Skip to end of metadata
Go to start of metadata

Download PDF Document



2019-08-07
All Mediatrix Units
44.3.1746
Top

1 Getting started

Top

1.1 Danger, Warning, Caution, and Note Definitions

Danger

Indicates a hazardous situation which, if not avoided, will result in death or serious injury.

Warning

Indicates a hazardous situation which, if not avoided, could result in death or serious injury.

Caution

Indicates a hazardous situation which, if not avoided, could result in minor or moderate injury or damage to property or equipment.

Note

Indicates important information not related to personal injury.

Top

1.2 Logon

Top

1.2.1 Logging on to the Mediatrix Unit Web Interface

Before You Start
The computer IP address must be in the same TCP/IP network as the Mediatrix unit.
Context
For better performances, it is recommended to use the latest available version of Microsoft Internet Explorer, Google Chrome, or Mozilla Firefox.

Note

You may not be able to log on to the Mediatrix unit Web interface if you are using older browser versions.

Steps
  1. In your Web browser, enter the IP address at which the Web interface of your Mediatrix unit can be reached.
    • If your network has an IPv4 DHCP server, connect the primary Ethernet port of the Mediatrix unit to the network (ETH1 port), use the provided DHCP server IP address.
    • You can also connect your computer to the secondary Ethernet port of the Mediatrix unit (ETH2), use the 192.168.0.10 IP address. however, the computer must also own an IP address in the 192.168.0.0/24 network.
  2. Enter admin as your username and administrator as the password.

    Note

    You can also use public as a username and leave the password field empty. it has the full administration rights by default.

  3. Click Login .
Result
The Information page of the Web interface is displayed.
Top

1.3 Mediatrix Unit Reset

Top

1.3.1 Basic Reset Concepts

Top
1.3.1.1 Partial Reset

The partial reset provides a way to contact the Mediatrix unit in a known and static state while keeping most of the configuration unchanged.

A partial reset can be performed at the initial start-up of the Mediatrix unit or on a unit already in use where the configuration was modified in such a way that the user can no longer access the system by the Web page or otherwise. In both cases, the user can manage the Mediatrix unit through its Rescue interface, which is bound to the unit's WAN port (ETH5 for the Mediatrix 3000, wan for the Mediatrix 4102s, and ETH1 for all other Mediatrix units). The IP address of the Rescue interface is 192.168.0.1 (IPv4) or an IPv6 Link Local address.. These connections give access to the Rescue Management Interface where the configuration of a new unit can be completed and where an existing configuration can be modified.

By default the Rescue Network Interface is disabled. When a partial reset is performed, the Rescue network Interface becomes enabled and the "Power" and "Ready" LEDs are blinking at 1Hz with 75% duty and all other LEDs are off. Once the configuration has been modified to solve the problem that required the partial reset, it is important to disable the Rescue Network Interface to make sure that you are no longer working in the Rescue Network Interface.

Performing a partial reset on a new unit will not modify the configuration, as it has not yet been modified to your needs. However, a partial reset performed on a unit already in use will:

  • Rollback Local Firewall settings that are not yet applied.
  • Add a Local Firewall rule to allow complete access to the Rescue interface.
  • Rollback NAT settings that are not yet applied.
  • Add NAT rule to allow complete access to the Rescue interface.
  • Cancel the changes that were being modified but not yet applied to the configuration.
  • Disable any Network Interface in conflict with the Network Rescue Interface.
  • Configure and enable the Rescue Network Interface to:
    • use the link as the default value used by the Uplink Network Interface
    • set the IP address to 192.168.0.1 and the Network Mask to 255.255.255.0.
    • set the IPv6 link-local address on all network links. The IPv6 link-local address can be found underneath the unit.

A partial reset will also modify the following parameters and preserve the values below even after the Rescue interface has been disabled.

Note

These changes are valid when using a MX profile. If the Mediatrix unit is not using a MX profile, the default values and therefore the behaviour of the parameters may be different.

Service Parameter Default Value
AAA Users.Password User(s) from profile are restored with their factory password. All other usernames keep their password.
Users.AccessRights User(s) from profile are restored with their factory rights.
ServicesAaaType (table) Each service will be configured to use Local authentication and no accounting mechanism.
CLI EnableTelnet Disable
TelnetPort 23
EnableSsh Enable
SshPort 22
InactivityTimeOut 15
HOC ManagementInterface Rescue
SNMP Port 161
EnableSnmpV1 Enable
EnableSnmpV2 Enable
EnableSnmpV3 Enable
Web ServerPort 80
SecureServerPort 443

Top
1.3.1.2 Factory Reset

The Factory reset reverts the Mediatrix unit back to its default factory settings.

It deletes the persistent configuration parameters of the unit, including:

  • User files stored in the File service
  • Certificates, except for factory installed ones
  • Log files of the File service

The Factory reset should be performed with the Mediatrix unit connected to a network with access to a DHCP server. If the unit cannot find a DHCP server, it will sent requests indefinitely. A Factory Reset can be triggered either:

  • Directly on the unit. Refer to Performing a Factory Reset .
  • Via the web interface of the Mediatrix unit (Management /Firmware Upgrade ).
  • Via the Command Line Interface of the Mediatrix unit by using the fpu.defaultsetting parameter.

Top
1.3.1.3 RESET-DEFAULT Button

The Reset/Default button is a switch that can be used to perform a partial or factory reset while the unit is running.

In other words, the Reset/Default button can be used to:

  • Cancel an action that was started.
  • Revert to known factory settings if the Mediatrix unit refuses to work properly for any reason or the connection to the network is lost.
  • Reconfigure a unit.

The Reset/Default button will generate different actions depending on the amount of time the button is held.

Important

It is the LED pattern that will indicate the action that is being applied to the unit. The action will occur more or less rapidly depending on the platform.

LED Pattern Action Comment
Power1 blinking, all other LEDs OFF Restarts the Mediatrix unit. No changes are made to the Mediatrix unit settings.
All LEDs blinking, 1cycle per second, 50% duty Initiates a Partial Reset of the Mediatrix unit. Restarts the unit in a known and static state while keeping most of the configuration unchanged.
All LEDs steady ON Initiates a Factory Reset of the Mediatrix unit. Reverts the unit back to its default factory settings.
All LEDs will become OFF after blinking and being steady on. No action is taken. This is useful if you accidentally pushed the button and do not need and action to be applied. The action is ignored.
Top

1.3.2 Basic Reset Tasks

Top
1.3.2.1 Performing a Partial Reset
Before You Start

Note

It is not recommended to access the unit on a regular basis through the Rescue Network Interface.

Important

Make sure the unit is connected to the WAN port, as the Rescue interface is bound to the unit's WAN port (ETH5 for the Mediatrix 3000, wan for the Mediatrix 4102s, and ETH1 for all other Mediatrix units). The IP address of the Rescue interface is 192.168.0.1 (IPv4) or an IPv6 Link Local address.

Steps
  1. When the Power LED is steady or blinking rapidly, insert a small unbent paper clip into the hole of the Reset/Default button located on the Mediatrix unit.

    Note

    The Power LED will start blinking.

  2. Wait a few seconds.
  3. When all LEDs are blinking, but before they stop blinking, remove the paper clip.

    Note

    You have between 7 to 11 seconds.

Result

The Rescue Network Interface is displayed when accessing the Management Interface. Several parameters and services are modified, refer to Partial Reset . Do not forget to perform the Disabling the Rescue Interface step.

Top
1.3.2.2 Disabling Partial Reset - ResetButtonManagement
Steps
  1. Open CLI (Command Line Interface).
  2. Set ResetButtonManagement to DisablePartialReset .
Result
The Mediatrix unit will no longer partially reset the unit.
Top
1.3.2.3 Performing a Factory Reset
Context
The Factory reset alters any persistent configuration data of the Mediatrix unit.
Steps
  1. Insert a small, unbent paper clip into the hole of the Reset/Default button, located on the Mediatrix unit.

    Note

    Do not release the Reset/Default button before the LEDs stop blinking and are steadily ON. This can last from 12 to 16 seconds. If you leave the inserted pin longer, no action will be taken which is useful if you accidentally pushed the button and do not need any action to be applied.

  2. Release the paper clip.
Result
All configuration parameters are reset to their default value. The unit can then be contacted via its WAN interface DHCP-provided IP address (ETH1 or WAN on the 4102), or via its LAN interface default IP address 192.168.0.10 (ETH2 or LAN on the 4102).
Top

1.4 Personnal Data Usage and Protection

Top

1.4.1 Personal Data Exposure

Top
1.4.1.1 Personal Data Collection

Mediatrix products collect the basic personal data required for the proper delivery of the telecommunication service. The actual collected data depends on the type of users and how the Mediatrix products are administrated.

Type of users Collected Personal Information Collected Activity Information
End-Users Name and phone number used to register to the telecommunication provider service. Calls history for billing purposes and call details and recordings for troubleshooting purposes. For example:
  • Call date/time and duration
  • IP address
  • Voice or video stream
  • Fax or modem data stream
  • In-call digits dialled (DTMF)
  • E911 geo-localisation
  • Voicemail PIN
  • etc.
System Administrators and Technical Support Account name and password used to access the product for administrative and troubleshooting purposes.
  • Logs of the administration and troubleshooting activities.
  • Audit trails of the administration and troubleshooting activities.

Top
1.4.1.2 Personal Data Processing

Personal data is processed in Mediatrix products through the following activities:

  • Configuring and storing end-user data
  • Recording voice and fax calls
  • Logging call history (CDR)
  • Logging administration audit trails
  • Access of the personal data by an authorised system administrator
  • Provisioning data
  • Maintenance, administration and technical support records
  • Audit trails
  • End-user activity records
  • End-User personal content
  • Recording voice and fax calls for troubleshooting

Top
1.4.1.3 Personal Data Transfers

The following collected personal data may be transferred to other systems, depending on how the device administrators configure the Mediatrix products.

  • Call Details Records (CDR) may be sent to an external call accounting system.
  • Logs may be sent over an external monitoring system for live troubleshooting.
  • Administration activity logs may be sent over an external monitoring system for auditing.
  • Backups of the Mediatrix products, containing collected personal data, may be retrieved by an authorised system administrator.
  • Network captures from the Mediatrix products, containing collected personal data, may be retrieved by an authorised system administrator for troubleshooting purposes.

Top

1.4.2 Personal Data Protection

Top
1.4.2.1 System and Data Protection

To protect the end-user personal data stored inside the Mediatrix devices, the device administrator should control and restrict access to the management interfaces by:

  • Forcing the use of a strong authentication password
  • Authorising LAN access only
  • Using the device firewall service to limit the remote access to the device to only authorized peers and authorised services
  • Using an external firewall
  • Enabling IEEE 802.1x authentication of Ethernet link

The device administrator may also enforce the use of encryption and authentication for a secure administration of the Mediatrix devices:

  • Authenticated Management Interfaces:
    • Web Interface: HTTPS with trusted certificates
    • CWMP: HTTPS with trusted certificates
    • CLI: SSH
  • Secure Management Operations:
    • Consult or retrieve the stored personal data: HTTPS with trusted certificates
    • Provisioning: HTTPS with trusted certificates
    • Firmware upgrades: HTTPS with trusted certificates
    • Backup/restore: HTTPS with trusted certificates
Top
1.4.2.2 Communications Protection (VoIP Calls)

The device administrator may configure the encryption of the data that transits through Mediatrix products:

  • Call signalling: SIP over TLS with trusted certificates
  • Media packets: SRTP
Top
1.4.2.3 Access and Communications

The Mediatrix products have three (3) default account roles:

  • Administrator
  • User (no password access)
  • Observer (read-only)

All the management interfaces are restricted to authorised accounts only, verified by username and password. Refer to the System and Data Protection section for the list of management interfaces and how to protect them.

The account credentials may be stored locally in the Mediatrix devices or in an external RADIUS authentication server.

In all cases, the device administrator should restrict the physical access to the Mediatrix products.

Top
1.4.2.4 Data Deletion

The Mediatrix products allow an authorised system administrator to delete end-user registration information (name and number).

A system administrator should also delete any temporary logs that may have been stored locally during a troubleshooting session such as:

  • call history
  • call recordings
  • network captures

A factory reset can be performed by a system administrator to revert a Mediatrix device back to its default factory state through a factory reset, thus erasing all the collected data and configuration.

Top
1.4.2.5 Audit

Audit trail logs of the system administrator activities may be enabled by the device administrator. These audit logs may be temporarily stored locally or sent through syslog to an external monitoring system.

Top

1.5 Management Interfaces

Top

1.6 IPv6

Top

1.6.1 Basic IPv6 Concepts

Top
1.6.1.1 IPv6

IPv6 (Internet Protocol version 6) is the successor to the most common Internet Protocol today (IPv4).

This is largely driven by the fact that IPv4 32-bit addresses are quickly being consumed by the ever-expanding sites and products on the Internet. IPv6 128-bit address space should not have this problem for the foreseeable future.

IPv6 addresses, in addition to being longer, are distinguished from IPv4 addresses by the use of colons ":", e.g. 2001:470:8929:4000:201:80ff:fe3c:642f. An IPv4 address is noted by 4 sets of decimal numbers separated by periods ".", e.g. 192.168.10.1.

Please note that IPv6 addresses should be written between [ ] to allow port numbers to be set.

For instance, [fd0f:8b72:5::1]:5060.

Top
1.6.1.2 IPv6 Availability
DGW supports IPv6 except for:
  • CPE WAN Management Protocol (CWMP)/TR-069
  • DHCP embedded sever
  • IP Routing
  • Local Firewall (LFW)
  • Network Firewall (NFW)
  • Network Address Translation (NAT)
  • Online Certificate Status Protocol (OSCP)
  • Remote Authentication Dial In User Services (RADIUS)
  • Session Border Controller (SBC)
  • Simple Network Management Protocol (SNMP)
  • PPPoE
Top

IPv6 link-local addresses start with fe80 and must include the scope identifier

Therefore, the format of a link-local address is: [IPv6 link-local%ScopeIdentifier].

The scope identifier corresponds to:

  • On Windows: the network link used to contact the IPv6 link-local address.
  • On Linux: the link name or the interface number.

For example, if the unit must contact a server at the IPv6 link-local fe80::201:80ff:fe3c:642f address, you must check on which network link the server is available. Some units have WAN or LAN. If it is on the WAN link, the IP address would then be "[fe80::201:80ff:fe3c:642f%wan]".

Top

1.6.2 IPv6 Basic Tasks

Top
1.6.2.1 Locating the Scope Identifier of fe80 IPv6 Addresses on Windows
Context

Important

If the Mediatrix unit is configured to use IPv6 addresses and the firmware is downgraded to a version that does not support IPv6, then all IPv6 networks are deleted.

Steps
  1. Open the Windows Command Line interface.
  2. Type ipconfig .
  3. Locate the IPv6 address.

    Note

    The IPv6 address starts with fe80.

  4. Locate the interface number in the IPv6 address.

    Note

    the interface number is at the end of the address, after the %.

Result
In the following example, the interface number of the [fe80::201:80ff:fe3c:642f%4] IPv6 address is 4.
Top
1.6.2.2 Locating the Scope Identifier of fe80 IPv6 Addresses on Linux
Context

Important

If the Mediatrix unit is configured to use IPv6 addresses and the firmware is downgraded to a version that does not support IPv6, then all IPv6 networks are deleted.

Steps
  1. Open the Linux Command Line interface.
  2. Type ipconfig .
  3. Locate the IPv6 address.

    Note

    The IPv6 address starts with fe80.

  4. Locate the interface number in the IPv6 address.
Result
In the following example, to contact the IPv6 link-local IPv6 address "fe80::201:80ff:fe3c:642f", you would use: [fe80::201:80ff:fe3c:642f%2] or [fe80::201:80ff:fe3c:642f%eth0].
Top

1.7 Naming Conventions

When defining a name for a parameter, only ascii characters are authorised.

This is valid when defining a name for a parameter in a Web Page of the Management interface, but also for parameters accessed via the CLI, the MIB, or a script.

For example, to be valid, the Service Name defined during PPPoE configuration must only contain ascii characters. Special characters such as " " (space), """ (double quote), "“" (left double quote), "‘" (left single quote), "#", "£", "¢", "¿", "¡", "«", "»" will cause the system to display a syntax error message.

Top

1.7.1 ASCII Special Characters

The DGW v2.0 Application does not support ASCII special characters higher than 127.
Top

1.8 Unit Macros

Macro Description
%mac% the MAC address of the unit
%version% the MFP version of the unit (firmware version)
%product% the Product name of the unit
%productseries% the Product series name of the unit.
Top

1.9 Command Line Interface (CLI)

Top

1.9.1 CLI Basic Concept

Top
1.9.1.1 Command Line Interface (CLI)

The Command Line Interface (CLI) provides an access to interactively configure all the Mediatrix unit parameters.

The CLI is accessed through either a secure SSH session (default) or an unsecure TELNET session. When using a secure SSH session, all communications between Client and server are encrypted before being sent over the network, thus packet sniffers are unable to extract user names, passwords, and other potentially sensitive data. This is the default and recommended way to access the Command Line Interface.

The command interpreter interface of the CLI allows the user to browse the unit parameters, write the command lines, and display the system's notification log.

Top

1.9.2 CLI Basic Tasks

Top
1.9.2.1 Creating the Telnet Session Activation Configuration Script
Steps
  1. Open a text editor.
  2. Copy and paste the text included in the following Result section.

    Note

    If necessary, you can customise the value of the Cli.InactivityTimeOut and Cli.TelnetPort parameters.

  3. Save the file as telnet.cfg
Result
The configuration script to enable Telnet sessions is created but needs to be imported to the unit.
Top
1.9.2.2 Accessing the CLI via a Telnet Session
Context

Important

Remember that when using a Telnet session to access the CLI, communications between Client and server are not secured, thus packet sniffers are able to extract user names, passwords, and other potentially sensitive data. Therefore, Media5 Corporation strongly recommends using an SSH session.

Before You Start
Your unit must be properly connected. Refer to the Hardware Installation Guide of your unit published on the Media5 documention portal at https://documentation.media5corp.com/
Steps
  1. Start your Telnet Client.
  2. Enter the IP address of your unit.
  3. Enter the port number 23 .
  4. Select Telnet as the connection type.
  5. When prompted for login, enter your login userrname (Default usernames are public or admin ).
  6. Enter your login password (for the default admin usrname, the password is administrator , for the public username, no password is required).

    Note

    If you are accessing the unit through the CLI for the first time or after a factory reset, you may be presented with a warning message regarding the unit’s identification. You can accept the message and continue.

Result
After you have successfully connected to the Mediatrix unit by using a Telnet session, you can start using the CLI to configure the Mediatrix unit. For more details on the scripting language, refer to the DGW Configuation guide - Configuration Scripting Language Syntax published on the Media5 documentation portal at https://documentation.media5corp.com/ .
Top
1.9.2.3 Accessing the CLI via an SSH Session
Before You Start
Your unit must be properly connected. Refer to the Hardware Installation Guide of your unit published on the Media5 documention portal at https://documentation.media5corp.com/
Context
This is the recommended way to access the CLI.
Steps
  1. Start your SSH Client.
  2. Enter the IP address of your unit.
  3. Use the SSH default port number, i.e. 22 unless, you have previously changed it in the DGW Web interface under Management /Misc .
  4. Select SSH as the connection type.
  5. When prompted for login, enter your login userrname (Default usernames are public or admin ).
  6. Enter your login password (for the default admin username, the password is administrator , for the public username, no password is required).

    Note

    If you are accessing the unit through the CLI for the first time or after a factory reset, you may be presented with a warning message regarding the unit’s identification. You can accept the message and continue.

Result
After you have successfully connected to the Mediatrix unit by using an SSH session, you can start using the CLI to configure the Mediatrix unit. For more details on the scripting language, refer to the DGW Configuation guide - Configuration Scripting Language Syntax published on the Media5 documentation portal at https://documentation.media5corp.com/ .
Top

1.10 File Servers

Top

1.10.1 Configuring the FTP Server

Before You Start
If you are not familiar with the procedure on how to set the FTP root path, please refer to your FTP server's documentation.
Context

Perform this procedure if you plan to use the FTP transport protocol.

Steps
  1. Set an FTP service on the assigned server.
  2. Make sure the FTP server can be reached by the Mediatrix unit.

    Note

    If the file server is located behind a firewall, make sure that TCP port 21 is open.

Top

1.10.2 Configuring the HTTP Server

Before You Start
If you are not familiar with the procedure on how to set the HTTP root path, refer to your HTTP server's documentation.
Context
Perform this procedure if you plan to use the HTTP transport protocol.
Steps
  1. Set an HTTP service on the assigned server.
  2. Make sure the HTTP server can be reached by the Mediatrix unit.

    Note

    If the file server is located behind a firewall, make sure the TCP port 80 is open.

Top

1.10.3 Configuring the HTTPS Server

Before You Start
If you are not familiar with the procedure on how to set the HTTPS root path, please refer to your HTTPS documentation.

Make sure the unit is set to the proper date (refer to task_ofy_g2q_5q .

Context
Perform this procedure if you plan to use the HTTPS transport protocol.
Steps
  1. Set an HTTPS service on the assigned server.
  2. Make sure the HTTPS server can be reached by the Mediatrix unit.

    Note

    If the file server is located behind a firewall, make sure the TCP port 443 is open.

  3. Make sure that in the Management /Certificates tab, in the Certificate Import Through Web Browser table, there is a certificate that authenticates the HTTPS server selected in the Path field, and that Other is selected in the Type field.
  4. Set the configuration parameters.
Top

1.10.4 Configuring the TFTP Server

Before You Start
If you are not familiar with the procedure on how to set the TFTP root path, please refer to your TFTP server's documentation.
Context
Perform this procedure if you plan to use the TFTP transport protocol.
Steps
  1. Set a TFTP service on the assigned server.
  2. Make sure the TFTP server can be reached by the Mediatrix unit.

    Note

    If the file server is located behind a firewall, make sure the UDP port 69 is open.

Top

1.11 Bypass Feature ( 4402plus-4404plus Models )

In the event of a power failure or network failure, the optional bypass feature permits users to make and receive calls even when the Mediatrix unit is not operating.

The Mediatrix unit BRI 1 and BRI 2 connectors may either act as a SCN bypass. For instance, if you decide to connect a SCN line into the BRI 2 connector, you can use a BRI telephone connected into the BRI 1 connector to make calls. Furthermore:

  • The connector on which the SCN line is connected must be configured as a TE.
  • The other connector must be configured as a NT.
Refer to the Software Configuration Guide for more details on how to configure the line type.

During normal operation, the direct connection between the BRI 1 and BRI 2 connectors is switched out through commuting relays and both ports resume normal functions. When power is removed from the Mediatrix unit, the relay setting is restored to a connected state and the SCN line can be used as an emergency line. Consequently, a BRI telephone used on the other port is directly connected to this SCN line. When the power is restored, this automatically removes the Bypass connection; this means that any ongoing call on the Bypass connection is terminated.

Top

2 System

Top

2.1 Information

Top

2.1.1 Licence Key Package

The licence keys are contained in a ZIP file. The ZIP file should contain a specific activation script for each device and a multiple-activation script.

The individual script files are named using the unit MAC address. e.g. 0090F8000000.cfg.

The multiple-activation script is named all_units.cfg.

Activation Methods

There are three different methods available to activate a licence and enable the related feature:

Top

2.1.2 Activating the Licence Using the Web Interface

Before You Start
You must have a licence key and you must know the MAC Address of your unit Locating the MAC Address of Your Mediatrix Unit .
Steps
  1. Using notepad, or equivalent, open the individual script file that has the same MAC address as the device.
  2. Go to System /Information .
  3. In the Activate License table, enter your licence key in the field found in step 2 .
  4. Click Apply .
  5. Validate if the licence was applied. (System /Information /Licences )
Result
Top

2.2 Services

Top

2.2.1 Basic Service Concepts

Top
2.2.1.1 Services

The Mediatrix unit uses many services to carry out tasks and support features.

The are two types of services:

  • system services : You cannot perform service commands on system services. The service is restarted by using the Reboot button located under the Reboot tab of the DGW Web interface.

    Note

    If the unit is in use when clicking Reboot , all calls are terminated.

  • user services: You can perform service commands on user services. The service is restarted by using the start
button located under the Services tab of the DGW Web interface, next to the service.

Note

Available services may differ depending on the Mediatrix unit you are using. Available services are displayed on the DGW Web page, under System /Services .

When a service needs to be restarted, the restart required services is systematically displayed. If you are not able to restart a service because it is a system service, click the Reboot link in the top menu. The Reboot page then opens. You must click Reboot. This restarts the Mediatrix unit. If the unit is in use when you click Reboot, all calls are terminated

Services can also be restarted via the CLI using the Scm.ServiceCommandsRestart parameter.

Top
2.2.1.2 System Services vs User Services

The Mediatrix unit uses many services to carry out tasks and support features.

There are 3 service commands that can be used:

  • Start
  • Stop
  • Restart

The are two types of services:

Note

Available services may differ depending on the Mediatrix unit you are using. Furthermore, some services are available only if a licence has been installed. Available services are displayed on the DGW Web page, under System /Services .

When a system or a user service needs to be restarted, the Some changes require to restart a service to apply new configuration message is systematically displayed on the DGW Web pages. Also, every service has the NeedRestartInfo CLI/MIB parameter to indicate if the service needs to be restarted for the configuration to fully take effect.

Note

For the complete list of parameters and commands available for the configuration of each service, refer to the DGW Configuration Guide - Reference Guide published on the Media5 documentation portal at https://documentation.media5corp.com/ .

