V2IU 5300S User Guide, V7.2.2 - Support
Contents
1. This port is used to establish a local console session with the 5300 S using a VT100 terminal or emulation program The baud rate is 9600 It is used for debug or local diagnostic purposes only Introduction Management Features The 5300 S is configured and managed through the Configuration Menu a web based Graphical User Interface e 66 52 177 5 NGT EWN EdgeProtect1 Microsoft Internet Explorer File Edit Yiew Favorites Tools Help a O O DAG pma trem S Sa UPS Address http 69 3 186 175 egibin config page 2 About The Voice Appliance Suggested Deployment Features Connections Quick Start ALG only Kal internet Access the Configuration Menu by entering a URL in a web browser such as Internet Explorer Netscape or Firefox Using the Configuration Menu you can set a wide range of network services including e Provider and subscriber settings and related network settings e Remote system logging VolP and subnet routing e Firewall e Administration maintenance and upgrading The following chapters give you detailed processing steps you need to set up the 5300 S User Guide V2IU 5300 S Series Converged Network Appliance Installing the 5300 S The 5300 S is designed for a 19 inch rack mount installation Before installing note the following cautions Never assume that the AC cord is disconnected from a power source Always check first Always conn2. By allowing public IP addresses to be returned in an LCF the gatekeeper may be able to do more complex policy decisions This field should usually not be enabled Allow public IP in LCF Embedded gatekeeper mode settings These settings control the embedded gatekeeper behavior Time To Live s 300 Prevent calls from unregistered endpoints o Configuring for Video LRQ size Some gatekeepers do not accept more than 2 source aliases in the LRQ message Limit LRQ size Default Alias A default alias can be added to incoming calls without a destination alias in the Q 931 Setup message By adding this alias the embedded gatekeeper or a LAN Subscriber side gatekeeper can route the call to a default endpoint Default alias E 164 H 323 Stale Time The system can automatically delete clients when they have not sent any registration requests for a given period of time Delete stale clients o Stale time m 60 Multicast Messages Some RAS messages can be multicast in order to automatically detect gatekeepers Listen to multicast messages o H 460 18 Support H 460 18 allows the system to do NAT Firewall traversal for clients behind NAT and or firewall devices Disabled Enabled Keep alive time s Alias Restrictions The maximum number of aliases to be allowed to register Max Aliases 0 The H 323 Settings page has the following areas Gat
3. User Guide V2IU 5300 S Series Converged Network Appliance How Subinterfaces Works A common use for subinterfaces is forwarding a public subnet A subinterface may be created to support a subnet forwarded through the Polycom V7IU 5300 S When forwarding a subnet through the Polycom V7IU 5300 5 it is necessary to assign an address for this subnet to the system to act as the subnet s gateway To configure forwarding rules use the Forwarding Rules submenu under the Firewall configuration link When applied to the WAN Provider interface these addresses are protected by the same firewall policy that is applied to the WAN Provider address Several other features in the system automatically create Subinterfaces VRRP if supported and Static NAT automatically create Subinterfaces When viewing the Network Information page Subinterfaces are designated in the Interface Information section with the device name and number separated by a colon for example eth0 100 Configuring Subinterfaces To configure subinterfaces use the following steps 1 Using the configuration graphical user interface from the Configuration Menu on the left hand side click Network 2 Click Subinterfaces The window shown below opens Info Subinterfaces Subinterfaces allows an administrator to assign additional IP addresses to a system interface After creating a LAN subinterface it is often necessary to configure a firewall forwarding rule to permi
4. A comprehensive security policy can be created using advanced settings To configure advanced settings 1 In the navigation pane select Firewall and scroll to Advanced LAN and 2 3 WAN Firewall Settings 4 66 52 177 5 NGT EWN CdgeProtectt Microsoft internet Explorer Ek Ed Wew Favores ods te 7 O O AAS ku O BS LOS Address hp 169 3 186 175 eg bincang pages Eo ms Gsm ty Trusted Management Addresses ONLY applies to the management interface Apply basic settings configuration only to the following addresses Address can be host IP g 10 10 39 1 or 10 10 10 1 10 10 10 2 for multiple hosts To dalata an antry highlight and dalata it To restrict Trusted Management to Management Interface click bare Advanced LAN and WAN Firewall Settings Enable Firewall Logging o Deny Hosts IP Deny Hostwise TCP 1P PORT Deny Hostwise UDP IP PORT Allow Hostwise TCP IP PORT Allow Hostwise UDP IP PORT Submit Reset Copyright 2002 2004 Edgewater Networks Inc Hi rights razersed Yau Lecensax a remet Enable to disable firewall logging See Enabling or disabling the firewall on page 6 4 Configure Deny Hosts IP according to the rules in Advanced setting rules on page 6 4 Deny Hosts IP denies all traffic with the source IP address matching the specified hosts User Guide V2IU 5300 S Series Converged Network Appliance Advanced setting rules Co
5. Description Matches any single character Matches any single character listed between the For example abc 123 If the characters are separated by a all characters between the two are matching e g a z 0 9 Matches the literal string given e g abc Matches the block on either side of the e g alb Matches 0 or 1 of the preceding block Matches 0 or more of the preceding block Matches 1 or more of the preceding block Escapes the special meaning of the next character Matches exactly a numbers of the preceding block Matches a or more of the preceding block Matches between a and b inclusive of the preceding block Table 2 Example Regular Expressions Expression Description 100 555 7123 408 555 555 0 9 3 T Matches the string 100 Matches 555123 or 123 Matches 408 or 555 Matches 555 followed by exactly 3 digits Matches the character Matches the character Note that by itself is a regular expression and must therefore be escaped with a to match the character itself User Guide V2IU 5300 S Series Converged Network Appliance Forwarding Rules Forwarding Rules allows a system administrator to forward data traffic for a subnet from one interface to another overriding the Firewall s default drop rules Allowing a subnet to be forwarded is commonly used when servers with public addresses are placed behind the system Configuring the net
6. RTP UDP 16386 17286 4200 4300 16386 25386 5300 16386 34386 6400 Configuring the H 460 Operation Mode To configure the H 460 Operation Mode use the following steps 1 Using the configuration graphical user interface from the Configuration Menu on the left hand side click VoIP ALG 2 Click H 323 Configuring for Video 3 Scroll down until the following part of the window appears H 460 18 Support H 460 18 allows the system to do NAT Firewall traversal for clients behind NAT and or firewall Gevices Disabled Enabled Keep alive time s Bandwidth Settings The maximum bandwidth to be used Maximum bandwidth kbps srent payload bandwidth Cu Estimated total bandwidth Alias Restrictions The maximum number of aliases to be allowed to register Max Aliases 0 Submit Reset A On this screen use the following options Disabled disabled The system will not use H 460 18 even though the endpoint is capable of it Always enabled The system always turns H 460 18 on if the endpoint signals capability The keep alive time is the interval between keep alive messages used to keep the firewall open that the endpoint should use The default is 30s 5 When you have entered your selections click Submit User Guide V2IU 5300 S Series Converged Network Appliance Configuring VolP Overview This chapter describes how to configure VoIP capabilities It contains the fo
7. e Enabling this feature This feature is useful for lists involved with 911 usage When this feature is in effect any message from an unauthorized SIP client will be rejected with a 403 Forbidden response MGCP messages will be discarded Enabling the Clients List Lock To configure clients list lock use the following steps 6 Using the configuration graphical user interface from the Configuration Menu on the left hand side click VoIP ALG The following window appears VoIP ALG ALG allows the system to recognize and register network devices TFTP Server IP address 0 0 0 0 In some cases the ALG addresses will not correspond to the addresses of the LAN or the WAN ports e g when VRRP is enabled The addresses will be alias addresses that have been configured on the ports In general the user should leave this feature disabled Use ALG Alias IP Addresses ALG LAN Interface IP Address 192 168 1 1 ALG WAN Interface IP Address 64 186 171 56 Do strict RTP source check Enable Client List lockdown q The ALG feature is registered View license key Submit Reset 3 On this screen check Enable Client List lockdown 4 Scroll to the bottom of the window and click Submit Configuring for Video H 323 Activity Monitor The H 323 Activity Monitor shows any recent H 323 events that may be of interest to the administrator of the system The information appears in three column
8. 1 GRANT OF LICENSE Subject to the terms of this Agreement POLYCOM grants to you a non exclusive non transferable revocable license to install and use the SOFTWARE PRODUCT solely on the POLYCOM product with which this SOFTWARE PRODUCT is supplied the PRODUCT You may use the SOFTWARE PRODUCT only in connection with the use of the PRODUCT subject to the following terms and the proprietary notices labels or marks on the SOFTWARE PRODUCT or media upon which the SOFTWARE PRODUCT is provided You are not permitted to lease rent distribute or sublicense the SOFTWARE PRODUCT in whole or in part or to use the SOFTWARE PRODUCT ina time sharing arrangement or in any other unauthorized manner Further no license is granted to you in the human readable code of the SOFTWARE PRODUCT source code Except as expressly provided below this License Agreement does not grant you any rights to patents copyrights trade secrets trademarks or any other rights in respect to the SOFTWARE PRODUCT 2 OTHER RIGHTS AND LIMITATIONS 2 1 Limitations on Reverse Engineering Decompilation and Disassembly You may not reverse engineer decompile modify or disassemble the SOFTWARE PRODUCT or otherwise reduce the SOFTWARE PRODUCT to human perceivable form in whole or in part except and only to the extent that such activity is expressly permitted by applicable law notwithstanding this limitation The SOFTWARE PRODUCT is licensed as a single product Its component
9. Disabling remote system logging 0008 7 17 Setting the System Date and Time 0000 7 17 Creating a Static Route 2 6 eee eens 7 18 Appendix eeeeeeeeeee cece Appendix 1 Troubleshooting Tips 00 e eee Appendix 1 Trouble accessing the Internet 0 0 Appendix 1 No dialtone ss cieecse ees tene cho ees tebe ee oees bees Ses Appendix 1 Checking the ALG registration code Appendix 2 User Guide V2IU 5300 S Series Converged Network Appliances Telephone doesn t register with the softswitch Appendix 2 Checking the configurations on the ALG page Appendix 2 Pinging the softswitch 6 0 c cece cece eee eee Appendix 2 Regulatory Notices Regulatory Notices 1 END USER LICENSE AGREEMENT FOR POLYCOM SOFTWARE Regulatory Notices 1 FCC PART 15 NOTICE 000005 Regulatory Notices 11 Industry Canada NOTICE Regulatory Notices 11 Introduction Introducing the V2IU 5300 S Converged Network Appliance Installed at the edge of the operations center 5300 S Series converged network appliances secure critical voice video and data infrastructure components such as VoIP softswitches video Gatekeepers gateways and media servers This chapter contains the following sections e Introducing the V7IU 5300 S Converged Network Appliance e Features e Front Panel
10. If one or more telephones are not registering with the softswitch e Check the configurations on the VoIP ALG page e Attempt to ping the softswitch Checking the configurations on the ALG page To check configurations on the ALG page 1 From the navigation bar select VoIP ALG 2 and then what What would they be looking for and what needs to be corrected Pinging the softswitch To ping the softswitch 1 From the navigation bar select System 2 From the System submenu select Network Test Tools 3 In IP Address to Ping enter the softswitch address 4 Click Ping Appendix 2 Regulatory Notices Important Safeguards Read and understand the following instructions before using the system Close supervision is necessary when the system is used by or near children Do not leave unattended while in use Only use electrical extension cords with a current rating at least equal to that of the system Always disconnect the system from power before cleaning and servicing and when not in use Do not spray liquids directly onto the system when cleaning Always apply the liquid first to a static free cloth Do not immerse the system in any liquid or place any liquids on it Do not disassemble this system To reduce the risk of shock and to maintain the warranty on the system a qualified technician must perform service or repair work Connect this appliance to a grounded outlet Only connect the system to sur
11. You can only reinstate access by connecting to the serial console interface 3 Press Submit Setting the Provider MTU Size The Provider MTU size may be set to reduce the latency that is introduced when large data packets are sent over a slow link The default setting is 1500 bytes for static IP addresses PPPoE links negotiate the value automatically although the value can be overridden using this field If the Upstream Bandwidth is less than 256 Kbit s the MTU size is automatically reduced to 576 bytes When the link rate is set manually ensure that the device at the far end of the connection can communicate at the desired rate Incompatible rates can cause a loss of communication with the 5300 S 7 12 Administrative Options Caution When manually configuring the MTU size we recommend that you use a setting of 800 bytes or greater You may experience problems with certain types of VoIP traffic if the MTU size is set below 800 bytes To set the Provider MTU size 1 Inthe navigation bar select System 2 Inthe System menu select Set Link AJE x ka Fawortes Took H O O AAG Poe trom O SEUSS ebro R hetn tes 2 106 17Bfop tinkccetighaage 26 Bo m Gaw w Set Link Set Link displays the osrent ethemet interface link settings for the Volos Appliance Use caution when adjusting the ethemet link rate The device may become unreachable If an incompatible rate is set Link Rate Settings Subscriber Ether
12. a location confirm to a previous request e Location Reject Sent or forwarded a location reject to a previous request The call status shows the last state of the call at the time of the event Each call progresses through a number of states when being established If a call fails the call status in the call termination event can help trouble shoot the cause of the call failure For example if the call fails at the Caller Callee admission request received state there may be a problem communicating with the gatekeeper whereas if the call fails at the Attempting to establish outgoing Q 931 TCP connection state the remote endpoint may not be reachable The following are call status messages e Caller admission request received Received an admission request from the source endpoint and forwarded it to the gatekeeper e Caller admission response received Received an admission response either confirm or reject from the gatekeeper and forwarded it to the source endpoint e Incoming Q 931 TCP connection established Received an incoming Q 931 TCP connection from the source Configuring for Video e Attempting to establish outgoing 0 931 TCP connection Successfully resolved the destination of the call and attempting to establish an outgoing Q 931 TCP connection to the destination e Q 931 signaling received and forwarded Both Q 931 TCP connections have been successfully established and Q 931
13. signaling has been received and forwarded e Callee admission request received Received an admission request from the destination endpoint and forwarded it to the gatekeeper e Callee admission response received Received an admission response either confirm or reject from the gatekeeper and forwarded it to the destination endpoint e Incoming H 245 TCP connection established Received an incoming H 245 TCP connection from the source e Attempting to establish outgoing H 245 TCP connection Attempting to establish an outgoing H 245 TCP connection to the destination e H 245 signaling received and forwarded Both H 245 TCP connections have been successfully established and H 245 signaling has been received and forwarded At this point the call is consid ered established even though no media channels have been opened up yet e Outgoing media channel established An outgoing media channel from the LAN subscriber side to the WAN pro vider side has been opened e Incoming media channel established An incoming media channel from the WAN provider side to the LAN sub scriber side has been opened e Bidirectional media channels established Media channels have been opened in both directions This is a normal call where media is being sent in both directions User Guide V2IU 5300 S Series Converged Network Appliance Call Termination 4 26 The call termination cause may also give
14. 1 prefix pointing to the master gatekeeper and let that gatekeeper signal the other endpoints directly j 2 Polycom i mnato E 164 831 555 1000 MGC a m onfigured Prefixes 9 10 10 10 1 10 10 11 1 V IU LAN Side Gatekeeper Mode Private Video Network A E 164 Range Configured Prefixes 8315 10 10 11 1 gn V lU Peering Proxy 67 40 40 4 Mode IP Endpoint lt lt no Gatekeeper Wig registration 61 10 10 4 V lU LAN Side Gatekeeper Mode Public Internet E 164 512 555 1000 6 Configured Profixe 9 172 16 1 1 Sorn V IU Embedded 4172 16 21 Gatekeeper Mode 172 16 1 1 ESS 68 30 30 4 V IU Peering Proxy Mode VIU LAN Embedded Gatekeeper Mode 65 10 10 4 es E 164 510 555 1000 Site B In the example above the Polycom V7IU 5300 S Peering Proxy is installed in Private Video Network A and B a peering point into this network This network could have additional peering points to allow topology spreading of network resources However this example shows only a single point Peering Configuring for Video Proxy provides an access point into this network and is responsible for the E 164 dial plan using NANP North American Numbering Plans or NPAs The NPAs in this case are 831 and 408 Dial plan integrity is required to insure proper routing of prefix s This means that if users are to dial into your network they could be requir
