration commands mac-address-table aging-time The command sets MAC address lifetime in the table globally. The use of the negative form of the command (no) sets the default MAC address lifetime.

  • Page 159: Port Mirroring Configuration Commands

    Example SBC2000-[CONFIG]-[SWITCH]> show mac address-table count 17 valid mac entries show mac address-table include/exclude interface This command allows viewing the MAC table according to the specified interface: Syntax show mac address-table include/exclude interface <interface> <number> Parameters <interface> — interface type: ...
  • Page 160 <num> — the sequential number of the port of a given group (you can specify several ports by enumerating with «,» or a range of ports with «-»):  «all» — all ports of this group; <interface> — interface type: ...
  • Page 161 <port> — sequential number of the port of the front-port group in the format <unit/port>, where:  for front port: <unit/port>, where:  unit — module number, may take value [1],  port — port number, may take values: [0 .. 3]; ...

  • Page 162: Selective Q-In-Q Feature Configuration Commands

    mirror <rx|tx> vlan The command specifies the VLAN ID to be used in the mirroring operation when transmitting incoming/outgoing traffic. Syntax [no] mirror <rx|tx> vlan <vid> Parameters <rx|tx> — traffic type:  rx — incoming;  tx — outgoing. <vid> — VLAN ID, takes values of [1..4094]. Command mode CONFIG-SWITCH Example...
  • Page 163 Parameters <new-vlan> — new VLAN number, may take values [1 ..4095]; <old-vlan> — number of VLAN, which should be substituted, may take values [1 .. 4094]. <rule_direction> — traffic direction:  Ingress — incoming;  Egress — outgoing. Command mode SELECTIVE Q-IN-Q remove This command removes the Selective Q-in-Q rule by the specified number.

  • Page 164: Dual Homing Protocol Configuration

    selective-qinq list This command assigns the Selective Q-in-Q rule list to the configurable interface of the SMG-2016 switch. The use of the negative form of the command (no) removes the assignment. Syntax selective-qinq list <name> no selective-qinq list Parameters <name> — Selective Q-in-Q rule list name Command mode INTERFACE FRONT-PORT INTERFACE PORT-CHANNEL...
  • Page 165 Command mode INTERFACE FRONT-PORT INTERFACE PORT-CHANNEL Example Global redundancy SBC2000-[CONFIG]-[SWITCH]-[if]> no backup interface vlan ignore SBC2000-[CONFIG]-[SWITCH]-[if]> backup interface front-port 1/1 vlan ignore Redundancy in a specific VLAN SBC2000-[CONFIG]-[SWITCH]-[if]> no backup interface vlan 10 SBC2000-[CONFIG]-[SWITCH]-[if]> backup interface port-channel 1 vlan 10 backup-interface mac-duplicate This command specifies the number of packets copies with the same MAC address that will be sent to an active interface when switching.

  • Page 166: Lldp Configuration

    Default value Switching disabled. Command mode CONFIG SWITCH Example SBC2000-[CONFIG]-[SWITCH]> backup-interface preemption show interfaces backup This command allows viewing interface redundancy settings. Syntax show interfaces backup Parameters Command contains no arguments. Command mode CONFIG SWITCH Example SBC2000-[CONFIG]-[SWITCH]> show interfaces backup Backup Interface Options: Preemption is disabled.
  • Page 167 Example SBC2000-[CONFIG]-[SWITCH]> lldp enable lldp hold-multiplier This command specifies the amount of time for the receiver to keep LLDP packets before dropping them. This value will be transmitted to the receiving side in the LLDP update packets; and should be an increment for the LLDP timer.
  • Page 168 lldp timer This command specifies how frequently the device will send LLDP information updates. The use of a negative form (no) of the command sets the default value. Syntax lldp timer <timer> no lldp timer Parameters <timer> — time, may take values [5..32768] seconds. Default value The default value is 30 seconds.
  • Page 169 Syntax lldp lldpdu [mode] no lldp lldpdu Parameters <mode> — LLDP packets processing mode:  filtering — LLDP packets are filtered if LLDP is disabled on the switch;  flooding — LLDP packets are transmitted if LLDP is disabled on the switch. Command mode CONFIG SWITCH Example...
  • Page 170 show lldp neighbor This command allows viewing information on the neighbour devices on which LLDP is enabled. Syntax show lldp neighbor [<interface>< number >] Parameters Optional parameters, if you omit them, the display will show information for all ports. [interface] — interface type: ...
  • Page 171 [number] — port number (you can specify several ports separated by commas «,» or you can specify the range of ports with «-»).  for front port: <unit/port>, where:  unit — module number, may take value [1],  port — port number, may take values: [0 .. 3]; ...

