AMC Controller 4 Admin User Guide for AMC Controller 4.2 amcc-4_ug_en_2014-04 April 2, 2014 Table of Contents 1 2 3 4 The Aastra AMC Controller . . . . . . . . . . . . . . . . . . 1.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . 1.2 How to read this Manual . . . . . . . . . . . . . . . . Basic Configuration . . . . . . . . . . . . . . . . . . . . . . 2.1 Preparations . . . . . . . . . . . . . . . . . . . . . . 2.2 Default Port Assignment . . . . . . . . . . . . . . . . 2.3 Establish a connection to the Aastra AMC Controller 2.3.1 GUI Mode Basic and Advanced . . . . . . . 2.3.2 Architecture of the WebGUI . . . . . . . . . 2.3.3 GUI Considerations . . . . . . . . . . . . . System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.1 Basic Settings . . . . . . . . . . . . . . . . . . . . . 3.2 Password . . . . . . . . . . . . . . . . . . . . . . . . 3.3 Update . . . . . . . . . . . . . . . . . . . . . . . . . 3.4 Installed Hotfixes . . . . . . . . . . . . . . . . . . . . 3.5 License Report . . . . . . . . . . . . . . . . . . . . . 3.6 Backup . . . . . . . . . . . . . . . . . . . . . . . . . 3.7 Rollback . . . . . . . . . . . . . . . . . . . . . . . . . 3.8 Remote Bak. . . . . . . . . . . . . . . . . . . . . . . 3.9 XML-RPC Configuration Interface . . . . . . . . . . 3.10 Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.11 DB . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.12 DB Sync. . . . . . . . . . . . . . . . . . . . . . . . . 3.12.1 General Information . . . . . . . . . . . . . 3.12.2 Operating Mode . . . . . . . . . . . . . . . 3.12.3 Failover Operation . . . . . . . . . . . . . . 3.13 Factory Def. . . . . . . . . . . . . . . . . . . . . . . . 3.14 Licenses . . . . . . . . . . . . . . . . . . . . . . . . 3.15 Restart . . . . . . . . . . . . . . . . . . . . . . . . . Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.1 LAN Int 1 . . . . . . . . . . . . . . . . . . . . . . . . 4.2 WAN Interface . . . . . . . . . . . . . . . . . . . . . 4.3 VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . 4.4 Routing . . . . . . . . . . . . . . . . . . . . . . . . . 4.5 NTP . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.6 VRRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 7 8 9 9 10 11 12 12 14 16 16 18 19 21 21 21 24 26 29 29 30 31 31 32 33 35 37 37 38 38 42 44 45 47 48 2 Table of Contents 5 6 4.7 QoS . . . . . . . . . . . . . . . . . . . . . . . . 4.8 Auto-Prov. . . . . . . . . . . . . . . . . . . . . . Security . . . . . . . . . . . . . . . . . . . . . . . . . . 5.1 Security Level . . . . . . . . . . . . . . . . . . . 5.2 Firewall . . . . . . . . . . . . . . . . . . . . . . 5.3 Port Forwarding . . . . . . . . . . . . . . . . . 5.4 TLS Certificate Configuration . . . . . . . . . . 5.4.1 Upload Private Key and Certificate . . 5.4.2 Create Private Key and Certificates . . 5.4.3 Installed Primary Key and Certificates 5.5 Certificate Security . . . . . . . . . . . . . . . . 5.6 Database Security Key . . . . . . . . . . . . . . 5.7 SBC User Agents . . . . . . . . . . . . . . . . Telephony . . . . . . . . . . . . . . . . . . . . . . . . . 6.1 Aastra MC Solution Basics . . . . . . . . . . . 6.2 Accessing PBX Features . . . . . . . . . . . . 6.3 Settings . . . . . . . . . . . . . . . . . . . . . . 6.3.1 Global Settings . . . . . . . . . . . . . 6.3.2 SIP Options . . . . . . . . . . . . . . . 6.3.3 RTP Options . . . . . . . . . . . . . . 6.3.4 Load Limit Configuration . . . . . . . . 6.4 Ports . . . . . . . . . . . . . . . . . . . . . . . . 6.5 SBC Int. net. . . . . . . . . . . . . . . . . . . . 6.6 Nr. Profiles . . . . . . . . . . . . . . . . . . . . 6.7 Endpoints . . . . . . . . . . . . . . . . . . . . . 6.8 PBX . . . . . . . . . . . . . . . . . . . . . . . . 6.9 Trunk . . . . . . . . . . . . . . . . . . . . . . . 6.10 FMC Numbers . . . . . . . . . . . . . . . . . . 6.10.1 Number . . . . . . . . . . . . . . . . . 6.10.2 Active . . . . . . . . . . . . . . . . . . 6.10.3 Type . . . . . . . . . . . . . . . . . . . 6.10.3.1 Call-Through . . . . . . . . . 6.10.3.2 Callback Number . . . . . . . 6.10.3.3 SIM Switch . . . . . . . . . . 6.10.3.4 MTC Number . . . . . . . . . 6.10.3.5 Voicemail Number . . . . . . 6.10.3.6 Remote Control . . . . . . . 6.10.3.7 IMS: to WLAN Number . . . 6.10.3.8 IMS: to Cellular Number . . . 6.10.4 Active Registration . . . . . . . . . . . 6.10.5 Endpoint . . . . . . . . . . . . . . . . . 6.10.6 Registration Name . . . . . . . . . . . 6.10.7 Registration Password . . . . . . . . . amcc-4_ug_en_2013-06 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 55 56 56 57 58 60 61 62 62 63 63 64 65 65 66 70 70 77 80 82 82 83 83 91 94 100 103 104 104 104 104 105 106 107 107 107 108 108 108 109 109 109 3 Table of Contents 6.11 6.12 6.13 6.14 6.15 6.10.8 Deployment Number . . . . . . . . . . . . . . . User Profiles . . . . . . . . . . . . . . . . . . . . . . . . 6.11.1 Name . . . . . . . . . . . . . . . . . . . . . . . 6.11.2 PBX . . . . . . . . . . . . . . . . . . . . . . . . 6.11.3 Security . . . . . . . . . . . . . . . . . . . . . . 6.11.4 VoIP/WLAN . . . . . . . . . . . . . . . . . . . . 6.11.5 Method Home . . . . . . . . . . . . . . . . . . . 6.11.6 Method Roaming . . . . . . . . . . . . . . . . . 6.11.7 LCR File . . . . . . . . . . . . . . . . . . . . . . 6.11.8 Controller Address . . . . . . . . . . . . . . . . 6.11.9 Controller Port . . . . . . . . . . . . . . . . . . 6.11.10 Callthrough Nr. . . . . . . . . . . . . . . . . . . 6.11.11 MTC Nr. . . . . . . . . . . . . . . . . . . . . . . 6.11.12 Voicemail Nr. . . . . . . . . . . . . . . . . . . . User Profiles (advanced) . . . . . . . . . . . . . . . . . 6.12.1 Name . . . . . . . . . . . . . . . . . . . . . . . 6.12.2 Cellular DMC . . . . . . . . . . . . . . . . . . . 6.12.3 Callwaiting . . . . . . . . . . . . . . . . . . . . 6.12.4 OSD . . . . . . . . . . . . . . . . . . . . . . . . 6.12.5 Codec . . . . . . . . . . . . . . . . . . . . . . . 6.12.6 Jitter Buffer . . . . . . . . . . . . . . . . . . . . 6.12.7 Handover . . . . . . . . . . . . . . . . . . . . . 6.12.8 Allow new Cellular Number . . . . . . . . . . . 6.12.9 Feature File . . . . . . . . . . . . . . . . . . . . 6.12.10 SIM-Switch Nr. . . . . . . . . . . . . . . . . . . User Accounts . . . . . . . . . . . . . . . . . . . . . . . 6.13.1 Lastname, Givenname, and Department . . . . 6.13.2 User Profile . . . . . . . . . . . . . . . . . . . . 6.13.3 PBX Number . . . . . . . . . . . . . . . . . . . 6.13.4 PBX Username . . . . . . . . . . . . . . . . . . 6.13.5 PBX Password . . . . . . . . . . . . . . . . . . 6.13.6 Display Name . . . . . . . . . . . . . . . . . . . 6.13.7 Cellular Number . . . . . . . . . . . . . . . . . 6.13.8 Fast-Forwarding Number . . . . . . . . . . . . 6.13.9 Email Address . . . . . . . . . . . . . . . . . . User Accounts (advanced) . . . . . . . . . . . . . . . . 6.14.1 Lastname, Givenname, Department, and User 6.14.2 SIP Number . . . . . . . . . . . . . . . . . . . . 6.14.3 Password . . . . . . . . . . . . . . . . . . . . . 6.14.4 Activate User . . . . . . . . . . . . . . . . . . . 6.14.5 DnD . . . . . . . . . . . . . . . . . . . . . . . . Cellular . . . . . . . . . . . . . . . . . . . . . . . . . . . amcc-4_ug_en_2013-06 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 111 111 111 112 112 112 112 112 113 113 113 113 113 114 114 114 115 115 115 115 116 116 116 116 116 118 118 118 118 118 119 119 119 119 119 119 120 120 120 120 122 4 Table of Contents 7 Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.1 Number Conversions . . . . . . . . . . . . . . . . . . . . . . 7.2 PBX Access Codes . . . . . . . . . . . . . . . . . . . . . . 7.2.1 Configuration Steps . . . . . . . . . . . . . . . . . 7.2.2 Predefined Feature Codes on the Aastra MC Client 7.3 FMC Domains . . . . . . . . . . . . . . . . . . . . . . . . . 7.4 User List . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.5 Additional Country Tones Configuration . . . . . . . . . . . 7.6 Custom Scripts . . . . . . . . . . . . . . . . . . . . . . . . . 8 UC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8.1 Client Features . . . . . . . . . . . . . . . . . . . . . . . . . 8.2 Corporate Phonebook Settings . . . . . . . . . . . . . . . . 8.2.1 Groups . . . . . . . . . . . . . . . . . . . . . . . . 8.2.2 VCard Format . . . . . . . . . . . . . . . . . . . . . 8.2.3 Phonebook LDAP . . . . . . . . . . . . . . . . . . 8.3 XMPP Endpoints . . . . . . . . . . . . . . . . . . . . . . . . 8.4 XMPP Users . . . . . . . . . . . . . . . . . . . . . . . . . . 8.5 SIMPLE Users . . . . . . . . . . . . . . . . . . . . . . . . . 8.6 BluStar-Server . . . . . . . . . . . . . . . . . . . . . . . . . 8.6.1 SIMPLE BluStar Server . . . . . . . . . . . . . . . 8.6.2 BluStar Web URL . . . . . . . . . . . . . . . . . . . 8.7 Groupware . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9.1 Feature/LCR Profile Upload . . . . . . . . . . . . . . . . . . 9.2 Feature/LCR Profile Reader . . . . . . . . . . . . . . . . . . 9.3 LCR Profile Lists . . . . . . . . . . . . . . . . . . . . . . . . 9.4 LCR Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . 9.5 OTA Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . 9.6 Client Deployment . . . . . . . . . . . . . . . . . . . . . . . 10 Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10.1 FMC Status . . . . . . . . . . . . . . . . . . . . . . . . . . . 10.2 IM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10.3 Statistic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10.4 Call Status . . . . . . . . . . . . . . . . . . . . . . . . . . . 10.5 LDAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10.6 System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10.7 Remote Control . . . . . . . . . . . . . . . . . . . . . . . . . 10.8 Deployment Status . . . . . . . . . . . . . . . . . . . . . . . 10.9 Syslog-File . . . . . . . . . . . . . . . . . . . . . . . . . . . 10.10 Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10.11 Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10.11.1 Ping . . . . . . . . . . . . . . . . . . . . . . . . . . 10.11.2 Traceroute . . . . . . . . . . . . . . . . . . . . . . . amcc-4_ug_en_2013-06 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124 124 128 128 129 131 131 134 134 135 135 136 136 136 137 140 142 144 145 145 146 147 148 148 149 149 150 152 154 155 155 157 158 159 160 161 162 163 164 165 167 167 167 5 Table of Contents 10.12 SNMP . . . . . . . . . . . . . . . . . 10.13 Firewall Report . . . . . . . . . . . . 10.14 Net. Trace . . . . . . . . . . . . . . . 10.15 Sup. Trace . . . . . . . . . . . . . . 11 Initial Setup via the Console . . . . . . . . 12 Factory and Password Reset (via console) 12.1 Password Reset via RS232 . . . . . 12.2 Factory reset via RS232 . . . . . . . 13 Accounting Table via SNMP . . . . . . . . . Index . . . . . . . . . . . . . . . . . . . . . . . amcc-4_ug_en_2013-06 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169 172 173 176 177 179 179 179 181 183 6 1 The Aastra AMC Controller 1.1 Introduction Thank you for using our Aastra MC Solution. The Aastra MC Solution provides unified communications to its users and consists generally of the following components: the Aastra AMC Controller as a server component and Aastra MC Clients which replace and enhance the functionality and services of a desk phone. With the Aastra MC Solution users are able to take advantage of all the services rendered by their corporate PBX(s) by using the Aastra MC Client from WLAN and cellular networks on their cellular phone all while being available via their company extension. The Aastra MC Solution is also available as a software-only version. In order to request the required VM-Ware image file and/or the license key for activating the VM-Ware Aastra AMC Controller, please contact your local Aastra office or send us a request via [email protected]. The Aastra MC Solution transforms mobile phones into full-fledged equivalents of desk phones, and can have an enormous cost-saving potential. The Aastra MC Solution provides a variety of features and PBX access: • Key Features: Single Number Solution via via cellular, SIP Trunking and SIP Subscriber Integration with the PBX for providing leading edge feature integration... • In-Call Features: such as Hold, Toggle, Consultation, Conference etc. • Out-Call Features: like Call Forwarding, Call Pickup and Call Retrieve While this unified communications solution is the core of your Aastra AMC Controller, it also provides numerous other services at the same time: • Firewall and SBC functionality: Stateful inspection Firewall, Layer 7 Filtering with Syntax Checking ... 