15. Agreement 2 10 Additional Obligations You are responsible for all equipment and any third party fees such as carrier charges internet fees or provider or airtime charges necessary to access the SOFTWARE PRODUCT 3 SUPPORT SERVICES POLYCOM may provide you with support services related to the SOFTWARE PRODUCT SUPPORT SERVICES Use of SUPPORT SERVICES is governed by the POLYCOM policies and programs described in the POLYCOM provided materials Any supplemental software code provided to you as part of the SUPPORT SERVICES is considered part of the SOFTWARE PRODUCT and is subject to the terms and conditions of this Agreement With respect to technical information you provide to POLYCOM as part of the SUPPORT SERVICES POLYCOM may use such information for its business purposes including for product support and development POLYCOM will not utilize such technical information in a form that personally identifies you Regulatory Notices 3 User Guide V2IU 5300 S Series Converged Network Appliance Regulatory Notices 4 4 TERMINATION Without prejudice to any other rights POLYCOM may terminate this Agreement if you fail to comply with any of the terms and conditions of this Agreement In such event you must destroy all copies of the SOFTWARE PRODUCT and all of its component parts You may terminate this Agreement at any time by destroying the SOFTWARE PRODUCT and all of its component parts Termination of this Agreement shall not pr
16. Converged Network Appliance Features Front Panel e Resolves firewall traversal problems at the Network Operations Center for VoIP by providing a VoIP application layer gateway ALG or voice and video aware firewall that supports SIP MGCP and H 323 e Resolves firewall traversal problems at customer offices for VoIP by providing NAT Traversal capability for SIP e Supports up to 500 concurrent VoIP calls or up to 25 Mbps of H 323 video traffic e Protects the enterprise LAN using a stateful packet inspection SPI firewall for both voice and data traffic e Performs static IP routing e Provides integrated test tools to facilitate problem isolation e Performs TFTP relay for IP phone images e Uses a simple web based GUI for configuration and management e Supports logging to external syslog servers and interfaces to network management systems using SNMP The front panel of the 5300 S has the following ports Port Description Subscriber ETHO Ethernet Port 1 This port is a 10 100 auto sensing port It is connected through an Ethernet switch to IP phones IADs or PCs installed on the public network Provider ETH1 Ethernet Port 2 This port is a 10 100 auto sensing port It is connected to the private network Out of Band Management Port 3 This port can be configured to allow out of band management sessions It is typically connected to a private management network Console Port
17. H 323 Prefix Entry 0 cee cece cece ee 4 20 Clients List LOCK sc csscc5 doe sci secenecttersieseck toda ns aided in hile Ek i 4 21 Enabling the Clients List Lock 00 00008 4 22 11323 Activity Monitor sis s reei esaea steed ete ianes 4 23 LY PS of EVENS 5 55 assess pence Meee mec tini ou bier weber woh lores EES 4 24 Call Status cca cokinciteinesaph sag thinned Wired ee edad knee Roe 4 24 Call Termination lt g04 6 224522 AEETI Deloss pied Sees He ERRE 4 26 Viewing the H 323 Activity Monitor 00 4 27 H 460 Operation Mode eee eee eee eens 4 28 How H 460 Operation Mode Works 000 0 eee eee 4 28 Configuring the H 460 Operation Mode 0 0055 4 30 Configuring VOIP gt 2 0 1 sds decodes ceseoneendaecs oe OVEIVIEW 6506665056846 pee EE PEELE ENTREE ESEE Re EEE EEE Re Tie 5 1 Configuring VoIP Subnet Routing 0 cee eee eee 5 6 Deleting a VoIP subnet route 0 0 0 00000 5 7 Configuring VRRP s er sen bie obbenke dhe ee de ge bbe ade etalon dae 5 8 Contents Configuring the Firewall 0 0 eee eee ORT Configuring Basic Firewall Settings 6 e cece eee eee 6 1 Basic settings rules 0 ccc eee teenies 6 3 Configuring Advanced Firewall Settings 000 0 eee eee 6 3 Advanced setting rules 0 0 0 6 4 Enabling or disabling the firewall 0000 e eee e
18. Memory usage System logging messages System uptime System Uptime displays the current time the amount of time elapsed since the last system reboot and the system load averages for the past one five and 15 minutes Uptime can help identify when a power outage may have interrupted service Load averages greater than two indicate excessive system loading and could indicate over provisioning of the VoIP ALG feature Number of active streams The number of active streams indicates how many calls are transiting the 5300 S crossing from Subscriber to Provider interfaces OR being hair pinned by the 5300 S as part of its NAT Traversal facility Calls that are in progress and between two devices on one side of the 5300 S are not counted in this number Configuring the V2IU 5300 S Recent Call Log The Recent Call Log displays quality information about calls that are in progress or have recently completed If a call falls below the configured MOS Threshold a system log message is created The MOS score for a call is always displayed when the call is completed Detailed statistics for the call are reported in the Advanced MOS syslog message Process Information Process Information displays detailed process table information that may be of use to technical support Memory Usage Memory Usage displays detailed memory allocation information that may be of use to technical support System Logging Messages System Logging Messages
19. are blocked from accessing the device User Guide V2IU 5300 S Series Converged Network Appliance To configure trusted management addresses 1 Inthe navigation pane select Firewall T 66 52 1775 NGT WN CdpeProtect Microsoft internet Explorer EIER Ee ER Yow Faotes ods hsp C7 Q O AO Pa gan O 2 Sa Ug Address 48 htp 69 2 186 275 eg binycorigoagee5 Eo ins Goer i n Info Firewall Enable Firewall for LAN and WAN a Basic LAN and WAN Firewall Settings Allow HTTP access through firewall Allow TELNET access through firewall o Allow SSH access through firewall a Allow SNMP access through firewall ca Allow TCP Port Allow UDP Port Enable PPTP Server Pass through o PPTP Server IP Address Trusted Management Addresses ONLY applies to the management interface Apply basic settings configuration only to the following addresses Address can be host IP e g 10 10 10 1 or 10 10 10 1 10 10 10 2 for multiple hosts To delate an entry highlight and delete it To restrict Trusted Management to Management Interface click here a internet 2 Within the Trusted Management Addresses enter a list of trusted management host addresses or network masks The basic firewall rules will be applied only to those addresses All other addresses will be blocked from accessing the device If you do not include your management station or a station to which you have access you lose access to the 5300 S
20. are prohibited by law if you do not accept this License Therefore by modifying or distributing the Program or any work based on the Program you indicate your acceptance of this License to do so and all its terms and conditions for copying distributing or modifying the Program or works based on it 6 Each time you redistribute the Program or any work based on the Program the recipient automatically receives a license from the original licensor to copy distribute or modify the Program subject to these terms and conditions You may not impose any further restrictions on the recipients exercise of the rights granted herein You are not responsible for enforcing compliance by third parties to this License 7 If as aconsequence of a court judgment or allegation of patent infringement or for any other reason not limited to patent issues conditions are imposed on you whether by court order agreement or otherwise that contradict the Regulatory Notices 9 User Guide V2IU 5300 S Series Converged Network Appliance Regulatory Notices 10 conditions of this License they do not excuse you from the conditions of this License If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations then as a consequence you may not distribute the Program at all For example if a patent license would not permit royalty free redistribution of the Program by all those who r
21. be modified The default value is 5 msg second Configuring VolP Field Description Automatic MGCP Audit The Automatic MGCP Audit flag specifies whether MGCP clients should be automatically audited by sending a message to each client and wait for a response Audit Cycle Interval State Time The Audit Cycle Interval specifies how often these messages should be sent out to the clients For each cycle all endpoints are audited so the rate of messages being sent is dependent on the number of clients currently registered The Stale Time value is used to decide when a client is supposed to be deemed stale or unavailable Prevent state re registration The Prevent stale re registration flag can be used to disable the automatic MGCP re registration feature for stale clients Automatic Client Deletion Automatic Client Deletion will delete clients that have been unavailable for a given period of time Deletion Time Deletion Time specifies the time that a stale client will show a warning icon in the client list H 323 Terminal Type Maximum bandwidth kbps The H 323 TerminalType is used to specify the type of terminal that the 5300 S should use This value should be set to endpoint This value is not used and should be set to 0 Current payload bandwidth The total bandwidth in use for H 323 video calls as requested by the H 323 video endpoints Estimated total bandw
22. complete source code means all the source code for all modules it contains plus any associated interface definition files plus the scripts used to control compilation and installation of the executable However as a special exception the source code distributed need not include anything that is normally distributed in either source or binary form with the major components compiler kernel and so on of the operating system on which the executable runs unless that component itself accompanies the executable If distribution of executable or object code is made by offering access to copy from a designated place then offering equivalent access to copy the source code from the same place counts as distribution of the source code even though third parties are not compelled to copy the source along with the object code 4 You may not copy modify sublicense or distribute the Program except as expressly provided under this License Any attempt otherwise to copy modify sublicense or distribute the Program is void and will automatically terminate your rights under this License However parties who have received copies or rights from you under this License will not have their licenses terminated so long as such parties remain in full compliance 5 You are not required to accept this License since you have not signed it However nothing else grants you permission to modify or distribute the Program or its derivative works These actions
23. displays information logged during system boot and normal operation Logging messages may indicate unauthorized attempts to access the 5300 S process restart messages and excess resource utilization messages User Guide V2IU 5300 S Series Converged Network Appliance 3 10 Configuring Network Settings This chapter describes how to configure the 5300 S network settings It contains the following sections e Configuring Subscriber Interface Settings e Configuring Provider Interface Settings e Subinterfaces e ToS Byte Setting Setting the Ethernet Link Rate Configuring the Network Before starting collect the following information e An IP address for the 5300 S e An IP address for the gateway The preferred and secondary IP address for the DNS server The 5300 S is shipped with the preset subscriber Port 1 IP address of 192 168 1 1 and the default subnet mask 255 255 255 0 so you can access and configure the 5300 S Configuring Subscriber Interface Settings The subscriber interface defines the interface between the 5300 S and your customers endpoints or the public network User Guide V2IU 5300 S Series Converged Network Appliance To configure subscriber interface settings 1 Inthe navigation bar select Network T 66 52 177 5 NGT CWN CdpeProtect Microsoft internet Explorer Ee Ek ew Faotes ods Hip Q O DAG Aaa kan O 2 Sa DUS Address 4B itp 69 3 126 275 fog binloonlighpage 3 Bo w
24. e Input Interface The interface where data is received that is destined for the forwarded subnet destination address es e Output Interface The interface where data is received that is sent from the forwarded subnet source address es e Protocol The following protocols are used UDP for the specified network allows the specified UDP port or port range to pass through the system TCP for the specified network allows the specified TCP port or port range to pass through the system Configuring for Video Any for the specified network allows all ports and protocols through the system No ports are required because not all protocols support the concept of ports e Port or Port Range The port number or port range allowed through the system when UDP or TCP are selected A port range is specified by separating the starting and ending ports with a colon for example 22 80 The ports parameter is not supported when you select Any protocol because not all protocols support the concept of ports When you have finished entering this information click Add 5 Click OK The new forwarding entry appears on the Forwarding Rules window in the list area Peering Proxy H 323 prefixes can be used to route calls based on a matching prefix in the destination alias of the call Each prefix is associated with a domain name or IP address to send the call to in case the prefix matches The prefixes are searched in order
25. e Management Features User Guide V2IU 5300 S Series Converged Network Appliance The 5300 S Series converged network appliances can be deployed in service provider or enterprise environments as depicted below Service Provider 9 A SIP Voice ISDN PSTN Network H 323 Gatekeeper Softswitch Gateway MCU 5300 S gt Aggregation Router rors Hotspot AAT T re i Public IP Network fo User 2 T 1 E 1 NxT 1 E 1 Aggregation Company B Router lt 5 S S S SLS a ee 5300 E IN Za 7 H 323 Video RE Endpoint g Gateway Br H 323 Video one 7 i 1 Endpoint F Ss 7 NS Z a k Meg A rail a a A lari 7 EMO08B Introduction Headquarters H 323 Application Softswitch gt Gatekeeper Server NMS PC J IP Phone PSTN Gateway amp IP Phone IP Phone Aggregation Router NxT 1 E 1 Branch Office Aggregation Router Company B as ae e a P S 7 H323 Endpoint EMO09A The 5300 S is designed to protect managed VoIP service providers and enterprise customers from network based attacks It combines topology hiding dynamic session admission control and stateful packet inspection to secure critical voice video and data infrastructure components This chapter introduces the e Functional features e Hardware features e Management features User Guide VIU 5300 S Series
26. for user authentication and encryption of both synchronous requests as well as asynchronous traps None means neither SNMPvs authentication or encryption are used Auth MD5 means authenticating user using MD5 hash algorithm AuthPriv MD5 DES means authentication as well as encryption using the DES encryption algorithm The default value is None SNMPv3 Trap Context The SNMPVv3 trap context defaults to nothing but can be set to any string System Location A comment string that can be used to indicate the location of the 5300 S By default no value is set System Contact The administrative contact information for the 5300 S By default no value is set SNMP Port The port that the 5300 S monitors to read and send SNMP data The default is 161 4 Press Submit Disabling SNMP To disable SNMP select Services Configuration from the System menu and uncheck the SNMP checkboxes Enabling remote system logging The 5300 S can be configured to log system messages to an external syslog server To enable remote system logging 1 In the Navigation bar select System User Guide V2IU 5300 S Series Converged Network Appliance T 66 52 177 5 NGT EWN CdpeProtect Microsoft internet Explorer In the System menu select Services Configuration Ek Edt Yew Fates ods Hsp Om O HAG puma frre O Z ress B hp 169 3 126 1 75eg bincang page 35 VQe ins Services Configuration E
27. or disabled depending on the functionality required for a network configuration The device s network settings include configuring the Subscriber and Provider interfaces DNS and Default Gateway VoIP ALG Using the VolP ALG page you can configure the connectivity and management for Subscriber and Provider voice and video over IP devices Firewall Through the Firewall page you can configure the 5300 S to act as a firewall for voice video and data traffic System Through the System menu you have access to a variety of configuration operations and status information Read only User This feature works by creating a new user with read only access to the system All information is displayed in a non changeable form Information changed in entry boxes cannot be submitted In fact most Submit and OK buttons are not visible Note You must have administrator privileges and log in as an administrator to change read only user Enabling a Read only User To enable a read only user use the following steps 1 Using the configuration graphical user interface from the Configuration Menu on the left hand side click Network Note You must have administrator access and log in as an administrator to change read only user 2 Scroll down to the area of the screen shown below Change Read Only Password The password of the read only user can be changed 3 Click changed The following window screen appear
28. parts may not be separated for use on more than one PRODUCT You may not use the SOFTWARE PRODUCT for any illegal purpose or conduct 2 2 Back up Except as expressly provided for under this Agreement you may not copy the SOFTWARE PRODUCT except however you may keep one copy of the SOFTWARE PRODUCT and if applicable one copy of any previous version for back up purposes only to be used in the event of failure of the original All copies of the SOFTWARE PRODUCT must be marked with the proprietary notices provided on the original SOFTWARE PRODUCT You may not reproduce the supporting documentation accompanying the SOFTWARE PRODUCT 2 3 No Modifications You may not modify translate or create derivative works of the SOFTWARE PRODUCT 24 Proprietary Notices You may not remove or obscure any proprietary notices identification label or trademarks on or in the SOFTWARE PRODUCT or the supporting documentation Regulatory Notices 2 5 Software Transfer You may permanently transfer all of your rights under this Agreement in connection with transfer of the PRODUCT provided you retain no copies you transfer all of the SOFTWARE PRODUCT including all component parts the media and printed materials any upgrades this Agreement and if applicable the Certificate of Authenticity and the recipient agrees to the terms of this Agreement If the SOFTWARE PRODUCT is an upgrade any transfer must include all prior versions of the SOFTWARE PRODUC