  • Page 172: Qos Configuration

    Example SBC2000-[CONFIG]-[SWITCH]> show lldp statistics Tables Last Change Time: 0:0:4:28 Tables Inserts: 3 Tables Deletes: 1 Tables Dropped: 0 Tables Ageouts: 0 LLDP statistics ~~~~~~~~~~~~~~~ Interface Tx total Rx total Rx errors Rx discarded TLVs discarded TLVs unrecognized Agouts total front-port 1/0 front-port 1/1 6134...
  • Page 173 Example qos default 6 Packets for which no other rules are set are queued with priority 6. qos type This command allows you to set a rule by which to select the priority field for the package. The traffic prioritization method will be chosen depending on the configured system rules (IEEE 802.1p/DSCP). ...
  • Page 174 Parameters <type> — traffic prioritization method:  0 — by the 802.1p standard (used on level 2);  1 — by the DSCP/TOS standard (used on level 3). <field values> – value of the field by which the packets are selected is set according to <parameter 1> (the values of the fields are entered with a comma or as a range with «-»): ...

  • Page 175: Configuration Operation Commands

    Command mode CONFIG – SWITCH Example cntrset sm-port 1/2 1 22 2 1 show cntrset This command is used to view the queue collector information. Syntax show cntrset <SET> Parameters <SET> — counter number [0 .. 1]. Command mode CONFIG – SWITCH show qos This command is used to view the priorities assigned to the queues.

  • Page 176: Configuration Application And Confirmation Commands

    show candidate-config Syntax show candidate-config Parameters Command contains no arguments. Command mode CONFIG – SWITCH Configuration application and confirmation commands Once the SBC-2000 switch has been configured, you must apply the configuration (apply) to make it active on the device and confirm the application (confirm) to protect against the changes that have been made causing loss of access to the device.
  • Page 177 Command mode CONFIG – SWITCH exit Command is used to exit from this configuration submenu to the upper level. Syntax exit Parameters Command contains no arguments. Command mode CONFIG – SWITCH history Command is used to view history of entered commands. Syntax history Parameters...

  • Page 178: Appendix A. Alternative Firmware Update Method

    SBC-2000 (smg1016M_kernel, smg1016M_initrd for SBC-1000) in it (computer that runs TFTP server and the device should be located in the same network); 6. Turn the device on and stop the startup sequence by entering «stop» command in the terminal...
  • Page 179 Example: set netmask 255.255.255.0 Enter set serverip <IP address of a computer, that runs TFTP server><ENTER>; Example: set serverip 192.168.2.5 10. For SBC-1000, enter mii si <ENTER> to activate the network interface: => mii si Init switch 0: ..Ok! Init switch 1: ..Ok! Init phy 1: ..Ok!
  • Page 180 ################################################################# ################################################################# ################################################################# ################################################################# #################### done … Copy to Flash... done SMG2016>> For SBC-1000: => run flash_initrd Using ppc_4xx_eth0 device TFTP from server 192.168.2.5; our IP address is 192.168.2.2 Filename ' smg/smg1016M_initrd'. Load address: 0x400000 Loading: ################################################################# ################################################################# ################################################################# #################################################################...