Top
2.2.1.3 DGW User Services
User Service Description
Basic Network Interface (Bni) Manages the layer 3 network interfaces.
Call Detail Record (Cdr) Allows the administrator to generate custom call notifications with information such as endpoints, point of origin, duration, etc.
Command Line Interface (Cli) Allows the administrator to manage the unit using the SSH or TELNET protocols.
Call Routing (Crout) Transforms properties and routes calls between telephony interfaces and SIP endpoints.
CPE WAN Management Protocol (Cwmp) Allows the administrator to manage the unit using the TR-069 protocol.
DHCP Server (Dhcp) Manages a DHCP server on each network interface.
E&M Channel Associated Signaling (Eam) Manages the E&M CAS telephony interfaces.
Element Management System for Virtuo (EMS) Makes the unit compatible with the Virtuo EMS infrastructure.
Endpoint Administration (EpAdm) Allows for high-level management of telephony endpoints.
Endpoint Services (EpServ) Manages the telephony services of each endpoint.
IP routing (IpRouting) Manages the unit's IP routing table.
Integrated Services Digital Network (Isdn) Manages the ISDN parameters for BRI and PRI telephony interfaces.
Local Firewall (Lfw) Allows the administrator to filter the network with the unit as final destination.
Link Layer Discovery Protocol (Lldp) Manages the IEEE 802.1ab protocol used for advertising the unit's capabilities on the network.
Media IP Transport (Mipt) Manages the voice and data encodings over the IP network.
Music on Hold (Moh) Manages the option to play an audio file when a telephony endpoint is on hold.
Network Address Translation (Nat) Allows the administrator to change the source or destination IP address of a packet.
Network Firewall (Nfw) Allows the administrator to filter traffic that is routed between networks.
Network Traffic Control (Ntc) Allows the administrator to perform traffic shaping on the network interfaces.
Plain Old Telephony System Line (Pots) Manages the FXS and FXO analog telephony interfaces.
R2 Channel Associated Signaling (R2) Manages the E1 CAS telephony interfaces
Session Border Controller (Sbc) Allows the administrator to perform SIP to SIP normalization, call routing, NAT traversal, and survivability.
SIP Endpoint (SipEp) Allows the administrator to associate telephony endpoints with SIP user agents.
SIP Proxy (SipProxy) The SIP Proxy (SipProxy) service is used to add local survivability for local endpoints and SIP phones.
Simple Network Management Protocol (Snmp) Allows the administrator to manage the unit using the SNMP protocol.
Telephony Interface (TelIf) Manages tone generation and detection on the telephony interfaces.
Virtual Machine (Vm) Allows the administrator to manage virtual machines.
Web Service (Web) Manage the unit using HTTP(S) web pages.
Top
2.2.1.4 DGW System Services
System Service Description
Authentication, Authorization and Accounting (Aaa) Manages the administrator accounts and grants or denies access to various parameters.
Certificate Manager (Cert) Manages the security certificates used for the authentication of the unit and its peers before establishing a secure connection.
Configuration Manager (Conf) Allows executing configuration scripts as well as performing backup/restore of the unit configuration.
Device Control Manager (Dcm) Manages the hardware properties as well as the licence activation keys.
Ethernet Manager (Eth) Manages the unit Ethernet link interfaces.
File Manager (File) Allows the administrator to manage the files stored on the unit.
Firmware Pack Updater (Fpu) Manages firmware upgrade, downgrade and rollback operations.
Host Configuration (Hoc) Manages the IP host parameters and other system settings.
Local Quality Of Service (LQos) Manages the QoS parameters applicable to the unit.
Notifications and Logging Manager (Nlm) Manages the routing and filtering of the unit's event notification messages.
Process Control Manager (Pcm) Manages the startup and shutdown sequence of the system.
Service Controller Manager (Scm) Allows the administrator to enable or disable services.
Top

2.2.2 Basic Service Tasks

Top
2.2.2.1 Setting the Service Start-up Type
Steps
  1. Go to System /Services .
  2. In the User Service table, from the Startup Type selection list located next to the service you wish to set.
    • choose Auto if you wish the service to start automatically when the system starts, or
    • choose Manual to start to the service manually when needed.
  3. Click Apply .
Result
The services set to Auto will automatically start every time the unit boots, while the services set to Manual must be started each time by the administrator when needed.
Top
2.2.2.2 Starting-Stopping-Restarting a User Service Using the DGW Web Page
Steps
  1. Go to System /Services .
  2. In the User Service table, on the line of the service you wish to set.
    • click if you wish to start the service, or
    • click to restart the service.
    • click to stop the service.

    Note

    When stopping or restarting a service, some interruptions might occur, such as dropped calls, virtual machine shutdown or loss of network connectivity, depending on the affected services and/or its dependencies.

  3. Click Apply .
Result
The status of the service (in the Status column) changes following the executed service command.
  • If you clicked , the tab from which you can access the service from the Web pages are greyed out
  • If you clicked , the tab from which you can access the service from the Web pages are no longer greyed out.
Top
2.2.2.3 Disabling a Service
Steps
  1. Go to System /Services .
  2. In the User Service table, on the line of the service you wish to disable, click to stop the service.

    Note

    When stopping a service, some interruptions might occur, such as dropped calls, virtual machine shutdown or loss of network connectivity, depending on the affected services and/or its dependencies.

  3. In the User Service table, from the Startup Type selection list located next to the service you wish to disable, choose Manual .
  4. Click Apply .
Result
The service will be stopped and will not be restarted automatically at the next unit start-up.
Top
2.2.2.4 Restarting a Service with a Grace Delay
Context
If no service needs to be restarted, the table will be greyed out.
Steps
  1. Go to System /Services .
  2. In the Restart Required Services table, set the Graceful Delay (min) field.
  3. Click Restart Required Services .
Result
The services that require a restart are restarted after the delay allowing ongoing calls to be completed. At the expiration of the delay, the services are forced to restart even if calls are still ongoing. Therefore, ongoing calls are abruptly disconnected without proper release. The users are not informed of the call disconnection event (ex.: end-of-call tone).
Top
2.2.2.5 Restarting a System Service
Context
System services cannot be restarted by the user. To restart a system service, the unit must be restarted.
Steps
  1. Go to Reboot .
  2. In the Reboot page, click Reboot .

    Note

    If the unit is in use when clicking Reboot , all calls are terminated.

Result
The Web session will be lost and you will be redirected to the login page after the reboot process. All system services needing to be restarted, will be restarted.
Top

2.2.3 Advanced Service Tasks

Top
2.2.3.1 Starting-Stopping-Restarting a User Service Using a MIB Browser
Steps
  1. Open a MIB Browser
  2. Navigate to the Service that needs to be restarted.
  3. Locate the needRestartInfo parameter to determine if the service needs to be restarted.
  4. Locate the serviceCommandsTable in the scmMIB.
    1. To restart the service, set the serviceCommandsRestart command to restart
    2. To start the service, set the serviceCommandsStart command to Start
    3. To stop the service, set the serviceCommandsStop command to Stop
Top
2.2.3.2 Restarting a Service Using the CLI
Context
For more details, refer to the Technical Bulletin - Using the CLI via an SSH Session published on the Media5 documentation portal at https://documentation.media5corp.com/ .
Steps
  1. Log into the CLI using an SSH client.
  2. Type the command line to restart the service, i.e. NameofService.Restart .

    Note

    For example Sbc.Restart to restart the Sbc service.

    Note

    Stopping or restarting a service will cause an interruption in that service, which may result for example in network lost, call interruption, or virtual machine shutdown, depending on the service(s) stopped or restarted.

Top

2.3 Hardware

Top

2.3.1 Hardware Basic Tasks

Top
2.3.1.1 Selecting the Source of the Clock Reference
Steps
  1. Go to System /Hardware .
  2. From the Clock Reference Configuration table, select from the Suggestion list, several clock reference sources.
  3. Click Apply .
Result
The selected Clock Reference sources for each available telephony card, according to the unit type, are displayed in the Value field of the Clock Reference Configuration table. The first selected source will be used as a the clock reference. The following one will be used as the fallback source, in the listed order, if the first one becomes unavailable. Only one source is used at a time for the Clock Reference .
Top
2.3.1.2 Selecting the Port Used for Synchronisation
Steps
  1. Access the DGW Web interface of your unit.
  2. Go to System /Hardware .
  3. In the Clock Reference Configuration table, from the Suggestion selection list, choose SYNCIN .
Result
The unit will be synchronised on the SYNCIN port.
Top
2.3.1.3 Associating a PRI Port to a Line Type and Protocol
Steps
  1. Go to System /Hardware .
  2. In the PRI Ports Configuration table, from the Line Type selection list, select either E1 or T1.
  3. From the Signaling selection list, associate a type of signaling to the PRI port.
  4. Click Apply .
  5. Restart the unit.
Result
The selected line type will appear under ISDN /Primary Rate Interface . This is an example of a PRI port association.
Top
2.3.1.4 Setting the Mediatrix Unit to Use the R2 Signaling Protocol
Before You Start
R2 signaling protocol can only be used on E1 line type.
Steps
  1. Go to System /Hardware .
  2. In the PRI Cards Configuration table, from the Signaling selection list, located on the same line as the port you wish to dedicate to R2 signaling, choose R2 .

    Note

    When changing from R2 to ISDN or ISDN to R2, you must change your routes accordingly (Call Router/Route Config).

  3. From the Line Type selection list, make sure E1 is selected.
  4. Click Apply .
  5. Restart the unit.
Result
Top
2.3.1.5 Setting the Mediatrix Unit to Use the EandM Signaling Protocol
Steps
  1. Go to System /Hardware .
  2. In the PRI Ports Configuration table, located on the same line as the port you wish to dedicate to E&M signaling, from the Signaling selection list, choose E&M .

    Note

    When changing from E&M to ISDN/R2 or ISDN/R2 to E&M, you must change your routes accordingly. For instance, if you are in ISDN with a route isdn-Slot2/E1T1, then change to E&M, you must change the route to e&m-Slot2/E1T1.

  3. From the Line Type selection list, choose T1 .
  4. Click Apply .
  5. Restart the unit.
Result
Top
2.3.1.6 Cabling Several Units for TDM Synchronisation
Context
Cabling is done using straight cables in a daisy chain.
Before You Start
The common practice is to have the first unit act as the Clock Master. However
Steps
  1. Connect a standard Ethernet cable to the SYNC OUT port of the first device.
  2. Connect the other end of the Ethernet cable to the SYNC IN port of another device.
  3. Connect all your units in the same fashion.
  4. Connect a standard Ethernet cable in the SYNC OUT port of the last unit.
  5. Connect the other end of the Ethernet cable in the SYNC IN port of the first unit.

    Note

    There must always be a link between the last and first unit even if the first unit is the master because it may lose its source and then another unit in the chain will become the master.

Result
Top

2.3.2 Hardware Advanced Parameters

Some aspects of the Hardware configuration can only be completed with the MIB parameters.

These parameters can be accessed and configured by:
  • using a MIB browser
  • using the CLI
  • creating a configuration script containing the configuration variables
For the complete list of available parameters, refer to the Hardware section of the DGW Configuration Guide - Reference Guide published on the Media5 documentation portal at https://documentation.media5corp.com/ .
Top

2.4 Endpoints State Configuration

Top

2.4.1 Basic Endpoints State Concepts

Top
2.4.1.1 Administrative State of Unit

The administrator can disable the use of specific endpoints or all endpoints of a unit through the administrative state configuration. It is also possible to select the initial endpoint state to be applied on unit start-up.

Disabling endpoints of a unit can be useful for example:

  • in a multi-tenant environment, if a tenant stops its service subscription, the administrator can lock the unit so the FXS port can give either a fast busy tone or no tone to signal the line is decommissioned. Then later the administrator can send a technician on site to re-wire and make the port available to another tenant.
  • if a user does not pay his service, the administrator can simply lock the endpoint.
  • to prevent calls during unit maintenance

Note

Locking an endpoint also removes SIP registration from the endpoint prohibiting calls from and to the endpoint.

Top

2.4.2 Basic Endpoint State Tasks

Top
2.4.2.1 Locking All Unit Endpoints - Gracefully
Steps
  1. Go to System /Endpoints .
  2. In the Unit States table, from the Action selection list, choose Lock .
Result
New calls can no longer be sent or received.
  • If the state of the unit is Idle or Idle Unusable , the unit is locked right away.
  • If the unit is either Busy or Active , the unit will be locked only when it will become Idle .
Top
2.4.2.2 Locking All Unit Endpoints - Immediately
Steps
  1. Go to System /Endpoints .
  2. In the Unit States table, from the Action selection list, choose Force Lock .
Result
All telephone lines of the unit are locked immediately even if there are calls in progress, in which case the call will be immediately terminated (BYE sent to the SIP peer and end-of-call tone played to the endpoint). Locking all unit endpoints prevents any call activities.
Top
2.4.2.3 Unlocking All Unit Endpoints
Steps
  1. Go to System /Endpoints .
  2. In the Unit States table, from the Action selection list, choose Unlock .
Result
The unit becomes available for use.
Top
2.4.2.4 Locking an Endpoint - Gracefully
Steps
  1. Go to System /Endpoints .
  2. In the Endpoint States table, from the Action selection list of an endpoint, choose Lock .
Result
The endpoint will no longer be able to send or receive a call.
  • If the state of the endpoint is Idle or Idle Unusable , the endpoint is locked right away.
  • If the endpoint is either Busy or Active , the endpoint will be locked only when the unit will become in Idle .
Top
2.4.2.5 Locking an Endpoint- Immediately
Steps
  1. Go to System /Endpoints .
  2. In the Endpoint States table, from the Action selection list of an endpoint, choose Force Lock .
Result
All activities of the endpoint are stopped immediately, even if there are calls in progress, in which case the call will be immediately terminated (BYE sent to the SIP peer and end-of-call tone played to the endpoint).
Top
2.4.2.6 Unlocking an Endpoint
Steps
  1. Go to System /Endpoints .
  2. In the Endpoint States table, from the Action selection list of an endpoint, choose Unlock .
Result
The endpoint becomes available for use.
Top
2.4.2.7 Setting the Endpoint Behavior after a Unit Restart
Steps
  1. Go to System /Endpoints .
  2. In the Endpoint States table, from the Initial Administrative selection list of an endpoint, choose Lock or Unlock .
Result
  • If the Initial Administrative selection list is set to Lock , when the unit restarts, the endpoint will remain locked, therefore unusable.
  • If the Initial Administrative selection list is set to Unlocked , when the unit restarts, the endpoint will become usable.
.
Top
2.4.2.8 Disabling the Unit Endpoints when No Gateways are Ready
Steps
  1. Go to System /Endpoints .
  2. In the Administration table, select Enable next to Disable Unit (All Endpoints) when No Gateways Are In State Ready .
Result
The unit will be disabled, i.e. unusable, if none of the SIP gateways are ready to be used. As soon as a SIP gateway becomes ready, the unit will be enabled.
Top
2.4.2.9 Shutting Down Endpoint if in Idle-Unusable State
Steps
  1. Go to System /Endpoints .
  2. In the Administration table, select Enable next to Shutdown Endpoint When Operational State is Disable And Its Usage State is idle-unusable .

    Note

    The Shutdown Endpoint When Operational State is Disable And Its Usage State is idle-unusable parameter is always interpreted as disabled unless it has been specifically set to enable.

Result
When an endpoint usage state becomes Idle-unusable whatever the value of its operational state, the endpoint remains physically up but the calls are denied.
Top
2.4.2.10 Disabling All Gateways when Trunk Lines are Down
Steps
  1. Go to System /Endpoints .
  2. In the Administration table, select Disable next to Disable Unit (All Endpoints) when No Gateways Are In State Ready .

    Note

    This applies only to E1 or T1 telephony lines.

Result
When all E1 or T1 telephony lines are down, all SIP gateways will be stopped. All SIP gateways will be started when at least one E1T1 line is up.
Top

2.4.3 Advanced System-Endpoints Parameters

Although the services can be configured in great part in the Web browser, some aspects of the configuration can only be completed with the Configuration parameters by :

  • using a MIB browser
  • using the CLI
  • creating a configuration script containing the configuration parameters

For more details on the following advanced parameters, refer to the DGW Configuration Guide - Reference Guide published on the Media5 documentation portal https://documentation.media5corp.com/

Setting the toggle delay to disable the SIP gateways when trunk lines are down
EpAdm.DisableSipGatewaysWhenTrunkLinesDownToggleDelay
Setting the Behavior of the unit While in Shutting Down State
EpAdm.BehaviorWhileInUnitShuttingDownState
Top

2.5 Event Log

Top

2.5.1 Basic Event Log Concepts

Top
2.5.1.1 Event Notifications

An event is something that happens in the system and that needs to be reported. Event notifications are formatted text messages issued by the DGW software to signal something of interest to the unit administrator.

Event Notifications are used to generate alarms in the customer's system and to monitor the system. It is possible to control:

  • for which service event notifications will be reported;
  • which event notifications will be reported based on the severity level of the event;
  • if a specific event notification should be reported or not;
  • where the event notifications will be logged.
For example, it is possible to log all event notifications raised for the Call Router (Crout) service, or to log only one specific event notification for the Certification (Cert) service.

Important

Unit performance is affected by the quantity of events that are reported.

Event Notifications can be sent to different destinations to be logged:

Top
2.5.1.2 Send via Syslog

Event notifications can be logged by a Syslog server.

The event notifications will be sent over UDP in the syslog format, to the syslog server specified in the configuration. Alternatively, the syslog server address can be provided through DHCP. It is important to understand that if no syslog server address is provided by a DHCP server or specified by the administrator, no messages are sent.

Important

In some cases, Mediatrix devices can generate more information than the syslog server can handle. In these cases, it is preferable to capture the information with Wireshark.

Top
2.5.1.3 Send via SIP

It is possible to send the event notifications to a SIP server.

The event notifications sent to a SIP server are included in the SIP Notify messages. When choosing to send event notifications to a SIP server, it is not allowed to send all notifications, i.e. select the All criteria when configuring event notifications. This has been implemented to avoid sending high volumes of traffic and risking the overload of the SIP server.

The destination can be configured with the parameter and the sipEp.maxNotificationsPerNotify parameter is used to define how many messages can be sent in a single "SIP NOTIFY" request the

For more details, refer to DGW Configuration Guide - Reference Guide published on the Media5 documentation portal at https://documentation.media5corp.com

Top
2.5.1.4 Log Locally

The DGW Local Log displays the Event Notifications related to the events occurring on the Mediatrix unit that are generated by the Mediatrix Notifications and Logging Manager (Nlm) service.

Notifications will be displayed in the Local Log Entries table of the DGW Web interface provided the issuing of events for a service is enabled, and if the event meets the selected severity level chosen to be reported.

The Local Log Entries table has the following characteristics:

  • Number of displayed event notifications is limited
  • Newer notifications replace older ones.
  • The routing criteria should be designed to avoid overloading the log.
  • The local log has no persistence. Its content is erased when the unit or the Nlm service is restarted.
  • The local log does not accept messages from the SNMP service with a ‘Debug’ severity level. This is to prevent an issue when reading the local log with SNMP. The SNMP walk through the table would not catch up with the increasing index because of the DEBUG events generated by the SNMP service itself.

Top
2.5.1.5 Log to File

The event notifications can be logged in a file saved in the DGW File Management system.

Event notifications logged to a file will be available in the DGW Web interface, under Management /File tabs. The log to file feature is not available on the Mediatrix 4102 and C7 Series as they do not have more than 1MB or more user storage. The number of files stored in the unit is limited. When the maximal number is reached, the oldest stored file is deleted. The limit is configured in the LogFileMaxNb Mib parameter.

Top

2.5.2 Basic Event Notification Tasks

Top
2.5.2.1 Logging Event Notifications
Steps
  1. Go to System /Event Log .
  2. In the Service Notification Configuration table, click + located next to Services .
  3. For each service, choose the Severity level that will trigger the notifications.

    Note

    if you do not wish to log the event notifications of a service, select Disable .

    Note

    At this point, you have only enabled the possibility to log event notifications.

  4. In the Criteria field, enter All .
  5. From the Action drop-down list, select where and how the event notifications will be logged.
    1. Choose Log Locally to display the event notifications in the Local Log.
    2. Choose Log to File to send the event notifications to the DGW file management system (not available on the Mediatrix 4102 and C7 Series).
    3. Choose Send via Syslog to send the event notifications to a Syslog server.
  6. If you selected Send via Syslog in the previous step, make sure you have configured the address of the syslog server under Syslog Configuration /Remote Host field.
  7. Click .
  8. Click Apply .
Result
All event notifications with the appropriate selected Severity level of each selected service will be logged to the chosen destination.
Top
2.5.2.2 Logging Specific Event Notifications
Context
Instead of logging all the event notifications, as specified in Logging Event Notifications , the Criteria can be refined to a subset of events.
Steps
  1. Go to System /Event Log .
  2. In the Service Notification Configuration table, click + located next to Services .
  3. From the Severity drop-down list, for each service, choose the severity level that will trigger the notification.

    Note

    If you do not wish to log the event notifications of a service, select Disable .

    Note

    At this point, you have only enabled the possibility to log event notifications.

  4. In the Notification Events table, select a Service for which Event Notifications must be issued.
  5. From the Notification drop-down list, select one, or several, specific service notifications you wish to log.

    Note

    The Criteria field will be auto populated with the selection made in the Notification field.

    Note

    To log all the notifications of a specific service enter in the Criteria field the service code with all separated by a coma. For example: 200.all to log all the notifications of the Bni service. (The code can be found in the Service drop-down list.)

  6. From the Action drop-down list, select where and how the event notifications will be logged.
    1. Choose Log Locally to display the event notifications in the Local Log.
    2. Choose Log to File to send the event notifications to the DGW file management system. (not available on the Mediatrix 4102 and C7 Series).
    3. Choose Send via Syslog to send the event notifications to a Syslog server.
    4. Choose Send via SIP to send the event notifications to a SIP server.
  7. This step is not necessary if you chose Log To File in the previous step. In Syslog Configuration table, in the Remote Host field, enter the IP address of the server.
  8. Click .
  9. Repeat steps 4 to 7 for each notification you wish to publish.
  10. Click Apply .
Result
The selected service notifications with the corresponding Severity level will be published to the selected destination.
Top
2.5.2.3 Disabling Event Notification Reporting for a Service
Steps
  1. Go to System /Event Log .
  2. In the Service Notification Configuration table, from the drop-down list located next to a service name, select Disable .
Result
No event notifications will be issued for the service.
Top
2.5.2.4 Modifying the Severity Level Triggering the Reporting of a Notification
Steps
  1. Go to System /Event Log .
  2. In the Service Notification Configuration table, from the drop-down list located next to a service name, select the severity level an event should have to issue a notification.
Result
Notifications will be issued for the service only if the severity level matches the selection.
Top

2.6 Local Log

Top

2.6.1 Basic Local Log Tasks

Top
2.6.1.1 Clearing the Local Logs
Steps
  1. Go to System /Local Log .
  2. Click Clear Local Log .
Result
The entries in the Local Log Entries table will be permanently deleted.
Top
2.6.1.2 Updating the Local Logs
Steps
  1. Go to System /Local Log .
  2. Click Refresh Local Log .
Result
All new entries generated by the Notifications and Logging Manager (NLM) of your Mediatrix unit will be displayed in the Local Log Entries table.
Top

2.7 Packet Capture

Top

2.7.1 Basic Packet Capture Concepts

Top
2.7.1.1 Packet Captures

Packet captures are data packets intercepted when passing through a specific computer network.

Captured packets can be sent to a specific location where they can be analysed. The content of the capture can therefore be used to diagnose and troubleshoot network problems and determine if network security policies are being followed.

There are two different ways to perform a packet capture:

  • With the pcapture CLI command (not a Cli service command) available only via the CLI. This method displays the captured packet directly in the CLI or allows streaming the captured packet to a SSH tunnel to a remote Wireshark client.
  • With the PCaptureStart Nlm service command. This is a muse command, it can be executed via SNMP, a script, and the CLI. This is also the command used when performing packet captures via the Web page. This method sends the captured file to the service FILE or to a HTTP server via a standard HTTP upload.

Top

2.7.2 Basic Packet Capture Tasks

Top
2.7.2.1 Starting a Network Capture
Context
This method is performed with the PCaptureStart command of the Nml service.
Steps
  1. Go to System /Packet Capture .
  2. In the Packet Capture Configuration section, complete the fields as follows:
    1. Max Numebr of Frames: Specifies the maximum number of frames after which the packet capture is automatically stopped. 0 means no limit.
    2. Max number of seconds: Specifies the maximum number of seconds after which the packet capture is automatically stopped. 0 means no limit.
    3. Filter: For more details on filters, refer toFilter Examples
    4. Link Name: Select the name of the link interface to capture
    5. URL: The URL format must follow this syntax: protocol://[user[:password]@]hostname[:port]/[path/]filename

    Note

    The Link Name can be, for example, ETH1.

    Note

    If the protocol is FILE, the captured trace is saved locally to the unit. For example, a if the URL is "file://my_trace.pcap" saves a capture file with the name "my_trace.pcap" in the Mediatrix unit, which can be downloaded under Management /File .

  3. Click Apply .
  4. Click Apply & Start Capture .

    Note

    Remember to click Apply & Stop Capture when you have enough packets captured.

Result
Packets going trough the specified filter will be captured and sent to the specified URL.
Top
2.7.2.2 Starting a Network Capture on a Specific VLAN
Before You Start
The Vlan must first be created.
Context

This method is performed with the PCaptureStart command of the Nml service.

Steps
  1. Go to System /Packet Capture .
  2. In the Packet Capture Configuration section, in the Link Name field, enter the name of the VLAN for which you want to capture packets. This corresponds to the chosen Ethernet port followed by name given in the VlanId field of the VLAN Configuration table (Network /VLAN ), when the Vlan was created (for example eth1.100)

    Note

    For the URL, if you choose the FILE transport protocol, it means that the file will be accessible under Management /File .

  3. Click Apply .
  4. Click Apply & Start Capture .

    Note

    Remember to click Apply & Stop Capture when you have enough packets captured.

Result
A capture will be started, and only the traffic going through the specified VLan will be captured.
Top
2.7.2.3 Starting a Network Capture Remotely On Windows
Context
This method is performed using the pcapture command of the CLI.
Before You Start
  • You must know the IP address of the unit running the DGW software.
  • The Mediatrix unit must be running a DGW v2.0.39.689 firmware or higher.
  • You must have a PC running Wireshark.
Steps
  1. From the PC, download the plink utility: plink utility .
  2. Save the plink utility in the same folder as the Wireshark executable is located.
  3. Open a command line interface (e.g. cmd.exe).
  4. Go to the Wireshark folder where the utility was saved.
  5. Enter
    plink.exe -pw "PASSWORD" USERNAME@IP_ADDRESS "pcapture -raw -i any" | wireshark -k -i -
    
    and replace the password, username, and IP address according to your setup.

    Note

    any is to make a capture on all ETH ports, including VLans (for example ETH1.10 where ) . But it is possible to choose the port, either ETH1, ETH2, ETH5, ETH1-4, ETH2-5, WAN, or LAN depending on the type of unit.

Result
The pcapture command will be executed in the CLI and the result will be sent to a new Wireshark window on the PC running the Wireshark.
Top
2.7.2.4 Starting a Network Capture Remotely On MacOS or Linux
Context
This method is performed using the pcapture command of the CLI.
Before You Start
  • The Mediatrix unit must be running a DGW v2.0.17.285 firmware or higher.
  • You must know the IP address of the unit running the DGW software.
  • You must have a PC running Wireshark.
Steps
  1. Open a command line interface.
  2. Enter: and replace the password, username, and IP address according to your setup.
    ssh USERNAME@IP_ADDRESS "pcapture -raw -i any" | wireshark -k -i -
    

    Note

    any is to make a capture on all ETH ports. But it is possible to choose the port, either ETH1, ETH2, ETH5, ETH1-4, ETH2-5, WAN, or LAN depending on the type of unit.

