Configuring IP Groups
The IP Groups table lets you configure up to
You can use IP Groups for the following:
■ | Classifying incoming SIP dialog-initiating requests (e.g., INVITE messages) to IP Groups based on Proxy Set. If the source address of the incoming SIP dialog is defined for a Proxy Set, the device assigns ("bonds") the SIP dialog to the IP Group associated with the Proxy Set. The feature is configured using the IP Groups table's 'Classify by Proxy Set' parameter. |
■ | Classifying incoming SIP dialog-initiating requests (e.g., INVITE messages) to IP Groups based on source tags of the incoming dialog. Tag-based classification occurs only if Classification based on user registration and on Proxy Set fail. For more information, see Configuring Classification Based on Tags. |
■ | Representing the source and destination of calls in IP-to-IP Routing rules (see Configuring SBC IP-to-IP Routing Rules). |
■ | SIP dialog registration and authentication (digest user/password) of specific IP Groups (Served IP Group, e.g., corporate IP-PBX) with other IP Groups (Serving IP Group, e.g., ITSP). This is configured in the Accounts table (see Configuring Registration Accounts). |
■ | Included in routing decisions by a third-party routing server or ARM. If necessary for routing, the routing server or ARM can even create an IP Group. For more information, see Centralized Third-Party Routing Server. |
You can also apply the device's Quality of Experience feature to IP Groups:
■ | Quality of Experience Profile: Call quality monitoring based on thresholds for voice metrics (e.g., MOS) can be applied per IP Group. For example, if MOS is considered poor, calls belonging to this IP Group can be rejected. To configure Quality of Experience Profiles, see Configuring Quality of Experience Profiles. |
■ | Bandwidth Profile: Bandwidth utilization thresholds can be applied per IP Group. For example, if bandwidth thresholds are crossed, the device can reject any new calls on this IP Group. To configure Bandwidth Profiles, see Configuring Bandwidth Profiles. |
● | If you delete an IP Group or modify the 'Type' or 'SRD' parameters, the device immediately terminates currently active calls that are associated with the IP Group. In addition, all users belonging to the IP Group are removed from the device's users database. |
● | The device supports up to 5,000 IP Groups only when it has 32-GB or 64-GB RAM. For less than 32-GB RAM, the maximum is 1,500 IP Groups. |
The following procedure describes how to configure IP Groups through the Web interface. You can also configure it through ini file [IPGroup] or CLI (configure voip > ip-group).
➢ | To configure an IP Group: |
1. | Open the IP Groups table (Setup menu > Signaling & Media tab > Core Entities folder > IP Groups). |
2. | Click New; the following dialog box appears: |
3. | Configure an IP Group according to the parameters described in the table below. |
4. | Click Apply. |
IP Groups Table Parameter Descriptions
Parameter |
Description |
|||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
'SRD' srd-name [SRDName] |
Assigns an SRD to the IP Group. If only one SRD is configured in the SRDs table, the SRD is assigned by default. If multiple SRDs are configured in the SRDs table, no value is assigned by default and you must assign one. To configure SRDs, see Configuring SRDs. Note: The parameter is mandatory. |
|||||||||||||||||||||||||||||||||||||||||||||||||||
General |
||||||||||||||||||||||||||||||||||||||||||||||||||||
'Index' [Index] |
Defines an index for the new table row. Note:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
'Name' name [Name] |
Defines a descriptive name, which is used when associating the row in other tables. The valid value is a string of up to 40 characters. Note:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
'Topology Location' topology-location [TopologyLocation] |
Defines the display location of the IP Group in the Topology view of the Web interface.
For more information on the Topology view, see Building and Viewing SIP Entities in Topology View. |
|||||||||||||||||||||||||||||||||||||||||||||||||||
'Type' type [Type] |
Defines the type of IP Group.
Typically, this IP Group is configured with a Serving IP Group that represents an IP-PBX, Application or Proxy server that serves this User-type IP Group. Each SIP request sent by a user of this IP Group is proxied to the Serving IP Group. For registrations, the device updates its registration database with the AOR and contacts of the users.