29. test used to verify basic connectivity to a networking device Successful ping test results indicate that both physical and logical path connections exist between the 5300 S and the test IP address Successful ping tests do not guarantee that all data message are allowed between the 5300 5 and the test IP address To run a ping test In the navigation bar select System In the System menu select Network Test Tools T 66 57 177 5 NGT EWN CdgeProtect Microsoft internet Explorer Ek Edt Yew Fates os hp LJ O O HAG pma hre O 2 Sa LOS Address 4 htp 60 3 186 1 75jeg ba kconligipage 21 Network Test Tools ae A network administrator may use the test tools on this page to verify connectivity of the Voice Applicance and trace the path of dats throughout the network Ping Test IP Address to Ping Png Reset Traceroute Test IP Address to Trace Interface Ce Subscriber OProvider a internet 1 Enter an IP Address to Ping 2 Press Ping Running a traceroute test The Traceroute Test is used to track the progress of a packet through the network The test can be used to verify that data destined for a provider device reaches the remote IP address via the desired path Similarly network paths internal to a company can be traced over the subscriber network to verify the local network topology To run a traceroute test 1 In the navigation bar select System User Guide V2IU 5300 S Serie
30. will be limited to the duration of the applicable warranty 10 EXPORT CONTROLS The SOFTWARE PRODUCT may not be downloaded or otherwise exported or re exported i into or to a national or resident of Cuba Iraq Libya North Korea Yugoslavia Iran Syria Republic of Serbia or any other country to which the U S has embargoed goods or ii to anyone on the U S Treasury Department s list of Specially Designated Nationals or the U S Commerce Department s Table of Denial Orders By downloading or using the SOFTWARE PRODUCT you are agreeing to the foregoing and you are representing and warranting that you are not located in under the control of or a national or resident of any such country or on any such list If you obtained this SOFTWARE PRODUCT outside of the United States you are also agreeing that you will not export or re export it in violation of the laws of the country in which it was obtained 11 MISCELLANEOUS 11 1 Governing Law THIS AGREEMENT SHALL BE GOVERNED BY THE LAWS OF THE STATE OF CALIFORNIA AS SUCH LAWS ARE APPLIED TO AGREEMENTS ENTERED INTO AND TO BE PERFORMED ENTIRELY WITHIN CALIFORNIA BETWEEN CALIFORNIA RESIDENTS AND BY THE LAWS OF THE UNITED STATES The United Nations Convention on Contracts for the International Sale of Goods 1980 is hereby excluded in its entirety from application to this Agreement 11 2 Entire Agreement This Agreement represents the complete agreement concerning the SOFTWARE PRODUCT and m
31. 0baseT FD 100Mbits per second using full duplex transmission Autonegotiate The 5300 S autonegotiates link rate and duplex with the directly attached device 5 Press Submit Configuring the Network Use network settings to configure the default gateway address and the primary and secondary DNS servers Packets destined for IP addresses not known to the 5300 S are forwarded to the Default Gateway for handling For the 5300 S the Default Gateway MUST be the next hop router attached to Port 1 the Subscriber interface The primary DNS server is used by the 5300 5 to resolve domain names to IP addresses The secondary DNS server is used in the event the primary DNS server is unreachable To configure network settings 1 Inthe Network page move to the Network Settings section D 66 02 9775 NGT EWN LdpeProtectt Mi Ee pdt vew Favertes Too Hap x Qw BO Ame km O 2 3 BP DPS Ahass i tetp 0 2 186 7 5 op biniccet grape jpo w Onm tt fi Network aia guration information for the public 693136175 255255255224 Provider Interface Settings ADSL PPPoE DHCP Static IP Address IP Address 6521775 Subnet Mask 2552552550 Network Settings 633185161 snagement interface click here Configuring Network Settings Enter an IP address for the Default Gateway This must be the next hop router connected to Port 1 the Subscriber side interface Enter the Primary DNS Server Enter the Se
32. 2IU 5300 S Series Converged Network Appliance Field Description Month Enter a value from 1 to 12 Day Enter a value from 1 to 31 Year Enter the current year Hour Enter a value from 0 Midnight to 23 11 pm Minute Enter a value from 0 to 59 Second Enter a value from 0 to 59 6 Press Submit Creating a Static Route Static routes may be needed to support network applications such as a web server that are allowed through the firewall and directed to a specific IP address or subnet Use care when configuring static routes Static routes may prevent the other networking features in the 5300 S from functioning properly To configure a static route 1 Inthe navigation bar select System N amp O W Administrative Options In the System menu select Route T 66 52 177 5 NGT EWN CdpeProtect Microsoft internet Explorer Ee Et Yow Fates ods Hsp SLI O O NAG Pao fr O Z Sa VAS Aires 8 natp 60 3 186 17S feg binlcoeligipage 7 vi Elo ins Gsm w Info Route Route allows the user to apply a static route to the Voice Appliance Apply Route D IP Network Netmask Gateway To configure routing to support the transfer of VoIP data for more than one subnet go to the VoIP N page Submit Reset a ere Check the Apply Route box Enter an IP Network address Enter a Netmask address Enter a Gateway address Press Submit To delet
33. 9 Yes 10 10 13 129 Add a prefix Action Add new prefix Prefix Index Strip Add Neighbor Local Zone Address User Guide V2IU 5300 S Series Converged Network Appliance This page includes the following areas Item Description Prefix Routing and Lists rules for forwarding incoming calls based on their dialed alias Gatekeeper Rules are executed in the order in which they are listed Use the Neighboring arrows to move entries up and down or use the Index field to table specify where a new or edited rule falls in the list Add a prefix Allows you to add new prefixes to the Prefix Routing and Gatekeeper Neighboring table Item Description Action Indicates whether the rule is to be added or edited Prefix Specifies the prefix pattern to be matched against the dialing string See lt I_link gt Regular Expressions on page 11 for details on valid patterns Index Determines the order in which the rule is scanned in the Prefix and Gatekeeper Neighboring table To add a rule between two rules with consecutive indexes n and m use the higher index m Strip Indicates whether the matching prefix is stripped from the dialing string Add Specifies a string to be prepended to the dialing string Neighbor Determines whether a location request LRQ is sent when this prefix matches If enabled the prefix becomes a neighboring s
34. CABLE LAW EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND OR OTHER PARTIES PROVIDE THE PROGRAM AS IS WITHOUT WARRANTY OF ANY KIND EITHER EXPRESSED OR IMPLIED INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU SHOULD THE PROGRAM PROVE DEFECTIVE YOU ASSUME THE COST OF ALL NECESSARY SERVICING REPAIR OR CORRECTION 12 IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER OR ANY OTHER PARTY WHO MAY MODIFY AND OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE BE LIABLE TO YOU FOR DAMAGES INCLUDING ANY GENERAL SPECIAL INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES END OF TERMS AND CONDITIONS FCC PART 15 NOTICE This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 This device must accept any interference received including interference that may cause undesired operation Industry Canada NOTICE This Class A digital a
35. CT YOU ACKNOWLEDGE THAT YOU HAVE READ UNDERSTAND AND AGREE TO BE BOUND BY THE TERMS AND CONDITIONS INDICATED ABOVE Polycom Inc 2007 ALL RIGHTS RESERVED 4750 Willow Road Pleasanton CA 94588 U S A Software included in this product contains a module called Psy VoIP which is protected by copyright and by European US and other patents and is provided under licence from Psytechnics Limited Portions of this product also include software sponsored by the Free Software Foundation and are covered by the GNU GENERAL PUBLIC LICENSE GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING DISTRIBUTION AND MODIFICATION This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License The Program below refers to any such program or work and a work based on the Program means either the Program or any derivative work under copyright law that is to say a work containing the Program or a portion of it either verbatim or with modifications and or translated into another language Hereinafter translation is included without limitation in the term modification Each licensee is addressed as you Activities other than copying distribution and modification are not covered by this License they are outside its scope The act of running the Program is not restricted and the output from the Program is covered on
36. DESCRIPTION AND NON INFRINGEMENT ALL OF WHICH ARE EXPRESSLY DISCLAIMED POLYCOM NEITHER ASSUMES NOR AUTHORIZES ANY OTHER PERSON TO ASSUME FOR IT ANY OTHER LIABILITY IN CONNECTION WITH THE SALE INSTALLATION MAINTENANCE OR USE OF THE SOFTWARE PRODUCT NO ADVICE OR INFORMATION WHETHER ORAL OR WRITTEN OBTAINED BY YOU FROM POLYCOM OR THROUGH OR FROM THE SOFTWARE PRODUCT SHALL CREATE ANY WARRANTY NOT EXPRESSLY STATED IN THIS AGREEMENT POLYCOM SHALL NOT BE LIABLE UNDER THIS WARRANTY IF ITS TESTING AND EXAMINATION DISCLOSE THAT THE ALLEGED DEFECT OR MALFUNCTION IN THE SOFTWARE PRODUCT DOES NOT EXIST OR WAS CAUSED BY YOUR OR ANY THIRD PARTY S MISUSE NEGLECT IMPROPER INSTALLATION OR TESTING UNAUTHORIZED ATTEMPTS TO MODIFY THE PRODUCT OR ANY OTHER CAUSE BEYOND THE RANGE OF THE INTENDED USE OR BY ACCIDENT FIRE LIGHTNING POWER CUTS OR OUTAGES OTHER HAZARDS OR ACTS OF GOD 7 LIMITATION OF LIABILITY YOUR USE OF THE SOFTWARE PRODUCT IS AT YOUR SOLE RISK YOU WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE TO YOUR COMPUTER SYSTEM OR LOSS OF DATA THAT RESULTS FROM THE DOWNLOAD OR USE OF THE SOFTWARE PRODUCT TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW IN NO EVENT SHALL POLYCOM OR ITS SUPPLIERS BE LIABLE FOR ANY SPECIAL INCIDENTAL INDIRECT OR CONSEQUENTIAL DAMAGES WHATSOEVER INCLUDING WITHOUT LIMITATION DAMAGES FOR LOSS OF BUSINESS PROFITS BUSINESS INTERRUPTION LOSS OF BUSINESS INFORMATION OR ANY OTHER PECUNIARY LOSS ARISING OUT OF TH
37. E USE OF OR INABILITY TO USE THE SOFTWARE PRODUCT OR THE PROVISION OF OR FAILURE TO PROVIDE SUPPORT SERVICES EVEN IF POLYCOM HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES IN ANY CASE POLYCOM S ENTIRE LIABILITY SHALL BE LIMITED TO THE GREATER OF THE AMOUNT ACTUALLY PAID BY YOU FOR THE SOFTWARE PRODUCT OR U S 5 00 PROVIDED HOWEVER IF YOU HAVE ENTERED INTO A POLYCOM SUPPORT SERVICES AGREEMENT POLYCOM S ENTIRE LIABILITY REGARDING SUPPORT SERVICES SHALL BE GOVERNED BY THE TERMS OF THAT AGREEMENT 8 INDEMNITY You agree to indemnify and hold harmless POLYCOM and its subsidiaries affiliates officers agents co branders customers or other partners and employees from any loss claim or demand including reasonable attorneys fees made by any third party due to or arising out of your use of the SOFTWARE PRODUCT your connection to the SOFTWARE PRODUCT or your violation of the Terms Regulatory Notices 5 User Guide V2IU 5300 S Series Converged Network Appliance Regulatory Notices 6 9 DISCLAIMER Some countries states or provinces do not allow the exclusion or limitation of implied warranties or the limitation of incidental or consequential damages for certain products supplied to consumers or the limitation of liability for personal injury so the above limitations and exclusions may be limited in their application to you When the implied warranties are not allowed to be excluded in their entirety due to local law they
38. IP call control server or H 323 gatekeeper The IP Network address e The Netmask e The Gateway You can configure up to 20 VoIP subnets To configure VoIP subnet routing 1 Inthe navigation bar select System Configuring VolP In the System menu select VoIP Subnet Routing D 66 57 177 5 NGT EWN CdgeProtectt Microsoft internet Explorer Ek Gide Yew Fawkes Tools Hsp TED O O DAG Pua ku O BSB LAOS cross 48 hitp 60 3 186 2 75 eg bn keonlygrpape 20 Vi Ba ms Gsm ty VoIP Subnet Routing Inia Allow ALG routing of VoIP data for multiple subnets Update Subnet List IP Network Netmesk Gateway Delete Subnet o Currently Configured Subnets IP Network Netmask Gateway 209 245 92 69 255 255 255 255 66 52 177 1 212 119 189 57 255 255 255 255 66 52 177 1 63 123 133 23 255 255 255 255 66 52 177 1 209 245 92 23 255 255 255 255 66 52 177 1 209 245 92 4 255 255 255 255 66 52 177 1 _Sutrret Reset a riemet Enter the network address in IP Network such as 10 10 12 0 This is the IP address of the remote subnet containing the voice devices Enter a subnet mask in Netmask such as 255 255 255 0 A subnet mask of the network determines which packets are destined for the 5300 5 Enter and address in Gateway such as 10 10 10 2 This is the IP address of the intermediate router that knows the return path to the remote subnet from the 5300 S Press Submit You can configure as ma
39. Microsoft Internet Explorer fei Ee Ei wew Favertes Tods Hsp a O O WAG Px gro O 2 Sa Us Adress E hetp 1j69 3 106 175fegbinfconiig page 2 aaa Eo s Gom er About The Voice Appliance Suggested Deployment Features Connections Quick Start ALG only noret 4 To log in select Network from the navigation bar 5 Inthe Connect to pop up enter the following default information Connect to 69 3 186 163 VOICE APPLIANCE User name Password For username root For password default Caution To maintain your network security be sure to change the default username and password as described under Changing the Administration Password on page 7 1 Configuring the V2IU 5300 S 6 Continue to configure the system using the information provided in subsequent chapters of this guide Logging In and Out of the 5300 S You are prompted to log in every time you point a new browser session to the Configuration URL To log out simply close your browser Navigating Through the Configuration Pages Navigate through the configuration pages from the navigation bar About The Voice Appliance Suggested Deployment Features Connections Quick Start ALG only The choices are User Guide V2IU 5300 S Series Converged Network Appliance Menu Description Network Through the Network page you can configure a wide range of multimedia network services These services can be enabled
40. Modify Time To Live New Time To Live Specifies the IP address of the gatekeeper Allows you to override the value for time to live returned by the gatekeeper before forwarding the response to the endpoint Specifies how long an endpoint s registration should be valid Configuring for Video If LAN Subscriber Side Gatekeeper mode is selected you must configure the following parameters Item Description LAN Subscriber side GK Enter the IP address of the gatekeeper address Allow public IP in LCF Select the checkbox if the gatekeeper has been deployed with multiple outbound proxies and must decide which proxy to use based on the IP address returned in the LCF This is an advanced configuration option and should usually not be selected If Embedded Gatekeeper is selected you must configure the following parameters Item Description Time to Live s Enter a time in seconds This setting controls how long an endpoint s registration should be valid At the end of this period the endpoint sends another registration request Prevent calls from Blocks unregistered LAN side endpoints from unregistered endpoints making calls through the device In the LRQ Size area you can limit the number of source aliases in a forwarded LRQ message to a maximum of two to allow interoperability with gatekeepers that cannot handle more than two source aliases In the Default Alias area you can specify a default alias
41. OLYCOM POLYCOM does not warrant that your use of the SOFTWARE PRODUCT will be uninterrupted or error free or that all defects in the SOFTWARE PRODUCT will be corrected You assume full responsibility for the selection of the SOFTWARE PRODUCT to achieve your intended results and for the installation use and results obtained from the SOFTWARE PRODUCT POLYCOM s sole obligation under this express warranty shall be at POLYCOM s option and expense to refund the purchase price paid by you for any defective software product which is returned to POLYCOM witha copy of your receipt or to replace any defective media with software which substantially conforms to applicable POLYCOM published specifications Any replacement SOFTWARE PRODUCT will be warranted for the remainder of the original warranty period or thirty 30 days whichever is longer 6 2 Warranties Exclusive IF THE SOFTWARE PRODUCT DOES NOT OPERATE AS WARRANTED ABOVE YOUR SOLE REMEDY FOR BREACH OF THAT WARRANTY SHALL BE REPAIR REPLACEMENT OR REFUND OF THE PURCHASE PRICE PAID AT POLYCOM S SOLE OPTION TO THE FULL EXTENT ALLOWED BY LAW THE FOREGOING WARRANTIES AND REMEDIES ARE EXCLUSIVE AND ARE IN LIEU OF ALL OTHER WARRANTIES TERMS OR CONDITIONS EXPRESS OR Regulatory Notices IMPLIED EITHER IN FACT OR BY OPERATION OF LAW STATUTORY OR OTHERWISE INCLUDING WARRANTIES TERMS OR CONDITIONS OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE SATISFACTORY QUALITY CORRESPONDENCE WITH
42. SIP Server Port Always hairpin SIP media Normally set to False If set to True then SIP phone to phone calls made on the Subscriber side of the 5300 S will always have their RTP traffic flow to and back from the EP subscriber interface SIP Expires override The SIP Expires override field specifies the number of seconds a registration should be valid The 5300 S uses this value to re write the expires value returned from the soft switch before forwarding it to the IP phone This value is used to force the IP phone to register at the configured interval And helps to maintain NAT bindings in network based firewalls when the 5300 S is performing NAT firewall traversal SIP Soft Switch Expires override The SIP Soft Switch expires override field specifies the number of seconds that should be used when forwarding registration messages to the soft switch on behalf of the IP phones This should be higher than the rate pacing value otherwise the soft switch may consider the phone s registration to have expired If this field is not set the phone s value is forwarded unchanged User Guide V2IU 5300 S Series Converged Network Appliance Field Description SIP Register pacing If the SIP Expires override field is set to a lower value the number of registration messages may overload the soft switch In order to prevent this you can set the SIP Register pacing field to the number of seconds to wait b