7 1 The Aastra AMC Controller • Routing: OSPF/BGP dynamic routing, RIPv2, Static routes... • and more... 1.2 How to read this Manual The structure of this manual largely reflects the structure of the web interface of your Aastra MC Solution (henceforth "the Aastra AMC Controller") . We assume that this manual is not read from beginning to end, but that it is used as a reference while configuring the Aastra AMC Controller. This introductory part concludes with the following scope of delivery for the different Aastra AMC Controller models. The delivery overview is followed by the technical introduction to the Aastra AMC Controller which provides all necessary information for a quick initial setup. The following chapters all correspond to the different tabs in the web interface and the following sections are listed in the order of their appearance in the menus of the respective tab. If you are viewing this document in its original PDF format, check the bookmarks view because of the structure of this document, it might prove very helpful to use it for navigation. As a PDF file this document contains hyperlinks, internal links are displayed in blue, external ones are highlighted in green. O NLINE H ELP The graphical user interface of your Aastra AMC Controller provides tool tips for many settings and options, as well as a general help text for each page. Hover your mouse over the question mark in the upper right-hand corner of a page, and the help text will appear. amcc-4_ug_en_2013-06 8 2 Basic Configuration 2.1 Preparations The Aastra AMC Controller is a browser-based application. You can access it via any common browser. Therefore, the Aastra AMC Controller configuration is independent of the operating system. For checking your input, on some pages JavaScript support is also required. Please make sure this is enabled in your web browser. When accessing the web interface for the first time, you have to accept a (self-signed) security certificate. Some browsers may restrict access for this reason. The LAN1 interface of the Aastra AMC Controller is configured to the following parameters by default. LAN1 Properties Details Network protocol TCP/IP IP-Address 10.0.0.205 Subnetmask 255.255.255.0 Therefore, in order to be able to communicate with the Aastra AMC Controller, you need to configure your PC to an address in the same subnet, as for example 10.0.0.206. 9 2 Basic Configuration 2.2 Default Port Assignment The following ports are open by default, or opened if a certain service is activated and/or configured: Port open... 53 123 161 if active if active if active 179 199 if active if active 389 if active 443 by default Yes 448 by default Yes 500 by default 521 if active 1900 2342 by default by default 2604 if active 4500 5000 to 50xx 5060 by default if configured 5061 5062 LAN Int. 1 (listen only) if active if active 5222 if active Firewall open* Assignment Domain Name Service (DNS) Network Time Protocol (NTP) Server Secure Network Management Protocol Daemon (SNMPD (UDP)) Border Gateway Protocol (BGP) Secure Network Management Protocol Daemon (SNMPD (TCP)) TCP: Leightweight Directory Access Protocol (LDAP; for Corporate Phonebook) Hypertext Transfer Protocol Secure (HTTPS) management on all interfaces, unless modified HTTPS Interface towards the MC Client, unless modified Internet Security Association and Key Management Protocol (ISAKMP), here: Internet Protocol Security (IPsec) Routing Information Protocol (RIP or RIPv2) UPNP SecureSHell (SSH) management on all interfaces, unless modified Open Shortest Path First (OSPF), a dynamic routing protocol IPsec and Network Address Translation Transport Layer Security (TLS) SIP Dualmode Server (UDP) Yes Yes SIP TLS SIP default port for the Aastra MC Client and SBC TCP XMPP Port (instant messaging) *Ports that must be open on the firewall between Internet and the Aastra AMC Controller. amcc-4_ug_en_2013-06 10 2 Basic Configuration Port open... 35000 by default to 35XXX 5432 11000 to 11999 12000 to 12999 16384 to 32786 by default if active Firewall open* Assignment Yes These are the RTP ports for the Session Border Controller if the SBC is enabled. At least four ports per call are opened dynamically. PostgreSQL (database) Used for SIP Trunks by default Ports used by the Aastra AMC Controller towards the PBX by default Real-Time Transport Protocol (RTP) *Ports that must be open on the firewall between Internet and the Aastra AMC Controller. 2.3 Establish a connection to the Aastra AMC Controller 1. To enter the graphical user interface (GUI) of the Aastra AMC Controller and to begin the configuration, enter https://10.0.0.205 in your browser’s address field. For some products, the correct protocol is HTTP, so you have to enter http://10.0.0.205 to connect correctly. Check the Quick Reference Sheet for your Aastra AMC Controller for more information about this. In order for this to work, the IP address of your PC has to be set up to be in this subnet. Please consult the documentation of your operating system for more information on how to accomplish this. Your browser will ask you to accept a certificate and warn you that it is self-signed. To continue you will have to accept this certificate for establishing an encrypted connection to the Aastra AMC Controller . 2. Enter the username and password. The default values are as follows: Username: admin Password: sesam amcc-4_ug_en_2013-06 11 2 Basic Configuration Please note that you’ll have to accept the EULA before proceeding. I MMEDIATE PASSWORD C HANGE From the latest version on an immediate password change is required to proceed. The password strength must at least be ”good” or ”strong”, ”weak” or ”medium” are insufficient. Use the Change Password page, described in 3.2, to change the password another time later on. 3. Select your language. After having logged in successfully, you should see the HTML frontend of your Aastra AMC Controller. You can change the language anytime in the top menu bar. 2.3.1 GUI Mode Basic and Advanced The Aastra AMC Controller offers a slimmed GUI version for "every day" use. You can switch between these displays in the right-hand corner of the top-menu-bar, where you can also change the GUI language. A separate documentation for the basic version with only those settings visible in that GUI mode is available. 2.3.2 Architecture of the WebGUI The WebGUI of the Aastra AMC Controller consist of different parts. These are • Page Header • Top Menu Bar • Top Navigation • Main Frame Page Header The page header gives you information about the Aastra AMC Controller mode. Top Menu Bar The Top Menu Bar is the top level navigation. This navigation gives you three major options to select: amcc-4_ug_en_2013-06 12 2 Basic Configuration 1. Home: this page displays the status of all the network components of the Aastra AMC Controller in alphabetical order. There are three possible status which are shown by LEDs (compare figure 2.1): - active - inactive - disabled It also offers the possibility to start, stop or restart individual services of the Aastra AMC Controller by clicking , or , respectively. The latter (restart) is an alternative to Apply Configuration which leads to a complete restart of all services(see below). 2. Apply Configuration: whenever you click on Apply Configuration the entered content will be written into the base configuration of the Aastra AMC Controller. At this point, all running services (including calls!) will be interrupted due to a restart of the Aastra AMC Controller. If you do not want to interrupt the operations of the Aastra AMC Controller, the Status Page offers you a way to apply configuration changes for individual services only. 3. Language: The currently not selected language will be displayed here. Select it by clicking on it. If a menu is opened at that time you might have to reopen it to apply the new language setting. W HEN TO A PPLY C ONFIGURATION Note that changing users and other options which are stored in the database does usually not require clicking Apply Configuration. However, if it is necessary, the Apply Configuration option will visually indicate this. amcc-4_ug_en_2013-06 13 2 Basic Configuration Figure 2.1: Service Status Main Navigation (left) The main navigation is a two level navigation. This manual is structured according to this navigation. Select any of the top (main) menu points (SYSTEM, NETWORK etc.). When you do that, the list of available submenus for this main menu will open in the main frame. By clicking on the menu titles of this list, the configuration view for the selected menu item will open. Main Frame The main frame will always contain the currently selected configuration screen. Use the Main Navigation to select what part of the Aastra AMC Controller you want to configure. Bottom Menu Bar You can find important product and software information on the bottom right hand side. Of this information, the most important is the software version which is a four digit number. This number can be followed by a dot which is followed by more digits. The digits after this dot indicate the patch set number which the product contains. 2.3.3 GUI Considerations The following explains a few points that you need to consider. Default Values There are both explicit as well as implicit default values. The explicit ones are set by default in the WebGUI. Implicit ones are fields that can simply be left empty. The system will select an appropriate default value for you. You can leave all fields except the mandatory ones empty. amcc-4_ug_en_2013-06 14 2 Basic Configuration Mandatory Values Mandatory values have to be configured to use a certain feature. In the GUI, you can identify them by the * symbol behind the title. If left empty, you will receive an error message asking you to set the value. Erroneous Values The Aastra AMC Controller checks the entered values for consistency and will not accept values failing this check. An error message will be displayed. This, however, cannot avoid erroneous configurations since only basic sanity and syntax checks of the entered values are performed. These checks include type checks (string or number, etc.), range checks ("do entered numbers make sense?"), and basic sanity checks ("do certain parameters exclude each other?", etc.). amcc-4_ug_en_2013-06 15 3 System 3.1 Basic Settings This menu contains all of the basic settings which are needed for the configuration of the system of your Aastra AMC Controller. This comprises: • Date and time (any NTP settings have precedence over date and time configured here, refer to 4.5), • Specification of a domain name server (DNS server), • Host name for the Aastra AMC Controller (the system name should be set for administrative purposes, but it is not a crucial setting). Figure 3.1: Basic settings 16 3 System Date and Time: Date and time will be applied immediately after pressing the button Save . To save new values all other SYSTEM settings Apply configuration has to be selected. The system date and time are important for using, among other services, the logging facilities. The settings applied here will also be saved in the hardware clock of the system and thus not be lost with a reboot Especially for logging, however, the configuration of a reliable NTP server is recommended (refer to 4.5). Time zone: Usually NTP servers utilize GMT (Greenwich Mean Time). Therefore, to get the correct time zone on your device, you need to set the time zone where the device is located relative to GMT. Please note that this setting does not account for Daylight Savings Time. Domain Name Server: In order to use debugging tools like ping, traceroute and telnet with domain names instead of addresses, a DNS server has to be specified. The same holds true of course for all other services where the specification of host names is possible (e.g. VoIP). If you do not specify a DNS server here, you can only use IP addresses for all services configured on the Aastra AMC Controller. The second domain name server specified here, will be used as a fallback if the first server is down or otherwise not reachable. System name: The entered name must not contain any whitespace or special characters. This system name should be unique and has to correspond to the domain name that has been assigned to the Aastra AMC Controller towards the DNS server. Non-matching forwards and reverse look-ups, as well as differing host names will cause problems with various services. The settings will be applied when you click the button Save . amcc-4_ug_en_2013-06 17 3 System 3.2 Password With this menu item, the access password for the Aastra AMC Controller can be changed and a separate password for access via console can be activated (set and reset it via console). To (re)set the CLI password, please refer to 11. The password has to have at least 5, but not more than 20 characters, and to save a new password the password strength must at least be measured as ”good” or ”strong”. Excess characters (more than 20) will be ignored without an error message. Alphanumeric characters and the following special characters are legal: +*/=~_@#()<>[]!?.- Whitespaces and $ are not supported! The new password will be applied immediately. This means that right after changing the password in the WebGUI, you will be prompted for it in order to continue with the configuration. Figure 3.2: Change the password The new password will be applied immediately after clicking the button Save , and the new password must be re-entered to continue. amcc-4_ug_en_2013-06 18 3 System 3.3 Update With this menu item, a local file on your PC can be selected to start the update process. Depending on the network connection, this upload might take several minutes. The update can even fail if done over a low bandwidth WAN link. It is not recommended to perform the update with a connection of less than 128 kbit/s. However, aborted updates do not harm the Aastra AMC Controller or influence it in any way. A timeout can occur while uploading an update. The Aastra AMC Controller has a fixed timeout of 2 hours. This means that any upload, if not completed, will be aborted after this time. Note that your browser might interrupt the upload sooner than that. There is no automatic reboot or restart of services after a successful update; the Aastra AMC Controller has to be rebooted manually. However, this can be performed at a later time. The update is simply installed into the flash memory which means that it has no effect on the running system. R ELEASE N OTES Please refer to the Release Notes before performing an update/upgrade. These might contain special instructions to be considered before upgrading to a certain version. Figure 3.3: Install an update Installing an update 1. Download the update and readme file (if applicable) for the desired version and save it on your PC. The current version of the Aastra AMC Controller is always indicated in the right bottom corner of the web interface. 