Configuring IP Network Interfaces
The IP Interfaces table lets you configure up to 16 IP Interfaces.
An IP Interface is a local network interface (IPv4 and IPv6) that is used by the device to communicate with external network entities as well as internal embedded servers. External network entities includes, for example, SIP proxy and registrar servers, SIP trunks, RADIUS servers, LDAP servers, OVOC server, and Web (HTTP) based servers. Internal embedded servers includes, for example, the device's management interfaces (Web interface, CLI, REST, and SNMP) and NGINX server.
The device is shipped with a default IP Interface (Index #0 and named "O+M+C") that has an IPv4 address (see Default IP Address). This default IP Interface can be used for all types of traffic (Application Types) - Operations, Administration, Maintenance and Provisioning (OAMP), Media (RTP or voice) and Control (SIP signaling).
The default IPv4 OAMP IP Interface is used by default by many of the device's features. For example, access to the device's management interfaces (Web, REST, CLI over Telnet, CLI over SSH, and SNMP) uses this default IP Interface. This default IP Interface is also used by features if you don't specify an IP Interface (e.g., syslog). For some features (e.g., WebSocket tunneling and OVOC-managed licensing such as Floating License), you can't specify the IP Interface, and they use this default IP Interface. In addition, the device uses this default IP Interface for DNS if the IP Interface that you have associated with a feature is not configured with a DNS server (see the 'Primary DNS' parameter in this section for more information).
Therefore, it's recommended NOT to delete this default IPv4 OAMP interface. However, if you do need to delete it (for example, to deploy an all-IPv6 network environment), then make sure that you have assigned valid IP Interfaces to all the features that you are using.
You can configure IP Interfaces for specific traffic (Application Type):
|
■
|
OAMP: The default IP Interface is used for accessing the device's management interfaces - Web, CLI (Telnet and SSH), REST, and SNMP. However, you can configure different IP Interfaces for management interfaces (with any Application Type) and then assign them to the relevant management interface: |
|
●
|
You can configure IP Interfaces for management interfaces with any Application Type (OAMP, Media, Control, or any combination). However, at least one OAMP IP Interface must be configured in the IP Interfaces table. |
|
●
|
By default, the Web Interfaces, Telnet Interfaces, and SSH Interfaces tables all provide a pre-configured interface that is associated with the default IP Interface (IPV4 OAMP). |
|
■
|
Media: This Application Type is used for media (RTP or voice) traffic. |
|
■
|
Control: This Application Type is used for SIP signaling traffic (messaging). |
|
■
|
MAINTENANCE: This Application Type is used for HA maintenance traffic when the device operates in High-Availability (HA) mode. |
You can configure the device with a single IP Interface (default) for all Application Types. Alternatively, you can configure multiple logical, IP Interfaces for these applications. You may need to logically separate network segments for these applications for administration and security. This can be achieved by employing Layer-2 VLANs and Layer-3 subnets. The figure below illustrates a typical network architecture where the device is configured with three IP Interfaces, each representing the OAMP, Control, and Media applications. The device is connected to a VLAN-aware switch for directing traffic from and to the device to the three separated Layer-3 broadcast domains according to VLAN tags (middle pane).
Prior to configuring your IP Interfaces, please adhere to the following guidelines:
|
■
|
At least one OAMP interface must be configured (IPv4 or IPv6). |
|
■
|
Up to two OAMP interfaces can be configured, each with a different IP version (IPv4 or IPv6). |
|
■
|
OAMP interfaces can be combined with Media and Control type interfaces. |
|
■
|
At least one Media interface must be configured (IPv4 or IPv6). The Media interface can be combined with OAMP and/or Control type interfaces. |
|
■
|
At least one Control interface must be configured (IPv4 or IPv6). The Control interface can be combined with OAMP and/or Media type interfaces. |
|
■
|
Multiple Control and Media interfaces can be configured and they can have overlapping IP addresses and subnets.
