Configuring the Edgewater 4550 for use with the Bluestone Hosted PBX



Similar documents
Installation of the On Site Server (OSS)

Optimum Business SIP Trunk Set-up Guide

nexvortex Setup Template

Fonality. Optimum Business Trunking and the Fonality Trixbox Pro IP PBX Standard Edition V p13 Configuration Guide

BroadCloud PBX Customer Minimum Requirements

MINIMUM NETWORK REQUIREMENTS 1. REQUIREMENTS SUMMARY... 1

V310 Support Note Version 1.0 November, 2011

Edgewater Routers User Guide

Edgewater Routers User Guide

Configuration Guide for connecting the Eircom Advantage 4800/1500/1200 PBXs to the Eircom SIP Voice platform.

Setup Reference guide for PBX to SBC interconnection

LAN Planning Guide LAST UPDATED: 1 May LAN Planning Guide

Abstract. Avaya Solution & Interoperability Test Lab

Knowledgebase Solution

ThinkTel ITSP with Registration Setup Quick Start Guide

FortiVoice. Version 7.00 VoIP Configuration Guide

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

Knowledgebase Solution

Hosting more than one FortiOS instance on. VLANs. 1. Network topology

Com.X Router/Firewall Module. Use Cases. White Paper. Version 1.0, 21 May Far South Networks

Chapter 6 Using Network Monitoring Tools

UCM61xx Configuration

VOIP NETWORK CONFIGURATION GUIDE RELEASE 6.10

NetComm V90 VoIP Phone Quick Start Guide Draft Release 0.1

Barracuda Link Balancer

CyberData VoIP V2 Speaker with VoIP Clock Kit Configuration Guide for OmniPCX Enterprise

Application Note Configuring the Synapse SB67070 SIP Gateway for Broadvox GO! SIP Trunking

Digium Switchvox AA65 PBX Configuration

Barracuda Link Balancer Administrator s Guide

Quick Installation Guide

Note: these functions are available if service provider supports them.

Chapter 6 Using Network Monitoring Tools

nexvortex SIP Trunking Implementation & Planning Guide V1.5

Configuring a Mediatrix 500 / 600 Enterprise SIP Trunk SBC June 28, 2011

ZyXEL IP PBX Support Note. ZyXEL IP PBX (X2002) VoIP. Support Notes

Broadband Phone Gateway BPG510 Technical Users Guide

Enabling NAT and Routing in DGW v2.0 June 6, 2012

Recommended IP Telephony Architecture

Setup Reference Guide for KX-NS1000 to SBC interconnection

V101 SIP VoIP Telephone Adaptor User Manual V1.1m

P160S SIP Phone Quick User Guide

VoIP Network Configuration Guide

SIP Trunking using Optimum Business SIP Trunk Adaptor and the Cisco Call Manager Express Version 8.5

6.40A AudioCodes Mediant 800 MSBG

Cisco Unified Communications 500 Series

TELEPHONE MAN OF AMERICA. Earning Your Business Every Step of the Way!

Setup Reference Guide for KX-NS1000 to SBC interconnection

TotalCloud Phone System

How To Check If Your Router Is Working Properly

Dramatically simplifying voice and data networking HOW-TO GUIDE. Bundle Quick Start Guide

Savvius Insight Initial Configuration

Smart Tips. Enabling WAN Load Balancing. Key Features. Network Diagram. Overview. Featured Products. WAN Failover. Enabling WAN Load Balancing Page 1

Using the NetVanta 7100 Series

F-Secure Messaging Security Gateway. Deployment Guide

Mediatrix 4404 Step by Step Configuration Guide June 22, 2011

IP PBX. SD Card Slot. FXO Ports. PBX WAN port. FXO Ports LED, RED means online

Management Software. Web Browser User s Guide AT-S106. For the AT-GS950/48 Gigabit Ethernet Smart Switch. Version Rev.