Result
The pcapture command will be executed in the CLI and the result will be sent to a new Wireshark window on the PC running the Wireshark.
Top

2.7.3 Examples

Top
2.7.3.1 Filter Examples
  • Filter: port 5060
    • Captures all traffic on (either source or destination) port 5060 (SIP)
  • Filter: port 5060 and host 192.168.0.99
    • Captures all traffic on port 5060 and source or destination IP 192.168.0.99
  • Filter: port 5060 and dst host 192.168.0.99
    • We can enter “dst” or “src” before “host” (or “port”) to specify the destination or source host (or port
  • Filter: not broadcast and not multicast
    • Filter out the broadcast and multicast traffic
Top
2.7.3.2 Examples of pcapture Commands for Windows
Capture from the uplink interface of the Mediatrix unit, and filtering out the broadcast and multicast traffic.
plink.exe -pw "1234" public@192.168.0.100 "pcapture -raw -i eth1 not broadcast and not multicast" | wireshark -k -i -
Capture from the uplink interface of the Mediatrix unit, the packets of the VLan for which the VlanId is 100 only.
plink.exe -pw "1234" public@192.168.0.100 "pcapture -raw -i eth1.100" | wireshark -k -i -
Capture from the uplink interface of the Mediatrix unit, the packets going through the Ethernet port eth1, but using RTP only.
plink.exe -pw "1234" public@192.168.0.100 "pcapture -raw -i eth1 -t rtp " | wireshark -k -i -
Capture from the uplink interface of the Mediatrix unit, the packets going through the Ethernet port eth1, but using port 5060 only (either source or destination).
plink.exe -pw "1234" public@192.168.0.100 "pcapture -raw -i eth1 port 5060 " | wireshark -k -i -
Capture from the uplink interface of the Mediatrix unit, the packets going through the Ethernet port eth1, but using port 5060 as the source only.
plink.exe -pw "1234" public@192.168.0.100 "pcapture -raw -i eth1 src port 5060 " | wireshark -k -i -
Capture from the uplink interface of the Mediatrix unit, the packets going through the Ethernet port eth1, but using port 5060 as the destination only.
plink.exe -pw "1234" public@192.168.0.100 "pcapture -raw -i eth1 dst port 5060 " | wireshark -k -i -
Capture the packets going through the Ethernet port eth1, for traffic for which the source or the destination is the unit with the 00:90:F8:07:5A:6D MAC address.
plink.exe -pw "1234" public@192.168.0.100 "pcapture -i eth1 ether host 00:90:F8:07:5A:6D " | wireshark -k -i -
Capture the packets going through the Ethernet port eth1, for traffic for which the source or the destination is the units whit the 10.5.128.11 or host 10.5.128.4 IP addresses.
plink.exe -pw "1234" public@192.168.0.100 "pcapture -i eth1 host 10.5.128.11 or host 10.5.128.4  " | wireshark -k -i -
Top
2.7.3.3 Examples of pcapture Commands on MacOs and Linux
Capture from the uplink interface of the Mediatrix unit, and filtering out the broadcast and multicast traffic.
ssh public@192.168.0.100 "pcapture -raw -i eth1 not broadcast and not multicast" | wireshark -k -i -
Capture from the uplink interface of the Mediatrix unit, the packets of the VLan for which the VlanId is 100 only.
ssh public@192.168.0.100 "pcapture -raw -i eth1.100" | wireshark -k -i -

Forces capture to interpret all packets as rtp packeta. Typically, this is used with a filter that only keeps rtp packets.

ssh public@192.168.0.100 "pcapture -raw -i eth1 -T rtp " | wireshark -k -i -

Capture only rtp packets, going through the Ethernet port eth1, but using port 5006 only (either source or destination)

pcapture -raw -i -T rtp eth1 port 5006
Capture from the uplink interface of the Mediatrix unit, the packets going through the Ethernet port eth1, but using port 5060 only (either source or destination).
ssh public@192.168.0.100 "pcapture -raw -i eth1 port 5060 " | wireshark -k -i -
Capture from the uplink interface of the Mediatrix unit, the packets going through the Ethernet port eth1, but using port 5060 as the source only.
ssh public@192.168.0.100 "pcapture -raw -i eth1 src port 5060 " | wireshark -k -i -
Capture from the uplink interface of the Mediatrix unit, the packets going through the Ethernet port eth1, but using port 5060 as the destination only.
ssh public@192.168.0.100 "pcapture -raw -i eth1 dst port 5060 " | wireshark -k -i -
Capture the packets going through the Ethernet port eth1, for traffic for which the source or the destination is the unit with the 00:90:F8:07:5A:6D MAC address.
ssh public@192.168.0.100 "pcapture -i eth1 ether host 00:90:F8:07:5A:6D " | wireshark -k -i -
Capture the packets going through the Ethernet port eth1, for traffic for which the source or the destination is the units whit the 10.5.128.11 or host 10.5.128.4 IP addresses.
ssh public@192.168.0.100 "pcapture -i eth1 host 10.5.128.11 or host 10.5.128.4  " | wireshark -k -i -
Top

2.8 Diagnostic

Top

2.8.1 Basic Diagnostic Concept

Top
2.8.1.1 Diagnostic Traces

Diagnostic Traces are specifically used for troubleshooting purposes. As for Event Notifications, they report errors, warnings, or system information.

Diagnostic Traces do not need to be activated, except at the specific demand of Media5 Technical Assistance Center.

Top

2.8.2 Basic Diagnostic Trace Tasks

Top
2.8.2.1 Enabling the Automatic Diagnostic Log Dump
Steps
  1. Go to System /Diagnostic .
  2. In the Diagnostic Log Configuration table, select Enable .
  3. Click Apply .
Result
If the unit unexpectedly closes, the diagnostic logs will be automatically generated in an *.tgz file, available under Management /File in the Internal files table.
Top
2.8.2.2 Manually Starting a Diagnostic Log Dump
Steps
  1. Go to System /Diagnostic .
  2. In the Diagnostic Log Configuration table, select Dump Now .
Result
The diagnostic logs will be generated in an *.tgz file, available under the Management /File , in the Internal files table.
Top

2.9 PCM Traces

Top

2.9.1 Basic PCM Traces Concepts

Top
2.9.1.1 PCM Traces

The PCM traces are two different RTP streams made specifically to record all analog or digital signals that are either sent or received by the telephony ports of the Mediatrix unit.

These RTP streams are sent to a configurable IP address, normally an IP address on your network where it can be recorded with a packet sniffer (such as Wireshark). Moreover, they are independent from the regular RTP streams of the VoIP call. On the analog devices, the streams are sent instantly at device start-up, with an average ptime of 5 ms. The resulting streams, depending on the model, are around 15 kB/s.

Only the configured port, port #1 and/or #2 send the PCM traces for a maximum of four simultaneous RTP streams.

All streams are sent instantly at start-up with an average ptime of 15 ms. This means that until the PCM traces are disabled, even an idle unit will continuously send up to 66.6 packets/s X 4 streams = 267 packets/s using approximately 174 bytes each, for a total of 46 Kbytes of upstream bandwidth.

On digital devices, the streams will be sent once a call is in process of being established (ISDN SETUP, SIP INVITE). This means no data will be sent if the gateway is idle with no calls in progress.

PCM Traces are usefull at identifying problems with:

  • Echo in the network
  • DTMF signals
  • Caller ID signals
  • Fax signals (or false Fax detection)
  • Message Waiting Indicator signals
  • Any other analog signal
  • Any voice quality issue

Top

2.9.2 Basic PCM Tasks

Top
2.9.2.1 Enabling the PCM Traces - SIP 5.0
Before You Start
The PCM traces destination must be set so it can be recorded in a Wireshark capture on your network, normally sent to the PC doing the capture
Steps
  1. Enable the PCM traces by setting the mxDebugPcmCaptureEnable MIB variable to enable.
  2. Set the destination IP address for the PCM traces in the mxDebugPcmCaptureIpAddress MIB variable.

    Note

    This IP address does not have to be listening on ports 5001/2 – 6001/2, as it is easy to filter out ICMP “port unreachable” messages afterwards.

    Note

    Enabling PCM traces on a 1204

    If G.723 is available, you MUST disable the G.723 and enable the G.726 codec to load the PCM code into the 1204. This can be done by setting the voiceIfCodecG723Enable MIB variable to disable and the voiceIfCodecG72616kbpsEnable MIB variable to enable in the voiceIfMIB.

  3. Reboot the unit.
Result
Top
2.9.2.2 Enabling the PCM Traces of a Port Using UMN
Before You Start
The PCM traces destination must be set so it can be recorded in a Wireshark capture on your network, normally sent to the PC doing the capture.
Context
If a port is receiving several calls at a time, the capture will be performed on the first call until it is completed, and only then will a capture be performed on another call. Traces are taken as soon as the port is opened.
Steps
  1. Using UMN, right click the name of the unit and select Edit SNMP...
  2. Browse to: mediatrixSystem/gen5/mediatrixCommon/mediatrixServices/miptMIB/miptMIBObjects/debugGroup/ pcmCaptureGroup.
  3. Set the pcmCaptureEnable MIB parameter to Enable .
  4. Set the pcmCaptureEndpoint MIB parameter to the unit’s endpoint on which the PCM capture will be taken from. For endpoint examples, refer to reference_gwm_mdh_x1b .

    Note

    To make sure that you are capturing the appropriate endpoint, please verify its naming by running the following command in CLI: Epadm.Endpoint. The output of the command displays a table with the unit's endpoints.

  5. Set the pcmCaptureIpAddr MIB parameter to the IP address of the PC running Wireshark.

    Note

    This IP address does not have to be listening on UDP ports, as it is easy to filter out ICMP “port unreachable” messages afterwards.

  6. When the capture is done, make sure to set the pcmCaptureEnable MIB parameter to Disable .
Result
Top
2.9.2.3 Enabling PCM Traces of a Port Using the Configuration Script
Before You Start
The PCM traces destination must be set so it can be recorded in a Wireshark capture on your network, normally sent to the PC doing the capture.
Context
If a port is receiving several calls at a time, the capture will be performed on the first call until it is completed, and only then will a capture be performed on another call. Traces are taken as soon as the port is opened.
Steps
  1. Create a txt file, and save it as a *.cfg.
  2. Enter Mipt.PcmCaptureEnable = Enable or Mipt.PcmCaptureEnable=1
  3. Enter Mipt.PcmCaptureEndpoint = Value , where Value is the unit’s endpoint on which the PCM capture will be taken from. For more information, refer to reference_gwm_mdh_x1b .

    Note

    To make sure that you are capturing the appropriate endpoint, please verify its naming by running the following command in CLI: Epadm.Endpoint. The output of the command displays a table with the unit's endpoints.

    Note

    The port names are case sensitive.

  4. Enter Mipt.PcmCaptureIpAddr = Value , where Value is the IP address of the PC running Wireshark.

    Note

    The IP address does not have to be listening on UDP ports, as it is easy to filter out ICMP “port unreachable” messages afterwards.

  5. Import the *.cfg file into the system. Refer to DGW Configuration Guide - Configuration Scripts Import and Export published on the Media5 documentation portal at https://documentation.media5corp.com/ .
  6. When the capture is done, make sure to disable the Mipt.PcmCaptureEnable MIB parameter.

    Note

    For example Mipt.PcmCaptureEnable = Disable or Mipt.PcmCaptureEnable = 0

Result
In the configuration script, the value of Mipt.PcmCaptureEnable , Mipt.PcmCaptureIpAddr and Mipt.PcmCaptureEndpoint parameters should reflect the values configured..
Top

2.10 VM

Top

2.10.1 Basic Virtual Machine Concepts

Top
2.10.1.1 RAM Allocation to Virtual Machines

To reduce the wear-and-tear of the Solid State Drive, make sure to allocate the maximum amount of RAM possible to the virtual machine.

Installed RAM on Mediatrix Units Available RAM for Virtual Machine
2 Gb 1.5 Gb
4 Gb 3.5 Gb
8 Gb 7 Gb ( 87.5% of available RAM)
Top
2.10.1.2 SSD Lifespan

Mediatrix units running a Virtual Machine are equipped with various sizes of Solid State Drive (SSD) for storage.

A Solid State Drive (SSD) is a form of flash-based storage. Media5 uses high quality, enterprise grade SSDs in its products. However due to its technical nature, flash memory can handle so many read/write cycles. Beyond that, the performance may degrade or in extreme cases, the drive may fail. For customers using a Mediatrix unit running a Virtual Machine, special attention should be paid to the number of writes caused by the Operating System running in the virtual machine, as well as by the application. If the Virtual Machine is not optimised, it will lead to excessive read/write access to the SSD, and hence significantly reduce the lifespan of the SSD. For more details, please refer to Technical Bulletins - Virtual machine installation published on the Media5 documentation portal at https://documentation.media5corp.com/ .

Top
2.10.1.3 SSD Lifespan Extrapolation

SSD lifespan can be extrapolated and Virtual Machine optimisation can be validated.

For example, let the virtual machine run for a month (or a week), read and compare the WearPercentage parameter at different times during this interval. Use the collected information to extrapolate the lifespan.

For example: the Wear Percentage increased from 19% to 20% in 2 months. Take the remaining 80% divided by a monthly increase of 0.5% gives 160 months left. Therefore at least 13 years left at the current increase rate.

If the lifespan does not meet the expectations, you may consider further optimisation measures e.g.:

  • disable some of the logging
  • log to an external device
  • assign more RAM to the Virtual Machine
  • consider ordering a bigger SSD for future installations

Top
2.10.1.4 What are the Meltdown and Spectre Security Vulnerabilities

These vulnerabilities allow a non-privileged process to read sensitive data in memory, thus accessing privileged information from the kernel or other processes.

A Virtual Machine (VM) running inside the Sentinel 400 may be vulnerable to Meltdown ( CVE-2017-5754 ) and to the two variants of Spectre ( CVE-2017-5753 and CVE-2017-5715 ).

For more information on these vulnerabilities:

Top
2.10.1.5 Is my VM vulnerable to Meltdown and Spectre?

Your Virtual Machine (VM) is only vulnerable if it allows running third-party/rogue applications or scripts.

For example:

  • A restricted user who has shell access can run malicious software.
  • A user surfing the Net from within the VM can unknowingly run malicious Javascript from his browser.

You can consider your VM non-vulnerable if your VM is a secured and closed system that does not allow running rogue code (i.e. the vulnerabilities cannot be exploited), unless an attacker founds other vulnerabilities to break into your VM.

Top
2.10.1.6 Is all the System Vulnerable?

The DGW firmware in the Mediatrix system, by itself, is not vulnerable since it does not allow running rogue code:

But it is theoretically possible, for a Virtual Machine compromised by the Spectre vulnerability, to read memory outside the Virtual Machine and access sensitive data of the Mediatrix system. The best protection against this is to secure your VM, to make sure there is no known means an attacker can use to break into your VM.

Media5 also recommends to always keep your Sentinel 400 up-to-date with to the latest DGW firmware version.

Top
2.10.1.7 How to Protect my VM against Meltdown

Linux kernels have a new feature called KPTI (previously known as KAISER) that protects against Meltdown.

If your Virtual Machine is vulnerable, Media5 recommends that you upgrade your kernel to a version that supports KPTI, and enable it.

For more information on KPTI: https://en.wikipedia.org/wiki/Kernel_page-table_isolation

Important

Enabling KPTI may impact the performance of your Virtual Machine.

Top
2.10.1.8 How to Protect my VM against Spectre

There are different mitigation techniques against Spectre:

  • Mitigation #1: A microcode update from the CPU vendor for better control over the branch speculation. Also need an updated kernel to enable these new features (IBRS and IBPB).
  • Mitigation #2: Different techniques (like "retpoline" and "LFENCE") that require recompiling the kernel, packages and applications.

As the time this document was written, Mitigation #1 could not be applied, as Intel had not yet released a microcode update for the CPU of the Sentinel 400.

If your Virtual Machine is vulnerable, Media5 recommends applying Mitigation #2. See https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)#Mitigation for more details.

Important

Mitigation techniques against Spectre may impact the performance of your Virtual Machine.

Top

2.10.2 Basic Virtual Machine Actions

Top
2.10.2.1 Stopping the Virtual Machine
Steps
  1. Go to System /VM .
  2. In the Virtual Machine Configuration table, click located on the same row as the VM you wish to stop.
Result
The virtual machine stops. In the Virtual Machine Status table, Stopped will be displayed under the State column.
Top
2.10.2.2 Stopping the Virtual Machine - Graceful Stop
Steps
  1. Open the VNC Client located on a computer located on the network connected to the unit.

    Note

    UltraVNC Viewer, TightVNC Viewer and VNC Viewer are presently supported.

  2. Enter the Unit.IP.Address: VNCid .
  3. In the VNC console, shutdown the OS using the recommended OS method.
Result
The virtual machine is stopped. In the Virtual Machine Status , Stopped will be displayed under the State column.
Top
2.10.2.3 Rebooting a VM
Context
If the virtual machine you wish to start requires resources equivalent to the available resources on the unit, then it will not be possible to start another virtual machine. It is only possible to start a virtual machine if there are enough resources on the unit.

Note

Rebooting a virtual machine does not have the same effect as Restarting the virtual machine.

Steps
  1. Go to System /VM .
  2. Click .
Result
The virtual machine is restarted. In the Virtual Machine Status , Started will be displayed under the State column.
Top
2.10.2.4 Rebooting a VM - Graceful Reboot
Context

Although the virtual machine can be rebooted via the Web page, rebooting the virtual machine using a VNC Client is the preferred way to reboot the virtual machine.

Note

Rebooting the virtual machine does not have the same effect as restarting the virtual machine.

Steps
  1. Open the VNC Client located on a computer located on the network connected to the unit.

    Note

    UltraVNC Viewer, TightVNC Viewer and VNC Viewer are presently supported.

  2. Enter the Unit.IP.Address: 5900+VNCid .
  3. In the VNC console, shutdown the OS using the recommended OS method.
Result
The virtual machine is restarted. In the Virtual Machine Status , Started will be displayed under the State column.
Top
2.10.2.5 Setting the Virtual Machine to Automatic Start
Context

If the virtual machine you wish to start requires resources equivalent to the available resources on the unit, then it will not be possible to start another virtual machine. It is only possible to start a virtual if there are enough resources on the unit.

Steps
  1. Go to System /VM .
  2. In the Virtual Machine Configuration table, from the Startup dropdown list, select Auto .
  3. Click Apply .
Result
When the Vm Service is started, the virtual machine will also be started.
Top
2.10.2.6 Setting the Virtual Machine to Manual Start
Context
Manually starting the virtual machine can be useful when installing the virtual machine to check if the installation was done properly. However, on a day to day usage, the virtual machine should be set to start automatically. Refer to Setting the Virtual Machine to Automatic Start .

Note

If the virtual machine you wish to start requires resources equivalent to the available resources on the unit, then it will not be possible to start another virtual machine. It is only possible to start a virtual machine if there are enough resources available on the unit.

Steps
  1. Go to System /VM .
  2. In the Virtual Machine Configuration table, from the Startup dropdown list, select Manual .
  3. Click Apply .
Result
The virtual machine will be started only if it is started manually. In the Virtual Machine Status , Started will be displayed under the State column.
Top
2.10.2.7 Deleting a VM
Steps
  1. Go to System /VM .
  2. In the Virtual Machine Configuration table, click located on the same row as the virtual machine you wish to delete.
Result
The virtual machine and its configuration are deleted.
Top
2.10.2.8 Monitoring the SSD Wear Percentage Using the CLI
Steps
  1. Open the Command Line Interface ( CLI).
  2. At the prompt, enter the following command: Dcm.PersistentWearPercentage
Result
This parameter will provide the Wear Percentage of the SSD. It is taken from the SMART data obtained directly from the drive. When it reaches 100%, it means the technical lifespan of the SSD has been reached. The drive may not fail immediately, but this indicates that the SSD must be replaced to ensure continuous operation.
Top
2.10.2.9 Monitoring the SSD Wear Percentage Using a MIB Browser
Context

The Mediatrix UMN Mib browser can be used for this procedure.

Steps
  1. Open your Mib Browser.
  2. Poll .1.3.6.1.4.1.4935.1000.100.200.100.2000.1.10000.100.250

    Note

    This is an SNMP (readonly) Mib.

Result
This parameter will provide the Wear Percentage of the SSD. It is taken from the SMART data obtained directly from the drive. When it reaches 100%, it means the technical lifespan of the SSD has been reached. The drive may not fail immediately, but this indicates that the SSD must be replaced to ensure continuous operation.
Top

2.10.3 Virtual Machine Installation

Top
2.10.3.1 Adding a Virtual Machine
Before You Start
The VirtualSwitch parameter must be configured to enable the link you wish to use to contact the virtual machine. Refer to Configuring a Link as a Virtual Switch .

You must have a virtual machine licence and the VM service must be started.

Caution

It is a best practice to create the Virtual Machine in a test environment. If not enough memory is allocated and swap is disabled, the Virtual Machine will stop, and the installation will need to be restarted from the beginning.

Steps
  1. Go to System /VM .
  2. In the Virtual Machine Creation table, complete the Vm Name field.

    Note

    Vm names must be unique.

  3. In the Ram(Mb) field, enter the amount of RAM required to run the virtual machine.

    Caution

    To reduce the wear-and-tear of the Solid State Drive, make sure to allocate the maximum amount of RAM possible to the virtual machine.

    Note

    For instance, 87.5% of the actual available RAM, or 1.5 Gb for units with 2 Gb of RAM, 3.5 Gb with 4 Gb of RAM and for 7 Gb with 8 Gb of RAM.

  4. Complete the Storage(Gb) field.

    Note

    10 Gb is the maximum value one can allocate in a typical Sentinel equipped with a 16 Gb Solid State Drive.

  5. From the Image Format selection list, choose the format of the image.

    Note

    • Use QCOW2 for space efficiency and flexibility.
    • Use RAW for improved performance

  6. From the Nb Cores selection list, select the number of cores the virtual machine will be using.

    Important

    It is not possible to modify the settings (RAM, name, etc.) once the virtual machine has been created. The only way to change the settings, is to delete the virtual machine and to create it once again.

  7. Click .

    Note

    A maximum of 2 virtual machines can be added.

Result
The virtual machine will be displayed in both the Virtual Machine Configuration and the Virtual Machine Status tables.
Top
2.10.3.2 Configuring the VM Network Adapter (VirtIO)
Before You Start
Configuring the Network Adapter is optional. By default, it is set to E 1000 (Intel 82545EM emulated network interface card). However, for enhanced network performance, the network adapter can be set to VirtIO, provided it is supported by the guest OS as paravirtualised drivers are required.
Steps
  1. Go to System /VM .
  2. From the Network Adapter drop down list, select VirtIO .

    Note

    Please refer to the OS documentation for specific information regarding VirtIO.

  3. Click Apply .
Result

The virtual machine Network Adapter will be set to VirtIO .

Top
2.10.3.3 Installing the OS on the Virtual Machine Using an ISO image
Before You Start
The Importing an ISO image to the Unit File Management System procedure must be completed. When downloading an OS that provides architecture choices you need to choose either AMD64 (64 bit OS) or i386/i686 (32 bit OS). Basically you need to choose the architecture for an INTEL processor
Steps
  1. Go to System /VM .
  2. In the Virtual Machine Configuration , in the Iso Name field, indicate the name of the ISO file containing the OS.
  3. In the Vnc Id field, indicate the unique id used with the VNC Client to connect to the virtual machine console.
  4. From the Usb field, select None .
  5. Click .
  6. Open the VNC Client located on a computer of the network connected to the unit.

    Note

    UltraVNC Viewer, TightVNC Viewer and VNC Viewer are presently supported.

  7. Enter the IPAddressOftheUnit:VNCid.

    Note

    For example 192.168.0.12:1

  8. Follow the on-screen instructions.

    Caution

    To reduce the wear-and-tear of the Solid State Drive,

    • On Linux OS, disable memory swapping or at least set swappiness to 0.
    • On Windows OS, disable the virtual memory.

    Note

    If the Solid State Drive fails because it is inadequately used by a third party software or the operating system, the warranty of the Mediatrix unit will no longer be valid.

    Note

    The installation can take more than an hour depending on the image you are installing.

Result
The virtual machine will be started only if it is started manually.
Top
2.10.3.4 Installing the Virtual Machine OS using a USB External Device
Before You Start
Make sure your USB external device contains the Operating System installation media, is bootable, and is connected. When downloading an OS that provides architecture choices you need to choose either AMD64 (64 bit OS) or i386/i686 (32 bit OS). Basically you need to choose the architecture for an INTEL processor.
Steps
  1. Go to System /VM .
  2. In the Virtual Machine Configuration table, in the Vnc Id field, indicate the unique id of the virtual machine.
  3. From the Usb field, select All .
  4. Click .
  5. Open the VNC Client located on a computer of the network connected to the unit.

    Note

    UltraVNC Viewer, TightVNC Viewer and VNC Viewer are presently supported.

  6. Enter the IPAddressOftheUnit:VNCid

    Note

    For example 192.168.0.12:1

  7. From the VNC client, wait for the following message to display "Press F12 for boot menu". If too late, restart the VM by clicking the button.
  8. Press F12, then select the USB device.
  9. Follow the on-screen instructions.

    Caution

    To reduce the wear-and-tear of the Solid State Drive:

    • On Linux OS, disable memory swapping or at least set swappiness to 0.
    • On Windows OS, disable the virtual memory.

    Note

    If the Solid State Drive fails because it is inadequately used by a third party software or the operating system, the warranty of the Mediatrix unit will no longer be valid.

    Note

    The installation can take more than an hour depending on the image you are installing.

Result

The virtual machine will be started only if it is started manually

Top
2.10.3.5 Disabling Swap on Linux
Context
Disabling swapping in the Operating System will optimise the virtual machine in such a way to reduce the wear-and-tear of the Solid State Drive.
Steps
  1. Open the VNC Client located on a computer of the network connected to the unit.

    Note

    UltraVNC Viewer, TightVNC Viewer and VNC Viewer are presently supported.

  2. Open .../etc/sysctl.conf file
  3. Add vm.swappiness = 0 to the file.
  4. Open ... /etc/fstab.
  5. Add noatime to the following lines
    1. § UUID=32b414c0-This-is-an-example / ext4 defaults, noatime 1 1
    2. § UUID=b4598e44-This-is-an-example /boot ext4 defaults, noatime 1 2
  6. Comment out
    1. § # UUID=72355f7a-497d-This-is-an-example swap swap defaults 0 0
  7. Use the Shutdown command and then restart the Virtual Machine.

    Important

    Do no use the Linux “reboot” command as the filesystem may not get mounted properly.

Top

2.10.4 Virtual Machine Modification

Top
2.10.4.1 Modifying the Virtual Machine Configuration
Steps
  1. Go to System /VM .
  2. In the Virtual Machine Configuration table, modify the fields as required.
  3. Click Apply .
Result
The next time the virtual machine will be used, the new parameter values will be applied.
Top

3 Network

Top

3.1 Host

Top

3.1.1 Basic Network Host Concepts

Top
3.1.1.1 DNS Servers

The DNS server list is the ordered list of DNS servers that the device uses to resolve network names.

Up to four servers can be used. The DNS servers can be specified statically or obtained automatically (for example through DHCPor PPP). DNS query results are cached on the system to optimise name resolution time. For more details, refer to DGW Configuration Guide - DNS Behavior with Mediatrix Gateways published on the Media5 documentation portal at https://documentation.media5corp.com/ .

Top
3.1.1.2 Simple Network Time Protocol (SNTP)

The Simple Network Time Protocol (SNTP) is used to update and synchronise the clock of the Mediatrix unit (day, month, time) when it is restarted.

Mediatrix units do not all include a real time clock allowing them to maintain accurate time when they are shutdown. Your system needs to have access to accurate time, for example if you are using HTTPS or for the caller ID feature. The Mediatrix unit implements a SNTP client, which can synchronise the local clock with remote NTP/SNTP servers. The configuration can be automatic (through DHCP for example), with fallback, or static, with up to four servers.

Top
3.1.1.3 Time Format

The time format (also known as 'TZ' format) is based on the format described by the IEEE 1003.1 standard (i.e. POSIX specification).

The format used is:

STDOFFSET[DST[OFFSET],[START[/TIME],END[/TIME]]]
where:
  • STD / DST : Three or more characters for the standard (STD) or alternative daylight saving time (DST) time zone. Only STD is mandatory. If DST is not supplied, the daylight saving time does not apply. Lower and upper case letters are allowed. All characters are allowed except:
    • digits
    • leading colon (:)
    • comma (,)
    • minus (-)
    • plus (+), and
    • ASCII NUL.
  • OFFSET : Difference between the GMT time and the local time. The offset has the format h[h][:m[m][:s[s]]]. If no offset is supplied for DST, the alternative time is assumed to be one hour ahead of standard time. One or more digits can be used; the value is always interpreted as a decimal number.
    • The hour value must be between 0 and 24.
    • The minute and second values, if present, must be between 0 and 59.

    Important

    If preceded by a minus sign (-), the time zone is east of the prime meridian, otherwise it is west, which can be indicated by the preceding plus sign (+). For example, New York time is GMT 5.

