Alcatel-Lucent OmniPCX Enterprise New features configuration for R10.1 & R10.1.1 PROCEDURE Objective To learn how to manage the new features of R10.1 & R10.1.1 Contents 1 ABC IP hybrib link and CS switchover... 3 1.1. Global system parameter... 3 1.2. Users access rights... 3 2 Apache server... 3 2.1. Deactivation of the Web Server... 3 2.2. Checking the service status... 4 3 Multi Callback translators... 4 3.1. First level: external callback tables... 4 3.1. Second level: external callback tables rules... 5 3.1.1. 3.1.2. Default rule... 5 International rule... 5 3.1.3. 3.1.4. Private rule... 5 Unknown rule... 5 3.1.5. Specific rule for multi countries... 5 3.2. Entities... 6 4 MOH G711... 6 5 Password length for SIP authentication... 7 6 Do not display Services softkey... 7 7 SSH without trusted host management... 7 8 Administrator Identity management via Radius... 8 9 srtp for SIP applications... 8
2 9.1. In OXE R10.1... 8 9.2. In OXE R10.1.1... 9
3 Implementation 1 ABC IP hybrib link and CS switchover 1.1. Global system parameter On the CS configuration : System System/Other System Param./System parameters/review\modify Hybrid Link Switchover True (default value) 1.2. Users access rights On the CS configuration : COS Class of Service/Phone Features COS/Review\Modify Tel Facility Category Accept Hybrid Link Switchover 0/1 It concerns hybrid link of type IP, B channel and D channel in permanent establishment mode This feature is validated by default at the system level and can be stopped by a Boolean. It possible to authorize or to forbid it at the user level thanks to a COS parameter. 2 Apache server 2.1. Deactivation of the Web Server On the CS configuration : Netadmin netadmin m Choice Choice Choice 11 Security The Web server is currently NOT ACTIVATED. 9 Web server configuration 1. 'Active the Web server' Do you want to activate the web server (y/n default is 'n') You have just ACTIVATED a Web server: it's sole purpose is support activities.to restore this system's SECURITY level to its former state,it is your responsibility to DISABLE this Web server when done.
4 2.2. Checking the service status On the CS : mtcl Command Apache is *not* running. service httpd status By default the Apache server is not started in R10.1. After activation a warning message inform you that a security hole has been opened on the Call Server This must be done only for accessing to the 4760i and it should be deactivated when it is no more used. The webtool application do not exist anymore. 3 Multi Callback translators 3.1. First level: external callback tables On the CS configuration : Translator Tables/ Review\Modify External Callback Table 0 Country Codes 0 Country Name Default By default the external callback translator 0 is created without any entry. This external callback translator 0 is used by default. For a standard configuration you just need to manage the entries of this translator. Tables/Create Country Codes 33 Country Name France
5 3.1. Second level: external callback tables rules 3.1.1. Default rule No.Digits To Be Removed 0 DEF Digits To Add 00 3.1.2. International rule No.Digits To Be Removed 1 Digits To Add 000 A 3.1.3. Private rule No.Digits To Be Removed 1 Digits To Add 00 B 3.1.4. Unknown rule No.Digits To Be Removed 1 Digits To Add 00 C 3.1.5. Specific rule for multi countries No.Digits To Be Removed 2 Digits To Add 33 G
6 Basic number: Enter the area code, i.e. the first digit(s) of the number received, indicating the area which is the source of the call. According to the Byte3 Type of Number received from the setup, the CS add in front of the public number the following letters : A for an international call B for a private call C unknown G national The G rule is used in order to transform a received national caller id into an international id for sending it to a user that is located in a different country than the trunk group one. The G rule to apply depends of the trunk group external callback translator (entity of this trunk group) and is managed according to its national prefix These cases must be taken into account. The entry DEF (default) must be created in order to be sure to do something. No. Digits to be removed: Enter the number of characters to be deleted at the start of the number received; Example: 1 to delete the A. Digits to add: Enter the digit(s) to be added which correspond to the prefix. Example: 000 0: ARS or trunk group seize prefix, 00: international access. 3.2. Entities On the CS configuration : Entities Entities/Review\Modify By default for all entities it is the external callback table 0 that is used 4 MOH G711 On the CS configuration : IP IP/IP Parameters/Review\Modify Play MOH In G711 False (default value) It is possible to play the MOH in G711 instead to G729 in case of poor IP domain in order to ensure a good quality for the music broadcast.
7 5 Password length for SIP authentication On the CS configuration : SIP SIP/ SIP Ext Gateway/ Outgoing Password Incoming Password Up to 20 characters Up to 20 characters Password length is increased from 10 to 20 characters 6 Do not display Services softkey On the CS : Alcatel-Lucent 8&9 Series Alcatel-Lucent 8&9 Series/8&9 Series COS/Phone COS Hide Services Lists Yes/No 7 SSH without trusted host management On the CS : netadmin 11. 'Security' 7. 'SSH configuration' The SSH security is currently NOT set. WARNING: You must have a homogeneous system to enhance security with SSH! Do you want to enhance security with SSH (y/n, default is n)? >cat /usr/netadm/data/netdata SSH_SEC=yes The trusted hosts is disabled but SSH is activated
8 8 Administrator Identity management via Radius On the CS : swinst 2 Expert menu 6 System management 5 User's accounts management 4 Configure RADIUS authentication 8 RADIUS authentication without Local User Current configuration : RADIUS authentication with Local User:Disable 1 Enable authentication without local User Q Go back to previous menu 4 View RADIUS users Login: RADIUS_common Account: mtcl By default the OXE is working with local Radius users account. In the users list, there is a Radius-common account with mtcl access right which is created by default. If the account used by the user is not declared in the OXE, it is this default account that is used if the Radius confirm that login/password provided are right 9 srtp for SIP applications 9.1. In OXE R10.1 On the CS : System /System/Other system parameters/sip Parameters/ SRTP TLS Offer answer mode True/False True 2 keys SIP-ISDN TLS in local No network encryption, no encrypted SIP appli on the node False 1 key encrypted SIP appli and network encryption are available No SIP-ISDN TLS
9 9.2. In OXE R10.1.1 Sur le CS : System /System/Other system parameters/sip Parameters/ SRTP Offer answer mode True/False True False SIP-APPLI can work in 2 keys All the network is in R10.1.1 at least and SRTP OFFER ANSWER MODE is set to true on all nodes SIP APPLI work in the same way as in R10.1 with 1 key Now there is only one parameter for selecting the SIP appli mode SIP-ISDN TLS is now compatible with ABC network and SIP appli