Yealink Phones User Guide Bicom Systems

ADTRAN 3120 / 3130 Internet Configuration Guide

LifeSize Video Communications Systems Administrator Guide

UIP1868P User Interface Guide

AP6511 First Time Configuration Procedure

Application Note Startup Tool - Getting Started Guide

BroadSoft Partner Configuration Guide

Polycom Phones User Guide Bicom Systems

THINKTEL COMMUNICATIONS DIGIUM G100/G200 PRI OVER IP SIP TRUNKING

Chapter 2 Connecting the FVX538 to the Internet

VoIP CONFIGURATION GUIDE FOR MULTI-LOCATION NETWORKS

Quick Start Guide v1.0

Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide. Revised February 28, :32 pm Pacific

Setup Reference Guide for KX-NS1000 to SBC SIP Trunking

EdgeMarc 4508T4/4508T4W Converged Networking Router

SSVP SIP School VoIP Professional Certification

DPH-140S SIP Phone Quick User Guide

AudioCodes. MP-20x Telephone Adapter. Frequently Asked Questions (FAQs)

Grandstream Networks, Inc. UCM6100 Security Manual

How To Check If Your Router Is Working Properly On A Nr854T Router (Wnr854) On A Pc Or Mac) On Your Computer Or Ipad (Netbook) On An Ipad Or Ipa (Networking

Chapter 3 LAN Configuration

LAN TCP/IP and DHCP Setup

Firewall Defaults and Some Basic Rules

SIP Trunking using Optimum Business Sip Trunk Adaptor and the Zultys MX250 IP PBX

Hands-on MESH Network Exercise Workbook

Business VoIP Solution Training 04/2009

Multi-Homing Security Gateway

Application Notes for Configuring Yealink T-22 SIP Phones to interoperate with Avaya IP Office - Issue 1.0

Load Balancing Router. User s Guide

Configuring SSL VPN on the Cisco ISA500 Security Appliance

SIP Trunking using Optimum Business SIP Trunk Adaptor and the Allworx 6x IP PBX

Administrator Guide KX-TGP550. SIP Cordless Phone. Phone: Model No. KX-TGP500

Configuring PA Firewalls for a Layer 3 Deployment

FSM73xx GSM73xx GMS72xxR Shared access to the Internet across Multiple routing VLANs using a Prosafe Firewall

Azatel Communications Inc. 2-Port Multi-Protocol VOIP Gateway Device Administrator Guide

Table of Contents. Confidential and Proprietary

Setup Reference Guide for KX-TDE/NCP to SBC SIP Trunking

Time Warner ITSP Setup Guide

Load Balancer LB-2. User s Guide

How To Program A Talkswitch Phone On A Cell Phone On An Ip Phone On Your Ip Phone (For A Sim Sim) On A Pc Or Ip Phone For A Sim Phone On Iphone Or Ipro (For An Ipro) On

Broadband Router ESG-103. User s Guide

IPPBX FAQ. For Firmware Version: V2.0/V

Businesses Save Money with Toshiba s New SIP Trunking Feature

Transcription:

Configuring the Edgewater 4550 for use with the Bluestone Hosted PBX NOTE: This is an advisory document to be used as an aid to resellers and IT staff looking to use the Edgewater 4550 in conjunction with Bluestone s hosted PBX services. It is not a definitive guide, please consult Edgewater s own product documentation for this purpose. Overview The Edgewater 4050 is a Linux based, session border controller (SBC) that has all the facilities necessary for successfully deploying voice and data over a small business network. Despite its small size its configuration can seem daunting to many and hence the need for this note, which will walk you through how you should segment traffic on the network and configure the network for optimum performance. IMPORTANT There is serious bug in the Edgewater firmware prior to version 11.6.19, if your unit is not at this revision level then before you do anything else upgrade to this firmware by going to System => Upgrade Firmware and then fill out these two fields like so: The Download Server is : ftp.edgewaternetworks.com The File Names is : image.bin.e4600.ewn.11.6.19 Then press Submit and wait for the box to complete the update. Setting up the Network Interfaces To easily prioritize voice over data you need to use VLANs a minimum of two. One for data and one voice. You can allocate additional VLANs if necessary but these will be used for further segmentation of your traffic that is specific to your needs and will not be covered here. On the Network Tab do this: Check Enable VLAN Support Set Default VLAN ID to 1 Enter a LAN IP address for VLAN 1 (we will use 10.0.1.1) and a subnet mask (we will use 255.255.255.0) For the WAN enter the IP, Subnet mask, Gateway and DNS information as detailed by your ISP. Save this page