43. T However if the SOFTWARE PRODUCT is marked Not for Resale or NFR you may not resell it or otherwise transfer it for value 2 6 Copyright All title and copyrights in and to the SOFTWARE PRODUCT including but not limited to any images photographs animations video audio music text and applets incorporated into the SOFTWARE PRODUCT the accompanying printed materials and any copies of the SOFTWARE PRODUCT are owned by POLYCOM or its suppliers Title ownership rights and intellectual property rights in the SOFTWARE PRODUCT shall remain in POLYCOM or its suppliers Title and related rights in the content accessed through the SOFTWARE PRODUCT is the property of such content owner and may be protected by applicable law This Agreement gives you no rights in such content 2 7 Confidentiality The SOFTWARE PRODUCT contains valuable proprietary information and trade secrets of POLYCOM and its suppliers that remains the property of POLYCOM You shall protect the confidentiality of and avoid disclosure and unauthorized use of the SOFTWARE PRODUCT 2 8 Dual Media Software You may receive the SOFTWARE PRODUCT in more than one medium Regardless of the type or size of medium you receive you may use only one medium that is appropriate for your single PRODUCT You may not use or install the other medium on another PRODUCT 2 9 Reservation of Rights POLYCOM reserves all rights in the SOFTWARE PRODUCT not expressly granted to you in this
44. To delete a client click the trashcan in the No Sort column Administrative Options 2 Press OK to delete the client or Cancel to end the operation Microsoft Internet Explorer 2 Are you sure that you want to delete this client This will interrupt phone services Querying clients To query a client 1 Click the Information Icon in the No Sort column T 66 52 177 5 NGT EWN CdpeProtect Microsoft internet Explorer Ek ER Yev Fates Tels He a O O AAG pamm ku O BSB VAS Address B hip 169 3 186 2 PS eo biori page t7aprotomsipts tpage asorte otip 92 168 1 1636nwe BSIE2EME1S 100 Eo mis Gsm ty SIP Clients List ah Protocol to display SIP MGCP H323 Client Information Client 8885287464 Address 192 166 1 163 Registered Not Registered Client List Filter No Sort Address Port Name ge 182 168 2 163 soca esesea7se4 100 ge os s 168 179 soca 7202664640 BE 69 3 185 174 soco 7202604041 E c9 3 185 174 soea 7202064039 Midi P Displaying page 1 of 1 Number of clients 4 Add a SIP client to the client list Neme Address Port 4 rremet 2 Details about the selected client display at the top of the page Adding clients To add a client 1 Enter the client Name 2 Enter an IP Address 3 Enter a Port User Guide V2IU 5300 S Series Converged Network Appliance Press Submit Restarting the Network Use Networ
45. U 5300 S Series Converged Network Appliance Viewing or Changing the ToS Byte Setting To view or change the ToS byte setting use the following steps 1 Using the configuration graphical user interface from the Configuration Menu on the left hand side click Traffic Shaper 2 Scroll down the area of the screen shown below Differentiated Services Code Point DSCP Expedited Forwarding default OTIP Precedence O Assured Forwarding OCustom Value 1 63 Enable TOS Byte Stripping Enable Call Admission Control Maximum number of calls allowed Note See the Info page for help determining how many calls your WAN link can support 3 For most situations you should leave this setting as it is Only change it if your provider indicates that you should do so If your provider indicates that you need to change the ToS byte setting that provider should also provide the other parameters required on this screen A If you have changed the values click Submit to activate the new settings Setting the Ethernet Link Rate Note Ethernet autonegotiation is often unreliable especially between different vendors or old and new networking equipment Failure of autonegotiation is generally not a cause for concern However if the negotiated rates change intermittently or the link is reported as no link or down the link rate may need to be set manually An interface that flutters because of the autonegotiation sett
46. UTING t nat s 192 168 20 10 j ACCEPT Use caution when adding user commands The system may become unreachable if an incorrect command is entered Administrative Options To enter a user command 1 Choose User Commands from the System menu on the navigation bar T 66 57 177 5 NGT EWN CdpeProtect Microsoft internet Explorer eX Ee ER Yow Faotes ods hsp L7 O HAO Pu ka O 2 Sa LAOS Address 4B htp 160 3 186 1 75eg binloonligpage 0 yi Bo ms Gsi w User Commands The User Commands paga is used to enter specialized commands or enable features that ara not available thraugh other GUI pages User commands are commonly used ta create user specific firewal and routing rules The user should use caution whan adding user commands The system may become unreachable if an incorrect command is entered Onca user commands have been entered it is recommendad that Network Bastart is performed whenever configuration changas have been made to the system The is to guarantee that the user commands are run on the target User Commands killall syslogd abin ayslogd n L R 10 100 64 34 601 Submit Reset x a internet Enter a command in the User Commands area Press Submit Restart the network to guarantee that the user commands are running See Restarting the Network on page 7 6 Managing SIP MGCP or H 323 Clients You can view and manage information about devices that have registered as clie
47. User Guide V2IU 5300 S Converged Network Appliance V7 2 2 May 2007 Trademark Information Polycom the Polycom logo design and others that appear in your document are registered trademarks of Polycom Inc List other trademarks are trademarks of Polycom Inc in the United States and various other countries All other trademarks are the property of their respective owners 2007 Polycom Inc All rights reserved Polycom Inc 4750 Willow Road Pleasanton CA 94588 2708 USA No part of this document may be reproduced or transmitted in any form or by any means electronic or mechanical for any purpose without the express written permission of Polycom Inc Under the law reproducing includes translating into another language or format As between the parties Polycom Inc retains title to and ownership of all proprietary rights with respect to the software contained within its products The software is protected by United States copyright laws and international treaty provision Therefore you must treat the software like any other copyrighted material e g a book or sound recording Every effort has been made to ensure that the information in this manual is accurate Polycom Inc is not responsible for printing or clerical errors Information in this document is subject to change without notice Contents Introduction ccccccccccccccccccececcecsl l Introducing the V7IU 5300 S Converged Network Applianc
48. age 11 for details on valid patterns Index Determines the order in which the rule is scanned in the Destination H323 ID or E 164 Alias Modification table To add a rule between two rules with consecutive indexes n and m use the higher index m Replace Specifies the string that will replace the matched pattern H 323 Neighboring Configuring for Video The H 323 Alias Manipulation page includes the following buttons Item Description Commit Applies the settings configured on this page Reset Clears all fields and selections and allows you to enter new information Neighboring and prefix routing can be used to route calls based on a match ing prefix in the destination alias of the call The call decision is made follow ing alias manipulation and acts on the modified string similar to other call lookup processes such as registered client look up Each prefix is associated with a domain name or IP address that is used in the event that the prefix matches To access the H 323 Neighboring page formerly the Prefix Routing page select VoIP ALG gt H 323 gt Neighboring in the Configuration Menu Help H 323 Neighboring Prefix Routing and Gatekeeper Neighboring The prefix routing table can be used to forward incoming calls based on their dialed alias Prefix and Gatekeeper Neighboring table Select All None Action Delete Index Prefix Strip Add Neighbor Local Zone Address e
49. arted the status of the upgrade is displayed The progress of the upgrade process can be upgraded by pressing the refresh the upgrade status link Administrative Options To upgrade the firmware 1 In the navigation bar select System 2 Inthe System menu select Upgrade Firmware D 66 52 177 5 NGT EWN CdgeProtect Microsoft internet Explorer Ek ER yov Fates Lads He a O AAG Pwo g O 3a Us Access EEC Bo e Gon w Upgrade Firmware Currant Version Version 5 1 0Beta2 mem Fn Feb 4 09 29 09 PST 2005 Fill in the IP address of the Download FTP Server Your service provider will supply this IP address and possibly a filename if you need to upgrade When you update your firmware telephone services will be unavailable for several minutes It is advised that finnware updates be installed during a maintenance window when telephone traffic can be interrupted Download Server 204202 2 188 Filename eflech bin Subme Reset Bore O internet 3 Enter an Download Server IP address 4 Enter a Filename 5 Press Submit Configuring a Management Interface You can configure a specific management interface and restrict management of the system to this interface only When enabled connections to management protocols such as HTTP SSH SNMP Telnet will only be allowed through this interface If you configure a management interface you must also configure trusted management addresses when yo
50. ay be amended only by a writing executed by both parties If any provision of this Agreement is held to be unenforceable such provision shall be reformed only to the extent necessary to make it enforceable 11 3 Contact If you have any questions concerning this Agreement or if you desire to contact POLYCOM for any reason please contact the POLYCOM office serving your country 11 4 U S Government Restricted Rights The SOFTWARE PRODUCT and documentation are provided with RESTRICTED RIGHTS The SOFTWARE PRODUCT programs and documentation are deemed to be commercial computer software and commercial computer software documentation respectively pursuant to DFAR Section 227 7202 and FAR 12 212 b as applicable Any use modification reproduction release performance display or disclosure of the SOFTWARE PRODUCT programs and or documentation by the U S Government or any of its agencies shall be governed solely by the terms of this Agreement and shall be prohibited except to the extent expressly permitted by the terms of this Agreement Any technical data provided that is not covered by the above provisions is deemed to be technical data commercial items pursuant to DFAR Section 227 7015 a Regulatory Notices Any use modification reproduction release performance display or disclosure of such technical data shall be governed by the terms of DFAR Section 227 7015 b BY INSTALLING COPYING OR OTHERWISE USING THIS SOFTWARE PRODU
51. ble Remote System Logging Setting the System Date and Time The System Time page allows the user to set the 5300 S s time or configure it to synchronize with a network time source via Simple Network Time Protocol SNTP To set the system date and time 1 In the navigation bar select System 2 Inthe System menu select System Time T 66 52 177 5 NGT EWN CdpeProtect Microsoft internet Explorer Ei Ek Yew Fuvortes ods hsp C7 OO HAG Psa Ferme O Z Sa LAOS Address B hatp 69 2 186 175e binoni oaee Eo ins Qsan po Info System Time Configure the systern time of the Voice Appliance Current System A RAR Date 02 15 2005 20 16 06 UTC Note time synchronization may take several minutes The Vaice Appliance must have connectivity to the time server and be authorized to request time Refresh this page to view the updated time If time is not updated verify that the time server can be reached by using ping Enable SNTP B SNTP Server 65 1141331 Set Date UTC time Month Day Year Hour Min Sec ri Bowe internet Enable SNTP by checking the box To synchronize with a SNTP server on the network enable SNTP and set the address of the SNTP server The server address can be either an IP address or the DNS name of the SNTP server 5 To set the date and time enter information as follows The date on the device can be set manual using this option The values are entered in numeric form User Guide V
52. condary DNS Server Press Submit User Guide V2IU 5300 S Series Converged Network Appliance 4 10 Configuring for Video This chapter describes how to configure the Polycom V7IU 5300 S to support video e H 323 Configuration e Forwarding Rules e Peering Proxy e Clients List Lock e H 323 Activity Monitor e H 460 Operation Mode User Guide VIU 5300 S Series Converged Network Appliance H 323 Configuration To access the H 323 Settings page select VoIP ALG gt H 323 in the Configura tion Menu Hel H 323 Settings aaa H 323 protocol settings Gatekeeper mode The gatekeeper mode configuration specifies whether the system should work in WAN Provider side gatekeeper mode Peering Proxy mode or embedded gatekeeper mode ONone H 323 is disabled OWAN Provider side gatekeeper mode LAN Subscriber side gatekeeper mode Peering Proxy mode configure prefixes Embedded gatekeeper mode WAN Provider side gatekeeper mode settings The H 323 gatekeeper that all client traffic shall be forwarded to WAN Provider side GK address 192 168 1 25 Modify Time To Live New Time To Live s 00 N A Not in WAN GK mode Gatekeeper reachability LAN Subscriber side gatekeeper mode settings The H 323 gatekeeper that all incoming calls should be forwarded to It is possible to have a LAN side gatekeeper configured for peering proxy mode as well LAN Subscriber side GK address
53. d Baftash the VaR status VRRP Configuration Enable VRRP Subscriber IF Virtual IP Address Port 1 Subscriber IF Virtual Routing ID Provider IF Virtual IP Address Port 2 Provider IF Virtual Routing ID VRRP Advertise Interval VRRP Authentication Password Gratuitous ARP Delay Somi Reset Elwe intemet To enable VRRP check the Enable VRRP box Enter a Subscriber IF Virtual IP Address The common virtual IP address to be shared on the Port 1 interface Enter a Subscriber IF Virtual Routing ID A unique number in the range 1 255 that identifies the router for the Subscriber virtual IP Enter a Provider IF Virtual IP Address The common virtual IP address to be shared on the Port 2 interface Enter a Provider IF Virtual Routing ID A unique number in the range 1 255 that identifies the router for the Provider virtual IP Enter the VRRP Advertise Interval How often in seconds that VRRP packets should be sent Enter the VRRP Authentication Password Password used to authenticate routers in a VRRP group Configuring VolP 10 Enter the Gratuitous ARP Delay How long in seconds an 5300 S should wait after a switch over before sending Gratuitous ARPs packets 11 Press Submit User Guide V2IU 5300 S Series Converged Network Appliance 5 10 Configuring the Firewall This chapter describes how to configure the 5300 5 as a firewall It contains the following sections e Configuring Basic Fir
54. e 1 1 Features aa Saye ect ysis Mitac E tar dea nhac Me eet EE edt ec 1 4 Front Panel e2kccccanrecinvSeser einer euent nd bebe wwind EEEE A 1 4 Management Features verir iid edi at eee EEA ieee eae 1 5 Installing the 5300 S cece ce eee eee eee 22 Configuring the V2IU 5300 S 0 eee ee ee ee OO Connecting to the 5300 S oo eee ee 3 1 Logging In and Out of the 5300 S 0 666 3 3 Navigating Through the Configuration Pages 0 000 05 3 3 Read Only Usei Socr esserssder Coho EI ESEN ESTEE DEEPER E CEDE 3 4 Enabling a Read only User 0 rreran rrr 3 4 Getting help noeciriiai ita ae ca de EER EEEE hase Wale EREA 3 5 Getting information about the network 4 3 5 Routing Information 0000 eee eee 3 6 Link Status 2 223 5 eceeewt odes ted eetuleg ete see bode ewe 3 7 Interface Information 6 3 7 Getting information about the system 08 3 7 System UPtMe erosie ra he bees ok rE EE ede Ree 3 8 Number of active streams 000 0000 3 8 Recent Call Log occ ceg pete tac be hte whe wise de nebo ote 3 9 Process Information 0 0000s 3 9 Memory Usap eies piia iai aa i eaaa aeii 3 9 System Logging Messages nnunnannnn rren eee eens 3 9 Configuring Network Settings 200e0000 4 1 Configuring Subscriber Interface Settings 000005 4 1 Config
55. e Gsi w Network ata Networking configuration Information for the public and private networks Subscriber Interface Settings IP Address 69 3186 175 Subnet Mask 255 255 265 224 Provider Interface Settings OADSL PPPOE ODHCP Static IP Address IP Address 6552 1775 Subnet Mask 255 255 255 0 Network Settings Default Gateway 633 186161 Primery DNS Server 4222 Secondary ONS Server To configure the management interface click here a internet 2 In Subscriber Interface Settings highlight and replace the default IP Address and Subnet Mask 3 If you are configuring network settings see the instructions in Configuring the Network on page 4 8 A Ifyou want to configure a management interface that is different than the default complete all of the configuration tasks then see Configuring a Management Interface on page 7 9 5 Press Submit Note After submitting the new configurations you need to reconnect to the 5300 S using the new IP address and subnet mask before you can continue with the configuration Configuring Provider Interface Settings The provider interface defines the interface between the 5300 S and internal voice video and data devices This interface is generally connected to the private network Subinterfaces Configuring Network Settings To configure provider interface settings 1 In the navigation bar select Network T 66 52 177 5 NGT CWN CdpeProtect Micr