|
|
■
|
The prefix length replaces the dotted-decimal subnet mask presentation and must have a value of 0-31 for IPv4 addresses, and a value of 64 for IPv6 addresses. |
|
■
|
IP Interface types (OAMP, Media, and Control) can be combined: |
|
◆
|
One combined OAMP-Media-Control interface with an IPv4 address. |
|
◆
|
One combined OAMP-Media-Control interface with an IPv6 address. |
|
◆
|
One OAMP interface with an IPv4 address. |
|
◆
|
One or more Control interfaces with IPv4 addresses. |
|
◆
|
One or more Media interfaces with IPv4 addresses. |
|
◆
|
One OAMP interface with an IPv4 address. |
|
◆
|
One combined Media-Control interface with an IPv4 address. |
|
◆
|
One combined Media-Control interface with an IPv6 address. |
|
■
|
Multiple IP Interfaces that are assigned to the same Ethernet Device can't be configured with different Default Gateways. If you need to use a different Default Gateway for one of the subnets defined on this Ethernet Device to reach a specific network (and not a default destination route), configure a Static Route rule. |
|
■
|
The address of the Default Gateway must be in the same subnet as the associated IP Interface. Additional static routing rules can be configured in the Static Routes table. |
|
■
|
The IP Interface name must be configured (mandatory) and must be unique for each interface. |
|
■
|
Each IP Interface must be assigned an Ethernet Device.
You can assign the same Ethernet Device to multiple IP Interfaces. However, for IP Interfaces that are assigned the same Ethernet Device (VLAN), only one of the IP Interfaces can be configured for dynamic IPv6 addressing. |
The following procedure describes how to configure IP network interfaces through the Web interface. You can also configure it through ini file [InterfaceTable] or CLI (configure network > interface network-if).
|
➢
|
To configure IP Interfaces: |
|
1.
|
Open the IP Interfaces table (Setup menu > IP Network tab > Core Entities folder > IP Interfaces). |
|
2.
|
Click New; the following dialog box appears: |
|
3.
|
Configure the IP network interface according to the parameters described in the table below. |
|
5.
|
On the toolbar, click Save to save your settings to flash memory. |
|
●
|
If you change the address of the OAMP interface through which you are currently connected to the device and then click Apply, connectivity with the device is lost. You then need to re-access the device with the new OAMP address, and then click the Save button on the toolbar for the new address to take effect. |
|
●
|
If you edit or delete an IP Interface, current calls using the interface are immediately terminated. |
|
●
|
If you delete an IP Interface, rows configured in other tables (e.g., Media Realms table) that are associated with the deleted IP Interface, lose their association with the IP Interface('Interface Name' field displays "None") and the rows become invalid. |
|
●
|
The SBC Configuration Wizard isn't supported and isn't available in the Web interface (see SBC Configuration Wizard) if you configure any IPv6 interfaces in the IP Interfaces table. |
|
●
|
To view currently active IP Interfaces, click the IP Interface Status Table link located at the bottom of the table. For more information, see Viewing Active IP Interfaces. |
|
●
|
Upon device start up, the IP Interfaces table is parsed and passes a comprehensive validation test. If any errors occur during this validation phase, the device sends an error message to the syslog server and falls back to a "safe mode", using a single interface without VLANs. it's recommended that you view the syslog messages that the device sends at startup to see if any errors occurred. |
|
●
|
Complementing the IP Interfaces table is the Static Routes table, which lets you configure static routing rules for non-local hosts/subnets. For more information, see Configuring Static IP Routing. |
IP Interfaces Table Parameters Description
|
|
General |
'Index'
network-if
[Index]
|
Defines an index number for the new table row.
Note: Each row must be configured with a unique index.
|
'Name'
name
[InterfaceName]
|
Defines a name for the interface.
The valid value is a string of up to 16 characters. The default (if no name is configured) is "Interface_n", where n is the row index number.