Now Click on VLAN Configuration Create a new VLAN with VLAN ID = 2 IP Address = 10.0.2.1 Netmask = 255.255.255.0 Save this page Now we need to configure the Ethernet ports. At the top of the VLAN Configuration page click on VLAN Membership With VLAN ID = 1, click the check box under Member for all ports Now select VLAN ID = 2 from the drop down and do the same thing. Save the page Now click on VLAN Port at the top of the page. Port 1 will be used for local access from any PC and should be: Untagged Only PVID = 1 Port 2 will be the main access port connected to your manage Ethernet switch and should be: Tagged Only PVID is not relevant Set Port 3 and 4 as needed, suggest you make it the same as Port 2. Save the page Note on the VLANs for the Edgewater 4050 The Edgewater 4050 is not able to mix tagged and untagged packets on the same port, which is an inconvenience. The only way to service VLANs from the unit is via a Tagged Only port. This in turn means that you will need a managed (rather than an unmanaged) Ethernet switch to sit alongside the unit. As POE switches make the deployment of VoIP phones much more convenient and most POE switches are managed, this requirement is not normally a problem. Make sure that the connection from Port 2 of the Edgewater 4050 goes to a port on the switch that makes all traffic to all VLANS tagged this includes VLAN1. Configuring DHCP The EM4550 uses a lightweight version of the standard DHCP daemon. The GUI provides access to all of the basic facilities that you might need, this can be extended if you are prepared to SSH into the unit and manually edit the configuration file. The latter is covered in Appendix 1 and would typically be used for statically allocating IPs to given MAC addresses, defining domain search path and the like. DHCP can be enabled for each VLAN as needed. We will assume here that the EM4050 is providing DHCP to VLANs 1&2. Enable each in turn and define the address ranges for each, this might typically be 10.0.1.50 to 10.0.1.199 for VLAN1, and 10.0.2.50 to 10.0.2.199 for

VLAN2. The use of the 10.0.0.0/8 subnet makes it easy to distinguish VLANs from one another, and these ranges provide ample space for most small businesses and some room at either end of the address space for any static allocations you might need. DHCP Options for the Voice VLAN The data VLAN can be configured as needed for the data hosts, the phones on VLAN2 might be configured as shown in table 1. Parameter Value Comment Lease Duration 1 day TFTP Server (option 66) http://polyxxx.btcfg.com This defines the boot server for Grandstream/Polycom phones. It assumes that Allow DHCP Option 43 and Option 66 to Override Server on the Grandstream phone as been set to yes. On Polycom phones ensures that BootServer is set to Custom+Opt66 Option 160 http://polyxxx.btcfg.com This defines an alternate way to define the boot server for Polycom phones. It assumes that BootServ Opt has been set to 160. Table 1 With above setting you need not individually program the boot server for either Grandstream or Polycom phones. Note also that the URL http://polyxxx.btcfg.com should be replaced with whatever you have been provided with, eg http://polyblue.btcfg.com Configuring VoIP ALG The VoIP ALG (Application Layer Gateway) provides the means to overcome many of the limitations of the SIP protocol, particularly as it pertains to NAT traversal. The transparent SIP proxy (part of the ALG) will also reduce the amount of WAN bandwidth used. It does this by routing media between local phones via the EM4050. In other words when one extension calls another local extension the RTP stream does not flow over the WAN, it only flows locally via the EM4050 be aware that such calls add 2 to the active calls count that you have the unit licensed for.