To route a call to a registered user, a rule must be configured in the SBC IP-to-IP Routing table. The device searches the dynamic database (by using the Request-URI) for an entry that matches a registered AOR or Contact. Once an entry is found, the IP destination is obtained from this entry and a SIP request is sent to the destination. The device also supports NAT traversal for the SIP clients located behind NAT. In this case, the device must be defined with a global IP address.
The IP address of the Gateway-type IP Group is obtained dynamically from the host part of the Contact header in the REGISTER request received from the IP Group. Therefore, routing to this IP Group is possible only once a REGISTER request is received (i.e., IP Group is registered with the device). If a REGISTER refresh request arrives, the device updates the new location (i.e., IP address) of the IP Group. If the REGISTER fails, no update is performed. If an UN-REGISTER request arrives, the IP address associated with the IP Group is deleted and therefore, no routing to the IP Group is done. You can view the registration status of the Gateway-type IP Group in the 'GW Group Registered Status' field, and view the IP address of the IP Group in the 'GW Group Registered IP Address' field if it is registered with the device. |
|||||||||||||||||||||||||||||||||||||||||||||||||||
'Proxy Set' proxy-set-name [ProxySetName] |
Assigns a Proxy Set to the IP Group. All INVITE messages destined to the IP Group are sent to the IP address configured for the Proxy Set. To configure Proxy Sets, see Configuring Proxy Sets. Note:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
'IP Profile' ip-profile-name [ProfileName] |
Assigns an IP Profile to the IP Group. By default, no value is defined. To configure IP Profiles, see Configuring IP Profiles. |
|||||||||||||||||||||||||||||||||||||||||||||||||||
'Media Realm' media-realm-name [MediaRealm] |
Assigns a Media Realm to the IP Group. The Media Realm determines the UDP port range and maximum sessions on a specific IP interface for media traffic associated with the IP Group. By default, no value is defined. To configure Media Realms, see Configuring Media Realms. Note: If you delete a Media Realm in the Media Realms table that is assigned to the IP Group, the parameter value reverts to undefined. |
|||||||||||||||||||||||||||||||||||||||||||||||||||
'Internal Media Realm' internal-media-realm-name [InternalMediaRealm] |
Assigns an "internal" Media Realm to the IP Group. This is applicable when the device is deployed in a Microsoft Teams environment. The device selects this Media Realm (instead of the Media Realm assigned by the 'Media Realm' parameter above) if the value of the X-MS-UserLocation header in the incoming SIP message is "Internal" and the 'Teams Local Media Optimization Handling' parameter (see below) is configured to any value other than None. The Media Realm determines the UDP port range and maximum sessions on a specific IP interface for media traffic associated with the IP Group. By default, no value is defined. To configure Media Realms, see Configuring Media Realms. Note:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
'Contact User' contact-user [ContactUser] |
Defines the user part of the From, To, and Contact headers of SIP REGISTER messages, and the user part of the Contact header of INVITE messages received from this IP Group and forwarded by the device to another IP Group. The valid value is a string of up to 60 characters. By default, no value is defined. Note:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
'SIP Group Name' sip-group-name [SIPGroupName] |
Defines the hostname (e.g., 194.90.179.0) which the device uses to overwrite the original host part of the URI in certain SIP headers. Therefore, the parameter allows you to implement topology hiding in SIP messages, by concealing the host part of the communicating UAs from each another. The affected SIP headers depend on whether the IP Group is the destination or source of the call:
The valid value is a string of up to 100 characters. By default, no value is defined. Note:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
'Created By Routing Server' [CreatedByRoutingServer] |
(Read-only) Indicates if the IP Group was created by a third-party routing server or ARM:
For more information on the third-party routing server or ARM feature, see Centralized Third-Party Routing Server. |
|||||||||||||||||||||||||||||||||||||||||||||||||||
'Used By Routing Server' used-by-routing-server [UsedByRoutingServer] |
Enables the IP Group to be used by a third-party routing server or ARM for call routing decisions.
For more information on the third-party routing server or ARM feature, see Centralized Third-Party Routing Server. |
|||||||||||||||||||||||||||||||||||||||||||||||||||
'Proxy Set Connectivity' show voip proxy sets status [ProxySetConnectivity] |
(Read-only field) Displays the connectivity status with Server-type IP Groups. As the Proxy Set defines the address of the IP Group, the connectivity check (keep-alive) by the device is done to this address.