Note:
|
■
|
Configure each row with a unique name. |
|
■
|
The parameter value cannot contain a forward slash (/). |
|
'Application Type'
application-type
[ApplicationTypes]
|
Defines the type of application (traffic) for which you want to use the IP Interface (see note below).
|
■
|
[0] OAMP = This IP Interface type is the device's Operations, Administration, Maintenance and Provisioning (OAMP) management interface, which is used for device management through Web, CLI (Telnet and SSH), SNMP, and REST. The device is shipped with a default OAMP (and Media and Control) interface which has an IPv4 address (see Default IP Address). By default, this IPv4 OAMP interface is also used for various device applications such as syslog and debugging (but you can configure the device to use different IP Interfaces for these applications). |
|
■
|
[1] Media = This IP Interface type is typically used for media (i.e., RTP streams of voice). |
|
■
|
[2] Control = This IP Interface is typically used for the SIP call control application. |
|
■
|
[3] OAMP + Media = Combined OAMP and Media applications. |
|
■
|
[4] OAMP + Control = Combined OAMP and Call Control applications. |
|
■
|
[5] Media + Control = Combined Media and Call Control applications. |
|
■
|
[6] OAMP + Media + Control = Combined All application types are allowed on the interface. |
|
■
|
[99] MAINTENANCE = This IP Interface is used when the device is in High-Availability (HA) mode and is for HA maintenance traffic. This IP Interface represents one of the LAN interfaces or Ethernet Groups on each device in the HA system, used for the Ethernet connectivity between the two devices. For more information on HA and the Maintenance interface, see Configuring High Availability. |
Note:
|
■
|
You can configure up to two OAMP interfaces (dedicated or combined with Media and/or Control), but each must have a different IP version (IPv4 or IPv6). At least one OAMP interface must exist in the IP Interfaces table. |
|
■
|
If you edit or delete the MAINTENANCE interface (for HA mode), you must restart the device for your changes to take effect.
|
|
'Ethernet Device'
underlying-dev
[UnderlyingDevice]
|
Assigns an Ethernet Device (see Configuring Underlying Ethernet Devices) to the IP interface.
An Ethernet Device is a Layer-2 bridging device, which is a VLAN that is associated with a physical Ethernet port (Ethernet Group). This is useful for setting trusted and untrusted networks on different physical Ethernet ports. You can assign the same Ethernet Device to multiple IP Interfaces, providing multi-homing IP configuration (i.e., multiple IP addresses on the same interface / VLAN).
By default, no value is defined.
Note:
|
■
|
The parameter is mandatory. |
|
■
|
For IP Interfaces that are assigned the same Ethernet Device (VLAN), only one of the IP Interfaces can be configured for dynamic IPv6 addressing (i.e., 'Interface Mode' parameter below configured to IPv6 Stateless or IPv6 DHCP). |
|
IP Address
|
'Interface Mode'
mode
[InterfaceMode]
|
Defines the method to configure the IP address of the IP Interface.
|
■
|
[0] IPv6 Stateless = This option dynamically acquires an IPv6 address for the IP Interface, using the IPv6 Stateless Address Autoconfiguration (SLAAC) method. This auto-configures the IP Interface with an IPv6 address without the need for the device to manage a DHCP server. The device generates the IPv6 address using local and non-local information. The non-local information is the prefix advertised by routers, which forms the first 64-bit segment (network part) of the 128-bit address. The local information is generated by the device using an algorithm based on the device's MAC address, which forms the second 64-bit segment (client ID). The device ensures that a unique IPv6 address is generated for the IP Interface. This option can also be used to acquire the addresses for the DNS servers through DHCP (see 'Primary DNS' and 'Secondary DNS' parameters below), and the address for the Default Gateway through Router Advertisement (RA) messages (see 'Default Gateway' parameter below). |
|
■
|
[3] IPv6 Manual Prefix = This option is used if you want to manually configure an IPv6 prefix (higher 64 bits) while the interface ID (the lower 64 bits) is derived from the device's MAC address.
|
|
■
|
[4] IPv6 Manual = This option is used if you want to manually configure an IPv6 address (128 bits).
|
|
■
|
[10] IPv4 Manual = (Default) This option is used if you want to manually configure an IPv4 address (32 bits).