  • START / END Indicates when to change to and return from the daylight saving time. The START argument is the date when the change from the standard to the daylight save time occurs; END is the date for changing back. If START and END are not specified, the default is the US Daylight saving time start and end dates. The format for start and end must be one of the following:
    • n where n is the number of days since the start of the year from 0 to 365. It must contain the leap year day if the current year is a leap year. With this format, you are responsible to determine all the leap year details.
    • Jn where n is the Julian day number of the year from 1 to 365. Leap days are not counted. That is, in all years – including leap years – February 28 is day 59 and March 1 is day 60. It is impossible to refer to the occasional February 29 explicitly. The TIME parameter has the same format as OFFSET but there can be no leading minus (-) or plus (+) sign. If TIME is not specified, the default is 02:00:00.
    • Mx[x].y.z where x is the month, y is a week count (in which the z day exists) and z is the day of the week starting at 0 (Sunday). For instance: M10.4.0 is the fourth Sunday of October. It does not matter if the Sunday is in the 4th or 5th week. M10.5.0 is the last Sunday of October (5 indicates the last z day). It does not matter if the Sunday is in the 4th or 5th week. M10.1.6 is the first week with a Saturday (thus the first Saturday). It does not matter if the Saturday is in the first or second week. The TIME parameter has the same format as OFFSET but there can be no leading minus (-) or plus (+) sign. If TIME is not specified, the default is 02:00:00.

More information on time zones are available at:

Top
3.1.1.4 Time Format Examples
Time Zone String
Pacific Time (Canada & US) PST8PDT7,M3.2.0/02:00:00,M11.1.0/02:00:00
Mountain Time (Canada & US) MST7MDT6,M3.2.0/02:00:00,M11.1.0/02:00:00
Central Time (Canada & US) CST6CDT5,M3.2.0/02:00:00,M11.1.0/02:00:00
Eastern Time Canada & US) EST5EDT4,M3.2.0/02:00:00,M11.1.0/02:00:00
Atlantic Time (Canada) AST4ADT3,M3.2.0/02:00:00,M11.1.0/02:00:00
GMT Standard Time GMT0DMT-1,M3.5.0/01:00:00,M10.5.0/02:00:00
W. Europe Standard Time WEST-1DWEST-2,M3.5.0/02:00:00,M10.5.0/03:00:00
China Standard Time CST-8
Tokyo Standard Time TST-9
Central Australia Standard Time CAUST-9:30DCAUST-10:30,M10.5.0/02:00:00,M3.5.0/02:00:00
Australia Eastern Standard Time AUSEST-10AUSDST-11,M10.5.0/02:00:00,M3.5.0/02:00:00
UTC (Coordinated Universal Time) UTC0
Top

3.1.2 Basic Network Host Tasks

Top
3.1.2.1 Choosing the Network Providing the IPv4 Automatic configuration
Steps
  1. Go to Network /Host .
  2. In the Automatic Configuration Interface table, from the Automatic IPv4 config source network selection list, choose a network.
  3. Click Apply .
Top
3.1.2.2 Choosing the Network Providing the IPv6 Automatic configuration
Steps
  1. Go to Network /Host .
  2. In the Automatic Configuration Interface table, from the Automatic IPv6 config source network selection list, choose a network.
  3. Click Apply .
Top
3.1.2.3 Configuring the Host Name and Domain Name of the Mediatrix Unit
Steps
  1. Go to Network /Host .
  2. In the Host Name Configuration table, from the Configuration Source selection list, choose the source.

    Note

    When switching from the Static to Automatic IPv4 or Automatic IPv6 configuration source, the last value correctly obtained from the network (if any) is applied to the system.

  3. If you are using a Static configuration source, in the Domain Name field, enter the domain name of your unit.

    Note

    The domain name is the network domain to which the unit belongs. For instance: example.com.

  4. In the Host Name field, enter the host name of your unit.

    Note

    The host name is the unique name by which the unit is known on a network.

  5. Click Apply .
Result
Top
3.1.2.4 Configuring the Default Network Gateway to a Static IP Address
Steps
  1. Go to Network /Host .
  2. In the Default Gateway Configuration table, from the IPv4 /Configuration Source selection list, select Static .
  3. In the IPv4 /Default Gateway field, enter the IP address used as the Static Default Router for the Uplink Network Interface.
  4. In the Default Gateway Configuration table, from the IPv6 /Configuration Source selection list, select Static .
  5. In the IPv6 /Default Gateway field, enter the IP address used as the Static Default Router for the Uplink Network Interface.
  6. Click Apply .
Result
The specified address is used as the current default router address.
Top
3.1.2.5 Configuring the Default Network Gateway to an Automatic IP Address
Steps
  1. Go to Network /Host .
  2. In the Default Gateway Configuration table, from the IPv4 /Configuration Source selection list, select Automatic IPv4 .
  3. In the Default Gateway Configuration table, from the IPv6 /Configuration Source selection list, select Automatic IPv6 .

    Note

    When switching from the Static to Automatic configuration source, the last value correctly obtained from the network (if any) is applied to the system.

  4. Click Apply .
Result
Top
3.1.2.6 Configuring DNS Servers - Automatically
Steps
  1. Go to Network /Host .
  2. In the DNS Configuration table, from the Configuration Source selection list, choose Automatic IPv4 or Automatic IPv6 .
  3. Click Apply .
Result
Top
3.1.2.7 Configuring DNS Servers - Manually
Steps
  1. Go to Network /Host .
  2. In the DNS Configuration table, from the Configuration Source selection list, choose Static .
  3. For each DNS server, enter the IP address.

    Note

    The best practice is to use the servers supplied by your Internet Service Provider (usually the primary and secondary DNS), then complement with publicly accessible DNS servers from a different network.

    For example, when using IPv4: Google (8.8.8.8 and 8.8.4.4), CloudFlare (1.1.1.1 and 1.0.0.1), OpenDNS (208.67.222.222 and 208.67.220.220), Level3 (209.244.0.3 and 208.244.0.4), etc.

    Or when Using IPv6: Google (2001:4860:4860::8888 and 2001:4860:4860::8844), CloudFlare (2606:4700:4700::1111 and 2606:4700:4700::1001), etc.

  4. Click Apply .
Result
Top
3.1.2.8 Configuring the SNTP Server to a Static IP Address
Before You Start
Make sure there is an SNTP server available.
Steps
  1. Go to Network /Host .
  2. In the SNTP Configuration table, from the Configuration Source selection list, select Static .
  3. Provide an IP address or domain name and port numbers for each SNTP server you are using.

    Note

    The best practice is to use the servers supplied by your Internet Service Provider, then complement with servers from a different network close to your geographical area.

    For example: time.nist.gov (USA), ntp4.sptime.se (Sweden), time1.isu.net.sa (Saudi Arabia), ntp.nict.jp (Japan), time.google.com (Worldwide), pool.ntp.org or one of their regional server pools (see https://www.ntppool.org/ for more information).

  4. If necessary, change the value of the Synchronisation Period .
  5. If necessary, change the value of the Synchronisation Period on Error .
  6. Click Apply .
Result
The SNTP host name and port will be displayed in the Host Status table under Network /Status .
Top
3.1.2.9 Configuring the SNTP Server to an Automatic IP Address
Before You Start
Make sure there is an SNTP server available.
Steps
  1. Go to Network /Host .
  2. In the SNTP Configuration table, from the Configuration Source selection list, select Automatic IPv4 or Automatic IPv6 .

    Note

    Some Uplink connection types (for example Static and PPPoE) cannot obtain SNTP information from the network, and therefore lead to no SNTP parameters being applied to the system.

  3. If necessary, change the value of the Synchronisation Period .
  4. If necessary, change the value of the Synchronisation Period on Error .
  5. Click Apply .
Result
Top
3.1.2.10 Configuring the SNTP Server to an Automatic IP Address with Fallback
Before You Start
Make sure there is an SNTP server available.
Steps
  1. Go to Network /Host .
  2. In the SNTP Configuration table, from the Configuration Source selection list, select Automatic IPv4 or Automatic IPv6 .

    Note

    Some Uplink connection types (for example Static and PPPoE) cannot obtain SNTP information from the network, and therefore lead to no SNTP parameters being applied to the system.

  3. Provide an IP address or domain name and port numbers for each SNTP server you are using.

    Note

    The best practice is to use the servers supplied by your Internet Service Provider, then complement with servers from a different network close to your geographical area.

    For example: time.nist.gov (USA), ntp4.sptime.se (Sweden), time1.isu.net.sa (Saudi Arabia), ntp.nict.jp (Japan), time.google.com (Worldwide), pool.ntp.org or one of their regional server pools (see https://www.ntppool.org/ for more information).

  4. If necessary, change the value of the Synchronisation Period .
  5. If necessary, change the value of the Synchronisation Period on Error .
  6. Click Apply .
Result
.
Top
3.1.2.11 Selecting the Unit's Time Zone
Context
Time Servers should be configured under Network/Host/SNTP Configuration. For more details refer to the DGW Configuration Guide - VLan Configuration published on the Media5 documentation portal at https://documentation.media5corp.com/
Steps
  1. Go to Network /Host .
  2. In the Time Configuration table, in the Static Time Zone field, specify the time zone in which the Mediatrix unit is located.

    Note

    If preceded by a minus sign (-), the time zone is east of the prime meridian, otherwise it is west, which can be indicated by the preceding plus sign (+). For example, New York time is GMT 5.

  3. Click Apply .
Result

Any DGW parameter referring to a time value will use the local time described by this time zone reference. The Hoc.SystemTime will return the unit local time in accordance with the configured time zone.

Top

3.1.3 Advanced Network Host Parameters

Although the services can be configured in great part in the Web browser, some aspects of the configuration can only be completed with the configuration parameters by either:
  • using a MIB browser
  • using the CLI
  • creating a configuration script containing the configuration parameters
For more details on the following parameters, refer to the DGW Configuration Guide - Reference Guide published on the Media5 documentation portal at https://documentation.media5corp.com/ .
Configuring Dns Cache Randomisation:
  • Hoc.DnsCacheRandomization
Configuring Pre-resolved Static FQDNs
Up to 10 pre-resolved FQDNs can be configured. The StaticHosts table allows configuring FQDNs with static IP addresses. When a device attempts to reach a FQDN configured in this table, the static IP addresses will be used instead of resolving the FQDN.
  • Hoc.InsertStaticHost : To insert a new static host
  • Hoc.StaticHosts.Delete : To delete a static host:
Updating the system name or system location
The name and location of the Mediatrix unit can be specified. This information is for display purposes only and does not affect the behavior of the unit.
  • Hoc.SystemName: To set the system name
  • Hoc.SystemLocation: Set the system location
Top

3.2 Interfaces

Top

3.2.1 Basic Interface Concepts

Top
3.2.1.1 IP Address Reservation

Before connecting the Mediatrix unit to the network, Media5 strongly recommends to reserve an IP address in your network server – if using one – for the unit you are about to connect.

This way, the IP address associated with a particular unit will be known. Network servers generally allocate a range of IP addresses for use on a network and reserve IP addresses for specific devices using a unique identifier for each device. The Mediatrix unit unique identifier is the media access control (MAC) address. Refer to Locating the MAC Address of Your Mediatrix Unit .

Top
3.2.1.1.1 Locating the MAC Address of Your Mediatrix Unit
Context
The MAC address of the unit is:

  • printed on a label located under the Mediatrix unit
  • displayed in the Current Status table of the Web Interface (System /Information )

Top
3.2.1.2 Important Information About Network Interfaces
Naming
  • The name of the network interface is case sensitive.
  • Using the special values All, Loop, LoopV6, and Rescue are not allowed to name a network interface
  • A valid network interface name:
    • must start with a letter
    • cannot contain characters other than letters, numbers, and underscores
Configuration
  • It is not possible to have different IP addresses from the same subnet on one interface.
  • It is possible to create up to 48 network interfaces.
  • LLDP cannot be activated on multiple network interfaces simultaneously.
  • If no network is configured in IPv6, the unit does not have any IPv6 address, not even the Link-Local address. When a network is configured in IPv6, the Link-Local (FE80 ::...) address is automatically created and displayed in the Network Status information.
  • In case of address conflicts between two or more network interfaces, the network interface with the highest priority will remain enabled and the other interfaces will be disabled. If the priority is the same, only the first enabled network interface will be able to use the IP address. When a conflict ends, all network interfaces concerned automatically return to an operational state.
  • Media5 recommends to reserve an IP address with an infinite lease for each Mediatrix unit on the network.
  • The Rescue Network Interface cannot be deleted.

Important

Use extreme care when configuring network interfaces, especially when configuring the network interface used to contact the unit for management. Be careful never to disable or delete the network interface used to contact the unit. Also be careful to always set the unit’s management interface to be an interface that you can contact.

Top
3.2.1.3 Default Network Interfaces

There are four Network Interfaces created by default on the Mediatrix unit: Uplink, Lan 1, UplinkV6, and Rescue.

  • The Uplink network interface defines the uplink information required by the Mediatrix unit to properly connect to the WAN. (By default eth1 for all platforms, except for the 4102 which is WAN . By default, this interface uses the IpDhcp (IPv4 DHCP) connection type. If you are using only one Network Interface, you must use Uplink .
  • The Lan1 network interface defines the information required by the Mediatrix unit to properly connect to the LAN.(By default eth2-5 for all platforms, except for the 4102 which is LAN) By default, the Lan1 Network Interface uses the IpStatic (IPv4 Static) connection type. The Lan1 network interface can only be added on units with 2 network ports.
  • The Rescue network interface, is used to display the Rescue Management Interface when a partial reset of the unit is performed. By default, the Rescue network interface
    • is disabled and automatically enabled when a partial reset is performed.
    • uses the IpStatic (IPv4 Static) or the Ip6Static (IPv6 Static) addresses.
    The Rescue Network Interface cannot be deleted. Refer to the Technical Bulletin - Performing a Partial Reset document published on the Media5 documentation portal https://documentation.media5corp.com/
  • The network interface defines the IPv6 uplink information required by the Mediatrix unit to properly connect to the WAN. By default, this interface uses the IP6autoConf (IPv6 Auto-Conf) configuration mode.
It is possible to create up to 48 Network Interfaces.

Top
3.2.1.3.1 Link Default Values for the Uplink Network Interface
Unit Type Link Default Value
Sentinel 400 eth1
Sentinel 100 eth1
Mediatrix G7 eth1
Mediatrix S7 eth1
Mediatrix C7 series eth1
Mediatrix 4104 eth1/eth
Mediatrix 4108/16/24 eth1
Mediatrix 4102 Wan
Mediatrix 4400 series eth1
Mediatrix LP series eth1
Mediatrix 4108 IPPBX eth1
Top
3.2.1.3.2 Link Default Values for the Lan1 Network Interface
Unit Type Link Default Value
Sentinel 400 eth2-5
Sentinel 100 eth2-5
Mediatrix G7 series eth2-5
Mediatrix S7 series eth2-5
Mediatrix C7 series eth2
Mediatrix 4104 eth2
Mediatrix 4108/16/24 eth2
Mediatrix 4102 lan
Mediatrix 4400 series eth2
Mediatrix LP series eth2
Mediatrix 4108 IPPBX eth2
Top
3.2.1.4 Link Layer Discovery Protocol (LLDP)

The Link Layer Discovery Protocol (LLDP) service is used by network devices for advertising their identity, capabilities, and neighbors on a IEEE 802 local area network, usually wired Ethernet.

LLDP cannot be activated on more than one network interface at a time.

Top
3.2.1.5 Link Connectivity Detection

Each Ethernet port of the Mediatrix unit is associated with an Ethernet link.

An Ethernet link has connectivity if at least one of its port status is not disconnected. The link connectivity is periodically polled (every 500 milliseconds). It takes two consecutive detections of the same link state before reporting a link connectivity transition. This avoids reporting many link connectivity transitions if the Ethernet cable is plugged and unplugged quickly.

Top
3.2.1.6 PPP Negotiation

When the Mediatrix unit restarts, it establishes the connection to the access concentrator in conformance with RFC 2516 section 5.1.

When establishing a PPP connection, the Mediatrix unit goes through three distinct phases:

  • Discovery phase : The Mediatrix unit broadcasts the value of the Service Name field. The access concentrator with a matching service name answers the Mediatrix unit.
    • If no access concentrator answers, this creates a PPPoE failure error.
    • If more than one access concentrators respond to the discovery, the Mediatrix unit tries to establish the PPP connection with the first one that supports the requested service name.
  • Authentication phase : If the access concentrator requests authentication, the Mediatrix unit sends the ID/secret pair configured in the User Name and Password fields. If the access concentrator rejects the authentication, this creates an “authentication failure” error.
  • Network-layer protocol phase : The Mediatrix unit negotiates an IP address. The requested IP address is the one from the last successful PPPoE connection. If the Mediatrix unit never connected by using PPPoE (or after a factory reset), it does not request any specific IP address.

Top
3.2.1.7 IPv6 Autoconfiguration Interfaces

When the Type drop-down menu is set to IPv6 Auto-Conf, the network interface is an IPv6 over Ethernet connection with IP parameters obtained by stateless auto-configuration or stateful (DHCPv6) configuration.

Autoconfiguration of IPv6 address is first initiated using state-less autoconfiguration. Stateful autoconfiguration is initiated only if one of the following conditions is met:

  • The router explicitly required stateful autoconfiguration by setting the “managed” or “other” flag of the router advertisement.
  • No router advertisement was received after 3 router solicitations. RFC 4861 defines the number of router solicitations to send and the 4 seconds interval between the sent router solicitations.

Top
3.2.1.8 Stateless Autoconfiguration

All IPv6 addresses present in the router advertisements are applied to the network interface

Each IPv6 address is assigned a network name based on the configured network name with a suffix in the following format: ConfiguredNetworkName-XX-Y. XX is the address scope

  • GU (Global Unique)
  • UL (Unique Local)
  • LL (Link-Local)
Y is a unique ID for the address scope.

Top
3.2.1.9 Spanning Tree Protocol vs Stateless Autoconfiguration

Many network switches use the Spanning Tree Protocol (STP) to manage Ethernet ports activity.

STP uses a detection timeout before a router advertisement is sent to the Mediatrix unit. The default value for this timeout is usually 30 seconds. However, when the unit wants to get an IPv6 address in Stateless autoconfiguration, this timeout is too long and the unit falls into Stateful Autoconfiguration mode before it receives the router advertisement. This results in the unit receiving a DHCPv6 address. To solve the issue, check if the default STP detection timeout value in your router can be modified. If so, set it to a value of 8 s or less. If you cannot modify the timeout value, Media5 recommends to disable the Spanning Tree Protocol on the network to which the unit is connected.

Top
3.2.1.10 Statefull Autoconfiguration

Stateful autoconfiguration is managed by DHCPv6. The DHCPv6 lease is negotiated according to the limitations listed in section 1.5 of RFC 3315.

DHCPv6 may be used to obtain the following information (depending on the router advertisement flags):

  • IPv6 addresses (when the router advertisement “managed” flag is set)
  • Other configuration (when the router advertisement “other” flag is set)
If only the “other” flag is set in the router advertisement, the DHCPv6 client only sends an information request to the DHCPv6 server, otherwise it sends a DHCPv6 solicit message. If the flags change over time, only the transitions from “not set” to “set“ are handled.

Top
3.2.1.11 Speed and Duplex Detection Issues

There are two protocols for detecting the Ethernet link speed: parallel detection and auto-negotiation (IEEE 802.3u).

The auto-negotiation protocol allows the detection of the connection speed and duplex mode. It exchanges capabilities and establishes the most efficient connection. When both endpoints support the auto-negotiation, there are no problems. However, when only one endpoint supports auto-negotiation, the parallel detection protocol is used. This protocol can only detect the connection speed; the duplex mode cannot be detected. In this case, the connection may not be established. The Mediatrix unit has the possibility to force the desired Ethernet link speed and duplex mode by disabling the auto-negotiation and selecting the proper setting. When forcing a link speed at one end, be sure that the other end (a hub, switch, etc.) has the same configuration. To avoid any problem, the link speed and duplex mode of the other endpoint must be exactly the same.

Top

3.2.2 Basic Interface Tasks

Top
3.2.2.1 Creating a Network Interface
Steps
  1. Go to Network /Interfaces .
  2. In the Network Interface Configuration table, click +.
  3. Enter a name in the Name field.

    Note

    The Network Interface name must be unique and is case sensitive.

  4. From the Link selection list, select Ip6Static (IPv6 Static) .
  5. In the Static IP Address field, enter the FQDN or IP address of
  6. Click Apply .
Result
The new Network Interface will be available in the:
  • Media Interface Configuration table under the SBC / Configuration tabs (provided you have the Sbc service)
  • Signaling Interface Configuration table under SBC / Configuration tabs (provided you have the Sbc service)
  • DHCP Server Configuration table under the Network / DHCP Server tabs
  • Signaling Network table under the SIP /Gateways tabs
  • Network Interface table under the SIP Proxy /Configuration tabs.
  • Network Interface table under the Management /Misc tabs.
  • Forward To Network table under the Network /IP Routing tabs.
Top
3.2.2.2 Configuring a Network Interface
Context
When configuring network interfaces, Media5 recommends to have a syslog client properly configured and enabled in order to receive any message related to the network interfaces behaviour. The interface used to access the syslog client must also be properly enabled.
Steps
  1. Go to Network /Interfaces .

    Important

    Use extreme care when configuring network interfaces, especially when configuring the network interface used to contact the unit for management. Be careful never to disable or delete the network interface used to contact the unit. Also be careful to always set the unit’s management interface to be an interface that you can contact.

  2. In the Network Interface Configuration table, complete the fields as required.
  3. From the Activation drop-down list, select Enable .
  4. Click Apply .
Top
3.2.2.3 Associating an Ethernet Link to a Network Interface
Steps
  1. Go to Network /Interfaces .
  2. In the Network Interface Configuration table, from the Link field , select the link to be associated with a Network Interface (the link will appear as ethx.VlanId).

    Note

    Once the changes are applied, the connection with the unit might be lost. You may need to reconnect to the Web page.

  3. Complete the fields as required.
  4. Click Apply .
Result
The Network interface is associated with a physical interface i.e. an Ethernet Link.
Top
3.2.2.4 Configuring the PPPoE Connection Type
Before You Start
The User Name and Password fields are not accessible if you have the User or Observer access right.
Context
Perform this procedure only if you have selected PppIpcp (IPv4 PPPoE) as a connection type for your Network Interfaces.
Steps
  1. Go to Network /Interfaces .
  2. In the PPPoE Configuration table, complete the fields as required.
  3. Click Apply .
Result
The current PPPoE information is displayed in the Status page.
Top
3.2.2.5 Configuring the Link Layer Discovery Protocol (LLDP)
Before You Start
The Llpd service must be started.
Steps
  1. Go to Network /Interfaces .
  2. In the LLDP Configuration table, select the network interface name on which LLDP should be enabled.

    Note

    LLDP cannot be activated on multiple network interfaces simultaneously.

  3. Select the address type to populate the chassis ID device identifier.
  4. Select whether to enable the LLDP-MED protocol override of the VLAN ID.
  5. Click Apply if you do not need to set other parameters.
Result
The current LLDP information is displayed in the Status tab.
Top
3.2.2.6 Configuring a Link as a Virtual Switch
Steps
  1. Go to Network /Interfaces .
  2. In the Ethernet Link Configuration table, from the Virtual Switch selection list, select Enable located on the same row as the link you wish to enable for the virtual switch.
  3. Click Apply .
Result
Top
3.2.2.7 Configuring the Ethernet Link linked to a Network Interface
Steps
  1. Go to Network /Interfaces .
  2. In the Ethernet Link Configuration table, set the MTU field of a specific Ethernet link with required value.

    Note

    The MTU value applied for a PPPoE connection is the smallest of the value negotiated with the server and the value configured here.

    Note

    Each Network interface used by TCP/IP may have a different MTU value specified. All VLAN connections use the MTU size configured on their related Ethernet link.

  3. From the 802.1x Authentication select Enable for each Ethernet link requiring 802.1x Authentication.
  4. Enter the EAP username used to authenticate each Ethernet link interfaces during the IEEE 802.1x EAPTLS authentication process..
  5. From the EAP Certificate Validation field, choose the IEEE 802.1x level of validation used by the device to authenticate the IEEE 802.1x EAPTLS peer's certificate.
  6. Click Apply if you do not need to set other parameters.
Result
The current status of the network interfaces is displayed in the Status page.
Top
3.2.2.8 Selecting the IEEE 802.1x Version
Steps
  1. Go to Network /Interfaces .
  2. In the EAP 802.1x Configuration table, select the IEEE 802.1x version.
  3. Click Apply if you do not need to set other parameters.
Result
Top

3.2.3 Advanced Network Interface Parameters

Although the services can be configured in great part in the Web browser, some aspects of the configuration can only be completed with the configuration parameters by :
  • using a MIB browser
  • using the CLI
  • creating a configuration script containing the configuration parameters
For more details on the following parameters, refer to DGW Configuration Guide - Reference Guide published on the Media5 documentation portal at https://documentation.media5corp.com/
Network Interfaces Priority
Refer to eth.networkInterfacesPriority
DHCP Client Identifier Presentation
Refer to bni.dhcpClientIdentifierPresentation
Ethernet Connection Speed
Refer to eth.portsSpeed
Top

3.3 VLAN

Top

3.3.1 Basic VLAN Tasks

Top
3.3.1.1 Creating a VLAN
Steps
  1. Go to Network /VLAN .
  2. In the VLAN Configuration table, from the Link selection list, select the Ethernet link the vlan will use.
  3. Complete the VlanId and the Default User Priority fields as required.
  4. Click located at the end of the newly created Vlan.
  5. Click Apply .

    Note

    Do not forget to enable the VLan under Network /Interfaces

Top
Steps
  1. Go to Network /VLAN .
  2. From the Link selection list, select the Ethernet link the VLAN interface will use.
  3. In the VlanId field, set the VLAN ID used by the VLAN interface.
  4. In the VLAN configuration table, click +.
  5. Set the default user priority value.
  6. To create another VLAN, repeat steps 1 to 5 .
  7. Click Apply .
Result
The Vlan will be associated with a physical interface i.e. an Ethernet Link.
Top
3.3.1.3 Configuring the Default User Priority on an Existing VLAN
Steps
  1. Go to Network /VLAN .
  2. Under the Default User Priority column, set the User Priority to the respective VLAN.

    Note

    For specific services (Signaling, Voice, T.38) you can override the values above by setting specific service class values. Refer to Overriding the DiffServ and QoS Service Class Default Values .

  3. Click Apply .
Result
The value of the Default User Priority column will be applied to the existing VLAN.
Top
3.3.1.4 Configuring the Default User Priority on a New VLAN
Steps
  1. Go to Network /VLAN .
  2. Under the Link column, select the physical link to which you want to add a VLAN.
  3. Under the VlanId column, define the number of the VLAN you wish to create.
  4. Click + located on the right hand side of the screen.
  5. Under the Default User Priority column, set the User Priority for the respective VLAN.

    Note

    For specific services (Signaling, Voice, T.38) you can override the above values by setting specific service class values. Refer to Overriding the DiffServ and QoS Service Class Default Values .

  6. Click Apply .
Result
The value of the Default User Priority column will be applied to the newly created VLAN.
Top

3.4 QoS

Top

3.4.1 Basic QoS Concepts

Top
3.4.1.1 Quality of Service (QoS)

QoS (Quality of Service) features enable network managers to decide on packet priority queuing.

DGW supports:

  • Differentiated Services (DS) Field (for IPv4)
  • Traffic Class Field (for IPv6)
  • 802.1Q taggings

Top
3.4.1.2 Differentiated Services (DS) Field (for IPv4 only)

Differentiated Services (DiffServ, or DS) is a protocol for specifying and controlling network traffic by class so that certain types of traffic (for example voice traffic which requires a relatively uninterrupted flow of data) might get precedence over other kinds of traffic.