The connectivity status is also displayed in the Topology View page (see Building and Viewing SIP Entities in Topology View). Note:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
SBC General |
||||||||||||||||||||||||||||||||||||||||||||||||||||
'Classify By Proxy Set' classify-by-proxy-set [ClassifyByProxySet] |
Enables the classification of incoming SIP dialog messages to a Server-type IP Group based on Proxy Set.
By default, the device checks if the source IP address (ISO Layer 3) of the incoming SIP dialog matches an IP address in the Proxy Set that is associated with the IP Group (see the 'Proxy Set' parameter). If the Proxy Set is configured with a hostname, the device checks if the source IP address matches one of the dynamically DNS-resolved IP addresses. If such a Proxy Set exists, the device classifies the SIP dialog to the IP Group associated with this Proxy Set. You can also configure classification by Proxy Set whereby the device checks if the IP address in the SIP Contact header of the incoming SIP dialog matches an IP address in the Proxy Set that is associated with the IP Group. If the header contains a SIP URI that has an IP address (not hostname) in the host part and it matches an IP address in the Proxy Set, the call is classified to the IP Group. This mode is useful, for example, when the source IP address is an internal address. To specify which IP address to use (source IP address or SIP Contact header's IP address) in the incoming SIP message for classification by Proxy Set, use the global parameter 'Classify By Proxy Set Mode' (Setup menu > Signaling & Media tab > SIP Definitions folder > SIP Definitions General Settings). When configured to Both, the device first checks if the source IP address matches an IP address in the Proxy Set. Only if there is no match, does it check if the IP address in the SIP Contact header matches an IP address in the Proxy Set.
Note:
If the IP address is known, it's recommended to use Classification rules instead (and disable the Classify by Proxy Set feature), where the rules are configured with not only the IP address, but also with SIP message characteristics to increase the strictness of the classification process (see Configuring Classification Rules). The reason for preferring classification based on Proxy Set when the IP address is unknown is that IP address forgery (commonly known as IP spoofing) is more difficult than malicious SIP message tampering and therefore, using a Classification rule without an IP address offers a weaker form of security. When classification is based on Proxy Set, the Classification table for the specific IP Group is ignored.
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
'Validate Source IP' validate-source-ip [ValidateSourceIP] |
Enables the device to validate the source IP address of incoming SIP dialog-initiating requests (e.g., INVITE messages) by checking that it matches an IP address (or DNS-resolved IP address) in the Proxy Set that is associated with the IP Group. The feature applies both to messages that were classified to IP Groups by Proxy Set (i.e., by configuring the IP Group's 'Classify By Proxy Set' parameter to Enable), as well as to messages classified by rules in the Classification table (see Configuring Classification Rules). This feature is especially useful when you need to classify SIP dialogs originating from the same Proxy Set, into multiple IP Groups, where Classification table rules are necessary to produce the desired mapping to the different IP Groups.
Note:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
'SBC Operation Mode' sbc-operation-mode [SBCOperationMode] |
Defines the device's operational mode for the IP Group.
For more information on B2BUA and Stateful Proxy modes, see B2BUA and Stateful Proxy Operating Modes. Note:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
'SBC Client Forking Mode' sbc-client-forking-mode [EnableSBCClientForking] |
Defines call forking of INVITE messages to up to five separate SIP outgoing legs for User-type IP Groups. This occurs if multiple contacts are registered under the same AOR in the device's registration database.
