Configuring SRTP Crypto Suite Groups

The SBC Crypto Suite Groups table lets you configure groups of SRTP crypto suites, which you can then assign to IP Profiles. Therefore, instead of configuring a single crypto suite for all calls using the global parameter 'Offered SRTP Cipher Suites' (as described in Configuring SRTP), you can use the SBC Crypto Suite Groups table to configure specific crypto suites for specific calls (IP Profiles). To assign an SBC Crypto Suite Group to an IP Profile, use the IP Profile's 'Crypto Suites Group' parameter (see Configuring IP Profiles).

You configure an SBC Crypto Suite Group using two tables with "parent-child" relationship:

■

SBC Crypto Suite Groups table ("parent"): Defines the name of the SBC Crypto Suite Group. You can configure up to 10 SBC Crypto Suite Groups.

■

Crypto Suites table ("child"): Defines the crypto suites for the SBC Crypto Suite Group. You can configure each SBC Crypto Suite Group with up to 4 crypto suites.

The following procedure describes how to configure SBC Crypto Suite Groups through the Web interface. You can also configure it through other management platforms:

■

SBC Crypto Suite Groups table: ini file [CryptoSuitesGroups] or CLI (configure voip > media crypto-suites-groups)

■

Crypto Suites table: ini file [CryptoSuites] or CLI (configure voip > media crypto-suites-groups > crypto-suites)

➢

To configure an SBC Crypto Suite Group:

Open the SBC Crypto Suite Groups table (Setup menu > Signaling & Media tab > Media folder > SBC Crypto Suite Groups).

Click New; the following dialog box appears:

Configure a name for the SBC Crypto Suite Group according to the parameters described in the table below.

Click Apply.

SBC Crypto Suite Groups Table Parameter Descriptions

Parameter	Description
'Index' [Index]	Defines an index number for the new table row. Note: Each row must be configured with a unique index.
'Name' crypto-suites-group-name [Name]	Defines a descriptive name, which is used when associating the row in other tables. The valid value is a string of up to 40 characters. Note: The parameter value must be unique.

Parameter

Description

'Index'

[Index]

Defines an index number for the new table row.

Note: Each row must be configured with a unique index.

'Name'

crypto-suites-group-name

[Name]

Defines a descriptive name, which is used when associating the row in other tables.

The valid value is a string of up to 40 characters.

Note: The parameter value must be unique.

In the SBC Crypto Suite Groups table, select the row for which you want to configure crypto suites, and then click the Crypto Suites link located below the table; the Crypto Suites table appears.

Click New; the following dialog box appears:

Configure a rule according to the parameters described in the table below.

Click New, and then save your settings to flash memory.

Crypto Suites Table Parameter Descriptions

Parameter

Description

General

'Index'

crypto-suites <index/index>

[CryptoSuiteIndex]

Defines an index number for the new table row.

Note: Each row must be configured with a unique index.

'Supported Crypto Suite'

crypto-suite

[CryptoSuite]

Defines the SRTP crypto suite.

■

[63] All

■

[1] AES-CM-128-HMAC-SHA1-80

■

[2] AES-CM-128-HMAC-SHA1-32

■

[16] AES-256-CM-HMAC-SHA1-80

■

[32] AES-256-CM-HMAC-SHA1-32

Note: You can configure up to four crypto suites in the Crypto Suites table (i.e., per SBC Crypto Suite Groups). Therefore, if you configure the parameter to All (which means all four crypto suites), no additional table rows can be added to the table.