Table 2 is a checklist for the VoIP ALG page Parameter Value Comment ALG LAN VLAN ID 2 Assuming this is the voice VLAN Allow Shared Username Yes Without this checked Grandstream phones will not work correctly see explanation in the text. Other parameters Leave as their default values. Table 2 VoIP ALG => SIP In this sub tab we define the SIP servers allocated to the account and put the EM4050 into transparent proxy mode. The Bluestone service provides primary and secondary servers for each account. These must be entered into the List of SIP Servers. Use the Add a new proxy table to first add the primary server and then add the secondary server. These MUST be IP addresses, unfortunately the EM4550 does not accept URLs here. If you don t know the IP then simply ping the URL from a Windows PC and it will give you the IP. If you are using a Mac or Linux, just do a host lookup. In addition to listing the servers for the account check the following: Enable Multi homed Outbound Proxy Mode Enable Transparent Proxy Mode Aside on Transparent Proxies A proxy server is one that exists between the client and the server and is used to implement common policies such as security strategy for example. The clients access the proxy and the proxy accesses the actual server. A transparent proxy is one that intercepts traffic for the actual server and terminates it locally. It then performs the proxy function but unlike a standard proxy requires no specific configuration, it deduces it from the packets the clients is sending. Leave any other parameters at their default values. A typical screen for this page looks like figure1 below.

Figure 1: An example SIP Settings page Survivability The Survivability page largely assumes that redundant servers are described via DNS SRV records (SRV records are a more generalized version of MX records, and can be used to define server failover and load sharing strategies). For reasons of synchronization between SIP trunking services and active PBX servers we do not use SRV records. Instead we statically define primary and secondary servers. Therefore much of this page can be switched off, specifically, turn off Enable keepalive messages for active server Monitor SIP Messages Register user with softswitch Enable SIP server redundancy Enable Phone Expires Override Rate Pacing behavior (set to NONE) There is one useful part of this page, and that is the Current Status at the top of the page, here is an example:

System The System tab provides for variety of way in which you can check on the current status of the site, some of the more useful ones include: Clients List This is a critical page, it lists the clients (usually phones) that are registered with the SBC. If you do not see a particular phone listed on this page then it will not be working. Also note that should you delete a client from the list that phone will immediately stop working. If everything else is OK it will be reinstated the next time it registers, but that might be hours away depending on the registration interval for that phone. System Information System Information => Recent Call Log, is handy for reviewing the quality of calls. Each call is printed four times with varying levels of detail. In the example call below the blue/green text detailsthe call from the local to the remote phone. The red/orange text details the call in the other direction. SHould you have a customer who complains about the quality of a call, you can use this table to determine if the issue in our leg of the call. Oct 18 15:40:06 2013 4550 mand: Creating call ID 1 between 10.0.2.50 and 198.199.120.47. Active calls=1 Oct 18 15:48:48 2013 4550 mand: Call ID 1 10.0.2.50 >198.199.120.47: Call complete. Remaining active calls=0. Minimum MOS=4.40 Average MOS=4.40 Oct 18 15:48:48 2013 4550 mand: Advanced MOS (v1.5);str=1382110806;stp=1382111328;call ID=1;SRC=10.0.2.50;SDD=2501;DST=198.199.120.47;DDD=12034521872;MOS=4.40;BTC=0;PJ=0.00;PPL=0.00; LP=0;RR=26084;SRE=26084;OOP=0;PD=0.09;MPJ=0.97;MNJ= 2.97;CLP=0;PLB=0.00; Oct 18 15:48:48 2013 4550 mand: Advanced 2MOS (v1.5);str=1382110806;call ID=1;SRCP=2230;DSTP=16900;SIP CALL ID=12c6637566abe0e24f9076716c455f29@198.199.120.47;IFACE=eth 0.2;SDD=2501;ORIGIN=0;CODEC=0;SEND SSRC=95BC7155;RECV SSRC=62645DB3;ALGIP=;ALGP=19080;RTT=NA;IN VITE=1382110801;RING=0;BYE=1382111328; Oct 18 15:48:48 2013 4550 mand: Call ID 1 198.199.120.47 >10.0.2.50: Call complete. Remaining active calls=0. Minimum MOS=4.36 Average MOS=4.40 Oct 18 15:48:48 2013 4550 mand: Advanced MOS (v1.5);str=1382110806;stp=1382111328;call ID=1;SRC=198.199.120.47;SDD=12034521872;DST=10.0.2.50;DDD=2501;MOS=4.40;BTC=0;PJ=0.00;PPL=0.00; LP=1;RR=26077;SRE=26078;OOP=0;PD=0.63;MPJ=19.97;MNJ= 59.69;CLP=1;PLB=1.00; Oct 18 15:48:48 2013 4550 mand: Advanced 2MOS (v1.5);str=1382110806;call ID=1;SRCP=16900;DSTP=2230;SIP CALL ID=12c6637566abe0e24f9076716c455f29@198.199.120.47;IFACE=eth 1;SDD=12034521872;ORIGIN=1;CODEC=0;SEND SSRC=95BC7155;RECV SSRC=62645DB3;ALGIP=;ALGP=19080;RTT= NA;INVITE=1382110801;RING=0;BYE=1382111328; Oct 18 15:48:48 2013 4550 mand: Ending call ID 1 between 198.199.120.47 and 10.0.2.50. MOS scoring is enabled. Remaining active calls=0.