2. Browse for the update via the Install Update menu and open it. 3. Click the button Upload . amcc-4_ug_en_2013-06 19 3 System 4. If necessary, do additional configuration steps as recommended in the enclosed readme file. If there is no such file, no special considerations have to be taken. 5. Reboot the system in order for the update to take effect. If you are uploading a hotfix, a simple Apply Configuration is enough. Downgrade to version XXX There are two ways to downgrade the Aastra AMC Controller: 1. Downgrade button: click the "Downgrade to [version]" button to basically revert the latest update. This option lets you return from a newer version (A) to the previously installed Aastra AMC Controller version (B) and the previous configuration. All changes made to the newer version A will be lost, and version A (and its configuration) can’t be restored! 2. Select an update older than your current version and upload it to the Aastra AMC Controller. This option requires extensive preparation to ensure system functionality! Please note as well that possibly not all services will run properly after a reboot. This can only be ensured by selecting "Apply Configuration". Only configurations compatible with older versions should be used. This can be accomplished by reverting to a saved configuration or by doing a factory reset. O LD C ONFIGURATIONS You should not import old configurations into more recent versions of the Aastra AMC Controller system. The configuration should be on the Aastra AMC Controller prior to the update. During the update process, this configuration will be converted. When installing an update that contains new configuration options, these must be checked and set after the installation since this is not done automatically. amcc-4_ug_en_2013-06 20 3 System 3.4 Installed Hotfixes This page shows all currently installed hotfixes. Please note that installed hotfixes are deleted with every software update and this page will be empty. 3.5 License Report A current license report will be sent to your customer account in the License Portal where you can view it at your convenience. You can specify individual email addresses for each Aastra AMC Controller in the License Portal to which the license reports will also be sent. Select the interval in which you would like to receive licensing reports (choose between daily, weekly, monthly, and yearly). Reports can also be sent on demand by clicking the button "Send Report now". 3.6 Backup In this section you can save or restore the configuration of the complete Aastra AMC Controller. By clicking the button Save , the most important configuration files will be saved into an archive file configuration-<date>.cpio.gz which will be offered for download. Restoring configuration 1. Select the location of the backup file stored on your PC 2. Click the button Send to upload it 3. then click on Apply Configuration Figure 3.4: Configuration backup amcc-4_ug_en_2013-06 21 3 System Note that this backup applies to all necessary parameters. This includes all FMC data like users and configured host registrations. It will hence include the complete snapshot of the configuration data at the time the backup is done (does not include e.g. APN Certificates, private certificates and the like). forceconfiguration If the version of the backup and of the currently installed software are far apart, the Aastra AMC Controller will inform you that this might lead to inconsistencies and/or failures and the restore will not take place. However, you have the possibility to force the Aastra AMC Controller to except the backup configuration by changing its file name from configuration-xxxxxx.cpio.gz to forceconfiguration-xxxxxx.cpio.gz. amcc-4_ug_en_2013-06 22 3 System I NCONSISTENCIES By using "force" the possibility of inconsistencies and failures is not eliminated! This merely forces the Aastra AMC Controller to restore the contained data. L ANGUAGE Another point here is that the localization of the web interface is also stored in the configuration archive (it is part of its configuration), i. e. if you restore a configuration later, the language might change. If this is the case, simply click on the language button in the top menu bar. N OT FOR P ROVISIONING This mechanism is intended for backing up and restoring configurations on the same device(s). Please do not use this for provisioning purposes by creating a default configuration and then replicating this to multiple devices. Please note that device-specific files which should not be replicated to arbitrary devices, will also be included in this archive. However, this does enable you to make a one-to-one restoration of a failed device. Saved configurations exclusively work on identical restoration devices. Do not use a saved configuration from one device on a different device type unless this procedure has been approved by the manufacturer! amcc-4_ug_en_2013-06 23 3 System 3.7 Rollback The Configuration Rollback enables you to revert the configuration of your Aastra AMC Controller to an earlier status. The configuration available for a roll back depends on when you last saved your configuration. Figure 3.5: Restore a previous configuration in this menu. After performing a rollback, you will always have to press Apply Configuration to activate it. This will also provide a chance to look at the restored configuration first, before activating it. P REPARATION FOR C HANGES Before making bigger changes to your configuration, it is always wise to go to the Rollback page and save the current configuration. This will enable you to roll back to this configuration at a later point in time. Every time you use the Apply Configuration the current configuration will be stored. AUTOMATIC D ELETION Please note that older Rollbacks will be deleted automatically if there isn’t enough storage available for backing up the current configuration. The naming convention of the stored configurations is as follows: DATE-TIME. The date will be formatted as yymmdd (two digits for the year, month and day), followed by a minus and the time in 24-hours format (hhmm). Screenshot 3.5 shows an example file name of a backup, ( 080311-1423) done on March 11th 2008 at 14:23. Number of Configurations This field defines how many configurations should be stored on the system. You have a choice between ’5’, ’15’ or ’25’ stored configurations. Saving a configuration will either amcc-4_ug_en_2013-06 24 3 System delete an old configuration or it will fail if there is no space available on the system. The system has been designed to provide enough space for all of the above mentioned settings. Previous Configuration Select the configuration you would like to restore by using the drop-down box. To activate this configuration, please click Apply Configuration in the top menu bar. Configuration Save now By Pressing Save you can trigger an immediate backup of the configuration. Note that such a backup can take several seconds. After the backup has completed you can refresh the page and see the backup in the Previous Configuration selection list. A PPLY C ONFIGURATION A restored configuration will not automatically be active after a reboot. The correct procedure it to always press Apply Configuration after performing a restore. A reboot is not necessary. The Backup will include all FMC settings, you should therefore be careful, because, for example, newly created users accounts will be lost. amcc-4_ug_en_2013-06 25 3 System 3.8 Remote Bak. The Aastra AMC Controller also offers a feature for providing an automated configuration backup to a remote system. The backup can be done through FTP or SCP protocols in scheduled intervals. By default this functionality is disabled, i. e. you need to configure it first in order to use it. For SCP: Please download the Superuser Public Key on the Security Keys page and uploaded to your remote backup server!Refer to 5.6. Figure 3.6: Remote Backup Configuration Specify the How, Where and When of your Remote Backup 1. Active: You need to check this in order to enable the functionality. 2. Type: You can choose between FTP and SCP. Note that you should use secure copy (SCP) whenever possible, because the backed up configuration also includes passwords. However, using SCP needs some manual setup which is described below. 3. Servername: Specifiy the server for your backup by entering either an IP address such as 192.168.1.1 or a hostname for example ftp.foo.bar here. If you amcc-4_ug_en_2013-06 26 3 System are using host names, please make sure that a DNS server has been set on the Basic Settings page. 4. Path: Please specify the path on the server where the files should be stored. This path is usually identical to the default login directory of the specified user. This field needs to reflect the path only relative to the server root directory. This means if you specify no path, the backup will be made to the root directory of the server. If you do specify a path, it has to be an existing path under the root directory the FTP server, for example /backup/test. The first slash is optional. 5. Username: Please specify a user name here. Even if the FTP server in question does not require authentication, i. e. is public, you should still specify a random name here e.g. anonymous. 6. Password: Specify the password of the defined user on the server. If this setting is incorrect, the backup will fail. If this occurs you should check your server logs to see if there is an authentication mismatch. This setting does not apply to SCP ! 7. Interval: You have a choice of different backup intervals. The following settings are possible: •Daily: This will back up the configuration everyday. Set the hour in the Time/Day of Week field. Legal Values are integers between 1 and 24. •On Change: This will create a backup after every material change (this does not include changes to the FMC configuration) •Hourly: This will create a backup every hour. There is no need for additional settings. •Weekly: saves backups every week. Select the day via the Time/Day of Week field. Legal values are integers from 1 to 7; 1 for Monday, 7 for Sunday. 8. Time/Day of Week: The setting in this field always has to be an integer. It only has to be set if the Interval field is set to either Daily or Weekly. D IRECTORIES Note that directories have to be specified with / slashes in the Aastra AMC Controller web interface. A RCHIVE F ORMAT The archive format used for the automatic backup and the manual Configuration Backup are identical. In order to restore a backed-up configuration, you should use the Configuration Backup page. amcc-4_ug_en_2013-06 27 3 System See 3.6 for more information. SCP C ONFIGURATION To configure SCP, some manual setup is needed. First, you need to download the superuser public key (refer to 5.6) and copy it to the backup server. Set up a key-based login to your backup account on the backup host. Log onto the backup server: ssh backupuser@backupserver and create a directory: /root/.ssh Add the public key to the end of an "authorized_keys" file in the recently created .ssh directory: cat /root_public.key » /root/.ssh/authorized_keys. If the file does not exist, it will be created. Once this is done, SCP is available for remote backups. amcc-4_ug_en_2013-06 28 3 System 3.9 XML-RPC Configuration Interface Deactivate the Aastra AMC Controller’s XML-RPC interface with the option on this page. By default, XML-RPC can be used to configure the main components of the Aastra AMC Controller with an external tool. Call data retrieval, such as call statuses etc., is also possible. If this interface is not used, it maybe advisable for security reasons to deactivate this interface. 