56. e H 323 activity logs shows recent H 323 events such as call terminations and registration rejects H 323 activity logs Event Time Source Destination The list is currently empty 2 On this screen the event list contains three columns The Event Time field shows the type of event and the time that it occurred The Source field shows the source of the event as an IP address and an alias when available The Destination field shows the destination of the event as an IP address and an alias when available User Guide VIU 5300 S Series Converged Network Appliance H 460 Operation Mode This feature allows the Polycom V7IU 5300 S to do NAT Firewall traversal for clients behind NAT or firewall devices The endpoint must always signal H 460 18 capability for this feature to be enabled Note For this to be fully functional it must be enabled with H 460 capability on both ends How H 460 Operation Mode Works 4 28 H 460 18 is an extension to H 323 for traversing NAT Firewalls when communicating between H 323 devices Typically a NAT Firewall will block any incoming connection attempts from a public side host to a private side host The figure below shows a basic configuration of video users with both firewall and non firewall connections Configuring for Video Gatekeeper Video User D V7IU S Video User E Video User C Internet NAT Fire
57. e Program In addition mere aggregation of another work not based on the Program with the Program or with a work based on the Program on a volume of a storage or distribution medium does not bring the other work under the scope of this License 3 You may copy and distribute the Program or a work based on it under Section 2 in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following a Accompany it with the complete corresponding machine readable source code which must be distributed under the terms of Sections 1 and 2 above ona medium customarily used for software interchange or b Accompany it with a written offer valid for at least three years to give any third party for a charge no more than your cost of physically performing source distribution a complete machine readable copy of Regulatory Notices the corresponding source code to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange or c Accompany it with the information you received as to the offer to distribute corresponding source code This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer in accord with Subsection b above The source code for a work means the preferred form of the work for making modifications to it For an executable work
58. e a static route uncheck the Apply Route box User Guide V2IU 5300 S Series Converged Network Appliance Appendix Troubleshooting Tips This section assists you with problems you may encounter while installing the 5300 S Trouble accessing the Internet We recommend connecting a PC either directly or through a switch to the Port 1 of the 5300 S The default IP address of the 5300 S is 192 168 1 1 so please be sure that the IP address of the PC is on the same network eg 192 168 1 2 Once you have connected please verify that the IP configuration information in the Network page is correct Some other items to try e Ping the Port 2 interface of the 5300 S from the attached PC e Ping the DNS server for your network Sometimes connectivity problems occur when the domain name being used cannot be mapped to the proper IP address e Ping a well known address on the Internet e Ping the IP address of the softswitch No dial tone If don t hear a dial tone when off hook e Check the configurations on the VoIP ALG page e Make sure the ALG registration code is configured Appendix 1 User Guide V2IU 5300 S Series Converged Network Appliance Checking the ALG registration code To check the ALG registration code 1 From the navigation bar select System 2 From Registration Status click License Key 3 If you do not see a license key please contact Polycom Technical Services Telephone doesn t register with the softswitch
59. eceive copies directly or indirectly through you then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program If any portion of this section is held invalid or unenforceable under any particular circumstance the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system it is up to the author donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License 8 If the distribution and or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries so that distribution is permitted only in or among cou
60. ect the AC power cord to a properly grounded AC outlet to avoid damage to the system or injury Never place objects greater than 5 lbs on top of the 5300 as damage to the chassis may result Ensure that the physical location of the installation has adequate air circulation and meets the minimum operating conditions as provided in the environmental specifications for the system User Guide V2IU 5300 S Series Converged Network Appliance Configuring the V2IU 5300 S Configure the Polycom V7IU 5300 S using a web browser such as Internet Explorer or Netscape Navigator The 5300 5 is shipped with a pre configured IP address for its Subscriber Port 1 interface This chapter includes the following sections Connecting to the 5300 S Logging In and Out of the 5300 S Navigating Through the Configuration Pages Read only User Getting help Connecting to the 5300 S You need to connect to the 5300 S before you can configure it to work with your network Connect using the supplied preset IP address and subnet mask You are also supplied with a default user ID and password To connect to the 5300 S 1 Connect a PC using an IP address of 192 168 1 2 and subnet mask of 255 255 255 0 to Port 1 of the 5300 S 2 Launcha web browser on the PC and enter the URL string 192 168 1 1 User Guide V2IU 5300 S Series Converged Network Appliance 3 Press Return The Main Configuration Menu appears Z 66 52 177 5 NGT EWN EdgeProtect
61. ed to enter a Prefix on their VIU with a corresponding destination IP If the user was to dial another user NOT destined to your network with the same beginning prefix the prefix configured on this V7IU would create a prefix match and the call would route incorrectly The call routes to the destination defined in the prefix and not to the intended endpoint The example shows Private Video Network A s Peering Proxy with an inbound prefix defined as 8315 Any inbound call that matches 8315 with any 6 digits creates a prefix match and sends the call to 10 10 11 1 Refer to Regular Expressions in the Info button on the GUI interface for information on all the methods for defining prefixes Private Video Network A is one example of a V IU configured in LAN Side Gatekeeper mode with an ANNEX O dial method to dial Off Net Internal On Net endpoints registered to the LAN Side Gatekeeper will dial E 164 only This allows any location to place calls to any location with an ANNEX O dial plan that is E 164 WAN_IP or other V IU s deployed on the network In this example a Peering Proxy has been deployed to allow dialing ingress and egress to the Public Internet At each V7IU location required to egress the Public Internet requires a Prefix to be configured This allows that location s endpoint to dial Off Net to the Public Internet This prefix can be configured to any digit and may be part of the externally dia
62. ee 6 4 Administrative Options cece cece cee Jol Changing the Administration Password 000000 000s 7 1 Specifying User Commands 0 00 cece eee eee 7 2 Managing SIP MGCP or H 323 Clients 0 eee eee eee eens 7 3 Selecting a client ee cei cuss eii titian KiE Qasue Sob aes ob dee aah aes 7 4 Deleting clients secre ri turira tea a Niele ae lene oe ATS 7 4 Querying clients serirsstoesiesesri cerisier eieii ei eie eieiei 7 5 Adding clients 725 i2ci siete whiws cacti TETE EEE TEREE ERAS 7 5 Restarting the Network 0 0000s eee eee eee 7 6 Rebooting the System 0 0 e eee eiro 7 6 Using Network Test Tools 0 000 e eee eee eee 7 6 Running a ping test a cccncesneee deck EERE EEEE EE ERA AEP nse s 7 7 Running a traceroute test 0 0 0 eee eee 7 7 Upgrading the Firmware 0 0 eee eee 7 8 Configuring a Management Interface 0 00 0 c ee eee eee eee 7 9 Configuring the interface 0 7 9 Reconnecting the 5300 5 1 00 eee eee eee eee 7 10 Figure 1 Move the connection from Port 2 to Port3 7 11 Configuring the Trusted Management Addresses 7 11 Setting the Provider MTU Size 0 00000 7 12 Enabling SNMP esene ieaiaia nea Me eae E eevee aides 7 13 Disabling SNMP dey estes site Scene EEEIEE E EERE Aes 7 15 Enabling remote system logging 6 c cece eee eee 7 15
63. efore forwarding a register message from one phone to the soft switch Any register messages received before this time will be locally answered by the 5300 S For example you may set the expires value to 60 and the pacing value to 1800 to have the phone register to the 5300 S every minute but only let a register message through to the soft switch every 30 minutes TFTP Server IP Address This allows the 5300 S to forward proxy TFTP requests from devices on the Subscriber side to a TFTP server on the Provider side Enter the IP address for the TFTP Server H232 Gatekeeper IP Address If an H 323 ALG is needed enter the address either an IP or URL for the H 323 Gatekeeper This address should be reached via the Provider side Ethernet port Use ALG Alias IP Addresses Not used ALG Subscriber Interface Not Used Automatic MCCP Re registration Automatic MGCP Re registration is used to re register MGCP endpoints every time the network or system restarts Enable this feature to automatically synchronize the softswitch and phones immediately after a restart The default is Enabled MGCP Re registration Rate s The MGCP Re registration Rate is used to set the number of MGCP RSIP messages to send per second to the Media Gateway Controller when re registration is needed If the MGCP Re registration Rate needs to be changed enter a value between 1 and 5 Generally this value does not need to
64. ekeeper Mode WAN Provider side gatekeeper mode settings LAN Subscriber side gatekeeper mode settings Embedded gatekeeper mode settings LRQ Size Default Alias Stale Time Multicast Messages User Guide V2IU 5300 S Series Converged Network Appliance e H 460 18 Support e Alias Restrictions In the Gatekeeper mode area select one of the following modes Item Description None WAN Provider side gatekeeper mode LAN Subscriber side gatekeeper mode Peering Proxy mode Embedded gatekeeper mode H 323 is disabled Specifies that the system will forward all client RAS messages to the gatekeeper If this is selected you must configure the settings in the WAN Provider side gatekeeper mode settings area Specifies that the system will act as a gatekeeper If this option is selected you must configure the settings in the LAN Subscriber side gatekeeper mode settings area Allows calls to be forwarded to other endpoints based on the information sent from the endpoints All the information about routing the call must be sent as part of the request or prefixes must be configured Provides gatekeeper functions and accepts endpoint registrations If this option is selected you must configure the settings in the Embedded gatekeeper mode settings area If WAN Provider Side Gatekeeper mode is selected you must configure the following parameters Item Description WAN Provider side GK address
65. ernet Explorer Ek Edt Yew Fates Tous tp a O O AAG Pm f O 2 a WAS rass 4 htp 460 3 126 1 7S eg binoni pagen vi Bo umis Gs wy Services Configuration Customize the configuration of the services accessible on the Voice Appliance Enable SNMPv1 a SNMPv1 Read Only wblic Community p SNMP 1 Trap Community Enable SNMPv3 1c SNIVPv3 User Name edgewater ensnenees Ash PriMS DES SNMPV3 Trap Context SNMP Common Configuration System Location ean System Contact nge Port 161 Trap Destination IP Enable Remote System Logging Remote Syslog Host 6652 177 200 Curent Hostname NGT EWN Edge rotect1 2 internet 3 Enter information as described in the following table Field Description SNMPv1 Read Only Community The community string that the management station uses when accessing read only objects from the 5300 S The default is public SNMPv1 Trap Community Trap community string place in trap pdus SNMPvs3 User Name If SNMPv3 is enabled this field defines the SNMPv3 user name for SNMPv3 USM based authentication and VACm access control SNMPv3 Passphrase The SNMPv3 passphrase is optionally used to authenticate the user as well as encrypt the payload based on the SNMPv3 Security setting below The minimum length of a valid passphrase is 8 7 14 Administrative Options Field Description SNMPv3 Security The SNMPv8 security level
66. event POLYCOM from claiming any further damages If you do not comply with any of the above restrictions this license will terminate and you will be liable to POLYCOM for damages or losses caused by your non compliance The waiver by POLYCOM of a specific breach or default shall not constitute the waiver of any subsequent breach or default 5 UPGRADES If the SOFTWARE PRODUCT is labeled as an upgrade you must be properly licensed to use the software identified by POLYCOM as being eligible for the upgrade in order to use the SOFTWARE PRODUCT A SOFTWARE PRODUCT labeled as an upgrade replaces and or supplements the software that formed the basis for your eligibility for the upgrade You may use the resulting upgraded SOFTWARE PRODUCT only in accordance with the terms of this Agreement If the SOFTWARE PRODUCT is an upgrade of a component of a package of software programs that you licensed as a single product the SOFTWARE PRODUCT may be used and transferred only as part of that single SOFTWARE PRODUCT package and may not be separated for use on more than one PRODUCT 6 WARRANTY AND WARRANTY EXCLUSIONS 6 1 Limited Warranty POLYCOM warrants that a the SOFTWARE PRODUCT will perform substantially in accordance with the accompanying documentation for a period of ninety 90 days from the date of receipt by you and b any SUPPORT SERVICES provided by POLYCOM shall be substantially as described in applicable written materials provided to you by P
67. ewall Settings e Configuring Advanced Firewall Settings The 5300 S can act as a firewall A firewall restricts and controls the traffic between networks typically between a corporate network and the Internet If an external firewall is used the firewall features can be set to pass or block traffic depending on whether the 5300 S is placed in series or in parallel with the external firewall Configuring Basic Firewall Settings The basic settings are under Basic LAN Subscriber and WAN Provider Firewall Settings on the Firewall configuration page User Guide V2IU 5300 S Series Converged Network Appliance To configure basic settings 1 2 In the navigation pane select Firewall T 66 52 1775 NGT CWN CdpeProtect Microsoft internet Explorer Eke Ek ew Fates ods H C7 OO EO Pao ga O 2 SB UI Os Address A http 69 3 186 275 og binlonhigipage S Eo is Gs ty Firewall Enable Firewall for LAN and WAN R Basic LAN and WAN Firewall Settings Allow HTTP access through firewall Allow TELNET access through firewall Allow SSH access through firewall Allow SNMP access through firewall Allow TCP Port Allow UDP Port Enable PPTP Server Pass through o PPTP Server IP Address Q eao8 Trusted Management Addresses ONLY applies to the management interface Apply basic settings configuration only to the following addresses Address can be host IP e g 10 10 10 1 or 10 10 10 1 10 10 10 2 for multi
68. figuring for Video H 323 Prefix Routing The prefix routing table can be used to forward incoming calls based on their dialed alias The system can strip the matched prefix string when forwarding a call Strip matching prefix Submit Prefix routing table Select All None Action _Delete Prefix Address The list is currently empty Add an H 323 prefix entry Prefix Eo e i Address Eo o E ee The prefix routing table shows all currently configured prefixes The prefixes are searched in the order they are entered Each prefix can be moved up or down in the list You can select and delete prefixes 3 To strip a matching prefix select the checkbox and click Submit If you enable this all matching prefixes are stripped from the destination alias before the call is forwarded 4 Toadd an entry enter the prefix and the address The prefix string can be a regular expression as described above The target address can be a domain name or an IP address 5 Click Add The new entry appears in the table Clients List Lock Client List lockdown allows you to prevent new clients from registering This is done as follows e Creating a client as follows User Guide V2IU 5300 S Series Converged Network Appliance Manually entering all clients that are allowed to use the system Running the system without the Client List lockdown feature until all desired clients have registered
69. ge protected power outlets Keep ventilation openings free of any obstructions SAVE THESE INSTRUCTIONS END USER LICENSE AGREEMENT FOR POLYCOM SOFTWARE IMPORTANT READ CAREFULLY BEFORE USING THE SOFTWARE PRODUCT This End User License Agreement Agreement is a legal agreement between you and or any company you represent and either Polycom Netherlands B V in Europe Middle East and Africa Polycom Hong Kong Ltd in Asia Pacific or Polycom Inc in the rest of the world each referred to individually and collectively herein as POLYCOM for the SOFTWARE PRODUCT licensed by POLYCOM The SOFTWARE PRODUCT includes computer software and may include associated media printed materials and online or electronic documentation SOFTWARE PRODUCT By clicking I AGREE or by installing copying or otherwise using the SOFTWARE Regulatory Notices 1 User Guide V2IU 5300 S Series Converged Network Appliance Regulatory Notices 2 PRODUCT you agree to be and will be bound by the terms of this Agreement If you do not agree to the terms of this Agreement your use is prohibited and you may not install or use the SOFTWARE PRODUCT The SOFTWARE PRODUCT is protected by copyright laws and international copyright treaties as well as other intellectual property laws and treaties The SOFTWARE PRODUCT is licensed not sold to you and its use is subject to the terms of this Agreement This is NOT a sale contract
70. h User Guide V2IU 5300 S Series Converged Network Appliance To configure VoIP ALG 1 Inthe navigation bar select VoIP ALG 2 On the VoIP ALG page enter information as follows Field MGCP Server IP Address Description If a MGCP ALG is needed enter the IP address for the MGCP Server as provided This address should be reached via the Provider side Ethernet port The MGOP server provides media gateway control protocol service to IP phones client adapters and gateways MGCP Call Agent Port The Call Agent port specifies the port number that the Call Agent soft switch listens to for messages from the phones Default is 2727 MGCP Media Gateway Port The Media Gateway port specifies the port number the Media Gateway phones listens to for messages from the soft switch Default is 2427 MGCP Notified Entity Port The Notified Entity port specifies the port number that the soft switch uses for notifications from the phones e g hook up hook down digits Default is 2432 Configuring VolP Field Description SIP Server Address The SIP server provides session initialization protocol service to IP phones client adapters and gateways If a SIP ALG is needed enter the address either an IP or URL for the SIP Server This address should be reached via the Provider side Ethernet port SIP Server Port If a SIP ALG is needed enter a port for the