DiffServ replaces the first bits in the ToS byte with a differentiated services code point (DSCP). It uses the existing IPv4 Type of Service byte. In DGW the entire ToS byte is currently configurable, thus the ToS decimal value is used. Please refer to:

For example, for a DSCP value of 46, the ToS value of 184 should be used. For DSCP and ToS mappings, please refer to the following table:

TOS (Dec) TOS (Hex) TOS (Bin) TOS Precedence (Bin) TOS Precedence (Dec) TOS Precedence Name TOS Delay flag TOS Throughput flag TOS Reliability flag DSCP (Bin) DSCP (Hex) DSCP (Dec) DSCP/PHB Class
0 0x00 00000000 000 0 Routine 0 0 0 000000 0x00 0 none
4 0x04 00000100 000 0 Routine 0 0 1 000001 0x01 1 none
8 0x08 00001000 000 0 Routine 0 1 0 000010 0x02 2 none
12 0x0C 00001100 000 0 Routine 0 1 1 000011 0x03 3 none
16 0x10 00010000 000 0 Routine 1 0 0 000100 0x04 4 none
32 0x20 00100000 001 1 Priority 0 0 0 001000 0x08 8 cs1
40 0x28 00101000 001 1 Priority 0 1 0 001010 0x0A 10 af11
48 0x30 00110000 001 1 Priority 1 0 0 001100 0x0C 12 af12
56 0x38 00111000 001 1 Priority 1 1 0 001110 0x0E 14 af13
64 0x40 01000000 010 2 Immediate 0 0 0 010000 0x10 16 cs2
72 0x48 01001000 010 2 Immediate 0 1 0 010010 0x12 18 af21
80 0x50 01010000 010 2 Immediate 1 0 0 010100 0x14 20 af22
88 0x58 01011000 010 2 Immediate 1 1 0 010110 0x16 22 af23
96 0x60 01100000 011 3 Flash 0 0 0 011000 0x18 24 cs3
104 0x68 01101000 011 3 Flash 0 1 0 011010 0x1A 26 af31
112 0x70 01110000 011 3 Flash 1 0 0 011100 0x1C 28 af32
120 0x78 01111000 011 3 Flash 1 1 0 011110 0x1E 30 af33
128 0x80 10000000 100 4 FlashOverride 0 0 0 100000 0x20 32 cs4
136 0x88 10001000 100 4 FlashOverride 0 1 0 100010 0x22 34 af41
144 0x90 10010000 100 4 FlashOverride 1 0 0 100100 0x24 36 af42
152 0x98 10011000 100 4 FlashOverride 1 1 0 100110 0x26 38 af43
160 0xA0 10100000 101 5 Critical 0 0 0 101000 0x28 40 cs5
176 0xB0 10110000 101 5 Critical 1 0 0 101100 0x2C 44 voice-admit
184 0xB8 10111000 101 5 Critical 1 1 0 101110 0x2E 46 ef
192 0xC0 11000000 110 6 InterNetwork Control 0 0 0 110000 0x30 48 cs6
224 0xE0 11100000 111 7 Network Control 0 0 0 111000 0x38 56 cs7

Top
3.4.1.3 Network Traffic Control

It is possible to apply bandwidth limitations to the network interfaces.

The limitations are applied on the raw data of the physical link and not only on the payload of the packets. All headers, checksums and control bits (TCP, IP, CRC, etc.) are considered in the actual bandwidth. A bandwidth limitation is applied on a physical link and not on a virtual network interface. All high-level network interfaces (including VLANs) using the same physical link are affected by a configured limitation. This limitation is applied to outgoing traffic only (egress). Bandwidth limitation is an average of the amount of data sent per second. Thus, it is normal that the unit sends a small burst of data after a period of silence.

Top

3.4.2 Basic QoS Tasks

Top
3.4.2.1 Creating the Default Unit QoS
Before You Start
You must have a Network Interface created.
Steps
  1. Go to Network /QoS .
  2. In the Differentiated Services Field Configuration table, complete the fields as required, in order to define the default Differentiated Services value for all generated IPv4 packets and the default Traffic Class value for all generated IPv6 packets.

    Important

    For specific services (Signaling, Voice, T.38) above values can be overridden by setting the specific service class values. Refer to Overriding the DiffServ and QoS Service Class Default Values .

  3. Click Apply .
Result
The unit will apply the specified values as default values for all generated IPv4 and IPv6 packets respectively.
Top
3.4.2.2 Configuring the Default User Priority on Physical Links (802.1Q Tagging)
Context
The 802.1Q standard recommends the use of the 802.1Q VLAN tags for Ethernet frames traffic prioritisation. VLAN tags are 4-byte headers in which three bits are reserved for priority indication. The values of the priority bits shall be provisioned. The VLAN ID part of the 802.1Q tag is always set to 0.
Steps
  1. Go to Network /QoS .
  2. In the Ethernet 802.1Q Tagging Configuration table, select Enable for each interface on which you want to enable user priority tagging.
  3. Set the Default User Priority value each interface uses when tagging packets in the Default User Priority column.

    Note

    For specific services (Signaling, Voice, T.38) you can override the values above by setting specific service class values. Refer to Overriding the DiffServ and QoS Service Class Default Values .

  4. Click Apply .
Result
The selected Default User Priority values will be applied to the Physical Links (VLAN ID = 0) for which the 802.1Q tagging is set to Enable .
Top
3.4.2.3 Overriding the DiffServ and QoS Service Class Default Values
Steps
  1. Go to Network /QoS .
  2. In the Service Class Configuration table, for each service class, set for IPv4 packets the DiffServ value or the Traffic Class value for IPv6 packets, .
  3. Set a specific User Priority for each class under the User Priority column.
  4. Click Apply .
  5. Click restart required services , located at the top of the page.
Result
The values set for the DiffServ or the Traffic Class parameters will override any value already specified for the service class (Signaling, Voice, T.38).
Top
3.4.2.4 Configuring Network Traffic Control
Before You Start
The Network Traffic Control (NTC) service must be enabled. Refer to task_tbc_1ns_5bb .
Steps
  1. Go to Network /QoS .
  2. In the Network Traffic Control Configuration , set the Egress Limit field for the selected link interface.

    Important

    The range is from 64 to 1,000,000 kilobits per second. The value 0 means no bandwidth limitation and no prioritisation. This value must be set according to the upstream bandwidth limit of the network on this link. Set to 0 (disable) if the network bandwidth exceeds 1,000,000 kbps or the effective limit of this device. NTC service sends packets on the physical link according to their respective priorities. The lower the value, the higher the priority. Packets with lower priority are dropped first. The maximum value of the HiddenMaxEgressLimit is :

    • 1,000,000 kilobits on the Sentinel 400
    • 500,000 kilobits on the Sentinel 100, Mediatrix G7 series, and Mediatrix S7 series
    • 40,960 kilobits (5MB/s) on all other platforms

  3. Click Apply .
Result
The defined egress limit is applied on the respective ETH interface.
Top

3.4.3 Example

Top
3.4.3.1 Default Unit QoS and Service Class Configuration for IPv4

Any IPv4 packet sent from the unit has the value applied in the Default DiffServ (IPv4) field of the Differentiated Services Field Configuration table under Network /QoS tab. This default value is overridden on what concerns the specific service classes defined under the same area and in the Service Class Configuration table.

In the following example, the ToS decimal value for the default egress IPv4 traffic is 120 (which corresponds to DSCP=30 or AF, Assured Forwarding), while for the Signaling service class, the DiffServ value is equal to 184 (DSCP=46 or EF, Expedited Forwarding)
When the unit generates a DNS query (which does not belong to the Signaling service class) the default unit IPv4 DiffServ value is applied (ToS=120 or DSCP=30), as shown in the trace below:
When the unit generates a SIP packet (which belongs to the Signaling service class) the Signaling-specific DiffServ value is applied (ToS=184 or DSCP=46)as shown in the trace below:
Top

3.5 Local Firewall

Top

3.5.1 Basic Local Firewall Concepts

Top
3.5.1.1 Local Firewall

The local firewall allows you to create and configure rules to filter incoming packets that have the Mediatrix unit as destination.

The Local Firewall is therefore a security feature that allows you to protect your Mediatrix unit from receiving packets from unwanted or unauthorized peers. As a best practice, the way the Local Firewall should work is to, by default, drop all incoming packets (i.e. not forward the packet to its destination) and let incoming packets go through only if they match a rule requirements. However, incoming packets for an IP communication established by the Mediatrix unit are always accepted (Example : If the Mediatrix unit sends a DNS request, the answer will be accepted).

When configuring the Local Firewall, enabling the default policy to drop all incoming packets should be the last step you perform otherwise, you may lose contact with the Mediatrix unit, even if you are performing the initial configuration of your system. Therefore, start by creating the rules that allow the Mediatrix unit to accept some packets. This way communication will not be lost and you will not need to perform a partial or factory reset to reconnect with the Mediatrix unit.

You can use a maximum of 20 rules, but the more rules are enabled, the more overall performance is affected.

Top
3.5.1.2 Firewall Rule Order - Important

The order in which the incoming packets are tested against the rules is important if you want to make sure that they actually have a filtering effect on incoming packets.

Rules can be configured to accept or to decline packets. But, always put the most restrictive rules first as they are executed sequentially starting with the first one listed at the top of the table i.e. make sure that the order in which the rules are executed does not cause a rule to be systematically excluded.

For example:

  • If the first rule excludes all packets coming from a specific net mask, providing a second rule for an IP address with that same net mask will have no effect.
  • If the first rule indicates actions to be taken for a specific IP address with a given net mask, and the second rule indicates to exclude all IP addresses with that net mask, both rules will be applied and have a result on the incoming packets.

Top

3.5.2 Basic Local Firewall Tasks

Top
3.5.2.1 Configuring the Local Firewall
Before You Start
You must have a Network Interface created.
Steps
  1. Go to Network /Local Firewall .
  2. In the Local Firewall Rules table, complete the fields as required.
  3. In the Local Firewall Configuration table, from the Default Policy selection list, select Drop .

    Important

    Before setting the Default Policy to Drop , i.e. to apply the local firewall rules and to drop any incoming call that does not match a rule, review your rules to make sure that at least one rule accepts incoming packets for management, otherwise the communication with the Mediatrix Sentinel will be lost.

    Note

    For example, if the Web interface is used for management (HTTP port 80) via the unit's LAN interface (default IP address = 192.168.0.10), then the following rule could be added:Activation=Enable / Destination Address=192.168.0.10 / Destination port=80 / Protocol=TCP / Action=Accept

    Note

    For blacklisting to be used, at least one firewall rule must have the Black listing enable box checked.

    Note

    Before setting the Default Policy to Drop , review your rules to make sure that at least one rule accepts incoming packets, otherwise the communication with the Mediatrix Sentinel will be lost.

  4. Click Save .

    Caution

    Take the time to carefully review your rules before continuing to the next step.

  5. Click Save & Apply to apply all changes to the configuration.
  6. Click restart required services , located at the top of the page.
Result
The Local Firewall will drop packets without any notification message.

If a rule with the Black listing enable box checked matches a packet and no Rate Limit Value was set, then the source address of the packet will be black listed and all packets coming from this address will be blocked for the duration of the Blacklist Timeout .

If a rule with the Black listing enable box checked matches a packet and the Rate Limit Value has been reached, then the source address of the packet will be black listed and all packets coming from this address will be blocked for the duration set for the Blacklist Rate Limit Timeout .

Top
3.5.2.2 Disabling the Local Firewall
Before You Start
You must have a Network Interface created.
Steps
  1. Go to Network /Local Firewall .
  2. In the Local Firewall Configuration table, set the Default Policy to Accept .
  3. In the Local Firewall Rules table, from the Activation column, select Disable for all the rules.
  4. Click Save .

    Caution

    Take the time to carefully review your rules before continuing to the next step.

  5. Click Save & Apply to apply all changes to the configuration.
  6. Click restart required services , located at the top of the page.
Result
All incoming packets will be accepted.
Top
3.5.2.3 Setting the No Match Local Firewall Default Policy
Steps
  1. Go to Network /Local Firewall .

    Note

    Before setting the Default Policy to Drop , i.e. to apply the local firewall rules and to drop any incoming call that does not match a rule, review your rules to make sure that at least one rule accepts incoming packets, otherwise the communication with the Mediatrix Sentinel will be lost.

  2. In the Local Firewall Configuration table, set the Default Policy to Drop .
Result
The local firewall rules will be applied and if an incoming call does not match a call it will be dropped.
Top
3.5.2.4 Configuring Black Listing Duration
Steps
  1. Go to Network /Local Firewall .
  2. In the Local Firewall Configuration table, set the Blacklist Timeout
  3. Set the Blacklist Rate Limit Timeout .
  4. Click Save .

    Caution

    Take the time to carefully review your rules before continuing to the next step.

  5. Click Save & Apply to apply all changes to the configuration.
  6. Click restart required services , located at the top of the page.
Result
Blacklisting parameters will be updated. Remember that for blacklisting to be used, at least one rule must have blacklisting enabled.

If a rule with the Black listing enable box checked matches a packet and no Rate Limit Value was set, then the source address of the packet will be black listed and all packets coming from this address will be blocked for the duration of the Blacklist Timeout .

If a rule with the Black listing enable box checked matches a packet and the Rate Limit Value has been reached, then the source address of the packet will be black listed and all packets coming from this address will be blocked for the duration set for the Blacklist Rate Limit Timeout .

Top

3.5.3 Local Firewall Examples

Top
3.5.3.1 Generic Whitelist

All incoming calls are dropped unless they match one of the firewall rules which are acting on the incoming packets going towards the Mediatrix gateway.

Result:
Rule #
1 Any incoming packet from the LAN subnet having the unit's LAN host IP address as a destination is allowed.
2 Any incoming packet from the Uplink subnet is allowed (assuming this is a private network).
3 Any HTTP incoming packet from the selected IP address having the unit's Uplink IP address as a destination through TCP port 80 is allowed.
4 Any HTTPS incoming packets from the selected IP address having the unit's Uplink IP address as a destination through TCP port 443 is allowed, but rate limited to 10 new connection attempts per 60 sec.
5 Any SSH incoming packets from the selected subnet having the unit's Uplink IP address as a destination through TCP port 22 is allowed.
6 Any SIP incoming packets from the selected subnet having the unit's Uplink IP address as a destination through UDP port 5060 is allowed.
7 Any RTP and T.38 incoming packet from the selected subnet having the unit's Uplink IP address as a destination through UDP port range 5004-6020 is allowed.
Default All other incoming packets are rejected.
Top
3.5.3.2 Whitelist for Internet Hacker Protection

Simple Local Firewall rules to protect the unit from Internet hackers. All incoming calls are dropped unless they match one of the local firewall rules which are acting on the incoming traffic towards the Mediatrix gateway.

Result:
Rule # Description
1 Any incoming packet from the LAN subnet is allowed.
2 Any incoming packet from the Uplink subnet is allowed (assuming this is a private network).
3 Any incoming packet from selected IP address is allowed (e.g. this is the management server).
4 Any incoming packet from the selected subnet is allowed (e.g. this is the Core SIP server, SBC and its media gateways).
Default Any incoming packet not meeting the criteria of these rules is dropped.
Top
3.5.3.3 Generic Blacklist

The default policy is set to "Accept" but the firewall rules are Blacklists acting on incoming traffic towards the Mediatrix gateway:

Subnet example: 192.168.1.0/24
Result:
Rule # Description
1 Any incoming packet going to the Uplink interface through TCP port 22 (SSH) is dropped.
2 Any incoming packet coming from the specified subnet is dropped.
3 Any HTTP incoming packet coming from the specified IP address to the Uplink interface through TCP port 80 is dropped.
4 Any incoming packet from the specified subnet to the Lan1 interface is rejected, and an ICMP message is returned.
5 Any SIP incoming packets from the specified IP address to the Lan1 interface through UDP port 5060 is rate limited to 10 new connection attempts per 60 sec.
Default All other incoming packets are accepted.
Top

3.6 IP Routing

Top

3.6.1 Basic IP Routing Concepts

Top
3.6.1.1 Important Information About IP Routing
  • The Mediatrix unit’s IP Routing settings do not support IPv6.
  • A packet matching a route uses the custom routing table first and then the main routing table if no route in the custom routing table was able to send the packet to the desired destination IP address.
  • When creating an advanced IP routing Rule, leaving the Source Address or/and Source Link fields empty, indicate that any source of address or/and link will match the rule
  • IP Routing works together with the following services:
    • Network Firewall
    • NAT
    • DHCP server
    • Network Traffic Control
  • When the IP Routing service is started and the IPv4 Forwarding is enabled, IP routing is activated even if there is no configured rule (the Mediatrix unit will forward received packets). If the IP Routing service is stopped, IP forwarding is disabled, this tab is greyed out and the parameters are not displayed.
  • Enabling the IP routing service and adding rules has an impact on the Mediatrix unit’s overall performance as IP routing requires additional processing. The more rules are enabled, the more overall performance is affected.

    Note

    Media5 recommends to use a 30 ms packetization time when IP routing is enabled (instead of a 20 ms ptime, for instance) in order to simultaneously use all the channels available on the unit.

Top
3.6.1.2 IP Routing Rule Order - Important
The IP routing rules sequence is very important because only one forwarding rule is applied on a packet. Rules priority is determined by their position in the Advanced IP Routes table. If you want the unit to try to match one rule before another one, you must put that rule first. Make sure to put the must restrictive rules before the less restrictive ones.
Top
3.6.1.3 Static IPv4 vs Advanced IP Routing

Network IP routing defines the routes for outgoing network traffic, where each route is associated with a network interface. The selection of which route a network packet should follow is generally based on the destination IP address criteria.

The Static IPv4 Routes are used to specify additional routes from the default ones automatically created by the configuration of the various network interfaces (see the BNI service).

The Advanced IP Routes are used only when IPv4 Forwarding is enabled, and allow to select a route, not just from the destination IP address, but also from the source IP address and interface criteria.

Top

3.6.2 Basic IP Routing Tasks

Top
3.6.2.1 Enabling IPv4 Forwarding
Steps
  1. Go to Network /IP Routing .
  2. In the IP Routing configuration table, select Enable .
  3. Click Save .
Result
If IP Forwarding is disabled, the Advanced IP Routes table is greyed out.
Top
3.6.2.2 Creating an IP Routing Rule
Steps
  1. Go to Network /IP Routing .
  2. In the Advanced IP Routes table, click .
  3. Complete the fields as required.

    Note

    Leaving the Source Address or/and Source Link fields empty, indicate that any source of address or/and link will match the rule

    Note

    Do not forget to Enable the route.

    Note

    The yellow Yes displayed at the top of the window indicates that the configuration has been modified but not applied (i.e., the Advanced IP Routes section of the Status page differs from the IP Routing page).

  4. Click Save & Apply
Result
The enabled rules are displayed under Network / Status , in the Advanced IP Routes section, The yellow Config Modified Yes flag is cleared.
Top
3.6.2.3 Creating a Static IPv4 Route
Steps
  1. Go to Network /IP Routing .
  2. In the Static IP Routes table, click .
  3. Complete the fields as required.

    Note

    When the Link field is left empty, the link is automatically selected according to the gateway IP address and the information already present in the routing table.

  4. Click Save & Apply
Result
The current routes available are displayed in the Network /Status under the IP4 Routes IPv4 Routes table.
Top

3.6.3 Advanced IP Routing Parameters

Although the services can be configured in great part in the Web browser, some aspects of the configuration can only be completed with the configuration parameters by :
  • using a MIB browser
  • using the CLI
  • creating a configuration script containing the configuration parameters
For more details on advanced parameters, refer to the DGW Configuration Guide - Reference Guide published on the Media5 documentation portal at https://documentation.media5corp.com/
  • To define whether or not the Classless Static Route Option is enabled: Bni.DhcpClientClasslessStaticRouteOption
  • To define a list of user classes: Bni.DhcpClientUserClass
Top

3.6.4 IP Routing Configuration Examples

Top

3.7 Network Firewall

Top

3.7.1 Basic Network Firewall Concepts

Top
3.7.1.1 Network Firewall

The Network firewall allows you to dynamically create and configure rules to filter incoming packets forwarded by the Mediatrix unit among its network interfaces, when the unit is used as a router. Its main functionality is to secure the traffic routed from and to the devices inside the local network.

Since this is a network firewall, rules only apply to incoming packets forwarded by the unit. The traffic is analyzed and filtered by all the rules configured. If no rule matches the incoming packet, the default policy is applied. A rule's priority is determined by its index in the table. Rules using Network Names are automatically updated as the associated IP addresses and network mask are modified. If the Network Firewall service is stopped, all forwarded traffic is accepted, this tab is greyed out and the parameters are not displayed.

Of course, the more rules are enabled, the more overall performance is affected. You can use a maximum of 20 rules.

Top

3.7.2 Basic Network Firewall Tasks

Top
3.7.2.1 Configuring the Network Firewall
Steps
  1. Go to Network /Network Firewall .
  2. In the Network Firewall Configuration table, set the Default Policy to Accept .

    Note

    Setting the Default Policy to "Accept" means that all forwarded traffic is accepted. for more details on network firewalls, refer to the DGW Configuration Guide - Configuring the Network Firewall published on the Media5 documentation portal at https://documentation.media5corp.com/ .

  3. Click Save & Apply .
Result
Top
3.7.2.2 Disabling the Network Firewall
Before You Start
You must have a Network Interface created.
Steps
  1. Go to Network /Network Firewall .
  2. In the Network Firewall Configuration table, set the Default Policy to Accept .
  3. In the Network Firewall Rules table, from the Activation column, select Disable for all the rules.
  4. Click Save .

    Caution

    Take the time to carefully review your rules before continuing to the next step.

  5. Click Save & Apply to apply all changes to the configuration.
Result
All incoming packets will be accepted.
Top
3.7.2.3 Configuring Black Listing Duration
Steps
  1. Go to Network /Network Firewall .
  2. In the Network Firewall Configuration table, set the Blacklist Timeout
  3. Set the Blacklist Rate Limit Timeout .
  4. Click Save .

    Caution

    Take the time to carefully review your rules before continuing to the next step.

  5. Click Save & Apply to apply all changes to the configuration.
  6. Click restart required services , located at the top of the page.
Result
Blacklisting parameters will be updated. Remember that for blacklisting to be used, at least one rule must have blacklisting enabled.

If a rule with the Black listing enable box checked matches a packet and no Rate Limit Value was set, then the source address of the packet will be black listed and all packets coming from this address will be blocked for the duration of the Blacklist Timeout .

If a rule with the Black listing enable box checked matches a packet and the Rate Limit Value has been reached, then the source address of the packet will be black listed and all packets coming from this address will be blocked for the duration set for the Blacklist Rate Limit Timeout .

Top

3.7.3 Firewall Port Opening Example

This generic example shows how to allow remote clients to communicate with the IP office located at the LAN side of the Mediatrix unit.

In this example:
  • The default policy is Drop , meaning that any packet that does not match the network firewall rules configured in the Network Firewall Configuration table will be dropped.
  • To use the network firewall, IPv4 Forwarding (under IP Routing" tab), must be enabled. Without the forwarding, the network firewall is irrelevant because no packet will get passed from Uplink to LAN.
Rule
1 All packets matching an existing connexion are accepted.
2 All packets coming through UDP are accepted.
3 New packets coming from the IP address 1 and port 1 with a destination to IP address 9 and port 7 through TCP, will be allowed.
4 New packets coming from Subnet 2 and port 2 with a destination to Subnet 10 and port 8 through TCP, will be allowed.
5 New packets coming from the IP address 3 and port 3 with a destination to IP address 11 with any port through TCP, will be allowed.
6 New packets coming from the Subnet 4 and port 4 with a destination to Subnet 12 with any port through TCP, will be allowed.
7 Any packet coming from IP address 5 and port 5 to any destination and port through TCP, will be allowed.
8 Any packet coming from Subnet 6 and port 6 to any destination and port through TCP, will be allowed.
9 This rule will not be applied as it is disabled.
10 Any packet coming from Subnet 8 and any port to any destination and port through TCP, will be allowed.
Default Packets are dropped.
Top

3.8 NAT

Top

3.8.1 Basic Concepts

Top
3.8.1.1 Network Address Translation (NAT)

Network Address Translation (NAT, also known as network masquerading or IP masquerading) rewrites the source and/or destination addresses/ports of IP packets as they pass through a router or firewall. It is most commonly used to connect multiple computers to the Internet (or any other IP network) by using one IP address. This allows home users and small businesses to cheaply and efficiently connect their network to the Internet.

The basic purpose of NAT is to multiplex traffic from the internal network and present it to the Internet as if it was coming from a single computer having only one IP address. The Mediatrix unit’s NAT service allows the dynamic creation and configuration of network address translation rules. Depending on some criteria, the packet matching the rule may see its source or destination address modified.

There are two types of NAT rules:

  • Source rules: They are applied on the source address of outgoing packets.
  • Destination rules: They are applied on the destination address of incoming packets.
A rule's priority is determined by its index in the Source NAT or Destination NAT tables (Network/NAT). If the NAT service is stopped, this tab is greyed out and the parameters are not displayed.

The maximum number of rules allowed in the configuration is 10 of each Source NAT and Destination NAT.

Note

Adding source or destination NAT rules has an impact on the Mediatrix unit’s overall performance as the NAT requires additional processing. The more rules are enabled, the more overall performance is affected. Furthermore, Media5 recommends to use a 30 ms packetization time when the NAT is enabled (instead of a 20 ms ptime, for instance) in order to simultaneously use all the channels available on the unit.

Note

The Mediatrix unit NAT service does not support IPv6

Top
3.8.1.2 Understanding Network Address Translation Rules

A NAT rule specifies a set of matching conditions for network packets.

Each rule can use one or more of the following criteria:

  • Source Address
  • Destination Address
  • Protocol (All, TCP, UDP or ICMP).
If the protocol is set to TCP or UDP, the following criteria can also be used:
  • Source Port
  • Destination Port
When all the criteria of a rule match, the NAT will modify the packet to use the New Address field, either for theSource Address or the Destination Address , according to the type of NAT for which the rule is applied.

Top
3.8.1.3 NAT Rule Order - Important

The NAT rules are applied on a first match basis, in the order they appear in the configuration.

Because the first match is applied, you must ensure that specific rules come before more general rules, or the specific rules might not be applied as desired.

Top
3.8.1.4 Destination or Source IP Address Format

IP Addresses can take the form of:

  • An empty string, meaning that the rule will match any IP address
  • An IP address, for example 192.168.0.11
  • A network address, for example 192.168.1.0/24, which corresponds to all IP addresses in the range 192.168.1.0 to 192.168.1.255

It is also possible to use the name of a network interface to represent either the current IP address or network of that interface.

  • Specifying the interface name without a trailing slash represents the IP address
  • The same name with the trailing slash represents the network.

For example, if your lan interface is configured as 192.168.0.10/24

  • Lan1 will be replaced by the current IP address of the lan interface, 192.168.0.10
  • Lan1/ will be replaced with the network of the lan interface, /24, meaning the range from 192.168.0.0 to 192.168.0.255.

If the specified interface is disabled or removed, the rule is automatically disabled thus removed from the NAT. When the network interface is enabled or added back, the rule is automatically enabled and applied in the NAT.

Top
3.8.1.5 Source or Destination Port Format
Ports can take the form of either:
  • An empty string, meaning that the rule will match any port
  • Single port, for example for a web server: 80
  • A range of ports, for example to forward RTP: 5004-5099
Top
3.8.1.6 Interaction of NAT rules with the Firewall Service

When using the Network Firewall service, it is important to configure it with respect to the Destination NAT rules because:

  • Source NAT (SNAT) rules are executed after the routing decision, before the packet leaves the unit.
  • Destination NAT (DNAT) rules are executed before the routing decision, as the packet enters the unit.