3.10 Ports On this page it is possible to define the HTTP(S) and the SSH port used for administration. The Default values are 2342 for SSH, 443 for HTTPS (or port 80 for HTTP on systems that do not use HTTPS), as recommended by the IANA (Internet Assigned Numbers Authority). However, this menu gives you the possibility to set a different port. With the latest version of the product (summer 2013), SSH is by default deactivated. If activated (for e.g. support reasons), it will be deactivated again in the evening. WAN I NTERFACE ENABLED ? Please note that usually you do not need to change these values. Changing them is mostly done for security purposes if the administration through the WAN interface is enabled. Using non-standard ports makes it harder for scan programs to find these open ports. Figure 3.7: Port Numbers amcc-4_ug_en_2013-06 29 3 System 3.11 DB With these Database Settings database access can be given to an external device (this may also be a second Aastra AMC Controller) within a range of permitted IP addresses. Figure 3.8: Configure the Database Password and allowed IP addresses in this menu. • Password: Specify a password for database access in this menu. • Permitted IP Addresses: grant access from a specific IP network by entering an IP address and Subnetmask here. The screenshot shows an example where only devices in the "10.10." IP-address range are allowed to access the database of the Aastra AMC Controller (a correct password is also necessary). The default database password is and has been 18273645 for all versions. amcc-4_ug_en_2013-06 30 3 System 3.12 DB Sync. The synchronization of the user data between two Aastra AMC Controllers is commonly used in a redundancy configuration. In such a configuration, we would have two appliances, one serving as a master, the other serving as a slave. The slave will obtain its configuration from the master server. Therefore, this is not a real synchronisation but rather having a master containing the configuration. However, the slave will keep a copy of the configuration ready to fill in if the master fails. This applies only to the FMC part of the configuration, and includes all information necessary for FMC, i.e. Users, Endpoints, and Numbering Profiles, etc. The synchronization is done by directly accessing the configuration database of the master server. All changes to Users and Endpoints will become effective immediately and will therefore also be scheduled for synchronization right after pressing "Save" in the WebGUI. In order to lower the network load, several changes are collected and then synchronized in one step. D URATION It can take up to 3 minutes until all changes have been properly synchronized to the Slave device. C ONFIGURATION The Aastra AMC Controller will display a "Database is currently not available" message on the pages TELEPHONY and FEATURES if it is run in slave-mode. The Database will not be available for changes and new data if database synchronization takes place and the Aastra AMC Controller is used in slave mode. All FMC services will be rendered by the master. Therefore, changes of User Profiles, User Accounts, etc. can only be done on the master-Aastra AMC Controller. If the master-Aastra AMC Controller fails, the slave-Aastra AMC Controller will take over. Only then can data modifications be done on the (former) slave. 3.12.1 General Information Preparation To configure both Master and Slave a network connection has to be set up. In theory a standard routed connection is enough, but since this feature is used in conjunction with VRRP, you need to have a connection supporting multicast requests, usually a switched connection. amcc-4_ug_en_2013-06 31 3 System Updates To update the Aastra AMC Controller, it is very important to switch a master Aastra AMC Controller into Standalone mode first, then update its systems. For the slave, no special considerations have to be taken. You can simply update it. After both systems have the same software version, the master can be switched into Master mode again. This procedure is only necessary if the database has changed between the two versions. When in doubt, please adhere to this approach nevertheless. 3.12.2 Operating Mode The Synchronize database page is used to configure the Aastra AMC Controller in Master, Slave or in Standalone operating mode. It will also configure the database synchronization. Master IP is the IP of the interface which acts as a master and the Slave IP is for the interface acting as slave. Figure 3.9: Synchronize database Standalone mode In the Standalone mode the Aastra AMC Controller uses the database without a network connection to other databases. The IP addresses under the Operating mode item will be ignored. This is the default operation mode. At any time you can turn a Standalone Aastra AMC Controller into the master of a cluster. You have to be careful turning it into a slave because your configuration will be lost. Master Mode The Master mode initializes the local database as master and the database of the Aastra AMC Controller with the Slave IP as slave. The connection daemon starts on the amcc-4_ug_en_2013-06 32 3 System master Aastra AMC Controller after the initializing process. You need to configure the Master IP and Slave IP. Slave mode This puts the Aastra AMC Controller into slave mode. All configuration data will be fetched from the master. To start the Aastra AMC Controller in Slave mode you need the Master IP and Slave IP. The Slave IP naturally is the IP address of the unit you are currently configuring and you need to specify the appropriate interface-IP address that should be used for synchronization. After applying this configuration, the unit will start to synchronize the data from the master server. S ECURITY K EYS The Security Keys (see 5.6) of the Master must be present on the slave. Otherwise the unit will not be able to synchronize the configuration. P OSSILBE DATA L OSS ! All FMC-configuration data present on this device will be overwritten by data fetched from the master. This means that the configuration present on this device will be lost. You can switch a Slave back into Standalone mode, but the synchronized data will be kept. 3.12.3 Failover Operation Two appliances can be deployed in a failover fashion. In such a configuration, the secondary server can take over the functionality of the primary one. To enable this the VRRP protocol is used to provide a dynamic failover mechanism. The properties of this failover mechanism are as follows: • The secondary appliance will be idle when the primary appliance is active. • VRRP is used to switch the IP address between the master and the slave, so the Aastra AMC Controller appliances do not have to be in the same multicast domain. The master and the slave will share one virtual-IP address. In addition, a management / physical address for each of them is required in order to enable communication among each other. All three addresses should be in the same subnet. • Once the master fails, the secondary appliance will take over. amcc-4_ug_en_2013-06 33 3 System • All active calls will be lost in a failover scenario. • Right after a failure, the call can be re-established via the secondary appliance. • The secondary appliance does not have to be maintained, since the configuration will always be taken from the primary appliance (only pertaining to the FMC configuration). The configuration of the solution is as follows: The primary server will contain the complete FMC configuration. The slave server is normally configured for networking, firewalling etc. The FMC configuration is only done by pointing to the master server via database synchronization, as described in 3.12. This will lead to a mirroring of the configuration. The VRRP portion has to be setup separately. Please refer to 4.6 for more information. amcc-4_ug_en_2013-06 34 3 System 3.13 Factory Def. The ’Restore the basic configurations’ page allows you to restore the basic configuration and / or reset the ’Dualmode’ database (only FMC products) to factory settings. Refer to figure 3.10 on page 36 for more information. • Reset Basic Configuration With the exception of the ’Dualmode database’ settings, all configured settings will be deleted from the Aastra AMC Controller by restoring the basic configuration. To execute a restore click the first Reset button on the right side of the page, and reboot the Aastra AMC Controller. • Reset ’Dualmode’ database This action will empty the database. The database includes all ’Dualmode’ settings. To Reset the database click the second Reset button on the right side of the page, and reboot the Aastra AMC Controller. • Restore Factory Defaults This function executes a full factory reset. This can also be done via the command line, and is described in section 12. Then reboot the Aastra AMC Controller. R EBOOT Your system has to be rebooted after a Restore Basic Configuration or Restore Factory Defaults is done! Since the default IP address is 10.0.0.205 and subnet mask is 255.255.255.0 you will have to enter this information once more! amcc-4_ug_en_2013-06 35 3 System Figure 3.10: Reset basic configurations amcc-4_ug_en_2013-06 36 3 System 3.14 Licenses This product contains Open Source Software. Most Open Source Software demands that the license of the package be included with the product containing the software. Therefore, this page displays the Aastra AMC Controller’s EULA license and lists all licenses of Open Source packages used in this Aastra AMC Controller. A mouse click on the package name shows the complete license text. 3.15 Restart By clicking the button Restart , the Aastra AMC Controller will be rebooted. Figure 3.11: Restarting the System It may take up to two minutes until the Aastra AMC Controller is fully available and operating again. Generally there are two options: the Aastra AMC Controller can be restarted instantly or, with the second option, the Aastra AMC Controller can postpone its restart until there are no ongoing calls. amcc-4_ug_en_2013-06 37 4 Network 4.1 LAN Int 1 The primary LAN interface and its netmask have to be configured; this is one of the mandatory settings for your Aastra MC Solution. Configure LAN1 as DHCP Server The Aastra AMC Controller can act as a DHCP server (on both LAN Interfaces) and assign IP addresses via dynamic host configuration protocol (DHCP) to computers connected to its primary LAN interface . The following explains the setup of this feature. N O OTHER DHCP S ERVER If you would like to make use of this functionality, please make sure that there is no other DHCP server running in your network since this can have very adverse effects. 1. DHCP IP Range from and to: If the Aastra AMC Controller is intended to be used as DHCP server, you have to define the range of IP addresses which the Aastra AMC Controller is allowed to assign to clients. Both addresses have to be in the same subnet as the Aastra AMC Controller’s IP address. Naturally, the beginning and the end of the range of course also have to be in the same subnet. Please note that this address range must not contain IP addresses of any other configured computer with a static IP address within this LAN. 2. Domain Name: Give a unique Domain Name to the Aastra AMC Controller’s DHCP-server component. This name will serve for the configured IP range as a whole. 3. Standard Gateway IP: By default, the Aastra AMC Controller itself acts as a standard gateway. Another standard gateway for the DHCP functionality can be set here by simply entering an IP address in this field. 38 4 Network Figure 4.1: Configuration and DHCP functionality of the primary LAN interface amcc-4_ug_en_2013-06 39 4 Network 4. Primary and Secondary DNS Server: You may specify up to two DNS server IPs to obtain domain names. The DHCP component will then obtain domain names of network devices and forward them to its DHCP-clients. Of course configuring two is safer than relying on a single one. 5. NTP Settings: It is recommended to configure at least two NTP servers for the DHCP component of the Aastra AMC Controller. These addresses will be transmitted as time sources to the DHCP clients of the Aastra AMC Controller. 6. DHCP Fixed Addresses: This option lets you assign fixed IP addresses to certain network devices. Choose an appropriate Hostname for the device, configure it to the MAC address of said device, and choose the IP address (which has to be within the configured DHCP IP Range) for it. amcc-4_ug_en_2013-06 40 4 Network D EFAULT G ATEWAY You cannot specify the default gateway for the system here. In order to specify a default gateway for the Aastra AMC Controller as a whole, please configure it with the WAN interface. If you do not want to configure a WAN interface, but still have to have a default gateway, please configure a routing entry. Please refer to the Routing section 4.4 for more information. amcc-4_ug_en_2013-06 41 4 Network 4.2 WAN Interface The internet (WAN) connection can be configured with the menu item WAN interface. Figure 4.2: Configuration of the WAN interface Configuring WAN Interface Enter the IP and netmask of your Internet router. Please ask your provider or consult your DSL modem/router manual about the IP settings of your router. A common IP address for routers is 10.0.0.138. For the field Gateway you should enter the address of your router (default gateway) for the WAN connection. 1. Select the connection type: IP, PPPoE, PPTP or choose Deactivated if you do not want to use WAN interface. 2. Provide configuration details for the selected section as described above. 3. Save changes by clicking on Save . Your changes will be applied after selecting Apply configuration. Connection via IP If the Aastra AMC Controller is connected to the internet via a leased line or an internet router (xDSL router, ISDN router, etc.), you have to choose IP and enter the information for your network. For the field Gateway you should enter the address of your router (default gateway) for the WAN connection. amcc-4_ug_en_2013-06 42 4 Network Connection via PPPoE / PPTP If the Aastra AMC Controller is directly connected to the internet via a DSL modem, you will have to select PPPoE or PPTP (depending on your provider) and enter the connection information given to you by your provider. Please also refer to your internet service provider (ISP) about additional configurations necessary to set with DSL routers. Note that some providers do not want you to connect a router to connect multiple PCs. They will often insist you install special software on the PCs in order to access their network. If you experience problems with the WAN configuration, please make sure your ISP does not have such restrictions. If the connection uses PPPoE, you only have to enter the user name and password. Additional information is needed if the connection uses PPTP: The internal IP address of your DSL modem, the related netmask (both pieces of information sould be retrievable from your provider) and a matching IP address for your Aastra AMC Controller are required. The IP of the Aastra AMC Controller has to be in the same network as the IP address of the modem. Please ask your provider or consult your DSL modem/router manual about the IP settings of your modem. A common IP address is 10.0.0.138. amcc-4_ug_en_2013-06 43 4 Network 4.3 VLAN This menu serves for the configuration of virtual interfaces. Every virtual interface needs its separate Number (ID), IP address and netmask. Figure 4.3: Define virtual interfaces Configure a Virtual Interface 1. Local Interface: Choose to which interface of the Aastra AMC Controller you would like to add another virtual interface. Further Virtual Interfaces can be assigned to all configured physical interfaces. 