|
|
■
|
[13] IPv6 DHCP = This option dynamically acquires an IPv6 address for the IP Interface, using the Stateful (DHCPv6) Autoconfiguration method. The device acts as a DHCP client to obtain the IPv6 address(es) from an external DHCP server. The device sends a DHCP request once you have configured the IP Interface and upon every device restart. The DHCP server can also provide the addresses for the DNS servers (see 'Primary DNS' and 'Secondary DNS' parameters below) and the address for the Default Gateway (see 'Default Gateway' parameter below). Based on the DHCP lease time, the device renews its lease over the IP address(es) with the DHCP server. |
Note:
|
■
|
When you configure the parameter to IPv6 Stateless or IPv6 DHCP, the following parameters become read-only: 'IP Address', 'Prefix Length', 'Default Gateway', Primary DNS', and 'Secondary DNS'. |
|
■
|
Dynamic IPv6 addressing (i.e., options IPv6 Stateless and IPv6 DHCP) doesn't support High-Availability (HA) mode. |
|
'IP Address'
ip-address
[IPAddress]
|
Defines an IP address.
The valid value is an IPv4 address (in dotted-decimal notation) or an IPv6 address (see RFC 4291). By default, no value is defined.
Note:
|
■
|
If you configure the 'Interface Mode' parameter (see above) to IPv6 Manual Prefix, IPv6 Manual, or IPv4 Manual, the 'IP Address' parameter is mandatory. |
|
■
|
For IPv6, instead of configuring a static address using this parameter, you can use dynamic IPv6 addressing (stateless or stateful) to autoconfigure the IP Interface with an IPv6 address (and optionally, with DNS addresses and the Default Gateway address). Therefore, if you configure the 'Interface Mode' parameter (see above) to IPv6 Stateless or IPv6 DHCP, the 'IP Address' parameter is read-only and automatically populated with the dynamic IPv6 address after you apply your IP Interface settings. |
|
'Prefix Length'
prefix-length
[PrefixLength]
|
Defines the prefix length of the related IP address. This is a Classless Inter-Domain Routing (CIDR)-style representation of a dotted-decimal subnet notation. The CIDR-style representation uses a suffix indicating the number of bits which are set in the dotted-decimal format. For example, 192.168.0.0/16 is synonymous with 192.168.0.0 and subnet 255.255.0.0. This CIDR lists the number of ‘1’ bits in the subnet mask (i.e., replaces the standard dotted-decimal representation of the subnet mask for IPv4 interfaces). For example, a subnet mask of 255.0.0.0 is represented by a prefix length of 8 (i.e., 11111111 00000000 00000000 00000000) and a subnet mask of 255.255.255.252 is represented by a prefix length of 30 (i.e., 11111111 11111111 11111111 11111100).
The prefix length is a Classless Inter-Domain Routing (CIDR) style presentation of a dotted-decimal subnet notation. The CIDR-style presentation is the latest method for interpretation of IP addresses. Specifically, instead of using eight-bit address blocks, it uses the variable-length subnet masking technique to allow allocation on arbitrary-length prefixes.
The valid value of the prefix length depends on the IP address version:
|
■
|
IPv6: Depends on the settings of the 'Interface Mode' parameter (above): |
Note: For IPv6, instead of configuring a static prefix length using this parameter, you can use dynamic IPv6 addressing (stateless or stateful) to autoconfigure the IP Interface with an IPv6 address and prefix (and optionally, with DNS addresses and the Default Gateway address). Therefore, if you configure the 'Interface Mode' parameter (see above) to IPv6 Stateless or IPv6 DHCP, the 'Prefix Length' parameter is read-only and automatically populated with the dynamic IPv6 address after you apply your IP Interface settings.
|
'Default Gateway'
gateway
[Gateway]
|
Defines the IP address of the Default Gateway for the IP ןnterface. When the device sends traffic from this IP Interface to an unknown destination (i.e., not in the same subnet and not defined for any static routing rule), it forwards the traffic to this Default Gateway.
By default, no value is defined.
When configuring a prefix length value of 31 (for IPv4 point-to-point connections), configure the peer IP address as the Default Gateway IP address.