Note:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
'CAC Profile' cac-profile [AdmissionProfile] |
Assigns a Call Admission Control Profile (CAC rules) to the IP Group. By default, no value is defined. To configure CAC Profiles, see Configuring Call Admission Control. |
|||||||||||||||||||||||||||||||||||||||||||||||||||
'SIP Source Host Name' sip-source-host-name [SIPSourceHostName] |
Defines a hostname, which the device uses to overwrite the hostname of the URI in certain SIP headers. The parameter allows you to implement topology hiding for the source of SIP messages, by concealing the hostname of the source UA. The valid value is a string of up to 100 characters. By default, no value is defined. When the device forwards a SIP message to this IP Group, the configured hostname overwrites the host part in SIP headers (see below) that are concerned with the source of the message:
Note:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
Advanced | ||||||||||||||||||||||||||||||||||||||||||||||||||||
'Local Host Name' local-host-name [ContactName] |
Defines the host name (string) that the device uses in the SIP message's Via and Contact headers. This is typically used to define an FQDN as the host name. The device uses this string for Via and Contact headers in outgoing INVITE messages sent to a specific IP Group, and the Contact header in SIP 18x and 200 OK responses for incoming INVITE messages received from a specific IP Group. The IP-to-Tel Routing table can be used to identify the source IP Group from where the INVITE message was received. If the parameter is not configured, these headers are populated with the device's dotted-decimal IP address of the network interface on which the message is sent. By default, no value is defined. Note: To ensure proper device handling, the parameter should be a valid FQDN. |
|||||||||||||||||||||||||||||||||||||||||||||||||||
'UUI Format' uui-format [UUIFormat] |
Enables the generation of the Avaya UCID value, adding it to the outgoing INVITE sent to this IP Group.
This provides support for interworking with Avaya equipment by generating Avaya's UCID value in outgoing INVITE messages sent to Avaya's network. The device adds the UCID in the User-to-User SIP header. Avaya's UCID value has the following format (in hexadecimal): 00 + FA + 08 + node ID (2 bytes) + sequence number (2 bytes) + timestamp (4 bytes) This is interworked in to the SIP header as follows: User-to-User: 00FA080019001038F725B3;encoding=hex Note: To define the Network Node Identifier of the device for Avaya UCID, use the 'Network Node ID' (NetworkNodeId) parameter. |
|||||||||||||||||||||||||||||||||||||||||||||||||||
'Always Use Src Address' always-use-source-addr [AlwaysUseSourceAddr] |
Enables the device to always send SIP requests and responses, within a SIP dialog, to the source IP address received in the previous SIP message packet. This feature is especially useful in scenarios where the IP Group endpoints are located behind a NAT firewall (and the device is unable to identify this using its regular NAT mechanism).
For more information on NAT traversal, see Remote UA behind NAT. |
|||||||||||||||||||||||||||||||||||||||||||||||||||
SBC Advanced |
||||||||||||||||||||||||||||||||||||||||||||||||||||
'Source URI Input' src-uri-input [SourceUriInput] |
Defines the SIP header in the incoming INVITE that is used for call matching characteristics based on source URIs.
Note:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
'Destination URI Input' dst-uri-input [DestUriInput] |
Defines the SIP header in the incoming INVITE to use as a call matching characteristic based on destination URIs. The parameter is used for classification and routing purposes. The device first uses the parameter’s settings as a matching characteristic (input) to classify the incoming INVITE to an IP Group (source IP Group) in the Classification table. Once classified, the device uses the parameter for routing the call. For example, if set to To, the URI in the To header of the incoming INVITE is used as a matching characteristic for classifying the call to an IP Group in the Classification table. Once classified, the device uses the URI in the To header as the destination.
Note:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
'SIP Connect' sip-connect [SIPConnect] |
Defines the IP Group as representing multiple registering servers, each of which may use a single registration, yet represent multiple users. In addition, it defines how the device saves registration information for REGISTER messages received from the IP Group, in its registration database. For requests routed to the IP Group's users, the device replaces the Request-URI header with the incoming To header (which contains the remote phone number).
The device classifies incoming non-REGISTER SIP dialog requests (e.g., INVITEs) from this IP Group, by first using the regular user search method in the registration database by Contact-AoR pair matching. If unsuccessful, the device searches the registration database for a matching Key 2 (i.e., Contact URI, source IP address, and port if the transport type is UDP). If no matching Key 2 exists, the device then searches for a matching Key 1 (i.e., source IP address only and port if the transport type is UDP). If no key is found at all, the device continues with the next Classification stage (e.g., by Proxy Set). Note:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
'SBC PSAP Mode' sbc-psap-mode [SBCPSAPMode] |
Enables E9-1-1 emergency call routing in a Microsoft Skype for Business environment.