2. Number: This will be the ID of your virtual interface. It is arbitrary. If 802.1q is activated, this Number will be your VLAN ID. If you configure several virtual interfaces, each of them needs a unique ID or Number. 3. IP Address and Subnetmask: The IP address of your virtual interface is also arbitrary. 4. 802.1Q: The standard IEEE 802.1q is used to tag control information to the IP packet headers. In our case the VLAN ID, i.e. the configured Number will be displayed there. It will then be clear for all network devices that they are dealing with a virtual local area network and not with a physical one. Enabling this does not do any harm, even if your PBX does not support VLANs. amcc-4_ug_en_2013-06 44 4 Network Ports for virtual interfaces have to be opened manually on the firewall! Use Custom Rules (refer to 10.13) to open ports. 4.4 Routing With this menu item you can configure additional routing entries. Standard routes like the default route (only on the WAN interface) and routing between the different configured interfaces are generated automatically. Hence, this menu only has to be used if any additional routes are desired. Note that you only set the routes for outgoing IP packets here. In order to make the network behind the Aastra AMC Controller accessible from your network, you have to make sure that the network towards the Aastra AMC Controller is handled correctly. Use to edit, or to delete an existing entry. Figure 4.4: Routing Adding a new routing entry 1. Click Add to create a new entry and specify configuration parameters as follows. 2. Destination: The destination network for the desired route. This can also be a single host. amcc-4_ug_en_2013-06 45 4 Network 3. Netmask: The netmask of the destination network. Note that 255.255.255.255 will signify a host route. 4. Gateway: The address of the gateway router that connects the destination network with the local network. This address must be accessible via a local interface. The gateway must hence represent the next hop that can be used for routing. 5. Interface: The interface to which the gateway is connected (directly or indirectly via one or more switches). 6. Click Save to save the changes. Your changes will be applied after selecting Apply Configuration . 7. Please restart the system after editing/adding routing entries. amcc-4_ug_en_2013-06 46 4 Network D EFAULT R OUTE Please be careful when setting a default route here. Usually, the default route is set automatically when the WAN interface is configured. In that case, the default route points to the gateway specified in the WAN interface configuration. If an ADSL connection is established, the default gateway is usually assigned via DHCP. If no WAN interface is configured, you should specify a default gateway here. Specifying a default gateway works by using destination 0.0.0.0 with netmask 0.0.0.0. 4.5 NTP The table on this site contains one or more NTP servers that the Aastra AMC Controller should consult in order to set the system time. Figure 4.5: Configuration of NTP Server Setting up NTP 1. Checkbox: mark this box to activate NTP and click on Save . amcc-4_ug_en_2013-06 47 4 Network 2. Add one or more NTP servers which the Aastra AMC Controller should use. You have to provide its IP address. Optionally you can check the box "Preferred" to grant priority to time information received from this NTP server. This means that an answer received from such server won’t be dropped if its answers differ significantly from others. Please note that only very reliable and stable NTP servers should be given a preference. Use to edit, or to delete an existing entry. 3. Your changes will be applied after selecting Apply Configuration . W INDOWS S ERVER 2003 The Aastra AMC Controller uses full NTP4 which can cause problems when trying to use the NTP service running on Windows Server 2003 (w32time) as a clock source. The w32time service has a few known issues which can lead to incorrect synchronization with the NTP server of the Aastra AMC Controller while SNTP clients can often successfully get their time from the Windows Server 2003. The problem is that SNTP as used in some SIP phones and Windows clients is a stripped-down version of NTP which is less reliable and less accurate. However, this makes it seem like the Windows Server 2003 is running correctly while it is in fact not set up correctly to serve as a reliable NTP clock source. It is essential that the Windows Server 2003 itself is correctly synchronized with a reliable clock source. The internal system clock is not sufficient. For more information about configuring w32time see the MicroSoft knowledge base entry 816042. 4.6 VRRP This menu gives you the possibility to configure two Aastra AMC Controllers for a failover scenario and possibly other individual VRRP scenarios (this depends on your specific implementation). The following description focuses on the failover operation. Failover Scenario Description When the master-Aastra AMC Controller is down, the slave-Aastra AMC Controller will take over. This can have different reasons for which the recovery is done in different ways: amcc-4_ug_en_2013-06 48 4 Network • A cable was unplugged (e.g. ethernet): the slave takes over when the master is detected as "offline". All calls are dropped and the slave starts (re-)registering all users towards the PBX. When the master goes online again, after the cable has been plugged, all calls are dropped and re-registration takes place another time. • The master is down and must be restarted. During the restart, the master checks the slave for ongoing calls and will wait up to two hours (until all calls have ended) before it takes over again. Figure 4.6: VRRP Configuration VRRP Configuration 1. Go to General to activate the feature. 2. Click the Add-button to add a virtual server. Use delete an existing entry. to edit, or to 3. Specify the Interface that this VRRP virtual address should be assigned to. Currently, the following is supported: •VRRP on local interface LAN 1 •VRRP on local interface LAN 1 and WAN Interface 4. Set the VSID for the virtual service identification. Background: VRRP allows you to define groups of virtual servers / routers that can provide redundancy for each other. This must be a number, and this number must be unique for the group of routers you want to provide redundancy for. amcc-4_ug_en_2013-06 49 4 Network 5. Specify the Priority field, which specifies the sending VRRP router’s priority for the virtual router. If you choose the Priority "Master", the priority is set automatically to 255, the Priority "Slave" will automatically assume the value 100. Older Versions: On older versions of the Aastra AMC Controller, the Priority value(s) had to be set manually. If you are still using an older Aastra AMC Controller version, please set the values for "Master" and "Slave" as they are assumed automatically on the newer versions, i.e. 255 and 100. 6. Enter the IP address for your virtual router. Please note that you have to set this exact IP address on all devices with the same VSID in the same network segment. 7. Click Save to save your changes. Your changes will be applied after selecting Apply Configuration. 8. Additionally: To set up a full failover scenario with two Aastra AMC Controllers, several other menues have to be configured: •SSH must be activated on LAN Interface 1 (refer to 5.1) •Database Synchronization has to be configured (refer to 3.12) •Database Security Keys have to be exchanged (refer to 5.6) amcc-4_ug_en_2013-06 50 4 Network S WITCHBACK To reactivate the master-Aastra AMC Controller, execute a reboot of the device. A mere reconnection of the ethernet cable does not suffice. amcc-4_ug_en_2013-06 51 4 Network B EHAVIOR WHEN APPLYING THE CONFIGURATION After "Apply Configuration" the master-Aastra AMC Controller goes down (due to the restart of all services) and becomes active again if the slave-Aastra AMC Controller has no active calls running. An "Apply Configuration" on the slave-Aastra AMC Controller will not affect the operation on the primary server. Additional Background Information Virtual Router Redundancy Protocol as described in RFC 2338 is used to advertise a "virtual" network device. This virtual network device represents a group of other network devices. This group consists of one acting master device and at least one or more slave devices. If the currently active Aastra AMC Controller fails, an arrangement is made for the other Aastra AMC Controller to automatically replace it. The Aastra AMC Controller currently forwarding data on behalf of the virtual one is called master. VRRP is primarily intended to provide redundancy between two Aastra AMC Controllers, but it can also be used in conjunction with any router providing this functionality such as Cisco, Huawei, Juniper and others. VRRP specifies an election protocol to provide the virtual router function described before. All protocol messaging is performed using IP-multicast datagrams, thus the protocol can operate over a variety of multi-access LAN technologies supporting IP multicast. Each VRRP virtual router has a single well-known MAC address allocated to it. This document currently only details the mapping to networks using the IEEE 802 48bit MAC address. The virtual router MAC address is used as the source in all periodic VRRP messages sent by the master router to enable bridge learning in an extended LAN. A virtual router is defined by its virtual router identifier (VSID) and a set of IP addresses. It may associate a virtual router with its real addresses on an interface, and may also be configured with additional virtual router mappings and priority for virtual routers it is willing to backup. The mapping between VSID and IP addresses must be coordinated among all VRRP routers on a LAN. To minimize network traffic, only the master of each virtual router sends periodic VRRPadvertisement messages. A backup router will not attempt to pre-empt the master unless it has higher priority. This eliminates service disruption unless a more preferred path becomes available. It’s also possible to administratively prohibit all preemption attempts. The only exception is that a VRRP router always becomes master of any virtual router associated with addresses belonging to it. If the master becomes unavailable the highest priority backup router will transform into the master after a short delay, amcc-4_ug_en_2013-06 52 4 Network providing a controlled transition of the virtual router responsibility with minimal service interruption. The VRRP protocol design provides rapid transition from backup to master to minimize service interruption, and incorporates optimizations reducing protocol complexity while guaranteeing controlled master transition for typical operational scenarios. The optimizations result in an election protocol with minimal runtime state requirements, minimal active protocol states, and a single message type and sender. The expected duration of master election (from the pool of backup routers) if a failure occurs is quite shorts ( less than one second ). 4.7 QoS This page allows you to configure layer-3 QoS (Quality of Service) tagging by using DSCP/ToS byte in the IP header. This tagging is supported both towards the Aastra MC Client side as well as towards the PBX side. Simply configure the correct interfaces here. Note that this tagging only makes sense for outbound traffic. Figure 4.7: Quality of Service Configuration There are three different ways to specify the traffic you want to mark: • Interface • IP and Application Protocol • TCP / UDP Ports Quality of Service Configuration There are several configuration options for each criteria: 1. Protocol: Select a Protocol, either UDP, TCP, ICMP or ANY. ANY will match all packets. amcc-4_ug_en_2013-06 53 4 Network 2. Received on Interface: This will match packets arriving on a specified interface. This option only applies if the traffic is simply forwarded and the Aastra AMC Controller hence acts as a router. This rule or traffic terminated on the Aastra AMC Controller. 3. Sent over Interface: Will match all packets sent out over the given interface. It does not matter if the packets were forwarded or generated by the Aastra AMC Controller. 