  • Page 181: Appendix B. Sbc Configuration Examples

    APPENDIX B. SBC CONFIGURATION EXAMPLES 1. Configuration of SBC for SIP subscribers Use Case Operation algorithm The subscriber gateway sends a message to IP-address 192.168.20.120 port 5062, SBC-2000 forwards this traffic from IP address 192.168.16.113 port 5061 to Softswitch 192.168.16.65 port 5060. SBC configuration procedure 1.
  • Page 182 b. Create an interface in the subscriber gateway direction. Interface parameters: 192.168.20.120. 2. Configuration of media for SIP (menu SBC Configuration/RTP ports range, section 4.1.3.6). It is necessary to set the ranges of ports used for RTP. 3. SIP transport configuration (menu SBC configuration/SIP transport, section 4.1.3.1). a.
  • Page 183 c. The SIP transport table will be as follows: 4. SIP user configuration (menu SBC Configuration/SIP Users, section 4.1.3.3). a. Add SIP Users. In the «SIP transport» field, select the transport in the subscriber destination (20.120_50 62), if the subscribers are behind NAT, set the «NAT subscribers» flag and specify the connection storage time on NAT. SBC session border controllers...
  • Page 184 b. The SIP user table will be as follows: 5. SIP destination configuration (menu SBC Configuration/SIP Destination, section 4.1.3.2). a. Add a SIP Destination. In the «SIP transport» field select the transport in the Softswitch destination (16.113_5061), in the «Remote address»...
  • Page 185 b. The SIP destination table will be as follows: 6. Rule set configuration (menu SBC Configuration/Rule set, section 4.1.3.5). Create rule set, specify its name, add a rule to the set. In the «Action» field select «Send to destination», in the «SIP Destination»...
  • Page 186 b. The SIP user table will be as follows: 8. To apply the settings, save the configuration to Flash (menu Service/Save configuration to flash, section 4.1.12). SBC session border controllers...
  • Page 187 2. Configuration of SBC for SIP trunks Use Case SBC does not analyze the types of traffic (subscriber or sip trunk); you must use different ports for different traffic. SBC configuration procedure 1. Interface configuration. See section 1 Configuration of SBC for SIP subscribers of this Appendix. 2.
  • Page 188 c. The SIP transport table will be as follows: 4. SIP destination configuration (menu SBC Configuration/SIP Destination, section 4.1.3.2). a. Add a SIP destination in the trunk gateway destination (the «Rule set» field does not need to be filled in at this point). SBC session border controllers...
  • Page 189 b. Add a SIP destination in the Softswitch destination (the «Rule set» field does not need to be filled in at this point). c. The SIP destination table will be as follows: SBC session border controllers...
  • Page 190 5. Rule set configuration (menu SBC Configuration/Rule set, section 4.1.3.5). Create two rule sets. In the first «SIP Destination» field, specify the destination that was configured for Softswitch. In the second, specify the trunk gateway destination. 6. Bind the rule to destinations. To bind in the destination settings for Softswitch in the «SIP Users»...

  • Page 191: Appendix C. Sbc Reservation Function Provision

    MASTER. In order to fully duplicate the function, the redundant device constantly receives from the master the current configuration, subscriber database and other necessary files for work. Only single-type SBC-1000 or SBC-2000 devices are used to provide redundancy functions. Consider the connection schemes: Figure 33 —...
  • Page 192 During redundancy, 2 types of front-port are allocated on the device, these are local and global. On SBC-1000, the local port is 0, the global ports are 1 and 2, on the SBC-2000 the local ports are 0 and 1, the global ports are 2 and 3.
  • Page 193 After that, the slave SBC is connected to the master SBC by a local link. At this point, wait until the devices have detected each other and are operating as a slave-master pair (see Monitoring - Reservation). The scheme at this stage will look as follows: Figure 37 —...
  • Page 194 The block scheme for determining seniority: Handling of connection via global or local link. SBC session border controllers...
  • Page 195 When connecting a device to an already operating device, you must disconnect all WAN links on the device to be connected, connect the LAN link to an operating (MASTER) SBC, wait for negotiation, connect the WAN links to SLAVE, otherwise the newly connected device may be detected as MASTER and transfer its irrelevant Operation files.