For more information, see E9-1-1 Support for Microsoft Skype for Business. |
|||||||||||||||||||||||||||||||||||||||||||||||||||
'Route Using Request URI Port' use-requri-port [SBCRouteUsingRequestURIPort] |
Enables the device to use the port indicated in the Request-URI of the incoming message as the destination port when routing the message to the IP Group. The device uses the IP address (and not port) that is configured for the Proxy Set associated with the IP Group. The parameter thus allows the device to route calls to the same server (IP Group), but different port.
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
'Media TLS Context' dtls-context [DTLSContext] |
Assigns a TLS Context (TLS configuration) to the IP Group that is used for secured media sessions The default is the default TLS Context ("default" at Index 0). To configure TLS Contexts, see Configuring TLS Certificates. For more information on DTLS, see SRTP using DTLS Protocol. |
|||||||||||||||||||||||||||||||||||||||||||||||||||
'Keep Original Call-ID' sbc-keep-call-id [SBCKeepOriginalCallID] |
Enables the device to use the same call identification (SIP Call-ID header value) received in incoming messages for the call identification in outgoing messages. The call identification value is contained in the SIP Call-ID header.
Note:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
'Dial Plan' sbc-dial-plan-name [SBCDialPlanName] |
Assigns a Dial Plan to the IP Group. The device searches the Dial Plan for a dial plan rule that matches the prefix of the source number and if not found, it searches for a rule that matches the prefix of the destination number. If a matching Dial Plan rule is found, the rule's tag is used in the routing or manipulation processes as the source or destination tag. To configure Dial Plans, see Configuring Dial Plans. Note:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
'Call Setup Rules Set ID' call-setup-rules-set-id [CallSetupRulesSetId] |
Assigns a Call Setup Rule Set ID to the IP Group. The device runs the Call Setup rule immediately before the routing stage (i.e., only after the classification and manipulation stages). By default, no value is assigned. To configure Call Setup Rules, see Configuring Call Setup Rules. Note:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
'Tags' tags [Tags] |
Defines tags (name=value or value only), which can be implemented in one of the following ways:
The valid value is:
The following example configures the maximum number of tags (i.e., four name=value tags and one value-only tag): Country=Ireland;Country=Scotland;Country=RSA;Country=Canada;USA. Note: For tag-based classification, if multiple IP Groups are configured with the same tag, the device classifies the incoming SIP dialog to the first matching IP Group. |
|||||||||||||||||||||||||||||||||||||||||||||||||||
'SBC Alternative Routing Reasons Set' sbc-alt-route-reasons-set [SBCAltRouteReasonsSetName] |
Assigns an Alternative Reasons Set to the IP Group. This defines SIP response codes, which if received by the device from the IP Group, triggers alternative routing. Alternative routing could mean trying to send the SIP message to another online proxy (address) that is configured for the Proxy Set associated with the IP Group, or sending it to an alternative IP-to-IP Routing rule. For configuring Alternative Reasons Sets and for more information on how the device performs alternative routing, see Configuring SIP Response Codes for Alternative Routing Reasons. By default, no value is defined. |
|||||||||||||||||||||||||||||||||||||||||||||||||||
'Teams Local Media Optimization Handling' teams-local-media-optimization-handling [TeamsLocalMediaOptimization] |
Enables and defines Local Media Optimization handling when the central SBC device (proxy SBC scenario) is deployed in a Microsoft Teams environment. Handling is based on supplementary information provided in the SIP message by Microsoft proprietary SIP headers, X-MS-UserLocation, X-MS-MediaPath and X-MS-UserSite.