4. Destination Port: Matches all packets addressed to the given destination port. 5. L7 Protocol: Stands for Layer-7 Protocol and will actually analyze the payload of each packet to match a certain protocol. Only a subset of the supported protocols is given as a choice here, namely ANY, SIP, RTP, TLS. H IGH DATA R ATES WITH L AYER -7 F ILTERING The use of Layer-7 Filtering is discouraged for Aastra AMC Controllers needing to handle high data rates (in excess of 5MBit constant load), because analyzing each packet can become quite resource consuming. Traffic tagging methods: • DSCP: Stands for Differentiated Services Code Point and is specified in the RFCs 2474 and 2475. It signals the priority of a package with 6 bits, where The DSCP or DiffServ standard supersedes the original specification for defining packet priority described in RFC 791. • TOS: Type of Service as described in RFC 791 Both set a QoS tag into the same byte field in the IP header. If this byte field is interpreted as DSCP or TOS, depends on network infrastructure settings. A value can be entered in decimal (e.g."38") or hexadecimal (e.g."0x26"). Note that it is only possible to specify one tagging method (i.e. DSCP or TOS) for any given tagging rule. amcc-4_ug_en_2013-06 54 4 Network 4.8 Auto-Prov. Use this page to disable Aastra Auto-Provisioning. Auto-Provisioning is by default active. During the boot process, the Aastra AMC Controller starts a couple of DHCP requests and tries to download configurations. This is currently only supported by Aastra 400 PBXs. Use the first check box to deactivate the service. The other options (Settings) are not needed. They can be used to deactivate updating the server IP specified below via DHCP. amcc-4_ug_en_2013-06 55 5 Security 5.1 Security Level The configuration matrix "’Open administration ports via"’ enables the exact definition of the allowed locations from which configuration access shall be enabled. The opening of the administrative ports can be done on a per-interface basis. "For HTTPS" allows and denies configuration via web browser; "for SSH" allows and denies access using the SSH protocol which may be required for support purposes. I NTERFACES LAN1 The Administration through LAN1 interface is enabled by default. It is recommended that this access is kept open, because you might lock yourself out of the WebGUI by disabling this. WAN Administration on the WAN interface should only be enabled if it is absolutely necessary. In conjunction with an insecure password, this could put the device in jeopardy for attacks. In order to increase security, only the SSH connection could be opened. It is possible to tunnel HTTPS access through SSH. 56 5 Security 5.2 Firewall Besides the rules available by default, it is also possible to configure your own, very detailed rules. This way of configuration is recommended to be used only by experienced administrators. Faulty firewall rules can cause network applications to stop working. Customizing rules hence requires a lot of background knowledge and experience. The custom rules of the firewall are executed according to their hierarchy. By clicking on the arrow-buttons ( and ) you can rearrange the firewall rules. Registered rules can be edited by clicking on or can be deleted by clicking on . Figure 5.1: Add a new custom firewall rule Creating a new custom firewall rule 1. Click Create rule at the appropriate position shown in figure 5.1. 2. Define the rule. Then specify Protocol (TCP, UDP, ICMP, other), Interfaces and IP details that this rule shall match. 3. Choose the rule target (Filter policy) in order to specify what should happen to the traffic that applies to this rule. 4. Click Create rule to save your changes. Your changes will be applied after selecting Apply configuration. amcc-4_ug_en_2013-06 57 5 Security 5.3 Port Forwarding Port forwarding allows you to forward incoming data packets arriving at the Aastra AMC Controller to a computer within the local network. It is used in conjunction with NAT and is the only way to access a computer connected to the private LAN directly from the Internet. Port forwarding is also often described as virtual server functionality. Figure 5.2: Port forwarding To reach several computers within the private LAN via the same protocol it is also possible to change the ports. Example: You would like to let three computers within the LAN be accessed via SSH. SSH normally uses port 22, but it’s impossible to reach all three computers via port 22 of the Aastra AMC Controller. With Port Forwarding you can now define that e.g. port 2022 of the Aastra AMC Controller is forwarded to port 22 of the first computer, port 2023 is forwarded to port 22 of the second computer and so on. An SSH client connecting to port 2022 of the Aastra AMC Controller would then actually be connected to port 22 of the first computer in the LAN. Setting a new port forwarding rule 1. Click Add in order to define a new port forwarding rule and specify Local port, Destination IP, Destination port (compare figure 5.2 on page 58). 2. Local port is the port that will be provided by the Aastra AMC Controller. amcc-4_ug_en_2013-06 58 5 Security 3. Destination IP is the IP address of the internal computer to which the data is to be forwarded. 4. Destination port is the port of the internal computer to which the data is to be forwarded. 5. Click Save to save your changes. Your changes will be applied after selecting Apply configuration. amcc-4_ug_en_2013-06 59 5 Security 5.4 TLS Certificate Configuration The TLS certificate configuration page is a simple tool to upload a TLS-private keys and a TLS certificates onto the Aastra AMC Controller used to communicate with the client in TLS mode. If you upload your own key here you have to upload a matching certificate on the Aastra MC Client. The other possibility you have here is to have the Aastra AMC Controller Generate these files automatically by clicking on Generate . By doing so previously uploaded files will be overwritten. Naturally, this is only relevant if you have a client that is able to support SIP in TLS mode. Otherwise you can ignore this section. Figure 5.3: TLS certificate configuration before certificates are uploaded/ generated U PDATE OF A ASTRA MC C LIENT C ERTIFICATES If the IP configuration of the Aastra AMC Controller is modified (WAN Interface if configured, LAN Interface 1 if WAN interface is not configured), your Aastra MC Clients might refuse the connection to the Aastra AMC Controller or display an error message. Some modifications have to be made on the hand-held devices in order to troubleshoot this issue. This procedure is explained in the user guide for your Aastra MC Client. amcc-4_ug_en_2013-06 60 5 Security W HERE WILL THESE CERTIFICATES BE USED ? Your uploaded certificates will be used automatically for the following: Web Interface You will be asked to admit this certificate the first time you open the WebGUI as soon as certificates are present on the Aastra AMC Controller. Towards the Aastra MC Client These certificates will be used if security is enabled for an Aastra MC Client in the User Account Settings. U PDATES If you update your Aastra AMC Controller, it will keep the existing certificates they will not be lost! However, they will be overwritten as soon as you generate certificates another time. You will then have to verify the certificates again as soon as you re-enter the WebGUI for the first time. 5.4.1 Upload Private Key and Certificate To upload a new TLS-Private Key and overwrite any existing private key, press the Browse button and select the new private key from your file system (Figure: 5.3). If you would like to return to the private key and certifate which the Aastra AMC Controller generates by default, simply go to Create Private Key and Certificates (see below). In the next step press the Upload button and the new TLS private key will be saved onto the Aastra AMC Controller. The procedure for the TLS certificate is essentially the same (Figure: 5.3). M UST M ATCH The TLS certificate must match the TLS private key, otherwise no TLS communication will be possible. amcc-4_ug_en_2013-06 61 5 Security 5.4.2 Create Private Key and Certificates If you do not have any keys ready to use for TLS communication, you can also use the Aastra AMC Controller to create a key set. Simply press Generate and the Aastra AMC Controller generates a new default TLS private key and TLS certificate. These will be stored on the Aastra AMC Controller and activated after pressing Apply Configuration . The menu items described in the following will not be visible in the web interface until certificates are uploaded or generated! 5.4.3 Installed Primary Key and Certificates This part of the page displays the essential information about the certificates used (validity, subject and issuer). The color of the field to the left of the floppy-disk symbol indicates if the certificate is valid for another 3 months and if the key pair matches (green, yellow for less than 3 months or no match). You can download the primary key and certificate for the current server by clicking on the floppy-disk symbol. To ensure that certificates are excepted it is very important that the time in the SYSTEM/Basic Settings is set correctly. A reliable NTP Server is probably the best solution. NTP Servers can be configured at NETWORK/NTP Configuration. amcc-4_ug_en_2013-06 62 5 Security 5.5 Certificate Security Figure 5.4: Certificate Security page This page enables you to force the Aastra MC Clients to verify the controller certificate when downloading the configuration. This cannot be used and must therefore stay deactivated if the used certificates are self-signed. This is the case in the screenshot above and a message highlighted in yellow is displayed. To successfully use this option, certificates must be signed by an issuer that is considered a trusted entity by the operating system the Aastra MC Clients run on. If the certificate is not self-signed the message will be "greenlighted", but since the Aastra AMC Controller cannot know if the used operating system(s) trust the issuer, verification attempts might still lead to failures. 5.6 Database Security Key Security keys are only needed for Remote Backups via SCP and for Master/Slave configurations: • Remote Backup via SCP: Download the Superuser Public Key and upload it to the remote backup server. For more information about remote backups, please refer to 3.8. • Master/Slave: For Master/Slave operation, the Database Public Key has to be downloaded from the Master and uploaded to the Slave device. Please refer to 3.12 for more information about database synchronization with the Aastra AMC Controller. amcc-4_ug_en_2013-06 63 5 Security Figure 5.5: The database security key in the web interface 5.7 SBC User Agents It is neccessary to list additional user agents that are directed towards the Aastra AMC Controller’s SBC on this page. This concerns softphones like "Twinkle" that can be configured to work with the Aastra AMC Controller. Save the user-agent string to this table to enable telephony via the Aastra AMC Controller using the user agent in question. amcc-4_ug_en_2013-06 64 6 Telephony 6.1 Aastra MC Solution Basics All menus described from this point to the beginning of the Diagnostics chapter (10) have direct relevance for the Aastra MC Solution. Find below the most crucial settings briefly noted. All menu items will be described in thorough detail in the following sections. There are several SIP-and RTP-related options to configure in the Global Settings (refer to 6.3). The next important step is the configuration of one or more Numbering Profiles. For more information refer to 6.6. Please configure at least one Endpoint and one PBX profile in the menus Endpoints 6.7 and PBX 6.8. Besides the Endpoint and PBX profile, a separate host for inbound Call-through 1 calls. This second host will be used for handling the Call-through calls which are first connected to the Enterprise network. After this connection the actual destination number is dialed. All PBX profiles will receive associated User Profiles (6.11) and User Accounts (6.13). Another crucial menu is FMC Numbers, where at least one Call-Through number has to be configured. All other numbers are used by the Aastra MC Client to request specific services on the Aastra AMC Controller-side. In the next menu User Profiles are configured. Then associate these (PBX) User Profiles with the users of this solution in the User Accounts menu (6.13). There is also the menu User Accounts (advanced) where further important (but optional) settings can be made. The last step to complete the core of the Aastra MC Solution is the menu Cellular Numbers (6.15). This is where User Accounts (and consequently their PBX registrations) are associated with Cellular Numbers. 