  • Page 196: Appendix D. Management And Monitoring Via Snmp

    Set {} S snmpset -v2c -c private -m +ELTEX-SBC $ip_sbc \ sbcUpdateFw.0 s \ "smg1016m_firmware_sbc_1.9.0.51.bin 192.0.2.2" Set {} "NULL"111 snmpset -v2c -c private -m +ELTEX-SBC $ip_sbc \ getUserByNumber.0 s "NULL" Set {} A111 snmpset -v2c -c private -m +ELTEX-SBC $ip_sbc \ sbcSyslogTracesAddress.0 a 192.0.2.44...
  • Page 197 The following queries are equivalent. An example request of sbcActiveCallsCount object, which displays the number of current calls to the SBC. $ snmpwalk -v2c -c public -m +ELTEX-SBC 192.0.2.1 sbcActiveCallCount ELTEX-SBC::sbcActiveCallCount.0 = INTEGER: 22 $ snmpwalk -v2c -c public -m +ELTEX-SBC 192.0.2.1 sbc.42.1 ELTEX-SBC::sbcActiveCallCount.0 = INTEGER: 22...
  • Page 198 Name Requests Description For subordinate object, 1 or 2 is specified as number of power supply unit. Get {} sbcPowerModuleEnt 1.3.6.1.4.1.35265.1.49.36.1 see sbcPowerModuleTable Get {}.x pmExist 1.3.6.1.4.1.35265.1.49.36.1.2.x Status of the battery installation 1 — installed 2 — not installed Get {}.x pmPower 1.3.6.1.4.1.35265.1.49.36.1.3.x Power units are...
  • Page 199 In this description, the SNMP utility invocation commands will be represented by the following scripts for brevity and clarity: Swalk script implements reading values: #!/bin/bash /usr/bin/snmpwalk -v2c -c public -m +ELTEX-SBC 192.0.2.1 "$@" Sset script implements value setting: #!/bin/bash /usr/bin/snmpset -v2c -c private -m +ELTEX-SBC 192.0.2.1 "$@"...
  • Page 200 ELTEX-SBC::subRegAddr.0 = STRING: 192.0.1.22:5080 ELTEX-SBC::subSipUser.0 = STRING: Users with RTP in VLAN 609 ELTEX-SBC::subSipDest.0 = STRING: SMG ELTEX-SBC::subBloked.0 = INTEGER: 0 ELTEX-SBC::subRetries.0 = Gauge32: 0 ELTEX-SBC::subExpires.0 = Gauge32: 0 Table D.4 — View information on registered users Name Requests Description...
  • Page 201 In this description, the SNMP utility invocation commands will be represented by the following scripts for brevity and clarity: Swalk script implements reading values: #!/bin/bash /usr/bin/snmpwalk -v2c -c public -m +ELTEX-SBC 192.0.2.1 "$@" Sset script implements value setting: #!/bin/bash /usr/bin/snmpset -v2c -c private -m +ELTEX-SBC 192.0.2.1 "$@"...
  • Page 202 ELTEX-SBC::countStatTransportName.15 = STRING: 1.21_5061 ELTEX-SBC::countStatTransportName.16 = STRING: 172.30.0.1:5062 ELTEX-SBC::countStatTransportName.18 = STRING: test ELTEX-SBC::countStatTransportName.19 = STRING: vlan609_dhcp Requests by counters: 1.3.6.1.4.1.35265.1.49.43.3.1.9.20 TYPE = 3 — Cumulative counter by SIP Transport; COUNTER = 9 — unsuccessful calls terminated with SIP codes 4xx;...
  • Page 203 Name Requests Description Get {} countStatUserRedirectCalls 1.3.6.1.4.1.35265.1.49.43.1.1.300 Individual counters by codes — <CODE> number of forwarded calls where CODE — one of 1.3.6.1.4.1.35265.1.49.43.1.1.308 (completed by SIP codes 3xx) values: 300, 301, 302, 305, 308 Get {} countStatUserUnansw<CO 1.3.6.1.4.1.35265.1.49.43.1.1.400 Individual counters by codes — DE>...