The X-MS-UserLocation and X-MS-MediaPath headers can change upon re-INVITE messages (such as for conference calls). If the call is a non-primary route (e.g., alternative route, 3xx, or forking), the device only uses the X-MS-UserLocation header in the incoming INVITE message, which it uses to select the appropriate Media Realm (as explained previously for primary routes). For non-primary routes, the media traverses the device (i.e., no direct media). For an overview of Microsoft Teams Local Media Optimization feature, see Microsoft Teams with Local Media Optimization. |
|||||||||||||||||||||||||||||||||||||||||||||||||||
'Teams Local Media Optimization Initial Behavior' teams-local-mo-initial-behavior [TeamsLocalMOInitialBehavior] |
Defines how the central SBC device (proxy SBC scenario) initially sends the received INVITE message with the SDP Offer to Teams when the device is deployed in a Microsoft Teams environment for its Local Media Optimization feature. The parameter is applicable when the device receives the SDP Offer from a remote site SBC and the 'Teams Local Media Optimization Handling' parameter is configured to Teams Decides or SBC Decides.
For an overview of Microsoft Teams Local Media Optimization feature, see Microsoft Teams with Local Media Optimization. |
|||||||||||||||||||||||||||||||||||||||||||||||||||
'Teams Local Media Optimization Site' teams-local-mo-site [TeamsLocalMOSite] |
Defines the name of the Teams site (e.g., "Singapore") within which the Teams client is located, when the device is deployed in a Microsoft Teams environment for its Local Media Optimization feature. The Teams site is indicated in the Microsoft proprietary SIP header, X-MS-UserSite of the incoming SIP message received from the Teams client. The device searches the Dial Plan, specified by the 'Regions Connectivity Dial Plan' parameter, to check if this IP Group's Teams site and the Teams site of the destination IP Group share a common group number. If they do share a group number, it means that the path between them is good for high quality voice and the device considers the call as intended for direct media (bypass). For more information, see Using Dial Plans for Microsoft Local Media Optimization. For an overview of Microsoft Teams Local Media Optimization feature, see Microsoft Teams with Local Media Optimization. Note:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
'Teams Direct Routing Mode' teams-direct-routing-mode [TeamsDirectRoutingMode] |
Enables the device to include Microsoft's proprietary X-MS-SBC header in outgoing SIP INVITE and OPTIONS messages in a Microsoft Teams Direct Routing environment. The header is used by Microsoft Teams to identify vendor equipment
Note:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
'Metering Remote Type' metering-remote-type [MeteringRemoteType] |
Defines if the IP Group represents the VoiceAI Connect entity.
Note: Leave the parameter at its default setting (i.e., Regular). The parameter is used only by AudioCodes support. |
|||||||||||||||||||||||||||||||||||||||||||||||||||
Quality of Experience |
||||||||||||||||||||||||||||||||||||||||||||||||||||
'QoE Profile' qoe-profile [QOEProfile] |
Assigns a Quality of Experience Profile rule. By default, no value is defined. To configure Quality of Experience Profiles, see Configuring Quality of Experience Profiles. |
|||||||||||||||||||||||||||||||||||||||||||||||||||
'Bandwidth Profile' bandwidth-profile [BWProfile] |
Assigns a Bandwidth Profile rule. By default, no value is defined. To configure Bandwidth Profiles, see Configuring Bandwidth Profiles. |
|||||||||||||||||||||||||||||||||||||||||||||||||||
'User Voice Quality Report' user-voice-quality-report [UserVoiceQualityReport] |
Enables MOS calculation and reporting of calls belonging to users that are registered with the device.