1a Call-Through call is a call from the cellular network that is routed through the Aastra AMC Controller. The Call-Through functionality enables the single number service and makes extension dialing from outside of your corporate network possible 65 6 Telephony Your changes will be applied after selecting Apply configuration. Please note that simple User Configurations etc. at a later time will not require pressing Apply configuration. Apply configuration will also only be possible if it is necessary ; otherwise the system will disable it. 6.2 Accessing PBX Features Besides the basic call functionality with the single-number service, the Aastra AMC Controller extends a wide range of the standard enterprise PBX features to the Aastra MC Clients. These features are signaled across a data channel (with SIP INFO) or in pure cellular mode (via DTMF). It will be possible to access the features completely transparently from the handset and will keep working from one network to the other through handoffs in both directions. The features described here equal the features usually provided in a SIP phone. In order to make them usable through handoffs, their implementation has been changed and distributed between the Aastra AMC Controller and the Aastra MC Client. It should be noted that combinations of these features are also usable. In addition to the typical SIP phone features, the PBX-based SIP features are also available as described below. To avoid possible conflicts with systems provided by many operators such as VoiceMail systems, accessing some features requires using more complex DTMF signals than just a single digit. The following features are provided: • Hold • Toggle • Consultation • Conferencing (3pty) • Transfer • Combinations of the above AVAILABLE F EATURE S ET Please note that the selectable features can vary depending on the Aastra MC Client, its version, as well as the used PBX. Feature combinations that are not supported will not be offered by the Aastra MC Client. amcc-4_ug_en_2013-06 66 6 Telephony T RANSFER The transfer feature requires the PBX to support the SIP REFER message as defined in RFC 3515. The implemented transfer mechanism is an unattended transfer with a fallback function in case the transfer is declined by the PBX. In that fallback case, the previous call is resumed. In addition to the emulated SIP phone features, the server side features of the PBX can be used. The number and type of features are very dependent on the connected PBX, but there are some rules to tell which features are available. Many features in SIP PBXs are enabled / disabled by using access codes. All of these features can usually be fully used in conjunction with full fmc-operation. In addition to features enabled by access codes, some group features are also usable via the handset. The following is a list of features that are typically supported by the Aastra AMC Controller if the PBX supports them: • Pickup • Call Back • Call Forwarding • Hunting • Simultaneous Ringing • Call Groups • Boss Secretary • ... Depending on the implementation, keyset operation is also supported to a limited degree. The great exceptions here are any features including indicator lamps, which are not supported on the device. The reason for this is that the necessary keys and indicator lamps are simply not present on a typical mobile handset. However, depending on the used PBX, indicator lamps are supported passively; that is: if said mobile device shares a keyset line with an enterprise phone, and a call is present on the mobile device, the enterprise phone shows the mentioned indication that the other line is indeed busy. amcc-4_ug_en_2013-06 67 6 Telephony FMC Interface and Port Handling The Aastra AMC Controller has multiple network interfaces which, in principle, can all be used for the Aastra MC Solution. The main interface that handles the connection towards the PBX is the LAN1 interface. The default SIP port for any client registration is 5062. For registrations towards the PBX, the Aastra AMC Controller will select a dynamic port for each registered user. The port range for this is 12000 and higher, depending on the number of configured users. S IGNALING Ports: If the option Disable Separate Profiles is selected as Mode for a PBX (6.8), port 12000 will be used for all users. The Aastra AMC Controller only accepts SIP signaling on port 5060 from Endpoints, other Aastra AMC Controllers, and from the localhost. If you use a different interface, you will need to make use of the above described SBC functionality. SBC - Session Border Controller The Aastra AMC Controller has an integrated Session Border Controller (SBC). This component enables you to exert control over how the signaling and/or the media streams pass from one network component to another. It will provide security and enable NAT handling. The SBC will also ensure that all networks configured on the Aastra AMC Controller are cleanly separated. In the context of the Aastra MC Solution the most frequent use will be to enable far-end NAT traversal for using Aastra MC Clients behind firewalls of hotspots, or for GPRS/UMTS scenarios. Details about the Services offered by the SBC Component • NAT and Topology Hiding If clients are to be used in different networks, or behind NAT routers, or if you would like to make use of Topology Hiding, the SBC component is required. The SBC listens (by default, no activation is needed) on port 5062 for TCP/UDP of all of your configured interfaces (WAN, LAN Interface 1 etc.). amcc-4_ug_en_2013-06 68 6 Telephony FMC Enterprise Configuration Introduction On the following pages you will find the detailed instruction of the setup of your FMC solution. The configuration settings are divided into several different groups and should be configured in order of their appearance in the GUI, from "Global Settings", to"Numbering Profiles", "Endpoints", "PBX", "FMC Numbers", "User Profiles" and finally "User Accounts". For the single-number functionality, "Cellular Numbers" have to be configured as well. O RDER OF C ONFIGURATION Please note that the order of configuration does matter, since menu items fetch entered pieces of information from items configured before hand, e. g. for drop down boxes etc. For instance: User Profiles are needed in order to configure a User Account. amcc-4_ug_en_2013-06 69 6 Telephony 6.3 Settings The following section contains the Global Settings necessary for the Aastra MC Solution. Please note that various fields have to be filled in for the system to work properly. 6.3.1 Global Settings Figure 6.1: Global Settings This part of configuration contains the concerning general settings the used PBX, SIP related features and media stream settings. These settings are essential for operating your Aastra AMC Controller properly. Enable Call-Through Progress Indication This feature supports the playback of a progress indication tone for the call-through functionality. When an Enterprise call is initiated and routed through the Aastra AMC amcc-4_ug_en_2013-06 70 6 Telephony Controller, the Aastra MC Client will first dial the Call-through number (configured in the Service Access Numbers menu, refer to 6.10). The Aastra AMC Controller will accept the call, then process and dial the destination number (any digits or inband signaled DTMF digits after the Call-through sequence). While the Aastra AMC Controller calls the destination, it can play back a progress indication to the Aastra MC Client user until the DTMF dialing has finished. This playback is what we call Call-through Early Media. If this is not enabled the user will only hear silence until the other side is actually ringing. The ringback tone for the other side is of course completely independent from this feature’s activation. Enable Client Early Media This will prompt the Aastra AMC Controller to respond to all requests from the Aastra MC Client by replaying all ringback tones, busy signals, etc., inband. Note that these tones will only be played back to the user of the Aastra MC Client, this has no effects on the other party. It is something that is solely negotiated between Aastra MC Client and Aastra AMC Controller. Therefore, we recommend to put this setting to On, because it enables the most consistent user experience in all call situations. Enable busy sound in WLAN If this box is checked the Aastra AMC Controller will replay a busy tone (for three times) if the called party is already in a conversation or if the called party rejects the call. This should in any case be sufficient since most users are likely to hang up actively after the first busy-tone interval. In the case of a call rejection, the ring-back tone will be followed by this busy tone. After these three busy-tone intervals, the call will be terminated. Disable Inband DTMF detection The Aastra AMC Controller supports three different mechanisms of DTMF detection coming from the Aastra MC Client as well as from the gateway or PBX via the Callthrough trunk connection. The Aastra AMC Controller listens for DTMF automatically and supports the following mechanisms for DTMF detection: • Inband signaling • Signaling according to RFC2833 • Signaling via SIP INFO → The Aastra AMC Controller executes the automatic detection as follows: • It will automatically try to detect the DTMF mode the peers are using after the connection has been initialized and it has seen the first DTMF coming from the peer amcc-4_ug_en_2013-06 71 6 Telephony • Once it has identified the used mode, it will continue to use it. A re-detection is triggered by restarting the dual-mode server. Some gateways and PBXs support a RFC 2833 fallback, which means that they will send DTMFs both inband and via RFC2833. This will lead to double detections on the Aastra AMC Controller-side. If the peers do this, you have to check this box to suppress inband DTMF detection, which is recommended if your equipment supports it, because it avoids wasting resources on the inband DTMF detection. The correct detection of the used DTMF mode is not always possible. It can furthermore consume quite a lot of resources especially if the Aastra AMC Controller concluded that inband DTMF was being used. In order to avoid these issues, it is recommended to always disable inband DTMF if anything else is supported by the peers. Disable Number Converter The Aastra AMC Controller supports a three stage number converting process: • Source pattern to target pattern mappings defined by explicit rules (this is set in the Number Conversions menu; section 7.1) • Considering numbers as internal depending on their length (refer to Numbering Profiles in section 6.6) • Automatic conversions based on the Numbering Profile settings performed here (see 6.6) By checking this option the number conversion process will be completely switched off. This means that any dialed number will be passed through straight to the PBX without any modification. DTMF Duration With this setting you can configure the duration of (RFC 2833) DTMF towards your PBX. The value the Aastra AMC Controller uses by default for this DTMF signaling, if this field is left blank, is 100 milliseconds. For some PBXs, however, a lower or even higher value might be more favorable. Legal are values between 10 and 8000 ms. RTP payload-type for DTMF In this field you may enter values from 96 to 127 to specify the payload type (PT) for all DTMF signaling between Aastra AMC Controller and your PBX. This can be used to have both peers use the same PT. amcc-4_ug_en_2013-06 72 6 Telephony Unavailable Timeout This determines the amount of time until a user is regarded as "unavailable". If Call forwarding is enabled for the user in question, it will become active after this interval. If left blank, the default value is 30 (seconds). Of course the total amount of time before a call’s establishment is regarded as "failed" and how the call attempt is treated after this set interval might also depend on your PBX’s configuration. Force Ringing on Early Media If your gateway sends an "Early Media" request when a call comes in from the cellular network (i. e. a Static Roaming call), but your PBX does not support this, you can check this box to have the Aastra AMC Controller send a "Ringing" with a following "Early Media". This option is only of use in certain network constellations. Use P-Asserted Identity2 This check box enables you to use the P-Asserted-Identity header instead of the "SIP FROM" header for SIP trunk calls (Static Roaming). E XAMPLE l Using "P-Asserted Identity" (box checked): instead of the "SIP FROM" header of the first invite, the Aastra AMC Controller will use the "P-Asserted Identity" when it send the INVITE message to the gateway. Using "SIP FROM" (box not checked): an incoming call for a user reaches the Aastra AMC Controller as a SIP INVITE message, the Aastra AMC Controller forwards an INVITE to the cellular gateway (which then forwards it to the Aastra MC Client/user). The Aastra AMC Controller will use the "SIP FROM" header of the first INVITE in its INVITE to the gateway. Process Rinstance tag Some SIP clients add a rinstance parameter to the contact header. If you enable this Global Setting, this information (if available) will be kept and forwarded by the Aastra AMC Controller. 