  • Page 204 Name Requests Description where CODE — one of values: 400, 401, 402, 403, 404, 405, 406, 407, 408, 410, 413, 414, 415, 416, 420, 421, 422, 423, 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, 493, 500, 501, 502, 503, 504, 505, 513, 580, 600, 603, 604, 606 Get {}...
  • Page 205 Name Requests Description 487, 488, 489, 490, 491, 493, 500, 501, 502, 503, 504, 505, 513, 580, 600, 603, 604, 606 Get {} tableOfCallPerSecStatTrans 1.3.6.1.4.1.35265.1.49.43.4 Table with all instant SIP Transport port counters Get {} perSecStatTransportIndex 1.3.6.1.4.1.35265.1.49.43.4.1.2 SIP Transport indexes Get {} perSecStatTransportName 1.3.6.1.4.1.35265.1.49.43.4.1.3...
  • Page 206 Name Requests Description Get {} tableOfCallCountStatDest 1.3.6.1.4.1.35265.1.49.43.5 Table with all cumulative SIP Destination counters Get {} countStatDestIndex 1.3.6.1.4.1.35265.1.49.43.5.1.2 SIP Destination indexes Get {} countStatDestName 1.3.6.1.4.1.35265.1.49.43.5.1.3 SIP Destination names Get {} countStatDestElapsedTime 1.3.6.1.4.1.35265.1.49.43.5.1.4 Total time of active calls Get {} countStatDestIncCalls 1.3.6.1.4.1.35265.1.49.43.5.1.5 Number of incoming calls Get {}...
  • Page 207 Name Requests Description Get {} perSecStatDestMsgRcv 1.3.6.1.4.1.35265.1.49.43.6.1.7 Number of incoming SIP messages Get {} perSecStatDestMsgSend 1.3.6.1.4.1.35265.1.49.43.6.1.8 Number of outgoing SIP messages Get {} perSecStatDestAnswSucces 1.3.6.1.4.1.35265.1.49.43.6.1.9 Number of successfully received sCalls calls Get {} perSecStatDestAnswFinalEr 1.3.6.1.4.1.35265.1.49.43.6.1.10 Number of rejected calls rCalls Get {} perSecStatDestUnanswOth 1.3.6.1.4.1.35265.1.49.43.6.1.11...
  • Page 208 Outdated OIDs Some OID have been changed and in future releases old branches may be removed or replaced by new assignments. It is recommended to reconfigure monitoring systems and scripts to use the new OIDs. Table D.6 — Outdated OID Name Requests Description...

  • Page 209: Appendix E. Sbc Resource Restriction

    APPENDIX E. SBC RESOURCE RESTRICTION Parameter SBC-3000 SBC-2000 SBC-1000 Note LACP groups 802.1q table 1024 entries Static routes in routing table (switch) Network For SBC-2000 and interfaces SBC-3000 can be expanded to 500 with a 500VNI license SIP Transports For SBC-2000 and...
  • Page 210 Security/Manage ment) Entries in Fail2ban whitelist Entries in Fail2ban 16384 16384 8192 blacklist Entries in Fail2ban 16384 16384 8192 blocked list Entries in log of 10000 10000 10000 blocked addresses Firewall profiles Rules for 1000 1000 1000 incoming/outgoin g/transit traffic branches, in the profile and everything for the...

  • Page 211: Technical Support

    Contact ELTEX Service Centre to receive technical support regarding our products: Feedback form on the site: http://eltex-co.com/support/ Servicedesk: https://servicedesk.eltex-co.com Visit ELTEX official website to get the relevant technical documentation and software, send us an online request or consult a Service Centre Specialist. Official website: http://eltex-co.com/ Download center: http://eltex-co.com/support/downloads...

Table of Contents