An example of this would be port forwarding where the DNAT changes the routed address of a packet to a new IP address/port. The Network Firewall must also accept connection to this IP/port in order for the port forwarding to work.

Top

3.8.2 Basic Tasks

Top
3.8.2.1 Starting-Stopping-Restarting the NAT Service Using the DGW Web Page
Steps
  1. Go to System /Services .
  2. In the User Service table, on the line of the NAT service set the Startup Type selection list to Auto .
  3. Then,
    • click if you wish to start the service, or
    • click to restart the service.
    • click to stop the service.

    Note

    When stopping or restarting a service, some interruptions might occur, such as dropped calls, virtual machine shutdown or loss of network connectivity, depending on the affected services and/or its dependencies.

  4. Click Apply .
Result
The status of the service (in the Status column) changes following the executed service command.
  • If you clicked , the tab from which you can access the service from the Web pages are greyed out
  • If you clicked , the tab from which you can access the service from the Web pages are no longer greyed out.
Top
3.8.2.2 Creating a Source NAT Rule
Before You Start
IPv4 forwarding must be enabled under Network /IP Routing .
Steps
  1. Go to Network /NAT .
  2. In the Source Network Address Translation Rules , click

    Note

    To add a rule before an existing entry, locate the proper row in the table and click the button of this row. To add a rule at the end of the existing rows, click the button at the bottom right of the section.

    Note

    The yellow Yes in the Config Modified section at the top of the window indicates that the configuration has been modified but not applied (i.e., the Network Address Translation section of the Status page differs from the NAT page).

  3. Complete the fields as required.
  4. Click Apply .
Result
The applied enabled rules are displayed in the Network /Status /Network Address Translation section, which contains the active configuration in the NAT. The yellow Config Modified Yes flag is cleared.
Top
3.8.2.3 Creating a Destination NAT Rule
Steps
  1. Go to Network /NAT .
  2. In the Destination Network Address Translation Rules , click

    Note

    To add a rule before an existing entry, locate the proper row in the table and click the button of this row. To add a rule at the end of the existing rows, click the button at the bottom right of the section.

    Note

    The yellow Yes in the Config Modified section at the top of the window indicates that the configuration has been modified but not applied (i.e., the Network Address Translation section of the Status page differs from the NAT page).

  3. Complete the fields as required.
  4. Click Apply .
Result
The applied enabled rules are displayed in the Network /Status /Network Address Translation section, which contains the active configuration in the NAT. The yellow Config Modified Yes flag is cleared.
Top

3.8.3 NAT Rule Examples

Top
3.8.3.1 Creating a Source NAT Rule to Forward the Lan to the Uplink Network Interface
Steps
  1. Go to Network /NAT .
  2. In the Source Network Address Translation Rules , click .
  3. From the Activation selection list, click Enable .
  4. In the Source Address field, enter Lan1/ .
  5. From the Protocol selection list, choose All .
  6. In the New Address field, enter Uplink .
  7. Click Save & Apply .
Result
Top

3.9 DHCP Server

Top

3.9.1 Basic Concepts

Top
3.9.1.1 DHCP Service

The DHCP service allows the Mediatrix unit to act as a DHCP server. The Mediatrix will be able to allocate a range of IP addresses to use on a network, reserve, and distribute the IP addresses and network configuration parameters for specific devices using the MAC address as unique identifier for each device.

Top
3.9.1.2 DHCP Server

The Mediatrix unit contains an embedded DHCP server that allocates IP addresses and provides leases to the various subnets that are configured.

These subnets could have PCs or other IP devices connected to the unit’s LAN Ethernet connectors. These devices could be any combination of switches, PCs, IP phones, etc. If the DHCP service is stopped, the DHCP Server tab is greyed out and the parameters are not displayed. By default, the DHCP service is stopped and the Network/DHCP Server tab is greyed out.

Top
3.9.1.3 Default vs Specific DHCP Server Configurations
You can use two types of configuration:
  • Default configurations that apply to all the subnets of the Mediatrix unit.
  • Specific configurations that override the default configurations. You can define specific configurations for each subnet in your Mediatrix unit. For instance, you could define a lease time for all the subnets of the Mediatrix unit and use the specific configuration parameters to set a different value for one specific subnet.
The parameters available differ according to the subnet you have selected. The Default subnet has less parameters than the specific subnets available on the Mediatrix unit.
Top
3.9.1.4 Available Configuration Sources

A parameter’s configuration source can be toggled. Here are the possible configuration sources:

Static Parameter is defined as a static parameter locally
Automatic Parameter is obtained from the Uplink network via DHCP or IPCP (PPPoE)
HostConfiguration Parameter is obtained from the HOC Service
HostInterface Parameter is obtained from network interface matching the subnet
Top
3.9.1.5 Parameters Configuration Sources

The following table lists the configuration parameters and their available configuration sources:

Parameter name Configuration sources
Static Automatic HostConfiguration HostInterface
Domain name X X
Lease time X
Default router X X
List of DNS servers X X X
List of NTP servers X X X
List of NBNS servers X
Top
3.9.1.6 Subnet server

The DHCP server manages hosts’ network configuration on a given subnet. Each subnet can be seen as having a distinct DHCP server managing it, which is called a subnet server.

To activate a subnet server for a given network interface, the name of that network interface and the name of the subnet must match, the subnet enable option must be enabled and the configuration of the subnet must be valid. Only one subnet can be defined per network interface.

The network interface can be a physical interface or a logical interface (ex: sub-interface using VLAN). The subnet server status is updated dynamically according to many parameters.

Note

The subnet configuration is invalid when the range of the start or end addresses is out of the network interface's CIDR range, or both parameters are incompatible.

Top
3.9.1.7 Sending Configuration Parameters to a Client

When an address is leased to a host, several network configuration parameters are sent to that host at the same time according to the options found in the DHCP request. Parameters are set to default at subnet creation time. A parameter can be defined with a subnet specific configuration.

The subnet server will not send a parameter with an empty value. This means that if a client requests a domain name and the subnet server domain name parameter contains an empty field, the subnet server will not add the domain name option in the DHCP response.

Top
3.9.1.8 Lease assignment

In order to assign leases, the subnet server draws from an IP address pool (or subnet scope) defined by a start address and an end address. The subnet mask assigned to hosts is taken directly from the network interface. All hosts on the same subnet share the same configuration. The maximum number of supported hosts on a subnet is 254.

Specific IP addresses (static leases), designated by their MAC address, can be defined as reserved for specific hosts.

The subnet server will always assign leases within the IP address pool with an exception for static leases. When a static lease is defined for the host requesting an address, this lease will be assigned to the host if the IP address is within the subnet range even if the address is not within the IP address pool.

Top
3.9.1.9 DHCP Server Configuration Options
  • Lease Time (Option 51) : The Mediatrix unit DHCP server offers a lease time to its subnets. You can use a default lease time for all subnets or define a lease time specific to one or more subnets.
  • Domain Name (Option 15) : The Mediatrix unit DHCP server offers a domain name to its subnets. You can use a default domain name for all subnets or define a domain name specific to one or more subnets.
  • Default Gateway (Option 3) : The Mediatrix unit DHCP server offers a default gateway (also called default router) to its subnets.

    Note

    The default gateway parameters are not available in the Default interface. You must access the specific subnets configuration to set its parameters.

  • DNS (Option 6) : The Mediatrix unit DHCP server offers up to four DNS addresses to its subnets. You can use the default DNS addresses for all subnets or define static DNS addresses specific to one or more subnets.
  • NTP (Option 42) : The Mediatrix unit DHCP server offers the addresses of up to four NTP (Network Time Protocol) servers to its subnets. You can use the default NTP addresses for all subnets or define static NTP IP addresses specific to one or more subnets.
  • NBNS (Option 44) :The NetBIOS Name Server (NBNS) protocol, also called Windows Internet Name Service (WINS). This is only needed if you need file sharing on old Windows 95/98/Me/NT PCs. The Mediatrix unit DHCP server offers up to four NBNS addresses to its subnets. You can use the default NBNS addresses for all subnets or define static NBNS addresses specific to one or more subnets.
  • Server Name (Option 66) : The Mediatrix unit DHCP server offers a server name to its subnets. You can use a default server name for all subnets or define a server name specific to one or more
  • Bootfile Name (Option 67) : The Mediatrix unit DHCP server offers a Bootfile name to its subnets. You can use a default Bootfile name for all subnets or define a Bootfile name specific to one or more.
Top

3.9.2 Basic DHCP Tasks

Top
3.9.2.1 Configuring the LAN1 DHCP Server Subnet
Before You Start
Make sure the DHCP service is started (System /Services /User Service ) otherwise the DHCP Server tab will be greyed.
Context
Although the parameters of these steps can be configured differently, the values suggested will work for almost every scenario.
Steps
  1. Go to Network /DHCP Server .
  2. In the Select Subnet drop down menu located at the top of the page, select Lan1 .
  3. In the DHCP Server Configuration table, set the DHCP Server Enable to Enable .
  4. In the Start IP Address and End IP Address fields, indicate the IP range to use
  5. Set Automatic Configuration Interface to Uplink .
  6. Complete the fields of the Lease Time (Option 51) section. Make sure to set the
    • Subnet Specific selection list to Yes
  7. Complete the fields of the Domain Name (Option 15) section. Make sure to set the
    • Enable Option selection list to Enable
    • Subnet Specific selection list to Yes
    • Configuration Source selection list to Static
  8. Complete the fields of the Default Gateway (Option 3) section. Make sure to set the
    • Enable Option selection list to Enable
    • Configuration Source selection list to Host Interface .
  9. Complete the fields of the DNS (Option 6) section. Make sure to set the
    • Enable Option selection list to Enable
    • Subnet Specific selection list to Yes
    • Configuration Source selection list to Static
  10. Complete the fields of the NTP (Option 42) section. Make sure to set the
    • Enable Option selection list to Enable
    • Subnet Specific selection list to Yes
    • Configuration Source selection list to Static
  11. Complete the fields of the NBNS (Option 44) section. Make sure to set the
    • Enable Option selection list to Enable
    • Subnet Specific selection list to Yes
  12. Do not enable Option 66 or 67.
  13. Click Apply .
Top

3.9.3 Advanced DHCP Tasks

Top
3.9.3.1 Creating A VLAN DHCP Server Subnet
Before You Start
If you are not using a secure connection, Activate unsecure script transfers and execution through web browser to be able to execute script via the Web browser. To enable a VLAN in the DHCP server, make sure the VLAN is configured in the Network/VLAN tab and has an IP address configured in Network/Interfaces.
Steps
  1. Go to Management /Configuration Scripts /Execute .

    Note

    the following step is crucial to make sure the subnet is available in the Select Subnet field under Network /DHCP Server .

  2. In the Execute Inline Script field enter Dhcp.AddSubnet Network=Vlan10 .
  3. Click Execute .
Result
The Vlan10 subnet will be available for configuration from the Select Subnet field under Network /DHCP Server .
Top
3.9.3.2 Adding a Static Lease Using the DGW Web Interface
Before You Start
If you are not using a secure connection, Activate unsecure script transfers and execution through web browser to be able to execute script via the Web browser.
Context
Adding a static lease can also be done via the command-line interface via SSH. To list all static leases, execute the Dhcp.StaticLeases command (only available by SSH): Global>Dhcp.StaticLeases
Steps
  1. Go to Management /Configuration Scripts /Execute .
  2. To add a Static Lease, in the Execute Inline Script field enter the Dhcp.AddStatic Lease with the Mac address of the device and its desired static IP address. For example, Dhcp.AddStaticLease MacAddress=0090f8000000 IpAddress=192.168.0.9 .

    Note

    To delete a static lease, use the Delete operation on the Dhcp.StaticLeases table. For example:Dhcp.StaticLeases[MacAddress=0090f8000000].Delete=Delete

  3. Click Execute .
Result
The Vlan10 subnet will be available for configuration from the Select Subnet field under Network /DHCP Server .
Top
3.9.3.3 Configuring the DHCP Server Subnet Lease Time (Option 51)
Before You Start
Make sure the DHCP service is started (System /Services /User Service ) otherwise the DHCP Server tab will be greyed.
Steps
  1. Go to Network /DHCP Server .
  2. From the Select Subnet selection list, choose the subnet requiring Option 51 configuration.
  3. In the DHCP Server Configuration table, make sure the DHCP Server Enable selection list is set to Enable .
  4. Under the Lease Time (Option 51) section, from the Subnet Specific selection list, choose
    • No to use the default lease time
    • Yes to override the default lease time.
  5. If you chose Yes , complete the Lease Time field.
  6. Click Apply .
Top
3.9.3.4 Configuring the DHCP Server Domain Name Parameters (Option 15)
Before You Start
Make sure the DHCP service is started (System /Services /User Service ) otherwise the DHCP Server tab will be greyed.
Steps
  1. Go to Network /DHCP Server .
  2. From the Select Subnet selection list, choose the subnet requiring Option 15 configuration.
  3. In the DHCP Server Configuration table, make sure the DHCP Server Enable selection list is set to Enable .
  4. Under the Domain Name (Option 15) section, from the Enable Option selection list, choose
    • Disable to use the default domain name
    • Enable to override the default domain name.
  5. If you chose Enable , complete the fields as required.
  6. Click Apply .
Top
3.9.3.5 Configuring the DHCP Server Default Gateway (Option 3)
Before You Start
Make sure the DHCP service is started (System /Services /User Service ) otherwise the DHCP Server tab will be greyed.
Steps
  1. Go to Network /DHCP Server .
  2. From the Select Subnet selection list, choose the subnet requiring Option 3 configuration.
  3. In the DHCP Server Configuration table, make sure the DHCP Server Enable selection list is set to Enable .

    Note

    The default gateway parameters are not available in the Default interface. You must access the specific subnets configuration to set the parameters.

  4. Under the Default Gateway (Option 3) section, from the Enable Option selection list, choose
    • Disable to use the default router
    • Enable to override the default router.
  5. If you chose Enable , complete the fields as required.
  6. Click Apply .
Top
3.9.3.6 Configuring the DHCP Server DNS Parameters (Option 6)
Before You Start
Make sure the DHCP service is started (System /Services /User Service ) otherwise the DHCP Server tab will be greyed.
Steps
  1. Go to Network /DHCP Server .
  2. From the Select Subnet selection list, choose the subnet requiring Option 6 configuration.
  3. In the DHCP Server Configuration table, make sure the DHCP Server Enable selection list is set to Enable .
  4. Under the DNS (Option 6) section, from the Enable Option selection list, choose
    • Disable to use the default DNS address
    • Enable to override the default router.
  5. If you chose Enable , complete the fields as required.
  6. Click Apply .
Top
3.9.3.7 Configuring the DHCP Server NTP Parameters (Option 42)
Before You Start
Make sure the DHCP service is started (System /Services /User Service ) otherwise the DHCP Server tab will be greyed.
Steps
  1. Go to Network /DHCP Server .
  2. From the Select Subnet selection list, choose the subnet requiring Option 42 configuration.
  3. In the DHCP Server Configuration table, make sure the DHCP Server Enable selection list is set to Enable .
  4. Under the NTP (Option 42) section, from the Enable Option selection list, choose
    • Disable to use the default NTP servers
    • Enable to override the NTP servers.
  5. If you chose Enable , complete the fields as required.
  6. Click Apply .
Top
3.9.3.8 Configuring the DHCP Server NBNS (Option 44)
Before You Start
Make sure the DHCP service is started (System /Services /User Service ) otherwise the DHCP Server tab will be greyed.
Steps
  1. Go to Network /DHCP Server .
  2. From the Select Subnet selection list, choose the subnet requiring Option 51 configuration.
  3. In the DHCP Server Configuration table, make sure the DHCP Server Enable selection list is set to Enable .
  4. Under the NBNS (Option 44) section, make sure the Enable Option is set to Enable
  5. from the Subnet Specific selection list, choose
    • No to use the default configuration,
    • Yes to override the specific configuration as defined in the following parameters: SpecificNbnsServers.StaticNbns1 , SpecificNbnsServers.StaticNbns2 , SpecificNbnsServers.StaticNbns3 , and SpecificNbnsServers.StaticNbns4 .
  6. If you chose Yes , complete the fields as required.
  7. Click Apply .
Top
3.9.3.9 Configuring the DHCP Server Name Parameters (Option 66)
Before You Start
Make sure the DHCP service is started (System /Services /User Service ) otherwise the DHCP Server tab will be greyed. To use specific files, you must know their name, their path and your server must be accessible by the unit.
Steps
  1. Go to Network /DHCP Server .
  2. From the Select Subnet selection list, choose the subnet requiring Option 66 configuration.
  3. In the DHCP Server Configuration table, make sure the DHCP Server Enable selection list is set to Enable .
  4. Under the Server Name (Option 66) section, from the Subnet Specific selection list, choose
    • No to use the default server name
    • Yes to override the default server name.
  5. If you chose Yes , complete the Bootfile Name field.
  6. Click Apply .
Top
3.9.3.10 Configuring the DHCP Server Bootfile Parameters (Option 67)
Before You Start
Make sure the DHCP service is started (System /Services /User Service ) otherwise the DHCP Server tab will be greyed. To use specific files, you must know their name, their path and your server must be accessible by the unit.
Steps
  1. Go to Network /DHCP Server .
  2. From the Select Subnet selection list, choose the subnet requiring Option 67 configuration.
  3. In the DHCP Server Configuration table, make sure the DHCP Server Enable selection list is set to Enable .
  4. Under the Bootfile Name (Option 67) section, from the Enable Option selection list, choose Enable to override the default DHCP Server Bootfile Name.
  5. From the Subnet Specific selection list, choose
    • No to use the default configuration.
    • Yes to override the default configuration.
  6. If you chose Yes , complete the Bootfile Name field.
  7. Click Apply .
Top

4 SIP Proxy

Top

4.1 Configuring the SipProxy Service

Steps
  1. Go to SIP Proxy /Configuration .
  2. In the Monitoring section of the Configuration table, in the Interval field, enter the interval at which monitoring requests are sent to verify the SIP server status, in seconds.
  3. In the Toggle Delay field, enter the delay before reporting a status change of the monitored destination, in seconds.
  4. In the Destination field, enter the server IP address or FQDN to monitor.

    Note

    In most cases, this will be the Registrar Host.

  5. In the Keep Alive Error Code field, list the response codes (comma-seperated) that indicate that the server is down.

    Note

    To detect that the server is down, use the error codes the server will return when it is not available. This will be much faster than using the timeout.

  6. Click Apply to apply all changes to the configuration.
  7. Located at the top of the page, click restart required services .
Result
Top

5 SBC

Top

5.1 Configuration

Top

5.1.1 Basic SBC Configuration Concepts

Top
5.1.1.1 Call Agents

Call Agents represent logical end-points that connect the Mediatrix unit to peers.

For security reasons, the Mediatrix unit communicates by default only with well-known and defined peers. When a request cannot be associated with a Call Agent, it is rejected. Each Call Agent is tied to a specific peer, ensuring all inbound and outbound communications with that peer. Routing rulesets are used to route SIP signaling between Call Agents, where inbound requests from a Call Agent are sent to another (or the same) Call Agent that will send an outbound request to it's related peer. Call Agents can be associated with one or several Rulesets which can be applied to the inbound or the outbound requests.

When there is an inbound request, to determine the Call Agent the inbound request will go through, the Mediatrix unit uses the destination IP address to choose the Network interface. Then the destination port of the inbound request will determine the Signaling or Media Interface used. Finally, the source address and the source port, will allow the Mediatrix unit to direct the request to the appropriate Call Agent. At this point any Rulesets associated with the Call Agent will be applied in order of priority.

When a request is sent out, i.e. there is an outbound request, the Routing Rulesets will determine which Call Agent will be used. Then the Call Agent Rulesets will be applied to the outbound request, in reverse priority order. The outbound request will then be sent through the Signaling and Media Interface associated with the Call Agent. If the public IP address is used, then the SIP request will use this address as the source IP address. The outbound request will then be sent to the peer address of the Call Agent or according to the routing Ruleset if the peer is a Network.

In addition, a Call Agent tracks REGISTER requests or monitor the peer host using SIP options. When these features are activated, the Call Agent registration state and monitoring state are updated allowing a Routing Ruleset to select another Call Agent based on the state of a primary Call Agent.

Eight default types of Call Agents were created for Mediatrix unit. This should be enough to cover all your needs. However, for advanced users, it is possible to create new Call Agents.

Seven of the eight default Call Agents allow the Mediatrix unit to communicate with seven different types of end-points.

Call Agent Name SIP or Endpoint Peer
wan_ip_trunk_ca SIP server located on the WAN.
trunk_lines_ca Public Switch Telephony Network (PSTN), through PRI, BRI or FXO ports.
phone_lines_ca Telephones, through FXS ports.
lan_ip_pbx_ca IP Private branch exchange (PBX) located on the LAN.
local_users_ca Users via SIP telephony located on the LAN.
remote_users_ca Users using SIP telephony located on the WAN.
registration_ca Used to route the registrations issued by the Registration Agent.
secondary_ip_trunk_ca SIP server if the wan_ip_trunk_ca Call Agent is not available.

For more details on Rulesets, refer to Rulesets .

Top
5.1.1.2 phone_lines_ca Call Agent

The phone_lines_ca Call Agent is used to route calls via an FXS port of the Mediatrix unit.

Typically it will route calls to and from analog phones and faxes within the enterprise premises. This Call Agent will be used for example when a call is routed from one colleague to another using analog phones connected on the FXS ports of the Mediatrix unit. In such a scenario, the call does not go through the LAN network nor the Internet. Since by default this Call Agent uses the loop_m Media Interface to route the media, the media_relay Ruleset is usually associated with this Call Agent.

The phone_lines_ca Call Agent is associated with the phone_lines_gw gateway of the SipEp service. By default, each FXS port sends a REGISTER by the phone_lines_ca Call Agent. Therefore, the administrator must make sure to route these REGISTERs to a server, or to disable them in the SipEp service. If needed, FXS ports can be configured in the Pots service.

Top
5.1.1.3 trunk_lines_ca Call Agent

The trunk_lines_ca Call Agent is used to route calls to the Public Switch Telephony Network (PSTN) or a enterprise's existent PBX through the PRI, BRI or FXO ports of the unit.

Calls made outside the enterprise premises to telecommunication service providers or calls made within the enterprise through a PBX will typically be routed through this Call Agent. Since by default this Call Agent uses the loop_m Media Interface to route the media, the media_relay Ruleset is usually associated with this Call Agent.

If there are no PRI, BRI or FXO card on the unit, calls through trunk lines can also be routed by the wan_ip_trunk_ca or secondary_ip_trunk_ca Call Agent, provided there is an analog or digital gateway to convert the VoIP call to an analog or digital call, or vice versa.

Further more, the trunk_lines_ca Call Agent is associated with the trunk_lines_gw of the SipEp service. FXO/PRI/BRI ports will need to be configured in either the Pots, Isdn, R2 or Eam services for the calls to be routed properly.

Top
5.1.1.4 local_users_ca Call Agent

The local_users_ca Call Agent is used to route calls from and to local users, i.e. located in the LAN, via VoIP calls.

For the call to use this Call Agent, the endpoint must belong to the company and use the company's system. This Call Agent is often used as a regrouping point of all local endpoints to be routed to a PBX or Trunk lines. For instance, if you are a Media5 corporation employee, with a cell phone using the Media5 fone application and the entreprise IP-PBX, then your call will be routed through the local_users_ca Call Agent. If an internal employee is using an analog phone, the call can also be routed through this Call Agent provided the call goes first through a gateway to convert the analog call into a VoIP call.

Top
5.1.1.5 remote_users_ca Call Agent

The remote_users_ca Call Agent is used to route calls from users working out the office and using VoIP calls through an external network or Internet.

Calls are routed through a WAN then to the Mediatrix unit via the remote_users_ca Call Agent.

Top
5.1.1.6 lan_ip_pbx_ca Call Agent

The lan_ip_pbx_ca Call Agent routes calls to and from an IP PBX located in the LAN. The IP PBX manages all internal communications between different SIP clients (soft phones or SIP gateways).

This Call Agent is usually used to link a local PBX with an external trunk (IP or PSTN).

Top
5.1.1.7 wan_ip_trunk_ca Call Agent

The wan_ip_trunk_ca Call Agent is used to route VoIP calls.

Calls are routed from or to the main SIP server or provider located in the WAN. Typical peers for this Call Agent are the head office of the enterprise, an Internet telephony service provider (ITSP) or an IP Multimedia Core Network Subsystem (IMS).

Top
5.1.1.8 secondary_ip_trunk_ca Call Agent

The secondary_ip_trunk_ca Call Agent is used to route VoIP calls.

This Call Agent is identical to the wan_ip_trunk_ca Call Agent. The secondary_ip_trunk_ca can be used for different purposes. The most common use for this Call Agent, is to route calls to and from the backup server in the event the primary server does not respond. However, this Call Agent can also be used, for example, to route calls directly to and from a Branch Office or route a specific type of call such as international calls. Typical peers for this Call Agent are the head office of the enterprise, an Internet telephony service provider (ITSP) or an IP Multimedia Core Network Subsystem (IMS).

Top
5.1.1.9 registration_ca Call Agent

The registration_ca Call Agent is used to route the registrations issued by the Registration Agent.

The registration_ca Call Agent should not be used for other purposes. The registrations issued by the Registration Agent must be routed from the registration_ca to the Call Agent facing the destination Sip registrar (typically wan_ip_trunk_ca _ca or secondary_ip_trunk_ca ).

The registration is routed using the User Name, Password and Domain to build the AOR and the R-URI . The Contact is the contact header of the registration, it should contain the IP-address or FQDN of the Mediatrix unit.

Top
5.1.1.10 Signaling and Media Interfaces

The Signaling Interface is used for SIP signaling and the Media Interface is used for media ( RTP, UDPTL ) processing.

When configuring a Call Agent, you must select a Signaling Interface and a Media Interface. These interfaces are used whenever SIP signaling or media packets are sent to or received by the Call Agent.

It is possible to create several Signaling and Media Interfaces on the same Network Interface but for different purposes. For example, one set of Signaling and Media Interfaces for a WAN SIP Trunk and another set of Signaling and Media Interfaces for remote user calls. This means, for instance, that two Signaling Interfaces will be created on the same Network Interface, using the same IP address, but with a port range that will differ according to their intended use and to avoid conflicts.

A Media or Signaling Interface can be used by more than one Call Agent, but a specific Signaling or Media Interface can be created for a specific Call Agent. This provides the liberty to define non conflicting range of contactable interfaces on any physical network interfaces of the units for your network structure needs (such as Vlans, PPPoE interfaces, multiple Ethernet ports or multiple addresses on a link).

The following Signaling and Media Interfaces are supplied by default:

  • lan1_m
  • lan1_s
  • loop_m
  • loop_s
  • uplink_s
  • uplink_m

loop_m and loop_s interfaces are used to communicate with the internal services of the unit. For example, the loop interfaces can be used to communicate with the SipEp service to access phone ports.

Top
5.1.1.11 Penalty Box

The penalty box feature is enabled for a specific Call Agent to temporarily avoid contacting the peer hosts (addresses) that are expected not to answer.

Without the use of the penalty box, DNS SRV failover is delayed until the SIP transaction times out. In a DNS SRV failover, without the use of the penalty box, the Call Agent will first try to communicate with the peer host on the first server, then once the SIP transaction has timed out, it will try the second and so on, always waiting for the SIP transaction timer to expire. With the penalty box, the call Agent will not try any servers that are already in the penalty box. Remember, dynamic call routing (e.g. survivability) based on server availability requires the penalty box to be enabled.