71. he 5300 S supports a number of additional administrative operations This chapter contains the following sections e 5S Changing the Administration Password We strongly recommend that you change the default password for the root administrative account To change the password 1 In the navigation bar select System User Guide V2IU 5300 S Series Converged Network Appliance 2 On the System page locate Change Password and follow this link The password of the device can be changed T 66 52 1775 NGT OWN CdpeProtect Microsoft internet Explorer Ek Edt Mew Favortes ous Hep O HBO Ps from O 2 SaD Address 48 hip 169 2 186 1 75eg binconiigoagee 15 Password Setting Chenge the password by filling in the fields below The password must be a minimum of 6 characters long New Password Confirm Password Submit Rezet lowe internet 3 Enter the New Password The new password must be between 6 and 20 characters in length Any combination of alpha and numeric characters is accepted 4 Enter the password again in the Confirm Password to ensure that there were no mistakes in the initial entry 5 Press Submit Specifying User Commands Caution User commands allow you to execute special operations that may be required for your installation such as creating user specific firewall or routing rules Examples ifconfig eth0 20 192 168 20 10 netmask 255 255 255 0 iptables I POSTRO
72. he source terminated the TCP connection without prior call termination signaling e Connection terminated by destination The call was terminated because the destination terminated the TCP connec tion without prior call termination signaling e No admission confirm received The call could not be established because the admission response was not received from the gatekeeper e Cannot resolve destination The call could not be established because the destination could not be resolved e At maximum bandwidth usage Configuring for Video The call could not be established because the system already is at the maxi mum allowed bandwidth e Received admission reject The call was terminated because an admission reject was received from the gatekeeper e Received disengage request The call was terminated because the endpoint requested to tear down the call e Received invalid data The call could not be established because the system received invalid data on the signaling channel e Cannot find client The call could not be established because the called client could not be found Viewing the H 323 Activity Monitor To configure the H 323 Activity Monitor use the following steps 5 Using the configuration graphical user interface from the Configuration Menu on the left hand side click VoIP 6 Click H 323 Activity The window shown below opens Recent H 323 activity logs Th
73. hen providing end to end QOS it is important that the voice plus video traffic be placed in the correct queues to deliver a higher QOS than regular traffic Regular traffic that is not time sensitive can be delayed with little or no indication to the user while the slightest delay in voice plus video can cause auditable differences The ToS byte setting helps prioritize traffic going to the WAN so a provider can prioritize the traffic correctly in its network Although the ToS facility has been a part of the IP specification since the beginning it has been little used in the past However the Internet host specification now mandates that hosts use the ToS facility Additionally routing protocols including OSPF and Integrated IS IS have been developed which can compute routes separately for each type of service These new routing protocols make it practical for routers to consider the requested type of service when making routing decisions How the ToS Byte Setting Works For all RTP traffic voice and video the Polycom V7IU 5300 S marks the ToS byte in the IP header as High Priority and strips set to 0 the ToS byte for all other traffic Unchecking the Enable ToS Byte Stripping option means that the ToS byte will not be stripped from non RTP traffic but will remain unchanged Note For most situations you should leave this setting as it is Only change it if your provider indicates that you should do so User Guide VI
74. ictions area you can set a limit on the number of aliases that are allowed to register with the system If this number is exceeded when a cli ent tries to register the registration is rejected This area includes the follow ing parameter Item Description Max Aliases Enter the maximum number of allowed aliases If the value is set to 0 the maximum is not enforced The H 323 Settings page includes the following two buttons Item Description Submit Applies the settings configured on this page Reset Clears all fields and selections and allows you to enter new information Configuring for Video H 323 Activity To access the H 323 Activity page select VoIP ALG gt H 323 Activity in the Configuration Menu Help H 323 Activity Current time Thu Mar 8 06 36 34 2007 WAN Gatekeeper status N A Not in WAN GK mode Current payload bandwidth 0 Estimated total bandwidth 0 The H 323 activity logs shows recent H 323 events such as call terminations and registration rejects H 323 activity logs Event Time Source Destination The list is currently empty The H 323 Activity page is a read only page that shows the following infor mation e Current time e WAN Gatekeeper status e Current payload bandwidth e Estimated total bandwidth e Activity log of recent H 323 events H 323 Alias Manipulation Alias manipulation is performed immediately when a message such as an ARQ LRQ or a Setup is
75. idth The total bandwidth in use for video calls generally the current payload bandwidth plus 20 for packet overhead H 323 Max Aliases This value is not used and should be set to 0 User Guide V2IU 5300 S Series Converged Network Appliance Field Description SIP LAN side Gateway The SIP LAN Side Gateway is used to configure a LAN side SIP gateway to which calls that are not for a registered phone can be sent The name of the gateway is a locally meaningful name These two fields must both be filled in or be empty Gateway Name The name of a subscriber PSTN gateway or a single SIP proxy for multiple PSTN gateways Gateway Address Configuring VoIP Subnet Routing The IP address of a subscriber PSTN gateway or a single SIP proxy for multiple PSTN gateways In its simplest configuration the 5300 S acts as a proxy for a soft switch or H 323 gatekeeper on its immediate Provider subnet Because these devices reside on the same subnet as the 5300 S packets proxied by the ALG function do not require additional routing information The 5300 S can support a VoIP call control server or H 323 gatekeeper on it s Provider side but not located immediately on the Provider side subnet by configuring VoIP Subnet Routes Using the VoIP Subnet Routing feature the 5300 S can be configured to serve these remote devices Three pieces of information are required for each subnet containing the Vo
76. ing may cause intermittent voice and data outages The vast majority of Ethernet networking devices including the 5300 S use autonegotiate as a default setting Chances are that you will not have to set the Ethernet link rate Please use caution if manually configuring the link rate as a speed or duplex mismatch will result in a loss of connectivity If needed configure the rate of the physical Ethernet port on the 5300 S The default setting for the Ethernet port is autonegotiate and it applies to both the link speed and duplex with locally attached devices Configuring Network Settings The link rate of an interface can be assigned to a desired rate A network administrator may want to set the rate manually if autonegotiation fails to select a rate consistently or if it selects a rate that is slower than the maximum rate supported by both interfaces To set the link rate 1 In the navigation bar select System 2 Inthe System menu select Set Link I 66 57 177 5 NGT EWN CdgeProtect Microsoft internet Explorer Ee Ek Yew Fates oas Hp C7 C O DEAS pamm ke BSB LAOS Across 4B hutp 69 3 126 2 7S eg binkuorligipage 26 Eo ints Gsm ty Set Link a Set Link displays the current ethernet Interface link settings for the Voice Appliance Use caution when adjusting the ethemet link rate The device may become unreachable if en incompatible rate is set Link Rate Settings Subscriber Ethernet Auloragoto Pr
77. k Restart to stop and the restart all the networking services that are running on the system Technical support may request that networking services be restarted during a troubleshooting session Restarting network services will interrupt the system for up to a minute All voice and data sessions currently in progress will be interrupted Proceed with caution To restart the network 1 In the navigation bar select System 2 Inthe System menu select Network Restart 3 Inthe Network Restart page press Restart Rebooting the System Rebooting the system stops all networking services and reboots the 5300 S The operating system and networking services will be loaded from scratch Reboot is functionally equivalent to power cycling the 5300 S Technical support may request that the system be rebooted during a troubleshooting session Rebooting the system will interrupt services for a few minutes All voice and data sessions currently in progress will be interrupted Proceed with caution To reboot the system 1 In the navigation bar select System 2 Inthe System menu select Reboot system 3 Inthe Reboot system page press Reboot Using Network Test Tools A network administrator may use the test tools on this page to verify connectivity of the 5300 S and trace the path of data throughout the network You can run a ping test or a traceroute test Running a ping test Administrative Options The Ping Test is the most common
78. led E 164 in the E 164 WAN_IP that is to reach site A by dialing 4155551000 66 20 20 4 where the prefix is defined as 415 or 415 In this example a 9 was chosen The prefix is then mapped to the LAN interface of the Peering Proxy 10 10 11 1 The dial string is now 94155551000 66 20 20 4 and a strip rule for the prefix is applied This is needed to route the call at the destination correctly If the Site C VIU does not strip the 9 the destination V7IU fails the call with a No Registered Client message call failures can be viewed under the H323 Activity page in the GUI since the 9 becomes part of the E 164 If you choose a prefix that matches the destination E 164 set Site C s V7IU to NOT strip matching prefixes NOTE In this illustration E 164 WAN_IP was used as an example Peering Proxy and all VU s support user host ANNEX O dialing methods for example 123 1 1 1 1 or abc 1 1 1 1 or abc abc com with a DNS SRV record configured to point to an A record for the WAN IP of the VIU The following sections demonstrate the Dial Plan for ingress and egress calls to Private Video Network A as shown in the illustration Outbound from Site C to Site A Site C dials an endpoint located at Site A 94155551000 66 20 20 4 The PathNavigator receives the call and generates a Q 931setup to the V7IU for that subnet The V7IU processes the Q 931 setup from the calling endpoint The V7IU looks for a prefix match In this ca
79. llowing sections e Overview e Configuring VoIP Subnet Routing Configuring VRRP e Configuring VRRP e Configuring VRRP An application layer gateway provides basic proxy features for voice and video over IP traffic Serving as an ALG proxy the 5300 S provides Network Address Translation NAT services for the protected softswitch gatekeeper or other media devices It maps multiple devices on the subscriber interface public to a single IP address on the provider interface private The ALG must first recognize and register a public network based device before it presents traffic from the IP telephone video endpoint or data device through its provider port The 5300 S contains an MGCP SIP and H 323 call control proxy ALG VoIP phones video endpoints and client adapters have to be configured to point to the 5300 S as the call control server proxy gatekeeper or gateway depending on protocol The 5300 S then forward this traffic onto the actual call control server or gatekeeper For corporate customers with high end routers and firewalls the 5300 5 can be configured as a VoIP Application Layer Gateway only This allows all of the normal data traffic to continue to be handled by the existing network devices and only voice or traffic to be handled by the 5300 S For this configuration the 5300 S Subscriber Ethernet port is connected to the internet The 5300 S Provider Ethernet port is connected to a port on the local Ethernet switc
80. ly if its contents constitute a work based on the Program independent of having been made by running the Program Whether that is true depends on what the Program does 1 You may copy and distribute verbatim copies of the Program s source code as you receive it in any medium provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty keep intact all the notices that refer to this License and to the absence of any warranty and give any other recipients of the Program a copy of this License along with the Program You may charge a fee for the physical act of transferring a copy and you may at your option offer warranty protection in exchange for a fee Regulatory Notices 7 User Guide V2IU 5300 S Series Converged Network Appliance Regulatory Notices 8 2 You may modify your copy or copies of the Program or any portion of it thus forming a work based on the Program and copy and distribute such modifications or work under the terms of Section 1 above provided that you also meet all of these conditions a You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change b You must cause any work that you distribute or publish that in whole or in part contains or is derived from the Program or any part thereof to be licensed as a whole at no charge to all third parties under the terms of this Lice
81. n Networking Information displays the low level network configuration of the Voice Appliance Gonmask Flags Metric UGH 0 0 0 0 93 3 186 161 o 0 0 0 0 lo 6 0 tho Link Status ethd negotiated LOUbaseTx FO flow control link ok ethir negotiated LOUboseTx FD flow controi lint ok Interface Information tno Link encap Ethernet eth Link encapi Ethernet Haddr 00 0E 0C 09 C9 18 3 Scroll through the Network Information page to view Routing information Link status Interface information Routing Information The system routing table contains the static routes for the hosts and networks that are on the Provider side of the 5300 S When the provider and subscriber settings have been fully configured there must be at least four routing lines displaying e The private subnet associated with the Provider interface e The immediate subnet associated with the Subscriber interface e The loopback interface e The network s default gateway this must be the next hop router on the Subscriber side of the 5300 S The order of the lines may vary depending on the subnet masks Additional lines may be displayed depending on the contents of the Route and VoIP Subnet Routing pages Each of the entries on these pages will cause an additional entry in the routing table Configuring the V2IU 5300 S Link Status Link Status displays the status of the Ethernet connections Ethernet auto negotia
82. nable SNMPv1 SNMPv1 Read Only Community SNMP 1 Trap Community SNMP Common Configuration System Location System Contact Port Trap Destination IP Enable Remote System Logging Remote Syslog Host Current Hostname Info Customize the configuration of the services accessible on the Voice Appliance a public a 66 52 177 200 NGT EWN EdgeProtect x a internet 3 Scroll to Enable Remote System Logging and check the box A Enter information as described in the following table Field Description Remote Syslog Host The address of the system running a system log server By default the system sends to port 514 The system log port can be set by adding a colon and the port number to the end of the address e g ADDRESS PORT Local Hostname Set the hostname for this system By default the hostname is the system type Enable MOS Scoring Enable MOS scoring for media that is passing through the 5300 S Disabling MOS scoring will improve system performance By default MOS scoring is Enabled MOS Threshold Set the minimum allowable MOS for the system MOS values below this value will cause system messages to be sent to the system log By default the value is 2 5 5 Press Submit Administrative Options Disabling remote system logging To disable remote system logging select Services Configuration from the System menu and uncheck Ena
83. net Autonegotote v Provider Ethemet Autonegotote v Detailed Link Rate Information athO nagotiated 100base x FD flow control link ok product info vendor 00 50 43 model 2 rav 3 basic moda autonegotiation enabled basic atatua autonegotiation complete link ok capabilities 100base x FD 100base x HD 10baseT FD 10baseT KD advertising 100bace x PD 100base x HD 10base FD 10base HD flow control link partner 100baceTx FD 100base x HD 10base FD 10base HD flow control athl negotiated 100baseTx FD flow control link ok product info vendor 00 50 43 model 2 rev 3 autonegotiation enabled basic status autonegotiation complete link ok capabilities 100base x FD 100baseTx HD 10baseT FD 10base HD advertising 100baseTx FD 100base7x HD 10baseT FD 10base HD flow control link partner 100baseTx FD 100baseTx HD 10baseT FD 10baseT HD flow control Set Provider MTU size Etme Raset GES trterrat 3 Enter the Provider MTU size 4 Press Submit Enabling SNMP The 5300 S can be managed remotely by an SNMP network management system such as HP Openview The 5300 S supports SNMPv1 and MIB II RFC1213 All MIB II variables are read only The MIB variables sysContact and sysLocation are set by the web GUI To enable SNMP 1 In the Navigation bar select System User Guide V2IU 5300 S Series Converged Network Appliance 2 Inthe System menu select Services Configuration T 66 57 177 5 NGT EWN CdgeProtect Microsoft int
84. nfigure Deny Hostwise TCP IP Port according to the rules in Advanced setting rules on page 6 4 This setting denies all traffic matching the specified TCP port numbers and the specified source IP addresses Configure Deny Hostwise UDP IP Port according to the rules in Advanced setting rules on page 6 4 This feature denies all traffic matching the specified UDP port numbers and the specified source IP addresses Configure Allow Hostwise TCP IP Port according to the rules in Advanced setting rules on page 6 4 This setting allows all traffic matching the specified TCP port numbers and the specified source IP addresses Configure Allow Hostwise UDP IP Port according to the rules in Advanced setting rules on page 6 4 This setting allows all traffic matching the specified UDP port numbers and the specified source IP addresses Press Submit Follow these rules when configuring advanced settings Separate multiple entries with spaces Specify a port using the dash as in 192 168 3 1 23 for Telnet Indicate a range of ports with a colon For example 192 168 3 1 23 50 means perform the action on ports 25 through 50 Classful IP addresses are assumed by default For example 192 168 3 1 uses a class c mask Specify subnets using the forward slash as in 192 168 3 1 24 Enabling or disabling the firewall 1 2 To disable the firewall check or uncheck the Enable Firewall box Press Submit Administrative Options T