For more information on this feature, see Configuring Voice Quality for Registered Users. Note:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
Message Manipulation |
||||||||||||||||||||||||||||||||||||||||||||||||||||
'Inbound Message Manipulation Set' inbound-mesg-manipulation-set [InboundManSet] |
Assigns a Message Manipulation Set (rule) to the IP Group for SIP message manipulation on the inbound leg. By default, no value is defined. To configure Message Manipulation rules, see Configuring SIP Message Manipulation. Note:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
'Outbound Message Manipulation Set' outbound-mesg-manipulation-set [OutboundManSet] |
Assigns a Message Manipulation Set (rule) to the IP Group for SIP message manipulation on the outbound leg. By default, no value is defined. To configure Message Manipulation rules, see Configuring SIP Message Manipulation. Note: If you assign a Message Manipulation Set ID that includes rules for manipulating the host name in the Request-URI, To, and/or From SIP headers, the parameter overrides the 'SIP Group Name' parameter. |
|||||||||||||||||||||||||||||||||||||||||||||||||||
'Message Manipulation User-Defined String 1' msg-man-user-defined-string1 [MsgManUserDef1] |
Defines a value for the SIP user part that can be used in Message Manipulation rules configured in the Message Manipulations table. The Message Manipulation rule obtains this value from the IP Group, by using the following syntax: param.ipg.<src|dst>.user-defined.<0>. The valid value is a string of up to 30 characters. By default, no value is defined. To configure Message Manipulation rules, see Configuring SIP Message Manipulation. |
|||||||||||||||||||||||||||||||||||||||||||||||||||
'Message Manipulation User-Defined String 2' msg-man-user-defined-string2 [MsgManUserDef2] |
Defines a value for the SIP user part that can be used in Message Manipulation rules configured in the Message Manipulations table. The Message Manipulation rule obtains this value from the IP Group, by using the following syntax: param.ipg.<src|dst>.user-defined.<1>. The valid value is a string of up to 30 characters. By default, no value is defined. To configure Message Manipulation rules, see Configuring SIP Message Manipulation. |
|||||||||||||||||||||||||||||||||||||||||||||||||||
'Proxy Keep-Alive using IP Group Settings' proxy-keepalive-use-ipg [ProxyKeepAliveUsingIPG] |
Enables the device to apply certain IP Group settings to keep-alive SIP OPTIONS messages that are sent by the device to the proxy server. The parameter is applicable only if you have enabled proxy keep-alive for the Proxy Set that is associated with the IP Group (see Configuring Proxy Sets).
Note: When multiple IP Groups are associated with the same Proxy Set, the parameter can be enabled only on one of them. |
|||||||||||||||||||||||||||||||||||||||||||||||||||
SBC Registration and Authentication |
||||||||||||||||||||||||||||||||||||||||||||||||||||
'Max. Number of Registered Users' max-num-of-reg-users [MaxNumOfRegUsers] |
Defines the maximum number of users in this IP Group that can register with the device. The default is -1, meaning that no limitation exists for registered users. Note: The parameter is applicable only to User-type IP Groups. |
|||||||||||||||||||||||||||||||||||||||||||||||||||
'Registration Mode' registration-mode [RegistrationMode] |
Defines the registration mode for the IP Group.
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
'Dedicated Connection Mode' dedicated-connection-mode [DedicatedConnectionMode] |
Enables the device to establish and use a dedicated TCP (TLS) connection with the SIP registrar server per user listed in the SBC User Information table. The dedicated connection is established when the device initially registers (SIP REGISTER) the user with the server. All subsequent SIP dialogs (e.g., INVITE) originating from the user are sent to the server over this dedicated connection. If you enable this feature and there is no valid dedicated connection when the user sends a SIP dialog-initiating request, the device rejects the SIP dialog. This also triggers the device to do a registration refresh with the server for the specific user.
Note:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
'User Stickiness' sbc-user-stickiness [SBCUserStickiness] |
Enables user "stickiness" (binding) to a specific registrar server. The registrar server is one of the IP addresses of the Proxy Set associated with this Server-type IP Group. This feature applies to users belonging to a User-type IP Group that are routed to this destination Server-type IP Group.
Note:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
'User UDP Port Assignment' user-udp-port-assignment [UserUDPPortAssignment] |
Enables the device to assign a unique, local UDP port (for SIP signaling) per registered user (User-type IP Group) on the leg interfacing with the proxy server (Server-type IP Group). The port is used for incoming (from the proxy to the user) and outgoing (from the user to the proxy) SIP messages. Therefore, the parameter must be enabled for the IP Group of the proxy server.
The device assigns a unique port upon the first REGISTER request received from the user. Subsequent SIP messages other than REGISTER messages (e.g., INVITE) from the user are sent to the proxy server on this unique local port. The device rejects the SIP request if there is no available unique port for use (due to the number of registered users exceeding the configured port range). The same unique port is also used for registration refreshes. The device de-allocates the port for registration expiry. For SIP requests from the proxy server, the local port on which they are received is irrelevant (unique port or any other port); the device doesn't use this port to identify the registered user. Note:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
'Authentication Mode' authentication-mode [AuthenticationMode] |
Defines the authentication mode.