Services Configuration This is where we enable MOS Scoring and Threshold Also where we enable Syslog Enabling Remote Access All EM4550 units should be remotely accessible, there is no reason not to do this and its often a life saver. For HTTP Access Under the Security Tab do this: Check Enable Firewall Check HTTP access through Firewall Use a port other than 80 and 8080 Check SSH if you want command line access. Under the System tag Checl on this: The password of the read write administrative user can be changed. Change the password to something other than the default. For HTTPS Access To ensure that the entire session is encrypted and there impossible for third parties to watch/intercept you need to use HTTPS. The PKI (Private Key Infrastructure) you need for this usually extremely complex, but fortunately Edgewater has done a decent job or simplifying it down to the filling out of a few forms. To be on the safe side and to ensure that we don t lock ourselves out of the box Bluestone recommends you do this: 1. Get HTTP going. 2. Generate the certificates etc and get HTTPS going. 3. Once HTTPS is working, then you can disable access to HTTP through the firewall. 4. Should there have been any issues with step 2, then you can always fall back to HTTP access. Given the above here is what you need to do: On the Security tab check both HTTP and HTTPS as allowed through the firewall. Save that Click on the Certificate Store, and then fill out Create a Certificate so that it looks something like the example below change the names to suit your actual location/account as needed.

Once the self signed certificate has been created save it. BTW it is not usually worthwhile to enter a password. This password is not the password you log into the EM with, but a password that is used to locally encrypt the certificate. As the private key (the only certificate that it is crucial to keep secret) is stored on the EM, then you are only protecting it from others that might log in to the EM. If you forget the password then the certificate is useless. Once you have the certificate in the certificate store, then click on HTTPS configuration From the Certificate drop down select your new generated certiifcate. Leave the password blank if you did not enter one, or enter it if you did. Leave the port as 443 Now Submit the config. If all goes well then you should now be able to use HTTPS from a browser to log into the unit. Ignore the warning from the browser about site security, that s simply there because you are using a self signed cert. Now you can disable HTTP access and return it to port 80. This will make it a little more convenient to access the unit from the LAN using HTTP. You re done you now have HTTPS access. Remember to change the log in password to something non standard. HTTPS only encrypts the communication, it doesn t make the access to the unit and more or less difficult.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information