85. nfiguring for Video Internet 67 40 41 0 30 67 40 41 0 3 192 168 1 0 24 192 168 1 0 255 192 168 1 10 67 40 40 99 67 40 40 0 24 67 40 40 0 255 VSX 7000 Configuring Forwarding Rules To configure address forwarding rules use the following steps 1 Using the configuration graphical user interface from the Configuration Menu on the left hand side click Firewall 2 Click Forwarding Rules The window shown below opens User Guide V2IU 5300 S Series Converged Network Appliance Forwarding Rules Info Forwarding Rules permits the firewall to forward data traffic for a subnet from one interface to another When forwarding a subnet an IP address needs to be assigned to the system to serve as the default router for the subnet To add an additional IP address to the system visit the Subinterfaces page Forwarding Rules Select All None Action Delete Input Output Interface Interface Protocol Ports IP Address Netmask The list is currently empty Add a Forwarding Rule IP Subnet Netmask Input Interface Output Interface Protocol Port or Port Range Add Clear 3 On this screen complete the following information e IP Subnet The subnet to be forward through the firewall from the Input Interface to the Output Interface e Netmask The network mask to apply to the IP Subnet to create the range of IP addresses that are forwarded through the firewall
86. now changes the destination IP to 10 10 11 1 and routes the call to Site C s V IU The Q 931 setup is forwarded to the LAN Side PathNavigator where the registered client with the E 164 of 8315551000 is located and the call is gatekeeper routed to the called endpoint Configuring Peering Proxy To configure peering proxy use the following steps 1 Using the configuration graphical user interface from the Configuration Menu on the left hand side click VoIP ALG 2 Click H 323 The window shown below opens User Guide VIU 5300 S Series Converged Network Appliance H 323 Settings H 323 protocol settings Gatekeeper mode The gatekeeper mode configuration specifies whether the system should work in WAN Provider side gatekeeper mode Peering Proxy mode or embedded gatekeeper mode None H 323 is disabled WAN Provider side gatekeeper mode c LAN Subscriber side gatekeeper mode Peering Proxy mode configure prefixes lt q ___ c Embedded gatekeeper mode 3 On this screen check Peering Proxy mode 4 Scroll to the bottom of the window and click Submit Adding an H 323 Prefix Entry You can add prefixes by entering the prefix string and the target address To add an H 323 prefix entry use the following steps 1 Using the configuration graphical user interface from the Configuration Menu on the right hand side click VoIP ALG 2 Click H 323 Prefixes The window shown below opens 20 Con
87. nse c Ifthe modified program normally reads commands interactively when run you must cause it when started running for such interactive use in the most ordinary way to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty or else saying that you provide a warranty and that users may redistribute the program under these conditions and telling the user how to view a copy of this License Exception if the Program itself is interactive but does not normally print such an announcement your work based on the Program is not required to print an announcement These requirements apply to the modified work as a whole If identifiable sections of that work are not derived from the Program and can be reasonably considered independent and separate works in themselves then this License and its terms do not apply to those sections when you distribute them as separate works But when you distribute the same sections as part of a whole which is a work based on the Program the distribution of the whole must be on the terms of this License whose permissions for other licensees extend to the entire whole and thus to each and every part regardless of who wrote it Thus it is not the intent of this section to claim rights or contest your rights to work written entirely by you rather the intent is to exercise the right to control the distribution of derivative or collective works based on th
88. ntries not thus excluded In such case this License incorporates the limitation as if written in the body of this License 9 The Free Software Foundation may publish revised and or new versions of the General Public License from time to time Such new versions will be similar in spirit to the present version but may differ in detail to address new problems or concerns Each version is given a distinguishing version number If the Program specifies a version number of this License which applies to it and any later version you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation If the Program does not specify a version number of this License you may choose any version ever published by the Free Software Foundation 10 If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different write to the author to ask for permission For software which is copyrighted by the Free Software Foundation write to the Free Software Foundation we sometimes make Regulatory Notices exceptions for this Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally NO WARRANTY 11 BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE THERE IS NO WARRANTY FOR THE PROGRAM TO THE EXTENT PERMITTED BY APPLI
89. nts with the 5300 S This information is displayed on the Clients List page You can filter sort query add and delete records Caution Currently MGCP clients can be added and deleted without restarting the 5300 S but changes to SIP or H 323 clients list will automatically restart the 5300 S Use caution All calls that are in progress will be interrupted User Guide V2IU 5300 S Series Converged Network Appliance Selecting a client Deleting clients To work with the client list 1 Choose Clients List from the System menu on the navigation bar T 66 57 177 5 NGT EWN LdpeProtect Microsoft internet Explorer Ek Ed ww Favorites O O HAO psm frum O 2 Sa LAOS E Mtp 169 3 126 275 eg binari oaget Is tee Eo ms Gs w SIP Clients List Protocol to display SIP MGCP H323 Client List Filter No Sort Address Port Name Go 192 108 2 163 ge Ge se 6985287464 100 7202664640 7202664641 4441 P Displaying page 1 of 1 Number of clients 4 Add a SIP dient to the client list Name Address Port Sweet Besa a iteme Select a protocol from Protocol to display The SIP client list is the default Perform an operation according to the instructions in Filtering the clients list Deleting clients Querying clients Adding clients You can select a single client by entering a client identifier in the Client List Filter field 1
90. ny as 20 subnets Complete steps 3 through 6 for each subnet Deleting a VoIP subnet route To delete a VoIP subnet route 1 a RON In the navigation bar select System In the System menu select VoIP Subnet Route Enter an IP Network such as 10 10 10 0 Check the Delete Subnet box Press Submit User Guide VIU 5300 S Series Converged Network Appliance Configuring VRRP The Virtual Router Redundancy Protocol VRRP is designed to eliminate the 5300 S as a single point of failure in a network configuration Two 5300 S devices can be configured to perform as a redundant pair One 5300 S is the Master the other is the Backup If the Master fails because of a network or hardware failure the Backup takes over for the Master To configure VRRP 1 2 In the navigation bar select System In the System menu select VRRP Configuration T 66 52 177 5 NGT EWN EdpeProtect Microsoft internet Explorer Fie Ede Yew Favortes ods Help O BAH Pu fmm O 2 Sa LAOS tess d http 169 3 186 1 75 eg binoni nage vi Eo m Gan ty Info VRRP Configuration Enable Virtual Router Redundancy Protocol VRRP to allow a backup Voice Appliance to take control for a master voice appliance in the event of a Failure Interface Addresses Subscriber Interface inet 69 3 196 175 27 brd 69 255 255 255 scope global ethd Provider Interface inet 66 52 177 5 24 brd 66 255 255 255 scope global eth VRRP State Disable
91. ormation displays detailed information regarding the operating system running on the 5300 S Customer support may ask you to examine or forward this information when troubleshooting problems with the 5300 S To view system information 1 Inthe navigation bar select System User Guide V2IU 5300 S Series Converged Network Appliance 2 Inthe System menu select System Information T 66 52 177 5 NGT EWN EdgeProtectt Microsoft internet Explorer Ee Ee Ek Yew Fates oas Hsp a O O AAG Pm f O 2 a UGS dress A hitp 69 2 186 1 7Sjog binloonlighpagen 24 Eo mis Gin ty Info System Information System Information displays detailed Information regarding the operating system running on the Volce Appliance System Uptime 5 30am up 9 days 10 56 load average 0 00 0 00 0 00 Number of Active Streams 0 Recent Call Log du here for onina mos hain Process Information PID TIY vid Size State Command 1 root 60 s bin init 2 root a s keventd 3 root 0 s ksoftirqd crud 4 root a 8 ksoftirqd cpv1 5 root 0 s ksoftirqd_cPu2 6 root 0 s ksoftirq d_cPU3 7 root 0 kawapd 8 root J s baflush 9 root o s kupdated 13 root o s ahd_dv_0 a4 root 0 s ahd_dv_1 a5 root 0 s Is h0 16 root 0 s scsi eh 17 root 0 s khubd am g aas N gt 2 rremet 3 Scroll through the System Information page to view System uptime Number of active streams Recent call log Process information
92. orwarded to the LAN Side PathNavigator where the registered client with the E 164 of 8315551000 is located and the call is gatekeeper routed to the called endpoint Outbound from Site C to Site D Site C dials an endpoint located at Site D 95125551000 68 30 30 4 The PathNavigator receives the call and generates a Q 931 setup to the VIU for that subnet The V7IU processes the Q 931 setup from the calling endpoint The V7IU looks for a prefix match in this case the 9 creates a match The Strip Matching Prefix rule is applied the 9 is striped and the call is routed to the Peering Proxy IP 10 10 10 1 The Peering Proxy applies the same rule set in this case NO matching prefix is found and ANNEX O dialing is applied The call is now routed to the Peering Proxy for Private Video Network B IP 68 30 30 4 The Peering Proxy receives the Q 931 and looks for a prefix match In this case 5125 creates a match The Peering Proxy now changes the destination IP to 172 16 2 1 and routes the call to Site D s VIU The VIU is configured for Embedded Gatekeeper Mode In this mode the endpoint is directly registered and an E 164 registered client match is made The call is then routed to the called endpoint Outbound from Site D to Site B Site D dials an endpoint located at Site B 95105551000 65 10 10 4 The V7IU Embedded Gatekeeper is configured with a prefix of 9 to point to Peering Proxy 172 16 1 1 The V7IU looks for a
93. osoft internet Explorer fe ex Ek Edt Wew Favortes ous Hep O BEBO P from O 2 Sa Dg Address 4B itp 69 3 126 275 fog binloonlighpage 3 Bo we Gs w Network Tol Networking configuration Information for the public and private networks Subscriber Interface Settings IP Address 69 3186175 Subnet Mask 255 255 265 224 Provider Interface Settings OADSL PPPOoE ODHOP Static IP Address IP Address 6552 1775 Subnet Mask 255 255 255 0 Network Settings Default Gateway 633 186 161 Primery DNS Server 4222 Secondary ONS Server To configure the management interface click here Sari Reset a internet 2 In Provider Interface Settings select Static IP Address the most common configuration or DHCP if a DHCP server assigns the 5300 S internal address Enter an IP Address Enter a Subnet Mask 5 Ifyou are configuring network settings see the instructions in Configuring the Network on page 4 8 6 Ifyou want to configure a management interface that is different than the default complete all of the configuration tasks then see Configuring a Management Interface on page 7 9 7 Press Submit The Subinterfaces feature allows a system administrator to assign additional IP addresses to interfaces These are sometimes referred to as aliases or loopback interfaces An additional address may be assigned to the system s WAN interface to support for example another management IP address
94. ovider Ethernet Auteragotets v Detailed Link Rate Information eth0 negotiated 100baseTx FD flow control Link ok product info vendor 00 50 43 model 2 rev 3 basic mode autonegotiation enabled basic status autonegotiation complete link ok capabilities LOObaseTx PD 100basefx HD 10baseT PD 10base HD advertising l00baseTx FD 100basefx HD 10baseT FD 10base HD flow control link partner 100baseTx FD i00bazeTx HD 10baseT FD idbaseT HD flow control ethi negotiated 100baseTx FD flow control link ok product info vendor 00 50 43 model 2 rev 3 basic mode autonegotiation enabled basic status autonegotiation complete link ok capabilities 100baseTx FD 100baseTx HD 10baseT FD i0baseT HD advertising 100baseTx FD 100basefx HD 10baseT FD 10baseT HD flow control link partner lOObaseTx FD 100basefx HD l0baseT FD l0baseT HD Clow control Set Provider MTU size Elore internet 3 Select Subscriber Ethernet or Provider Ethernet Select the appropriate link rate for your Ethernet network Note If you set either 5300 S interfaces to 100FD be sure you set the device at the other end of the line to 100FD also Setting Description 10baseT HD 10Mbits per second using half duplex transmission 10baseT FD 10Mbits per second using full duplex transmission User Guide V2IU 5300 S Series Converged Network Appliance Setting Description 100baseT HD 100Mbits per second using half duplex transmission 10
95. ple hosts To delate an entry highlight and delete it To restrict Trusted Management to Management Interface click here a internet In the section Basic LAN and WAN Firewall Settings enable the management services that you want to reach the 5300 S by checking the appropriate box for Allow HTTP access through firewall Allow TELNET access through firewall Allow SSH access through firewall Allow SNMP access through firewall Configure Allow TCP Port according to the rules in Basic settings rules on page 31 This setting allows traffic with the specified TCP port to terminate on the 5300 S Configure Allow UDP Port according to the rules in Basic settings rules on page 6 3 This setting allows traffic with the specified UDP port to terminate on the 5300 S Skip Enable PPTP server Pass through This setting is not currently used Enter an IP address in PPTP Server IP Address This setting is not currently used To restrict Trusted Management to the Management Interface see Configuring a Management Interface on page 7 9 Press Submit Basic settings rules Configuring the Firewall Follow these rules when configuring basic settings For Allow TCP Port and Allow UDP Port valid values are 1 through 65535 Separate multiple entries by spaces Indicate a range of values with a colon For example 25 50 means perform the action on ports 25 through 50 Configuring Advanced Firewall Settings
96. pparatus complies with Canadian ICES 003 Regulatory Notices 11 User Guide V2IU 5300 S Series Converged Network Appliance Regulatory Notices 12
97. prefix match In this case the 9 creates a match The Strip Matching Prefix rule is applied the 9 is striped and the call is routed to Peering Proxy IP 172 16 1 1 The Peering Proxy applies the same rule set In this case NO matching prefix is found and ANNEX O dialing is applied The call is now routed to Site B The V7IU is configured for Configuring for Video Embedded Gatekeeper Mode In this mode the endpoint is directly registered an E 164 registered client match is made and the call is routed to the called endpoint Outbound from Site C to Public IP Endpoint Site C dials the public endpoint 9 61 10 10 4 The PathNavigator receives the call and generates a Q 931 setup to the V7IU for that subnet The V7IU receives the Call setup from the calling endpoint and the V7IU looks for a prefix match In this case the 9 creates a match The Strip Matching Prefix rule is applied the 9 is striped and the call is routed to the Peering Proxy IP 10 10 10 1 The Peering Proxy applies the same rule set in this case NO matching prefix is found and direct IP dialing is applied Inbound from Public IP Endpoint to Site C Public IP endpoint is NOT registered to a gatekeeper and must dial an IPtEXT to reach Site C s endpoint In this case the IP address is 67 40 40 4 and EXT 8315551000 The Peering Proxy receives the call and looks for a prefix match In this case 8315 creates a match The Peering Proxy
98. received Any matching pattern is replaced with the specified string allowing you to replace characters or strings that are hard or impossible to dial on certain endpoints Normal call look up is performed following alias manipulation User Guide V2IU 5300 S Series Converged Network Appliance To access the H 323 Alias Manipulation page select VoIP ALG gt H 323 gt Alias Manipulation in the Configuration Menu H 323 Alias Manipulation Help Destination H323 ID or E 164 Alias Modification The alias modification table can be used to modify aliases before they are acted on Destination H323 ID or E 164 Alias Modification Select All None Action Index Pattern Replace ew fal N Add a rule Action Pattern Index Replace Add newrule This page includes the following areas Item Description Destination Lists alias manipulation rules H323 ID or Rules are executed in the order in which they are listed Use the E 164 Alias arrows to move entries up and down or use the Index field to Modification specify where a new or edited rule falls in the list table Add a rule Allows you to add new prefixes to the Prefix Routing and Gatekeeping Neighboring table Item Description Action Indicates whether the rule is to be added or edited Pattern Specifies the pattern to be matched See lt I_link gt Regular Expressions on p