There are typically three situations that will cause a peer host to be put in the penalty box:

  • If the transaction timer of a communication is expired, the peer host will be considered Down and will be put in the penalty box.
  • If the transaction timer of a keep-alive communication is expired, the peer host will be considered Down and will be put in the penalty box.
  • If after sending a keep-alive request or any other message to a peer host, the Call Agent receives one of the selected error codes, the peer host will be put in the penalty box. It is the error code that will indicate that the peer host cannot be used.

    Note

    When configuring the Call Agent it is possible to indicate the error codes that will trigger the peer host to be sent to the penalty box.( SBC /Configuration /Blacklisting Error Codes )

It is possible to configure how much time a peer host will remain in the penalty box, and the delay before which a peer host is considered down. This delay starts after the expiration of the transaction timer. It is also possible to disable the penalty box feature by using the special value 0 as the duration the peer host will remain in the penalty box.

Top
5.1.1.12 Keep-Alive

The Keep-Alive monitoring parameter allows the unit to periodically send messages to a server to make sure the server can still be reached.

The Keep-Alive parameter is set individually for each Call Agent. SIP options are sent periodically for each Call Agent to their corresponding server. Any response received from the server means that it can be reached. No additional processing is performed on the response. If no response is received after the retransmission timer expires, the Sbc service considers the server as unreachable. In this case, any call attempt through the Call Agent is refused and the peer host will be sent to the Penalty Box. SIP options are still sent when the server cannot be reached and as soon as it can be reached again, new calls are allowed.

Top

5.1.2 Basic SBC Configuration Tasks

Top
5.1.2.1 Configuring a Call Agent
Steps
  1. Go to SBC /Configuration .
  2. In the Call Agent Configuration table, click Edit located on the row of the Call Agent you wish to configure.
  3. In the Configure Call Agent table, complete the fields as required and make sure the Enable check box is selected.

    Note

    Monitoring Parameters are not mandatory.

  4. Complete the fields of the Call Agent Configuration as required.
  5. Click Save .

    Note

    The changes are saved, but not all applied to the configuration.

  6. Click Apply to apply all changes to the configuration.
Result
No will be displayed in the Config. Modified field, indicating that the configuration that was modified is now applied to the system. When the Mediatrix unit will use the selected Call Agent for a communication, the selected parameters will be applied.
Top
5.1.2.2 Creating a Media Interface
Before You Start
A Network Interface must be configured.
Steps
  1. Go to SBC /Configuration .
  2. In the Media Interface Configuration table, click .

    Note

    A new line of empty fields is added to the Media Interface Configuration table. An error message will be displayed indicating that the configuration of the row is invalid. This is normal as the Media Interface is not yet configured.

  3. In the Media Interface Configuration table, complete the fields as required.

    Note

    The Network Interfaces displayed in the Network column, are created under Network > Interfaces tab.

  4. Click Save .

    Note

    The changes are saved, but not all applied to the configuration.

  5. Click Apply to apply all changes to the configuration.
  6. Click restart required services , located at the top of the page.
Result
The Media Interface will be available when configuring a Call Agent, in the Media Interface selection list of the Configure Call Agent page.
Top
5.1.2.3 Creating a Signaling Interface
Before You Start
A Network Interface must be configured. IPv6 is not supported, therefore Ipv6 configured Network interfaces cannot be used.
Steps
  1. Go to SBC /Configuration .
  2. In the Signaling Interface Configuration table, click .

    Note

    A line is added to the Signaling Interface Configuration table. An error message will be displayed indicating that the configuration of the row is invalid. This is normal as the Signaling Interface is not yet configured.

  3. In the Signaling Interface Configuration table, complete the fields as required.

    Note

    The Network Interfaces displayed in the Network column, are created under Network > Interfaces page.

  4. Click Save .

    Note

    The changes are saved, but not all applied to the configuration.

  5. Click Apply to apply all changes to the configuration.
  6. Click restart required services , located at the top of the page.
Result
The Signaling Interface will be available when configuring a Call Agent, in the Signaling Interface selection list of the Configure Call Agent page.
Top
5.1.2.4 Configuring the Call Agent Penalty Box
Steps
  1. Go to SBC /Configuration .
  2. Click next to the Call Agent you wish to configure.
  3. In the Configure Call Agent table, set the Keep-Alive field to 30.
  4. Set the Blacklisting Duration to 60.
  5. Click Save .
Result
Top
5.1.2.5 Setting the Keep-Alive Interval
Steps
  1. Go to SBC /Configuration .
  2. From the Call Agent Configuration table, click next to the Call Agent you wish to configure.
  3. In the Keep-Alive Interval , indicate the interval in seconds for sending SIP options to the Call Agent Peer host.

    Note

    30 seconds is a good compromise between the speed at which errors are detected versus the resources used by the keep-alive signals.

    Note

    0 indicates that the keep-alive feature is disabled.

  4. Click Save .
Top

5.2 Rulesets

Top

5.2.1 Basic Ruleset Concepts

Top
5.2.1.1 Rulesets

Rulesets define one or several rules used to filter, manipulate or route inbound or outbound requests.

There are two types of Rulesets:

  • Call Agent Rulesets: they describe how inbound or outbound requests are handled by a specific Call Agent. They can also implement services or collect data.
  • Routing Rulesets: they are used to globally route outbound requests, i.e. that they apply to all Call Agents.

When a request arrives at a Call Agent from a peer, the inbound rules of the Rulesets associated with the Call Agent are executed. Then, Routing Rulesets are executed until a Call Agent is selected for the destination. Last, the outbound rules of the Rulesets associated with the destination Call Agent are executed before sending the request to the peer.

Inbound rules of the Ruleset are executed in ascending Ruleset priority order. Outbound rules are executed in descending Ruleset priority order.

The Mediatrix unit is fundamentally rule driven. This means that almost all features can be activated based on certain conditions evaluated at run-time, based on parts of the signaling messages or media payload. All rules are constructed using the same pattern. They consist of a set of one or more conditions. If all conditions apply (logical conjunction), a set of one or more actions is executed. It is important to understand that rules are generally applied only on incoming or outbound requests. However, some rules have a scope that goes beyond these incoming or outbound requests. For example, header filters apply to all requests exchanged, including incoming requests.

Call Agents can have two origins:

  • Factory: Read only Ruleset delivered with the application.
  • Custom: User defined Ruleset.
A custom Ruleset has priority over a factory Ruleset. If a custom Ruleset is created with the same name as a factory Ruleset, it is the custom Ruleset that will be shown and used. Once the custom Ruleset is deleted, the factory Ruleset will be reactivated. Cloning, editing and saving a factory Ruleset will create a custom Ruleset without modifying the factory Ruleset.

Call Agent Rulesets have an *.crs extension and Routing Rulesets use the *.rrs extension. For more details on Ruleset conditions and descriptions, refer to the DGW Configuration Guide - Reference Guide document published on the Media5 documentation portal at https://documentation.media5corp.com/

Refer to the DGE Configuration Guide - Ruleset Replacement Expressions also published on the Media5 documentation portal.

Top
5.2.1.2 Call Agent Rulesets
Name Description
automatic_media_relay Media goes through the SBC except for users in the same network.
drop_common_scanners_in Drop requests from known SIP scanners.
drop_common_scanners_in_v2 Drop requests from known SIP scanners.
drop_register_in Drop all inbound registration requests.
drop_unregistered_users_in Drop inbound requests from unregistered users.
media_relay Force Media to go through the SBC.
rate_limit_invite_per_source_in Limit call attempts per second per source IP address.
rate_limit_invite_per_source_in_v2 Limit call attempts per second per source IP address.
rate_limit_register_per_source_in Limit registration attempts per minute per source IP address.
register_cache_out Create alias in cache for outbound registrations and restore the contact from the cache for inbound requests.
registrar_in Store contact locally and reply to inbound registration requests.
registration_throttling_in Use different expiration for UA and registrar.
reject_unregistered_users_in Reject inbound requests from unregistered users.
remote_users_behind_nat Handle Far-End NAT for registrations and calls.
topology_hiding_out Remove user-agent or server header on outbound requests.
uac_authentication_out Provide authentication credentials for outbound requests.
Top
5.2.1.3 Routing Rulesets
Name Description
lan_pbx_to_remote_users Route from lan_ip_pbx_ca to remote_users_ca
lan_pbx_to_wan_ip_trunk_failover_to_second Route from lan_ip_pbx_ca to wan_ip_trunk_ca with failover to secondary_ip_trunk_ca
lan_pbx_to_wan_ip_trunk_failover_to_second_dm Route from lan_ip_pbx_ca to wan_ip_trunk_ca with failover to secondary_ip_trunk_ca in demarcation setup.
lan_pbx_to_wan_ip_trunk_failover_to_trunk_dm Route from lan_ip_pbx_ca to wan_ip_trunk_ca with failover to trunk_lines_ca in demarcation setup
local_users_to_wan_ip_trunk_failover_to_second Route from local_users_ca to wan_ip_trunk_ca with failover to secondary_ip_trunk_ca .
registration_to_wan_ip_trunk_failover_to_second Route from registration_ca to wan_ip_trunk_ca with failover to secondary_ip_trunk_ca
registration_to_wan_ip_trunk Route from registration_ca to wan_ip_trunk_ca
remote_users_to_lan_pbx Route from remote_users_ca to lan_ip_pbx_ca
secondary_ip_trunk_to_lan_pbx Route from secondary_ip_trunk_ca to lan_ip_pbx_ca
secondary_ip_trunk_to_lan_pbx_2 Route from secondary_ip_trunk_ca to lan_ip_pbx_ca
trunk_lines_to_local_pbx_dm Route from trunk_lines_ca to lan_ip_pbx_ca in demarcation setup
wan_ip_trunk_to_lan_pbx Route from wan_ip_trunk_ca to lan_ip_pbx_ca
wan_ip_trunk_to_lan_pbx_v2 Route from wan_ip_trunk_ca to lan_ip_pbx_ca
Top
5.2.1.4 Ruleset Replacement Expressions

Ruleset replacement expressions are used when the value of a parameter, a command or an action is not known in advance, i.e. the value depends on the result of the SIP message processing.

A Ruleset replacement expression is a string that represents a SIP processing status. Replacement expressions always start with the dollar (“$”) sign followed by an identifier. When the Ruleset uses a replacement expression, the replacement expression is replaced by the value of the SIP processing status representing the replacement expression.

For example,

  • $aU uses the User part of the P-Asserted-Identity header
  • $th uses the Host part of the To header
  • sip:$aU@$th, used as the parameter of the Set R-URI action, uses the P-Asserted-Identity and To headers of the incoming request and puts them into the Request URI of the outgoing request.

Note

Special characters should be backslash-escaped, for example, as follows: \ → \\ or $ → \$

Note

It is important to know that if a mediation action (Section SIP Mediation) changes the content of a SIP message, the replacement expression will refer to the value after modification. E.g., if you apply the rule action “SetFrom(sip:new@from.com)”, $fu will return new@from.com!

Top
5.2.1.5 Ruleset Replacement Expression Exhaustive List
Macro Replacements Description
$r $r. request-URI; note that the expression refers to current request URI which may be changed during the course of request processing
$ru user@host[:port] part of request URI
$rU R-URI User
$rd R-URI Domain (host:port)
$rh R-URI Host
$rp R-URI Port
$rP R-URI Parameters
$f $f. From header
$fu user@host[:port] part of From URI
$fU From User
$fd From Domain (host:port)
$fh From Host
$fp From Port
$fn From Display name
$fP From Parameters
$ft From Tag
$fH From header Headers
$t $t. To header
$tu user@host[:port] part of To URI
$tU To User
$td To Domain (host:port)
$th To Host
$tp To Port
$tn To Display name
$tP To Parameters
$tt To Tag
$tH To header Headers
$a $a. P-Asserted-Identity header
$au user@host[:port] part of P-Asserted-Identity URI
$aU P-Asserted-Identity User
$ad P-Asserted-Identity Domain (host:port)
$ah P-Asserted-Identity Host
$ap P-Asserted-Identity Port
$aP P-Asserted-Identity Parameters
$at P-Asserted-Identity Tag
$aH P-Asserted-Identity Headers
$p $p. P-Preferred-Identity header
$pu user@host[:port] part of P-Preferred-Identity URI
$pU P-Preferred-Identity User
$pd P-Preferred-Identity Domain (host:port)
$ph P-Preferred-Identity Host
$pp P-Preferred-Identity Port
$pP P-Preferred-Identity Parameters
$pt P-Preferred-Identity Tag
$pH P-Preferred-Identity Headers
$c $ci Call-ID
$s $si Source (remote) IP address
$sp Source (remote) port number
$d $di expected destination host
$dp expected destination port
$R $Ri Destination (local/received) IP address
$Rp Destination (local/received) port number
$Rf local/received interface id (0=default)
$Rn local/received interface name (SBC interface name)
$RI local/received interface public IP
$H $H(headername) value of header with the name headername (Note: not all headers are available here)
$HU(headername) header headername (as URI) User
$Hd(headername) header headername (as URI) domain (host:port)
$Hu(headername) header headername (as URI) URI
$Hd(headername) header headername (as URI) domain (host:port)
$Hh(headername) header headername (as URI) host
$Hp(headername) header headername (as URI) port
$Hn(headername) header headername (as URI) display name
$Hp(headername) header headername (as URI) parameters
$HH(headername) header headername (as URI) headers
$m $m request method
$V $V(gui.varname) value of Call Variable varname
$B $B(cnum.rnum) value of backreference with rnum number from the condition with cnum number
$U $Ua register cache: originating AoR
$UA register cache: originating alias
$_ $_u(value) value to uppercase
$_l(value) value to lowercase
$_s(value) length of value (size)
$_5(value) MD5 of value
$_r(value) random number 0..value, e.g. $_r(5) gives 0, 1, 2, 3 or 4
$# $#(value) value URL-encoded
Top

5.2.2 Basic Ruleset Tasks

Top
5.2.2.1 Creating a New Ruleset
Context
This procedure applies to Call Agent and Routing Rulesets.

Note

To save time, consider Cloning a Ruleset .

Steps
  1. Go to SBC /Rulesets .
  2. In the Rulesets page, enter a name in the empty field of either the Call Agent Rulesets or Routing Rulesets table.
  3. Click .

    Note

    The name of the Ruleset will be added at the end of the table.

  4. In the Rulesets page, click located on the row of the Ruleset you have just created.
  5. In the Ruleset Edit page, in either the Outbound Rules or Inbound Rules , click Insert new rule .
  6. In the Conditions and Actions section, complete the fields as required.

    Note

    For more details on Actions and Conditions, refer to the DGW Configuration Guide - Reference Guide document published on the Media5 documentation portal at https://documentation.media5corp.com/ .

  7. If necessary, click Add condition to add another condition.
  8. If necessary, click Add to add another action.
  9. Click Save .

    Note

    The new rule is saved but the modified configuration is not yet applied to the system.

    Note

    Rules are executed from top to bottom. Consider Changing the Execution Priority Level of a Ruleset Rule .

  10. Go to SBC / Configuration .
  11. Click Apply .

    Note

    The modified configuration is applied to the system.

Result
The new Ruleset is available to be associated with a Call Agent.
Top
5.2.2.2 Cloning a Ruleset
Context
This procedure applies to Call Agent and Routing Rulesets
Steps
  1. Go to SBC /Rulesets .
  2. In the Rulesets page, click next to the Ruleset you wish to clone.
  3. Click OK .

    Note

    The cloned Ruleset will be added at the end of the table. The name of the cloned Ruleset will include a numerical suffix to distinguish it from the original Ruleset.

  4. In the Rulesets page, click located on the row of the Ruleset you have just cloned.
  5. Click Edit next to the rules you wish to modify.
  6. In the Conditions and Actions section, modify the fields as required.

    Note

    For more details on Actions and Conditions, refer to the Reference Guide published on the Media5 documentation portal.

  7. If necessary, click Add condition to add another condition.
  8. If necessary, click Add to add another action.
  9. Click Save .
  10. Click Change Name /description to change the name and the description of the Ruleset.
  11. Click Save .

    Note

    The new cloned rule is saved but the modified configuration is not yet applied to the system.

    Note

    Rules are executed from top to bottom. Consider Changing the Execution Priority Level of a Ruleset Rule .

  12. Go to SBC > Configuration .
  13. Click Apply .

    Note

    The modified configuration is now applied to the system.

Result
The new Ruleset is available to be associated with a Call Agent.
Top
5.2.2.3 Modifying a Ruleset
Context
This procedure applies to Call Agent and Routing Rulesets
Steps
  1. Go to SBC /Rulesets .
  2. In the Rulesets page, click located on the row of the Ruleset you wish to modify.
  3. In the Ruleset Edit page, click Edit located on the row of the rule you wish to modify.
  4. In the Conditions and Actions section, modify the fields as required.

    Note

    For more details on Actions and Conditions, refer to the DGW Configuration Guide - Reference Guide published on the Medai5 documentation portal at https://documentation.media5corp.com/ .

  5. If necessary, click Add condition to add another condition.
  6. If necessary, click Add to add another action.
  7. Click Save .

    Note

    The modified rule is saved but the modified configuration is not yet applied to the system.

    Note

    Rules are executed from top to bottom. Consider Changing the Execution Priority Level of a Ruleset Rule .

  8. Go to SBC /Configuration .
  9. Click Apply .

    Note

    The modified configuration is now applied to the system.

Result
The Ruleset will be applied with the new changes.
Top
5.2.2.4 Adding Rules to a Ruleset
Context
This procedure applies to Call Agent and Routing Rulesets
Steps
  1. Go to SBC /Rulesets .
  2. In the Rulesets page, click located on the row of the Ruleset for which you wish to add a rule.
  3. In the Ruleset Edit page,
    • click Insert new rule to add a rule at the top of the list of rules
    • click Append new rule to add a rule at the bottom of the list of rules.
  4. In the Conditions and Actions sections, complete the fields as required.

    Note

    For more details on Actions and Conditions, refer to the DGW Configuration Guide - Reference Guide document published on the Media5 documentation portal at https://documentation.media5corp.com/ .

  5. If necessary, click Add condition to add another condition.
  6. If necessary, click Add to add another action.
  7. Click Save .

    Note

    The new rule is added to the Ruleset and saved, but the modified configuration is not yet applied to the system.

  8. Go to SBC /Configuration .
  9. Click Apply .

    Note

    The modified configuration is now applied to the system.

Result
The rule will be executed the next time the Ruleset is used.
Top
5.2.2.5 Changing the Name and Description of a Ruleset
Context
This procedure applies to Call Agent and Routing Rulesets.
Steps
  1. Go to SBC /Rulesets .
  2. In the Rulesets page, click located on the row of the Ruleset you wish to modify.
  3. In the Ruleset Edit page, click Change Name /description located next to the name of the Ruleset.
  4. In the Ruleset Change Name/Description page, modify the fields as required.
  5. Click Save .

    Note

    The new name is saved but the modified configuration is not yet applied to the system.

  6. Go to SBC > Configuration .
  7. Click Apply .

    Note

    The modified configuration is now applied to the system.

Result
If you change de name of the Ruleset, you will need to re-associate the Ruleset to the Call Agent it is associated with otherwise, the configuration will be considered invalid.
Top
5.2.2.6 Deleting a Ruleset
Context
This procedure applies to Call Agent and Routing Rulesets.
Steps
  1. Go to SBC /Rulesets .
  2. In the Rulesets page, click next to the Ruleset you wish to delete.
  3. Click OK .
  4. Go to SBC Configuration .
  5. Click Apply .

    Note

    The modified configuration is now applied to the system.

Result
The Ruleset will no longer be available in the Rulesets page to be associated with a Ruleset. If the Ruleset was associated with a Call Agent, it will need to be removed manually from the list of Rulesets associated with the Call Agent otherwise, the configuration will be considered invalid.
Top
5.2.2.7 Changing the Execution Priority Level of a Call Agent Ruleset
Steps
  1. Go to SBC /Configuration .
  2. In the Call Agent Configuration table, click next to the Call Agent for which you wish to modify the Ruleset priority level.
  3. Use the arrows of the Call Agent Rulesets table to move a Ruleset up or down.
  4. Click Save .
  5. Click Apply to apply the modified configuration to the system.
Result
Inbound rules of the Ruleset will be executed in ascending Ruleset priority order but Outbound rules will be executed in descending Ruleset priority order.
Top
5.2.2.8 Changing the Execution Priority Level of a Routing Ruleset
Steps
  1. Go to SBC /Configuration .
  2. Use the arrows of the Routing Rulesets table to move a Ruleset up or down.
  3. Click Save .

    Note

    The changes will be applied to the configuration, but the modified configuration is not yet applied to the system.

  4. Click Apply to apply the modified configuration to the system.
Result
Inbound rules of the Ruleset will be executed in ascending Ruleset priority order but Outbound rules will be executed in descending Ruleset priority order.
Top
5.2.2.9 Changing the Execution Priority Level of a Ruleset Rule
Context
This procedure applies to Call Agent and Routing Rulesets.
Steps
  1. Go to SBC /Rulesets .
  2. Click next to the Ruleset for which you wish to change the priority level of rules.
  3. Use the Up and Down buttons to move the rules.
  4. Go to SBC Configuration .
  5. Click Apply .

    Note

    The changes are saved to the configuration and the modified configuration is now applied to the system.

Result
Inbound rules of the Ruleset are executed in ascending Ruleset priority order but Outbound rules are executed in descending Ruleset priority order.
Top
5.2.2.10 Changing the Execution Priority Level of a Rule Action
Context
This procedure applies to Call Agent and Routing Rulesets
Steps
  1. Go to SBC /Rulesets .
  2. Click next to the Ruleset for which you wish to change the priority level of rule actions.
  3. Click Edit next to the rule for which you wish to change the actions order.
  4. Click or to move actions.
  5. Click Save .

    Note

    The new priority level is saved but the modified configuration is not yet applied to the system.

  6. Go to SBC /Configuration .
  7. Click Apply .

    Note

    The modified configuration is now applied to the system.

Result
When the Ruleset is used, the actions of a rule are always executed in the ascending priority order.
Top
5.2.2.11 Changing the Execution Priority Level of a Rule Condition
Context
This procedure applies to Call Agent and Routing Rulesets
Steps
  1. Go to SBC /Rulesets .
  2. Click next to the Ruleset for which you wish to change the priority level of rule conditions.
  3. Click Edit next to the rule for which you wish to change the conditions order.
  4. Click or to move conditions.
  5. Click Save .

    Note

    The new priority level is saved but the modified configuration is not yet applied to the system.

  6. Go to SBC /Configuration .
  7. Click Apply .

    Note

    The modified configuration is now applied to the system.

Result
When the Ruleset is used, the conditions of the rule are always executed in the ascending priority order.
Top
5.2.2.12 Importing Rulesets
Before You Start
Rulesets must be imported. The latest Ruleset package can be found on the https://media5.secure.force.com/supportportal (you will be required to supply a user name and password).
Context
This procedure is valid for Call Agent and Routing Rulesets.
Steps
  1. Go to Management /File .

    Note

    Required Rulesets depend on the scenario being configured. Refer to the Call Agent and Routing Ruleset sections of the configuration notes for details on Rulesets needed to complete the configuration.

    Note

    Step 2 is only required when importing the first Ruleset and if you are not using a secure connexion to access the Management Interface (http://).

  2. Click Activate unsecure file importation from the Web browser .
  3. From the Path field, select sbc/rulesets/.
  4. Click Browse , and navigate to the Ruleset you wish to import.

    Note

    Ruleset file extension must be *.crs for Call Agent Rulesets or *.rrs for Routing Rulesets.

  5. Click Import .
Result
The imported Ruleset will appear in the Internal files table, with the selected path in front of the name. The Ruleset will be available in the tables of the SBC /Rulesets page.
Top
5.2.2.13 Associating Call Agent Rulesets to a Call Agent
Before You Start
Steps
  1. Go to SBC /Configuration .

    Note

    Refer to the Call Agents section to identify which Rulesets are associated with the Call Agents used in this Use Case.

  2. From the Call Agent Configuration table, click located on the same row as the Call Agent to which you wish to associate a Ruleset.
  3. In the Call Agent Rulesets table, click .
  4. From the Name selection list, select a Ruleset.
  5. To add other Rulesets, click .
  6. Click Save .
  7. In the Configure Call Agent page, click Save .
  8. Click Apply to apply all changes to the configuration.
Result
Top
5.2.2.14 Associating Routing Rulesets to Your Configuration
Before You Start
Importing Rulesets must be completed for Routing Rulesets to be available.
Steps
  1. Go to SBC /Configuration
  2. In the Routing Rulesets table, from the Name selection list, select the Routing Ruleset you wish to apply to the configuration.

    Note

    Refer to the Routing Rulesets section to identify the Rulesets that apply to this Use Case.

  3. If necessary, in the Parameters field enter the required parameters.
  4. Click .
  5. Repeat steps 2 and 3 for each Routing Ruleset you wish to associate to your configuration.
  6. Click Save .
  7. Click Apply to apply all changes to the configuration.
Result
Top

5.3 Registration

Top

5.3.1 Basic SBC Registation Concepts

Top
5.3.1.1 Registration Agent

The Registration Agent is a module that performs REGISTERs on behalf of other users.

In some use cases, using the Registration Agent may be necessary to have a module perform the REGISTERs on behalf of users. For example:

  • To register a SIP PBX to a SIP Service Provider using « SipConnect » registrations when the PBX does not support this kind of registration.
  • When users cannot register themselves.
  • To separate internal and external networks in Demarcation Point scenarios
The Registration Agent is only involved with the registrations it initiates. If the Registration Agent is used, its REGISTERs are routed to the Mediatrix unit via the registration_ca Call Agent.

Top
5.3.1.2 Registration Caching

Registration processing allows maintaining an endpoint reachable even from behind NATs.

When a call is routed by a Ruleset that includes the REGISTER throttling and Enable REGISTER caching actions, the SBC replaces the information of the Contact header with its own IP address before forwarding the call to an endpoint. Because a private IP address is used as the contact address in the Contact header field of the REGISTER messages, it becomes impossible to reach the user from the public Internet without going through the SBC since the contact's address is private.

The manipulated registration information is then registered in the registrar. When a Call is destined to the user, the call will be directed to the SBC. In order for the SBC to know which user is actually being contacted, the SBC keeps a local copy of the user's registration. The local copy includes the private IP address and the user’s SIP URI as well as the public IP address included in the IP header that was assigned to the SIP message by the NAT.

If periodic request-response traffic does not cross the NAT behind which the user is located, the NAT address binding expires and the user becomes unreachable. Therefore, the SBC forces re-registration to keep NAT bindings alive.

Top
5.3.1.3 Registration Throttling

Registration throttling protects SIP infrastructures against registration overloads.

Although registration overloads are often self-inflicted by the keep-alive functionality, it may also be caused by a router outage, broken client or Denial of Service attack. The SBC fends off such overloads by using high-performance in-memory registration cache that serves upstream registrations at high-rate, handles them locally, and propagates them down-stream at substantially reduced rate. That’s the case if the registrations were to create new bindings, deleting existing ones or if they were to expire downstream. The propagated registration changes become effective on the SBC only if confirmed by the downstream server. If a registration expires without being refreshed the SBC issues a warning event.

Top
5.3.1.4 Registration Cache Clearing

Clearing the registration cache will remove all inaccurate information that could remain if an equipment connecting to the SBC is restarted with new information such as a new IP address.

When the registration cache is cleared, all equipments connecting to the SBC need to re-register themselves before being able to receive SIP requests because without re-registration the SBC will not have the private contact address to know where to route the SIP.

Top

5.3.2 Basic SBC Registration Tasks

Top
5.3.2.1 Configuring a Registration Agent
Context

Note

This procedure is only necessary if your Mediatrix unit registers to the service provider.

Steps
  1. Go to SBC /Registration .
  2. In the Registration Agent Configuration table, click .