Note: Configure the SIP request (method) types (e.g., INVITE) that the device must challenge when acting as an authentication server, using the IP Group's 'Authentication Method List' parameter.
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
'Authentication Method List' authentication-method-list [MethodList] |
Defines SIP methods received from the IP Group that must be challenged by the device when the device acts as an Authentication server. If no methods are configured, the device doesn't challenge any methods. By default, no value is defined. To define multiple SIP methods, use the backslash (\) to separate each method (e.g., INVITE\REGISTER). To authenticate only setup INVITE requests (and not re-INVITE requests), configure the parameter to "setup-invite" (without quotation marks). Note: The parameter is applicable only if you configure the device to act as an Authentication server (i.e., 'Authentication Mode' parameter is SBC as Server or SBC as Both Client and Server). |
|||||||||||||||||||||||||||||||||||||||||||||||||||
'SBC Server Authentication Type' sbc-server-auth-type [TypeSBCServerAuthType] |
Defines the authentication method when the device, as an Authentication server, authenticates SIP requests from the IP Group.
Note:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
'OAuth HTTP Service' oauth-http-service [OAuthHTTPService] |
Assigns a Remote Web Service to the IP Group. The Remote Web Service represents the OAuth 2.0 authorization server (internal or external), which the device uses to authenticate incoming SIP requests as a server. The device sends the OAuth token received from the client to the OAuth 2.0 server for authentication. To configure Remote Web Services, see Configuring Remote Web Services. For more information on OAuth-based authentication, see OAuth 2.0 Based SIP Message Authentication. Note: The parameter is applicable only if the IP Group's 'SBC Server Authentication' parameter is configured to Authenticate with OAuth Server. |
|||||||||||||||||||||||||||||||||||||||||||||||||||
'Username As Client' username-as-client [UsernameAsClient] |
Defines the username that is used when the device is challenged (SIP 401/407) by this IP Group for retrying the outgoing SIP request toward this IP Group. The valid value is a string of up to 60 characters. By default, no username is defined. Note: The parameter is applicable only if you configure the device to authenticate as a client (i.e., 'Authentication Mode' parameter is SBC as Client or SBC as Both Client and Server). |
|||||||||||||||||||||||||||||||||||||||||||||||||||
'Password As Client' password-as-client [PasswordAsClient] |
Defines the password that is used when the device is challenged (SIP 401/407) by this IP Group for retrying the outgoing SIP request toward this IP Group. The valid value is a string of up to 64 characters. By default, no password is defined. Note:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
'Username As Server' username-as-server [UsernameAsServer] |
Defines the username that is used when the device challenges (authenticates) incoming SIP requests from users belonging to this IP Group (for User-type IP Groups), or challenges SIP servers (for Server-type IP Groups). The valid value is a string of up to 60 characters. By default, no username is defined. Note: The parameter is applicable only if you configure the device to act as an Authentication server (i.e., 'Authentication Mode' parameter is SBC as Server or SBC as Both Client and Server). |
|||||||||||||||||||||||||||||||||||||||||||||||||||
'Password As Server' password-as-server [PasswordAsServer] |
Defines the password that is used when the device challenges (authenticates) incoming SIP requests from users belonging to this IP Group (for User-type IP Groups), or challenges SIP servers (for Server-type IP Groups). The valid value is a string of up to 64 characters. By default, no password is defined. Note:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
GW Group Status |
||||||||||||||||||||||||||||||||||||||||||||||||||||
'GW Group Registered IP Address' |
(Read-only field) Displays the IP address of the IP Group entity (gateway) if registered with the device; otherwise, the field is blank. Note: The field is applicable only to Gateway-type IP Groups (i.e., the 'Type' parameter is configured to Gateway). For User-type and Server-type IP Groups, the field displays "NA". |
|||||||||||||||||||||||||||||||||||||||||||||||||||
'GW Group Registered Status' |
(Read-only field) Displays if the IP Group entity (gateway) is registered with the device ("Registered" or "Not Registered"). Note: The field is applicable only to Gateway-type IP Groups (i.e., the 'Type' parameter is configured to Gateway). For User-type and Server-type IP Groups, the field displays "NA". |