99. s Configuring the V2IU 5300 S Set Read Only User Password Change the GUI password of the read only user by filling in the fields below The password must be a minimum of 6 characters long Read Only User rouser New Password Confirm Password Submit Reset Note All open web browsers must be closed when you change between administrative user root and read only rouser 4 Enter a new password The password must be a minimum of six characters long 4 Re enter the new password to confirm it 5 Click Submit Now when you access the system using this user name rouser and password all fields are read only Getting help You can get help from several sources in the Configuration Menu e By pressing Help in the navigation bar e Following the link in Info at the top of the various Configuration pages e From the links on the Configuration Menu home page Getting information about the network You can view a variety of information about the network from Network Information in the System menu Networking Information displays the low level IP network and interface configuration of the 5300 S To view network information 1 In the navigation bar select System User Guide V2IU 5300 S Series Converged Network Appliance 2 Inthe System menu select Network Information Ow O MDH Arm hrn O A SR USSs hess AE eas 1H 3 106 IPH op rte raaz Ee us Ome er Info Network Informatio
100. s e 6Event Time e Source e Destination Following this information are a number of lines with event specific informa tion such as call id duration call status and so on Abnormal events have their event specific information listed in red User Guide V2IU 5300 S Series Converged Network Appliance Type of Events Call Status The events that may currently be listed in the activity monitor are as follows e Bandwidth change the endpoint requested a change of the bandwidth used for its call only sent if the bandwidth management is enabled e Call Setup Only sent if the call was successfully established A call is successfully established if the H 245 media negotiation connection was established e Call Termination Sent when a call terminates You can have a call termination event without a call setup event for example a failed call that doesn t reach the H 245 established state will not cause a call setup event but only a call termination event e Registration Reject Sent when a registration was rejected This includes the authority that rejected the registration our side or the gatekeeper only in WAN GK mode as well as a text reason for the rejection e Gatekeeper reachability changed only in WAN GK mode Gatekeeper status toggled from reachable to unreachable or vice versa e Location Request Received a location request from a neighboring gatekeeper e Location Confirm Sent or forwarded
101. s Converged Network Appliance 2 Inthe System menu select Network Test Tools T 66 57 177 5 NGT EWN CdgeProtect Microsoft internet Explorer EE Ek Edt yw Fates os hsp a O O AAG Psa kaa B Sa DEB dress A hitp 69 2 186 1 75jeg binkoorlighpage 2t UEa ms Gsm ty Network Test Tools as A network administrator may use the test tools on this page to verify connectivity of the Voice Applicance and trace the path of data throughout the network Ping Test IP Address to Ping Png Reset Traceroute Test IP Address to Trace Interface OSubscriber OProvider Traceroute Reset amp internet 3 Enter an IP Address to Trace Select an Interface Press Traceroute Upgrading the Firmware Note Occasionally new releases of firmware will become available to add new features to the 5300 S Upgrading the 5300 S is easy Simply enter the IP address of the upgrade server and press Submit During the upgrade telephone services are interrupted For this reason the upgrade should take place during a maintenance window Warning During the upgrade process the 5300 S must not be interrupted or powered off If the upgrade is interrupted the device may become unusable and need to be returned to the factory The upgrade process takes between two and five minutes depending on how quickly the upgrade package is downloaded Writing the software to the 5300 S takes about five minutes Once the upgrade is st
102. se the 9 creates a match The Strip Matching Prefix rule is applied the 9 is stripped and the call is routed to 4 17 User Guide V2IU 5300 S Series Converged Network Appliance 4 18 the Peering Proxy IP 10 10 10 1 The Peering Proxy applies the same rule set in this case NO matching prefix is found and ANNEX O dialing is applied The call is now routed to Site A s V7IU The call is forwarded to the LAN Side PathNavigator where the registered client with the E 164 of 4155551000 is located and the call is gatekeeper routed to the called endpoint Inbound from Site A to Site C Site A dials 8315551000 67 40 40 4 The destination IP is the Peering Proxy WAN IP address The Peering Proxy is configured with prefix 8315 and is mapped to the WAN IP of the V7IU 10 10 11 1 As explained earlier the prefix could be 831 or 83 and so on depending upon dial plan requirements The PathNavigator receives the Q 931setup from the endpoint and forwards the call to the V7IU for that subnet The V7IU receives the Q 931 setup from the calling endpoint The VIU looks for a prefix match finds NO matching prefix and ANNEX O dialing is applied The call is now routed to the Peering Proxy IP 67 40 40 4 The Peering Proxy receives the Q 931 setup and looks for a prefix match in this case 8315 creates a match The Peering Proxy now changes the destination IP to 10 10 11 1 and routes the call to Site C s V IU The Q 931 setup is f
103. some information about why the call terminated or failed to be established e Out of system resources The call could not be completed because the system was out of system resources e Client owning the call has been deleted The call could not be completed because the client that made this call was deleted during the call setup e Connection to destination could not be established A TCP connection to the destination could not be established e Connection refused by destination The call could not be completed because the destination refused the incoming TCP connection e No route to destination A TCP connection to the destination could not be established because the des tination could not be reached This could happen if there is no route to the destination or if the destination is on the same subnet the destination does not answer to ARP requests e Connection to destination timed out The TCP connection attempt to the destination timed out before it could be established e Call ended by source The call was gracefully terminated by H 323 signaling from the source This usually indicates that the endpoint intended to terminate the call e Call ended by destination The call was gracefully terminated by H 323 signaling from the destination This usually indicates that the endpoint intended to terminate the call e Connection terminated by source The call was terminated because t
104. t IP packets through the system To configure forwarding visit the Forwarding Rules page Subinterfaces Select All None Action Delete IP Address Netmask Interface 192 168 6 50 255 255 255 0 Add a Subinterface IP Address Netmask Interface Add Clear 3 On this screen complete the following information e IP Address is the address to be assigned to the subinterface Configuring Network Settings e Netmask is the network mask to use for the address If several addresses are applied to an interface and these addresses are in a common network they must use a common subnet The system does not support supernetting e Interface is the port where the subinterfaces will be configured 4 When you have finished entering this information click Add The following popup appears 5 Click OK The new subinterfaces entry appears on the Subinterfaces window in the list area ToS Byte Setting Since the Internet itself has no direct knowledge of how to optimize the path for a particular application or user the IP protocol provides a limited facility for upper layer protocols to convey hints to the Internet Layer about how the trade offs should be made for the particular packet This facility is the Type of Service or ToS facility ToS settings allow the service provider to prioritize time sensitive traffic such as voice plus video to ensure minimized packet loss and delay through their network W
105. tatement e If disabled the incoming Q 931 Setup is forwarded to the given address without a preceding LRQ This field is used for interoperability with other gatekeepers that may not accept a Setup without a preceding LRQ Local Zone Provides compatibility with remote gatekeepers that are configured to accept LRQs only from sources that match its configured remote zone If a gatekeeper is configured to accept requests only from a known source enter the zone in this field Address Specifies the IP address or domain name of the device to which the call is to be forwarded The H 323 Neighboring page includes the following buttons Item Description Commit Applies the settings configured on this page Reset Clears all fields and selections and allows you to enter new information Regular Expressions Configuring for Video Alias manipulation patterns and prefixes use regular expressions to match a string in the destination alias A regular expression can be a string of literal characters to match or a set of special expressions Alias manipulation patterns can match a sub string at any location and number of times within the alias Prefixes are always searched from the left of the alias and cannot match a middle part or the end of the alias Regular expressions are listed in lt l_link gt Table 1 and lt l_link gt Table 2 lists some example expressions Table 1 Regular Expressions Symbol a a a b
106. that is the first prefix is tried first and then the next one on the list until the system finds a matching prefix This means that if there are multiple matching prefixes the first one is used How Peering Proxy Works The Polycom V7IU 5300 S supports the concept of an H 323 Peering Proxy This function provides advanced security layers or peering points within the network where a security layer is needed Peering Proxy allows network providers to add internetworking connections between their trusted network and an unknown network This topology hides their trusted network and the Stateful packet inspection Firewall provides the policies to ensure security You can add Peering Proxies in series with one another to push the core H 323 networking infrastructure to meet individual security requirements The illustration below shows a sample diagram with dial plan and call flow examples It is a snapshot of how the Peering Proxy can be deployed Peering Proxy however is not limited to this specific scenario so contact your Polycom representative to discuss specific network requirements for full Peering Proxy support User Guide V2IU 5300 S Series Converged Network Appliance 4 16 Note A minimum configuration for Peering Proxy would be for inbound only prefixes since there may be many endpoints to statically route calls to There might also be a master gatekeeper to which all endpoints are registered In this case you would only need
107. tion is often unreliable especially between different vendors or old and new networking equipment Failure of auto negotiation is generally not a cause for concern However if the negotiated rates change intermittently or the link is down or there is no link the link rate may need to be set manually on the Set Link Rate page Intermittent data and voice outages may be caused by auto negotiation flutter Setting the link rate manually is recommended and ensures that the device at the far end of the connection will not renegotiate rates during VoIP operation Interface Information The specific status and configuration information for the system interfaces is displayed in the Interface Information section The MAC address of interface eth0 is needed to retrieve the VoIP ALG License Key if the license information is lost The interface statistics can point to areas of congestion in the network If the errors statistic increase during normal operation of the device it may be an indication of excessive congestion on the network interface If the congestion is not corrected the quality of voice calls will be affected The topology of the network attached to the network interface with the errors should be examined and modified to better segment and isolate network traffic See Link Status on page 3 7 Getting information about the system You can view a variety of information about the network from System Information in the System menu System Inf
108. to be added to incom ing calls without a destination message in the Q 931 Setup message This alias allows the embedded gatekeeper or a LAN Subscriber side gatekeeper to route the call to a default endpoint Enter a default alias and select one of the following types e E 164 e H323 In the Stale Time area you can arrange to delete clients that have not sent any registration requests for the specified interval This area includes the following configurable parameters Item Description Delete stale clients Select this checkbox to enable the stale timer feature Stale time m Specify the length of the interval in minutes User Guide V2IU 5300 S Series Converged Network Appliance Some RAS messages can be multicast in order to automatically detect gate keepers In the Multicast Messages area you can enable listening to multicast messages This area includes the following configurable parameter Item Description Listen to multicast Select this checkbox to enable listening to multicast messages messages In the H 460 18 Support area you can configure H 460 18 support This allows the system to do NAT Firewall traversal for clients behind NAT or firewall devices This area includes the following configurable parameters Item Description Disabled Disables H 460 18 support Enabled Enables H 460 18 support Keep alive time s Specifies the keep alive time if H 460 18 support is enabled In the Alias Restr
109. u configure the firewall Configuring the interface To configure the Management Interface 1 Inthe navigation bar select System User Guide V2IU 5300 S Series Converged Network Appliance 2 On the System menu select Management Interface T 66 52 177 5 NGT EWN CdpeProtect Microsoft internet Explorer Ee Ee Yew Fates ods Hsp w O O NAG psa fr O Z Sa Dag Across 48 hutp 69 2 186 1 7Sfeg bincang paget JE ms Gsm ty Management Interface Infe Networking configuration Information for the management interface Enabling the Management Interface will restrict management to the management interface only Enable Management Interface a Management Interface IP Address Subnet Mask Suomi Reset 2 _ Internet On the Management Interface page Check the Enable Management Interface box Enter a Management Interface IP Address Enter a Subnet Mask address N amp O Ww Press Submit Reconnecting the 5300 S 7 10 Administrative Options 1 Reconnect the 5300 S to the network by moving the connection from the Provider port Port 2 to the Optional Out of Band Ethernet Port Port 3 Provider Optional pin Out of Band Ethernet Port Port 3 Figure 1 Move the connection from Port 2 to Port 3 2 Restart the system Configuring the Trusted Management Addresses Trusted management addresses define a list of trusted management host addresses or network masks All other addresses
110. uring Provider Interface Settings 0 00 00 eee 4 2 SUbINtEHACES 25 25 Sedeteweese hi wss eee Shee ates She dai 4 3 User Guide V2IU 5300 S Series Converged Network Appliances How Subinterfaces Works nsns c eee eens 4 4 Configuring Subinterfaces 0 0 cee eee ee eee 4 4 LOS Byte Setting escra tetere renet kenti opii nia es E E e E S 4 5 How the ToS Byte Setting Works n nanansnansnn rnrn renr 4 5 Viewing or Changing the ToS Byte Setting 06 4 6 Setting the Ethernet Link Rate 0 000000 4 6 Configuring the Network 00 6 c eee teens 4 8 Configuring for Video 2 eee e cece eee eee ARI F323 Configuration seris eseerii iiie i Wile e E Rite beatae et aa 4 2 H323 Acti Vit casa chr ehoraeesragaredednsagesbaednseasyeness 4 7 H 323 Alias Manipulation 00 0 cee eee 4 7 F323 Neighboring se eoiee santed ien an code sedans ENAERE Sit 4 9 Regular Expressions sunusnss nrun rennur rrenen rrn 4 11 Forwarding Rules so ccc ee re renieerii eiie i E 4 12 How Forwarding Rules Works 0 00000 4 12 Example eseri renret eiaei eoacsaeweesieesd he wees ates 4 12 Configuring Forwarding Rules 6 00 cece eee eee 4 13 Peering Proxy i 52iiasid crane phat aan s sane tad tun sien cae sae 4 15 How Peering Proxy Works 0 0 c cece eens 4 15 Configuring Peering Proxy 0 cece een eee 4 19 Adding an
111. wall Video User B Video User A Video User F H 323 requires many connections in order to establish a call for example Q 931 and H 245 TCP connections and multiple RTP UDP streams H 460 18 allows an H 323 device to traverse a NAT Firewall by having the private side endpoint initiate all TCP connections and UDP streams to the outside H 323 device Note When NAT Firewall connections are configured H 323 Fixup software must be turned off In the previous figure the following communication between video users is available e User D communicates to Users A B C E and F User Guide V2IU 5300 S Series Converged Network Appliance The connection between User D and User A is hairpinned This means that the connection is 768 kilobits per second kbps or 2 times 384 kbps the typical bandwidth for a H 323 call User E can communicate directly with User C Shortest Path Media because no firewalls are involved User A communicates with User C or User E through the V7IU because a firewall is involved User D communicates with User A and User B through the V7IU User A communicates with User F and User A through the VIU Normally as long as outbound traffic is allowed no additional ports have to be opened on the NAT Firewall for H 460 18 to work If outbound traffic is restricted the following port ranges must be opened RAS UDP 1719 Q 931 TCP 1720 H 245 TCP 14085 15084
112. work in this way allows the system to manage and prioritize bandwidth sharing it between the VoIP services and the servers How Forwarding Rules Works Example 4 12 When forwarding one address from the forwarded range of addresses must be assigned to the rule s output interface The Polycom V7IU 5300 S uses this address to act as a gateway router for the subnet The address may be assigned using the Subinterfaces page Note The subnet and forwarded addresses are not protected by the firewall A similar method for forwarding traffic is provided by Proxy ARP Proxy ARP is used to bridge addresses within a single subnet range from one interface to another Often this is used to bridge and forward a public address to the protected side of the system without having to subnet the public address range Proxy ARP does not require an additional gateway address on the sys tem for the subnet but does not allow port and protocol filtering for for warded data In this example e The ISP has supplied two separate subnets to the customer A small one 2 hosts for the WAN link A large one 254 hosts for a bank of servers e 67 40 41 2 is the WAN IP address for the Polycom V7IU 5300 S e NATisa private IP range of 192 168 1 xxx using the WAN address for PCs and Phones e On the LAN side of the Polycom V7IU 5300 S are the following Private IP subnet 192 168 1 xxx Public IP subnet 67 40 40 xxx This is shown below Co
Download Pdf Manuals
Related Search