    Note

    A new line of fields is added.

  3. Complete the User Name , Friendly Name , and Domain parameters fields according to the service provider's requirements.
  4. In the Contact field, enter credentials to register against the service provider.

    Note

    Format must be sip:user@public_IP Address or sip:public_IP Address or sips:user@public_IP_Address:sip listening port;uri-parameters of the unit.

  5. If necessary, repeat step 2 to step 4 if you are using more than one service provider.
  6. Click Apply .
Result
Top
5.3.2.2 Finding a Specific AoR in the Registration Cache
Steps
  1. Go to SBC /Registration
  2. In the Filter table, enter the AoR.
  3. Click Search .
Result
The Registration Cache table only displays the registration(s) related to the selected AoR.
Top
5.3.2.3 Clearing the Registration Cache
Steps
  1. Go to SBC /Registration .
  2. Click Clear Registration Cache located under the Registration Cache table.
Result
All entries of the Registration Cache table will be erased and Registration Throttling will restart from scratch. The next REGISTERs will be immediately relayed to their destinations on their first occurrence.
Top

5.4 SBC Advanced Parameters

Top

5.4.1 SBC-Configuration Parameters

Although the services can be configured in great part in the web browser, some aspects of the configuration can only be completed with the MIB parameters by :

  • using a MIB browser
  • using the CLI
  • creating a configuration script containing the configuration parameters

For more details on the following parameters ,refer to the DGW Configuration Guide - Reference Guide published on the Media5 documentation portal at https://documentation.media5corp.com/
Tcp Connect Timeout
Refer to Sbc.SignalingInterface.TcpConnectTimeout .
Tcp Idle Timeout
Refer to Sbc.SignalingInterface.TcpIdleTimeout .
Registration Expiration
Refer to Sbc.RegistrationAgent.ExpireValue .
Registration Expiration
Refer to Sbc.RegistrationAgent.RetryInterval .
Min Severity
Refer to Sbc.MinSeverity .
Top

5.4.2 SBC-Status Parameters

Although the services can be configured in great part in the web browser, some aspects of the configuration can only be completed with the MIB parameters by:

  • using a MIB browser
  • using the CLI
  • creating a configuration script containing the configuration variables

Fro more details on the following parameters, refer to the DGW Configuration Guide - Reference Guide document published on the Media5 documentation portal at https://documentation.media5corp.com/
Tcp Connect Timeout
Refer to Sbc.SignalingInterfaceStatus.TcpConnectTimeout .
Tcp Idle Timeout
Refer to Sbc.SignalingInterfaceStatus.TcpIdleTimeout
Need Restart Info
Refer to Sbc.NeedRestartInfo .
Top

6 POTS

Top

6.1 Basic Concepts

Top

6.1.1 Caller ID Information

The caller ID is a generic name for the service provided by telephone utilities that supply information such as the telephone number or the name of the calling party to the called subscriber at the start of a call.

In typical caller ID systems, the coded calling number information is sent from the central exchange to the called telephone. This information can be shown on a display of the subscriber telephone set. In this case, the caller ID information is usually displayed before the subscriber decides to answer the incoming call. If the line is connected to a computer, caller information can be used to search in databases and additional services can be offered.

In call waiting, the caller ID service supplies information about a second incoming caller to a subscriber already busy with a phone call. However, caller ID on call waiting is not supported by all caller ID-capable telephone displays.

The following basic caller ID features are supported:

  • Date and Time
  • Calling Line Identity
  • Calling Party Name
  • Visual Indicator (MWI)

Top

6.1.2 Caller ID Generation

Caller ID information is sent depending on the application and country-specific requirements: Caller ID generation using DTMF signalling and Caller ID generation using Frequency Shift Keying (FSK)

Note

The DGW Application does not support ASCII special characters higher than 127.

Caller ID generation can be done by:

  • DTMF signalling performed during or before ringing, depending on the country settings or endpoint configuration. The Mediatrix unit provides the calling line identity according to the following standards:
    • Europe: ETSI 300 659-1 January 2001 (Annex B):
    • Country-specific custom DTMF variations:
  • Frequency Shift Keying (FSK). Different countries use different standards to send caller ID information. The Mediatrix unit is compatible with the following widely used standards:
    • ETSI 300 659-1
  • Continuous phase binary FSK modulation is used for coding that is compatible with:
    • BELL 202
    • ITU-T V.23

Note

The displayed caller ID for all countries may be up to 20 digits for numbers and 50 digits for names. The DGW application does not support ASCII special characters higher than 127.

Top

6.1.3 Caller ID Transmission

For most countries, the caller ID is transmitted after the first ring.

One notable exception is the UK, where Caller ID is sent after the dual tone alerting state tone on an inverted polarity line.

Other modes of transmission can be configured with the Caller ID Transmission parameter (under POTS /Config /General Configuration ).

Top

6.1.4 Flash Hook

Flash hook can be described as quickly depressing and releasing the plunger or the actual handset-cradle to create a signal indicating a change in the current telephone session.

The flash hook is used to trigger:

  • call waiting
  • second call
  • call on hold
  • conferences
A flash hook is detected when the hook switch is pressed for a shorter time than would be required to be interpreted as a hang-up. Using the flash button that is present on many standard telephone handsets can also trigger a flash hook.

Note

As a best practice, the Flash button should be used to avoid terminating the call by accidentally pushing the plunger for too long.

Top

6.1.5 Country Override Flash Hook Detection Range

This is the range in which the hook switch must remain pressed to perform a flash hook.

When selecting a country (under Telephony /Misc /Country Selection ), each country has a default minimum and maximum time value within which pressing and releasing the plunger is actually considered a flash hook. However, these values can be overridden and customised with the Country Override Flash Hook Detection Range (under POTS /FXS Configuration /Country Customisation ).

The range consists of :

  • The minimal delay and maximal delay, in ms, separated by a “-”.
  • The minimal value allowed is 10 ms.
  • The maximum value allowed is 1200 ms.
  • The space character is not allowed.

Top

6.1.6 FXO Force End-of-Call

The forced end-of-call service regroups all features permitting the unit to terminate a call. This can be required in a telephony network where the FXO loop current drops are not always detected.

The call termination can be triggered in three cases:

  • On call failure: This feature is set by setting the Force End of Call On Call Failure parameter to Enable . When a call failure happens, the call is terminated after the timeout configured with the Call Failure Timeout (sec) parameter has elapsed and an error tone is played.
  • On silence detection: A call is ended when silence is detected for a delay higher than the value configured by in the Silence Detection Timeout (sec) parameter (Refer to the FXO Silence Detection ). The mode is set with the Force End Of Call On Silence Detection Mode parameter.
  • On tone detection: A call is ended when a selected tone is detected. The tone for this purpose depends on the detection mode specified by the Force End Of Call On Tone Detection Mode parameter which can be country specific (not available in all countries) or a custom tone. (Refer to FXO Tone Detection ).

All previously mentioned parameters are available under POTS /FXO Configuration / FXO Force End of Call .

Top

6.1.7 FXO Silence Detection

Silence detection allows the Mediatrix unit to close a line when no voice activity or silence is detected for a specified amount of time.

When silence is detected on the inbound and/or outbound media for an amount of time specified in the Force End Of Call On Silence Detection Mode parameter (under POTS /FXO Configuration /FXO Force End of Call ), the call is terminated. This feature is useful to free resources in the event of an IP network failure that prevents the end of a call to be detected or when the end of call tone was not detected.

Note

The silence detection feature could inadvertently disconnect a communication when one party puts the other on hold more than 5 minutes (default value timeout). Using the hold tone feature prevents the detection of silence when the call is put on hold by the IP peer. Refer to the DGW Configuration Guide - Tone Customisation document published on the Media5 documentation portal at https://documentation.media5corp.com/ .

The current implementation of silence detection relies on the power of the media signal. A silence is detected if the power level of the media signal is lower than -60 dBm. This feature forcefully terminates a call that stayed silent for some time.

Top

6.1.8 FXO Tone Detection

The FXO Tone Detection feature is used to resolve scenarios in which the far-end disconnection tone cannot be detected.

For a custom tone, the following parameters can be configured:

  • Tone Detection Custom Frequency
  • Tone Detection Custom Cadence
  • Detection Custom Repetition
which are all located under POTS /FXO Configuration /FXO Force End of Call .

If a custom tone is defined, the ring pattern can have up to four on/off pairs in the format of on1,off1,on2,off2,on3,off3,on4,off4 where:

  • on is a numerical value representing the time, in milliseconds, during which the tone can be detected
  • off is a numerical value representing the time, in milliseconds, during which the tone cannot be detected
  • the on and off values can range from 0 to 32,767 ms.
  • Specifying more than 4 pairs will only use the first 4 pairs (eight first values).
  • If less than 4 pairs are specified, 0 values will be added as necessary.
  • The first zero (0) found in the string signals the end of the cadence (i.e. “200, 0, 300, 400” is the same as “200”).
  • If it starts with a value of zero (0) , the ring pattern is invalid.
In some cases, the detection of a tone with a complex cadence containing multiple frequencies is required, such as for the special information tone (SIT). However, since the detection of only one custom frequency can be configured in DGW, the custom frequency used to detect the complex cadence will need to be one of the frequencies found in the tone.

Top

6.1.9 FXS Country Override Loop Current

When a remote end-user goes on-hook, the Mediatrix unit signals the far end disconnect by performing a current loop drop (< 1 mA) on the analog line.

This current loop drop is typically used for disconnect supervision on analog lines. If the Line Supervision Mode parameter (under POTS /FXS Configuration ) is set to DropOnDisconnect then the Mediatrix unit signals the far end disconnect by performing a current loop drop on the analog line. By default, the Mediatrix unit maintains a current drop for 1000 ms,, then a busy tone is generated to indicate the user to hang up. The current loop drop duration can be configured with the Power Drop on Disconnect Duration parameter (under POTS /FXS Configuration ). (For more details, refer to the FXS Line Supervision Mode parameter in the DGW Configuration Guide - Reference guide published on the Media5 documentation portal at https://documentation.media5corp.com/ ).

When an FXS analog line goes off hook, it causes current to flow by closing the loop. The Country Selection parameter (Telephony /Misc /Country ) allows the selection of predefined country settings for the tone profiles, ring patterns, and other parameters such as input and output gains. The value of the loop current for each country is by default 30 mA but can be overridden to a value ranging from 20 mA to 32 mA with the Country Override Loop Current parameter (under POTS /FXS Configuration /Country Customisation ) provided the Override Country Configuration parameter is enabled (under POTS /FXS Configuration /Country Customisation ).

Note

The actual measured current may be different from the one set, as it varies depending on the DC impedance. The default value is 30 mA. When a value higher than 32 mA is used, the unit will limit the current to 32 mA.

Top

6.2 Basic FXS Tasks

Top

6.2.1 Selecting the Detection-Generation Method of the Caller ID

Steps
  1. Go to POTS /Config .
  2. In the General Configuration table, complete the fields are required.
  3. Click Apply .
Top

6.2.2 Configuring FXS Parameters

Steps
  1. Go to POTS /FXS Configuration .
  2. In the FXS Configuration table, complete the fields as required.
  3. Click Apply .
Result
Top

6.2.3 Overriding FXS Default Country Parameters

Steps
  1. Go to POTS /FXS Configuration .
  2. In the Country Customisation table, complete the fields as required.
  3. Click Apply .
Result
Top

6.3 Basic FXO Tasks

Top

6.3.1 Configuring FXO Dialing Parameters

Steps
  1. Go to POTS /FXO Configuration .
  2. In the FXO Dialing Configuration table, complete the fields as required.
  3. Click Apply .
Result
Top

6.3.2 Configuring FXO Answering Configuration

Steps
  1. Go to POTS /FXO Configuration .
  2. In the FXO Answering Configuration table, for each endpoint, complete the fields as required.

    Note

    Available endpoints vary depending on the configuration of the unit,

  3. Click Apply .
Result
Top

6.3.3 Configuring the FXO Incoming Call Behavior

Steps
  1. Go to POTS /FXO Configuration .
  2. In the FXO Incoming Call Behavior table, for each endpoint, complete the fields as required.

    Note

    Available endpoints vary depending on the configuration of the unit,

  3. Click Apply .
Result
For example
Top

6.3.4 Configuring FXO Line Verification

Steps
  1. Go to POTS /FXO Configuration .
  2. In the FXO Line Verification table, for each endpoint, complete the fields as required.
  3. Click Apply .
Result
For example
Top

6.3.5 Configuring FXO Force End of Call

Steps
  1. Go to POTS /FXO Configuration .
  2. In the FXO Force End of Call table, complete the fields as required.
  3. Click Apply .
Result
For example
Top

6.3.6 Configuring the Dial Tone Detection

Context
It allows the Mediatrix unit to wait for a dial tone before initiating the dialing sequence. If no dial tone is detected, the line is considered busy.
Steps
  1. Go to POTS /FXO Configuration .
  2. In the FXO Dialing Configuration table, from the Dial Tone Detection Mode drop box, select CountryTone .

    Note

    Not all PBX manufacturers produce the country dial tone on the extension line. If this is the case, make sure the Dial Tone Detection Mode is disabled, otherwise the Mediatrix unit will not output dialed digits.

    Note

    Not all PSTN switches produce the country dial tone on the PSTN line. If this is the case, make sure the Dial Tone Detection Mode is disabled, otherwise the Mediatrix unit will not output dialed digits.

  3. Click Apply .
Result
Top

6.3.7 Configuring the Answering Delay

Steps
  1. Go to POTS /FXO Configuration .
  2. In the FXO Answering Configuration table, complete the fields as required.

    Note

    If the PBX does not pass the caller ID to the Mediatrix unit, you can reduce the Wait Before Answering Delay to 2500 to reduce the time before the Mediatrix unit goes off-hook upon ring detection.

  3. Click Apply .
Top

6.3.8 Configuring the Far End Disconnect Parameters

Context

Steps
  1. Go to POTS /FXO Configuration .
  2. In the FXO Force End of Call table, from the Force End Of Call On Tone Detection Mode drop box, select Custom Tone .
  3. Set the Tone Detection Custom Frequency field to 350 .

    Note

    Verify with your PBX supplier what tone (exact frequency and cadence) the PBX produces on the extension when the far end is disconnected.

  4. Complete the other fields as required.
  5. Click Apply .
Result
Top

6.3.9 Disabling Dial Tone Detection

Context
Disabling dial tone detection allows the Mediatrix unit to wait for a dial tone before initiating the dialing sequence. If no dial tone is detected or correctly recognised, the line is considered busy.
Steps
  1. Go to POTS /FXO Configuration .
  2. In the FXO Dialing Configuration table, from the Dial Tone Detection Mode dropbox, select Disable .
  3. Click Apply .
Result
Top

6.4 Advanced POTS Parameters

Although the services can be configured in great part in the Web browser, some aspects of the configuration can only be completed with the configuration parameters by :
  • using a MIB browser
  • using the CLI
  • creating a configuration script containing the configuration parameters
For more details, refer to the DGW Configuration Guide - Reference Guide published on the Media5 documentation portal at https://documentation.media5corp.com/ .
For FXS
  • specify the Calling Party Name of the caller ID (CLIP) : Pots.FxsCallerIdPrivateCallingPartyName
  • to override a set of services that are activated during an emergency call: Pots.FxsEmergencyCallOverride
  • To set the period before the phone starts to ring in the event where the originator of an emergency call hangs-up before the emergency call center disconnects the call: Pots.FxsEmergencyRingTimeout
  • To customise a distinctive ringID: Pots.FxsDistinctiveRingId
  • To customise a distinctive ring pattern: Pots.FxsDistinctivePattern
For FXO
  • To override the FXO Custom Basic Parameters: Pots.FxoCustomBasicParameters.OverrideDefaultCountryParameters and Pots.FxoCustomBasicParameters.Impedance
Top

6.4.1 FXS Distinctive Ring

The FXS endpoints support four distinctive ringing for basic incoming calls.

To use the distinctive ringing with the Mediatrix unit, the received SIP INVITE message must contain the Alert-Info header field with the proper Call Property value.

The following is an example of an Alert-Info via SIP INVITE:

Alert-Info: <

    http://127.0.0.1/Bellcore-dr2
    

>

The custom distinctive ring configuration allows the administrator to modify the ring pattern. These parameters can only be configured by the CLI or SNMP. Refer to the Advanced POTS Parameters section.

The ring pattern can have up to three on/off pairs in the format of on1,off1,on2,off2,on3,off3 where:

  • on is a numerical value representing the time, in milliseconds, during which ring tone will be active on the phone.
  • off is a numerical values representing the time, in milliseconds, during which the phone will not ring.

For instance, 2000, 1000, 2000, 0 or 2000, 1000, 2000 is a cadence in which the frequency plays for 2 seconds, stops for 1 second, and plays for 2 more seconds.

Typically the ring pattern follows these rules:

  • It can have up three pairs of “on,off”. If less than 3 pairs are specified, 0 values will be added as necessary. Specifying more than six will only use the six first values.
  • If it starts with a value of zero (0) , the ring pattern is invalid.
  • The first zero (0) found in the string signals the end of the cadence (i.e. “200, 0, 300” is the same as “200”).

Top

6.5 Examples of FXO Tone Detection

Top

6.5.1 Configuring the Detection of an 8 second 425 Hz Continuous Tone

Steps
  1. Go to POTS /FXO Configuration .
  2. In the FXO Force End of Call table, from the Force End Of Call On Tone Detection Mode selection list, choose Custom Tone .
  3. In the Tone Detection Custom Frequency field, enter 425.
  4. In the Tone Detection Custom Cadence field, insert 8000,0 or 8000.
  5. Click Apply .
Result
When a 425 Hz tone is played for 8 seconds, it will be detected.
Top

6.5.2 Configuring an On-Off British Reorder Tone

Steps
  1. Go to POTS /FXO Configuration .
  2. In the FXO Force End of Call table, from the Force End Of Call On Tone Detection Mode selection list, choose Custom Tone .
  3. In the Tone Detection Custom Frequency field, enter 400.
  4. In the Tone Detection Custom Cadence field, enter 400, 350, 225, 525 .
  5. Click Apply .
Result
When a 400 Hz tone is played with a cadence of 0.4 seconds on, 0.35 seconds off, 0.225 seconds on, 0.525 seconds off, the tone will be detected.
Top

6.5.3 Configuring the Detection of the Special Information Tone (SIT)

Steps
  1. Go to POTS /FXO Configuration .
  2. In the FXO Force End of Call table, from the Force End Of Call On Tone Detection Mode selection list, choose Custom Tone .
  3. In the Tone Detection Custom Frequency field, enter 950.
  4. In the Tone Detection Custom Cadence field, enter 330,660 .
  5. Click Apply .
Result
When a SIT tone is played with a cadence of 950Hz/330ms, 1440Hz/330ms, 1800Hz/330ms, 950Hz/330ms, 1440Hz/330ms, 1800Hz/330ms etc. the tone will be detected.
Top

6.6 Cascade for Incoming Calls

A corporate PBX uses two VoIP gateways for inbound and outbound communication through a VoIP provider.

  • Two Mediatrix devices connected to a SIP Trunk

For example: Cascade for incoming calls:

For example: Cascade for outgoing calls

Note

When all channels of the primary Mediatrix unit are in use and there is a new incoming SIP call, by default, a Busy SIP message will be sent to the IP-PBX. If the analog/digital link is down, an error message will be sent. In both cases, the new incoming call will fail.

Top

6.7 Cascade for Outgoing Calls

Corporate IP-PBX uses two VoIP gateways for inbound and outbound communication through the PSTN

  • Two Mediatrix units in the LAN

For example:

Note

When all channels of the primary Mediatrix unit are in use and there is a new incoming SIP call, by default, a Busy SIP message will be sent to the IP-PBX. If the analog/digital link is down, an error message will be sent. In both cases, the new incoming call will fail.

Top

7 ISDN

Top

7.1 Status

Top

7.1.1 Basic ISDN Concepts

Top
7.1.1.1 Preset Configuration

The ISDN Preset Configuration contains a set of values for the configuration of the parameters used by the ISDN connections.

The preset configuration files are located in the file system persistent memory. Depending on the Mediatrix unit you are using, the available ISDN Preset configuration files will differ or, it may also be possible that no preset configuration files are available depending on the Profile. Preset configuration files are provided by Media5 or can be user-defined, i.e. the current ISDN configuration was exported from a unit.

Using preset configuration files is especially useful for:

  • units that do not use the default values provided by Media5 (for instance, using T1 instead of E1)
  • using the same configuration on several units

Important

user-defined presets are not kept in the event of a partial or factory reset. Only script files can be used as preset ISDN configuration files.

Top
7.1.1.2 Integrated Services Digital Network (ISDN)

ISDN is a set of digital transmission protocols defined by a few international standards body for telecommunications, such as the ITU-T. One or the other of these protocols are accepted as standards by virtually every telecommunications carrier all over the world.

ISDN replaces the traditional telephone system so that one or two pairs of telephone wires can carry voice and data simultaneously. It is a fully digital network where all devices and applications present themselves in a digital form. ISDN is a User-Network Interface (UNI) signalling protocol with a user and a network side.

  • The user side is implemented in ISDN terminals (phones, terminal adapters, etc.)
  • The network side is implemented in the exchange switches of the network operator.
  • Both sides have different signaling states and messages.
The Mediatrix unit ISDN interfaces can be configured to work as user (TE) or network (NT) interfaces. Depending on your product, you can configure two types of ISDN interfaces:
  • ISDN Basic Rate Interface (BRI)
  • ISDN Primary Rate Interface (PRI)

Top
7.1.1.3 ISDN Reference Points

ISDN specifies a number of reference points that define logical interfaces between the various equipment types on an ISDN access line.

The Mediatrix unit supports the following ISDN reference points:

  • S: The reference point between user terminals and the NT2. This is used in point-to-multipoint BRI connections.
  • T: The reference point between NT1 (Modem) and NT2 (PBX) devices. This is used in point-to- point PRI/BRI connections.
All other ISDN reference points are not supported.

Top
7.1.1.4 Inband Tone Generation

In an ISDN network, most of the call setup tones are played locally by the TE equipment (i.e., telephone handset), although some require that the tones be played inband by the NT.

When interworking with other networks occurs, the need for the tones to be played inband is more likely to arise. The Mediatrix unit may enable inband tones to be played locally, on a per-interface basis. This option is present when the unit is acting as both the NT and the TE UNI-side.

However, in TE mode, only the ringback tone is played. The Call Setup tones (dial tone, ringback tone, etc.) are played in the direction where the call has been initiated. The call disconnection tones are played in both directions, but of course will not arrive to the peer who disconnected the call.

When an inband tone is played, a Progress Indicator information element (IE) #8 “Inband information or appropriate pattern available” is added to:

  • the ISDN message corresponding to the call state change
  • the PROGRESS ISDN message if no state change is occurring

When an interface is acting as the TE, as soon as the NT advertises that it plays inband tones through a Progress Indicator IE #8 or #1, the local inband tones generation is disabled for the rest of the call.

Whenever a tone is played inband locally or the ISDN peer advertises that inband informations are available, the Mediatrix unit is notified. The IP media path can then be opened earlier in the call, and can be closed with some delay after the call disconnection initiation.

Signal IE Handling Enabled Inband Tones Generation Enabled Inband Tone Played
No No No
No Yes Yes
Yes Ignored No

Signal IE Handling Enabled Signal IE Received Inband Tones Generation Enabled NT Peer Advertised Inband Tones Inband Tone Played
Yes Yes Ignored Ignored Yes
Yes No Ignored Ignored No
No Ignored Yes Yes No

Note

When the PRI/BRI interface Signalling Protocol drop-down is set to QSIG, the Signal IE does not exist so it has no effect on the inband tones generation. In QSIG, inband tones are played when the inband tones generation is activated on the incoming side of the call. Refer to Configuring the E1T1 Interface (PRI) and Configuring the BRI Interface .

Top
7.1.1.5 Signal Information Element

The Signal information element (Signal IE) is used by the NT ISDN side to tell its TE peers that they must generate an inband tone locally.

Thus, the Signal IEs are sent only by the NT. When the Signal IE handling is enabled on a given ISDN interface acting as a TE, inband tones are played towards the IP side when a Signal IE is received. On a NT interface, a Signal IE is inserted in the ISDN messages sent to the TE when appropriate.

Note

When the Mediatrix 3500 Series signaling protocol is set to “NI-2” (National ISDN-2) on that interface, the Signal IE handling is forced to be enabled for a NT.

Top
7.1.1.6 Supported Signal Properties
Protocol Description
DSS1 Digital Subscriber Signaling System No.1
DMS100 Digital Multiplex System 100
NI2 National ISDN No.2
5ESS 5 Electronic Switching System
QSIG ECMA's protocol for Private Integrated Services Networks
Top
7.1.1.7 ISDN Auto-Configuration

The ISDN auto-configuration feature allows you to have the Mediatrix unit automatically detect and configure all ISDN interfaces so that the ISDN link goes up and becomes usable with minimal user interaction.

Once launched, the auto-configuration process will automatically stop when all interfaces have been tested. For each interface, the auto-configuration process is considered

  • successful when the link becomes up.
  • a failure when all combinations have been tried without having a link up.

Note

Auto-configuring on all ISDN interfaces may take some time to complete.

Important

Some of the current ISDN settings might be replaced by new values.

Top
7.1.1.8 ISDN Parameters Auto-Configured by Auto-Sensing
  • PortPinout
  • ClockMode
  • LineFraming
  • LineCoding
  • EndpointType
Top

7.1.2 Basic ISDN Tasks

Top
7.1.2.1 Importing a Preset Configuration File
Before You Start
If you are using a user-defined preset configuration file, do not forget to upload it through the file management system, under Management /File .
Steps
  1. Go to ISDN /Status .
  2. In the ISDN Preset Configuration table from the Local Preset list, choose the preset configuration file you wish to import.
  3. Click Apply .
Result
The preset configuration file will be uploaded to the unit and applied.
Top
7.1.2.2 Exporting a Preset Configuration File
Before You Start
If you are using a user-defined preset configuration file, do not forget to upload it through the file management system.
Steps
  1. Go to ISDN /Status .
  2. In the ISDN Preset Configuration table, in the Preset Name field, enter the name for the exported preset configuration file.

    Note

    We strongly recommend indicating the type of unit and date of export as the name of the preset configuration file. For example: MTX4400_20170823.

  3. Click Save .
Result
The preset configuration file will be displayed under Management /File , in the Internal files table.
Top

7.2 Primary Rate Interface

Top

7.2.1 Basic Primary Rate Interface (PRI) Tasks

Top
7.2.1.1 Configuring the E1T1 Interface (PRI)
Before You Start
Always use Auto-Detecting and Auto-Configuring ISDN Interfaces procedure first to automatically detect and to automatically configure your PRI interface. The manual configuration of the PRI interface should be used for fine tuning of the configuration.
Context
It is important to take into consideration the following information:
  • Fallback Encoding Scheme : Only valid when receiving a SETUP message. The user sending the SETUP message does not indicate alternative bearer capability
  • Channel Range Field : Channels outside of the range defined for this field are ignored. Channels reserved in both the Channels Reserved for Incoming Calls and Channels Reserved for Outgoing Calls fields are considered usable for both incoming and outgoing calls. The space character is ignored and duplication is not allowed. Channels must be specified in low to high order.
  • Endpoint Type : To use a specific interface as the reference clock, the parameter must be set to TE .
  • Interface Configuration : Call properties set in the Call Router have precedence over the default values of the table. For more details on the Call Router, refer to the DGW Configuration Guide - Call Router user guide published on the Media5 corp documentation portal https://documentation.media5corp.com/ .
  • Signaling Protocol : Refer to the Supported Signal Properties section.