Note: For IPv6, instead of configuring a static address using this parameter, you can use dynamic IPv6 addressing (stateless or stateful) to autoconfigure the IP Interface with a Default Gateway IPv6 address. Therefore, if you configure the 'Interface Mode' parameter (see above) to IPv6 Stateless or IPv6 DHCP, the 'Default Gateway' parameter becomes read-only. However, it's not populated with the obtained IPv6 address. To view the obtained Default Gateway address, use the CLI command show network route or view it in the Static Routes Status table (see Viewing Static Routes Status).
|
DNS
|
'Primary DNS'
primary-dns
[PrimaryDNSServerIPAddress]
|
Defines the primary DNS server's IP address (IPv4 or IPv6), which is used for translating (resolving) domain names (FQDNs) into IP addresses for applications that are associated with the IP Interface.
By default, no IP address is defined.
Note:
|
■
|
For IPv6, instead of configuring a static DNS address using this parameter, you can use dynamic IPv6 addressing (stateless or stateful) to obtain the address through DHCP. Therefore, if you configure the 'Interface Mode' parameter (see above) to IPv6 Stateless or IPv6 DHCP, the 'Primary DNS' parameter becomes read-only and is automatically populated with the dynamic IPv6 address after you apply your IP Interface settings. You can also manually overwrite the obtained address, by using the 'Overwrite Dynamic DNS Servers' parameter (below). |
|
■
|
If you assign an IP Interface to one of the device's entities (e.g., Proxy Set) or services (e.g., LDAP) that require DNS functionality, but the IP Interface is not configured with a DNS server: |
|
✔
|
For IPv4: The device uses the DNS server of the default IP Interface (i.e., IPv4 OAMP). If a DNS server is not configured for the IPv4 OAMP interface, DNS functionality fails. |
|
✔
|
For IPv6: The device uses the DNS server of the IPv6 OAMP Interface (if configured). If you have not configured an IPv6 OAMP interface or the interface is not configured with a DNS server, the device uses the DNS server of the default IPv4 OAMP interface (and uses an IPv6 DNS-resolved address). |
|
'Secondary DNS'
secondary-dns
[SecondaryDNSServerIPAddress]
|
Defines the secondary DNS server's IP address (IPv4 or IPv6), which is used for translating domain names into IP addresses for applications that are associated with the IP interface.
By default, no IP address is defined.
Note:
|
■
|
For IPv6, instead of configuring a static DNS address using this parameter, you can use dynamic IPv6 addressing (stateless or stateful) to obtain the address through DHCP. Therefore, if you configure the 'Interface Mode' parameter (see above) to IPv6 Stateless or IPv6 DHCP, the 'Secondary DNS' parameter becomes read-only and is automatically populated with the dynamic IPv6 address after you apply your IP Interface settings. You can also manually overwrite the obtained address, by using the 'Overwrite Dynamic DNS Servers' parameter (below). |
|
■
|
If you assign an IP Interface to one of the device's entities (e.g., Proxy Set) or services (e.g., LDAP) that require DNS functionality, but the IP Interface is not configured with a DNS server: |
|
✔
|
For IPv4: The device uses the DNS server of the default IP Interface (i.e., IPv4 OAMP). If a DNS server is not configured for the IPv4 OAMP interface, DNS functionality fails. |
|
✔
|
For IPv6: The device uses the DNS server of the IPv6 OAMP Interface (if configured). If you have not configured an IPv6 OAMP interface or the interface is not configured with a DNS server, the device uses the DNS server of the default IPv4 OAMP interface (and uses an IPv6 DNS-resolved address). |
|
'Overwrite Dynamic DNS Servers'
overwrite-dynamic-dn-servers
[OverwriteDynamicDNSServers]
|
Enables you to overwrite the DNS addresses that are obtained through DHCP for the 'Primary DNS' and 'Secondary DNS' parameters (above).
|
■
|
[0] Disable = (Default) The DNS addresses that are obtained from the DNS server and automatically used as the values for the 'Primary DNS' and 'Secondary DNS' parameters can't be overwritten (i.e., read-only). |
|
■
|
[1] Enable = The DNS addresses that are obtained from the DNS server and automatically used as the values for the 'Primary DNS' and 'Secondary DNS' parameters can be overwritten (i.e., you can manually configure the addresses instead). |
Note: This parameter is applicable only if you are implementing dynamic IPv6 addressing (i.e., 'Interface Mode' parameter configured to IPv6 Stateless or IPv6 DHCP).
|