2 The P-Asserted-Identity header is used among trusted SIP entities (typically intermediaries) to carry the identity of the user sending a SIP message as it was verified by authentication. amcc-4_ug_en_2013-06 73 6 Telephony Number of Cellular-digts to match Specify here how many digits of Cellular Numbers shall be matched for authentication (to make use of Call-through etc.). The default value here is 10 (digits). Don’t send P-asserted Identity This option and the next two options can be used to modify the information used in headers towards the PBX(s) or Trunk(s). Check this option if sending the P-asserted Identity header is not supported by your PBX or Trunk. Don’t send P-preferred Identity Check this option if sending the P-preferred Identity header is not supported by your PBX or Trunk. Please note that the P-Preferred Identity is only sent in the case of Static Roaming calls. Don’t send Remote-Party ID Check this option if sending the Remote-Party ID header is not supported by your PBX or Trunk. Disable automatic Redirect-Server Push By default, this and the following option are not checked. This means that in the default case, an initial or new configuration deployment is triggered automatically a) to new users, or b) if something essential (like the Registrar setting) has changed. If this option is checked, configurations will not be deployed automatically. Disable automatic Force-Config Download By default, this and the previous option are not checked. This means that in the default case, configurations will be re-deployed from the Aastra AMC Controller if a setting that has to be stored on the Aastra MC Client has changed. If this option is checked, configurations will not be deployed automatically. Don’t Send Diversion for SR over reg. If no SIP Trunk is in use, the Aastra AMC Controller sends a Diversion Header for StaticRoaming calls. You can deactivate the sending of Diversion Headers for Static-Roaming calls by checking this option. Enable noise suppression Enabling this option increases audio quality, but has more impact on the CPU. amcc-4_ug_en_2013-06 74 6 Telephony Use only one PCM Codec Enable this option to restrict the PCM codec use to only one PCM codec. This will be the PCM codec selected for an Endpoint (refer to 6.7). The other PCM codec will then not be offered. Uniform usage of one PCM codec (per Endpoint) was applied until the latest version of the Aastra AMC Controller, hence enabling this equals reverting this behavior to the behavior of the prior version Disallow dynamic codec change With the latest version of the Aastra AMC Controller, it will automatically and dynamically use the codec offered by the other endpoint. Check this option to prohibit dynamic codec changes. Please note that the prior setting "Use only one PCM Codec" already affects this behavior to an extent. Pre-audio in cellular mode for NAT If checked, this option enables "dummy" audio packets for incoming and outgoing cellular calls in the early-media stage. These audio packets are required to open the pinhole of VoIP trunks that use NAT behind a PBX. Ignore Early Media SDP for Trunk Calls Activate this option if problems occur with parallel ringing on the deskphone. All SDP will be ignored for trunk calls, and only plain "180 Ringing" without any SDP will be forwarded. Always answer callthrough call Enable this to have the Aastra AMC Controller "answer" a Callthrough call immediately, i.e. even before the callee has answered the call. If this is used, even unanswered calls will be billed to the calling party, and early-media announcements generated by the telephony system will be received. Dynamic Call Limits Activate this setting to dynamically cap the number of ongoing calls. If the current system load is too high to ensure consistent audio quality, the Aastra AMC Controller will not permit new calls. Quality of performance of this setting is among other factors dependent upon the used PBX. Available values for this setting are: • Strict: the Aastra AMC Controller declines new calls ideally before audio quality is affected. amcc-4_ug_en_2013-06 75 6 Telephony • Lazy: the Aastra AMC Controller declines calls after audio quality has been affected. • Balanced: the Aastra AMC Controller sets the limit in between Strict and Lazy. • Reliable: the Aastra AMC Controller does not decline calls, but instead attempts load reduction by deactivating audio compression. amcc-4_ug_en_2013-06 76 6 Telephony 6.3.2 SIP Options Options to be configured in this section affect the general behavior of the SIP-related features. This is especially relevant for the registration behavior as well as the NAT handling in conjunction with the SBC component. Figure 6.2: Global Settings, SIP and RTP Options Registration Timeout Interval You can specify the default amount of seconds for all outbound registrations (this timeout will also be used for Subscribes to Pickup Groups and for Message Waiting Indications). Please note that this setting has absolutely no effect on the client side. It only specifies the registration interval towards the PBX. Re-registrations will be performed after the first half of the interval specified here. Please note that the PBX can always override the registration timeout by returning an "expire parameter" in the contact header or a separate expiry parameter in the OK response to the sent registration. amcc-4_ug_en_2013-06 77 6 Telephony Some PBXs also reject registrations with expiration timeouts that are too brief. If this is the case, you should increase the Registration Timeout Interval. If registrations fail, please perform a Network Trace (10.14). If you see registrations rejected with the error request interval too brief, the timeout set here has to be higher. By default, many PBXs expect expiration timeouts between 1800 and 3600 seconds. Registration Retry Interval This setting defines the interval between a failed REGISTER (towards the PBX) and the next retry for regular registrations and MWI subscriptions. The default value is 30 (seconds); the minimum value is 10 (seconds). This setting does not apply to XMPP and SIMPLE registrations! External IP for NAT The External IP specifies the source IP address which will be used for all SIP messages when NAT handling is done. It does not matter whether the interface for the IP address specified here is a LAN, WAN, or DMZ interface. For all messages arriving through this interface on port 5062 (or port 5061 for TLS), NAT handling will be performed. The Aastra AMC Controller can easily verify whether a NAT is involved. This can be done by checking for private IP-address ranges and seeing if the source of the message matches the source indicated in the SIP signaling. If addresses differ, NAT handling has to be performed. This means that all messages must be returned through the firewall pinhole that the message came from. The same holds true for the media stream. The addresses in the SIP header and the SDP body will then in part not be considered. There is no need for the configuration of any special handling on the client side. To exclude certain networks from this, configure them as SBC Internal Networks; refer to 6.5. Attempt Near-End NAT Pinhole Attempt Near-End NAT Pinhole can sometimes solve "no speech" (RTP issues) due to a false IP address given in the SDP body. If activated, the RTP is directed to the foreign address included in the SIP packet (box checked) instead of the IP address given in the SDP body (box not checked). This option has no effect if the External IP for NAT is not set! amcc-4_ug_en_2013-06 78 6 Telephony Please note that this option can only work as intended if the near-end firewall honors the port range, i.e., if it does not alter the ports. TCP Keepalive Interval Specify when the first keepalive shall be sent. The interval is specified in seconds passed after the last TCP packet. To disable keepalives, set this value to zero. The default value is 0s. SBC call admission control This setting lets you specify the maximum number (>0) of parallel WLAN calls permitted via the SBC if there’s a) NAT involved, or b) if they are done via the WAN interface. If this number is exceeded, calls will be established via Static Roaming (i.e., they will be forwarded to the cellular network). Set the number to the maximum number of parallel calls that can be established with sufficient voice quality in your network. B UILT- IN S ESSION B ORDER C ONTROLLER The Aastra AMC Controller will utilize a built-in Session Border Controller for handling clients behind NATs. In those cases, the client needs to be registered via port 5062. For TLS, where NAT detection will always be done by default, there is no such distinction (so port 5061 can always be used). This distinction is in partly due to security concerns. Explicitly not performing NAT detection makes the communication over insecure links a little safer. The mechanisms needed to do the NAT handling can increase the likelihood of attacks such as session hijacking. When using TLS as signaling protocol, you do not run this risk, because the signaling is done through a secure channel. E XTERNAL S ESSION B ORDER C ONTROLLER It is also possible to make use of an external Session Border Controller: simply configure the Aastra AMC Controller as a SIP server in the used Session Border Controller and have the SBC forward the SIP messages to port 5060 of the Aastra AMC Controller. Then the external SBC will perform the NAT handling. Time interval for registrations This setting is to be used in combination with the following setting. They determine the number of maximum number of users that can register within the amount of time (seconds) specified in this field. The default values are 200 users within 10 seconds. amcc-4_ug_en_2013-06 79 6 Telephony Max value of simultaneous registrations This setting is to be used in combination with the previous setting. They determine the number of maximum number of users that can register within the specified amount of time (seconds). The default values are 200 users within 10 seconds. 6.3.3 RTP Options The RTP Options are used to set system-wide behavior of RTP-media streams such as timeouts and sending RTP-keepalive packets. These settings apply only to the SBC component of the Aastra AMC Controller, and hence only apply to the media streams originating from it. For general QoS settings please refer to 4.7. amcc-4_ug_en_2013-06 80 6 Telephony TOS for outgoing media Specify the TOS (Types Of Service) byte that is to be set in the IP header for all voicepayload traffic leaving the Aastra AMC Controller. It has been originally defined in RFC 791. The following 8 bits were allocated to the TOS field in the IP header (bitmask): • bits 0-2: precedence • bit 3: 0 = Normal Delay, 1 = Low Delay • bit 4: 0 = Normal Throughput, 1 = High Throughput • bit 5: 0 = Normal Reliability, 1 = High Reliability • bits 6-7: Reserved for future use This field is now used for DiffServ and Explicit Congestion Notification (ECN). The original intention was to enable a sending host to specify a preference for how the datagram would be handled as it made its way through a network. For instance, one host could set its IPv4 datagrams’ TOS field value to prefer low delay, while another might prefer high reliability. These bits have been redefined, most recently through the DiffServ working group in the IETF and the Explicit Congestion Notification codepoints (see RFC 3168). In order to set the field, use a decimal number between 0 and 255. The value will be taken as 8 bits with the bitmask’s meaning explained above. RTP Session Timeout The default value for the RTP session timeout is 30 seconds.This setting specifies the maximum time an RTP session will be kept open (after media transmission has stopped). If this setting is too high, too many RTP sessions could be open at the same time which may lead to lack of speech transmission or even failed calls in times of high load (many active calls). A sensible value range is [10;1800]. As just mentioned, the Aastra AMC Controller will drop any call if no RTP media has been received for 30 seconds. This RTP timeout is used for hanging up dead calls. Note that this timeout does not come into effect when there is a call on Hold. If that is the case, there is a timeout of 300 seconds. As a result a call that has been on Hold for 300 seconds is simply hung up because it is assumed that the party was forgotten or lost (e.g. when the Aastra MC Client user who put the other party on hold dropped out of the call). amcc-4_ug_en_2013-06 81 6 Telephony 6.3.4 Load Limit Configuration This setting is only available on virtual Aastra AMC Controllers(this inlcudes the SuSEbased Aastra MC Solution), and specifies how many concurrent calls are allowed on the system. 6.4 Ports This menu item allows you to configure custom ports if necessary for your individual FMC solution. The default values, if left blank, are as follows: • For SBC: Name Number Receiving SIP Port 5062 Receiving TLS Port 5061 RTP Start Port 35000 RTP End Port 65000 • For B2BUA: RTP Start Port 16000 R ECEIVING SIP P ORT TO 5060 It is possible to set the Receiving SIP Port of the Session Border Controller to 5060. However, this will never affect LAN Interface 1. On LAN Interface 1 the B2BUA will always listen for messages. So by setting the Receiving SIP Port of the SBC to 5060, DMC will be possible on LAN Interface 1 (please refer to User Account Settings), but the SBC will be listening on the WAN Interface (to enable NAT for example). amcc-4_ug_en_2013-06 82 6 Telephony 6.5 SBC Int. net. This menu lets you list networks which are to be treated as "internal networks" if the Global Setting (SIP Options) "External IP for NAT" is active. If a call originates from one of these networks, the media stream (RTP) will be routed locally. Figure 6.3: Set IP networks or hosts as SBC internal networks. 6.6 Nr. Profiles The Aastra AMC Controller provides several features for the formatting of numbers. Formatting is necessary to ensure the following principle: For calls towards the Aastra MC Client, the goal is to send as much information as possible to ensure the correct identification of the caller (unless it is an internal call, the displayed number will always be a number reachable via cellular networks (full E164 format), including all codes, prefixes etc.). Whereas for calls entering your Enterprise network from outside as many matching digits as possible are to be stripped. Some PBXs support this feature, but if your PBX does not format numbers appropriately, the Aastra AMC Controller is able to take over this job. There are two features available in the Aastra AMC Controller for formatting numbers, which can be found under the menu items Numbering Profiles and Number Conversions. Conversion rules have priority over Numbering Profiles, although only the configuration of one Numbering Profile is mandatory. Please refer to 7.1 on page 124 for more information about Number Conversions. If no Number Conversions are configured or if no match is found there, the Aastra AMC Controller will compare each call with your configured Numbering Profile(s). amcc-4_ug_en_2013-06 83 6 Telephony Every PBX is associated with a unique Numbering Profile in this menu. The Aastra AMC Controller then compares all outbound and inbound calls with the configured profile(s), completes numbers calling an Aastra MC Client and strips numbers coming from an Aastra MC Client in accordance with these profiles. Please note that it is possible to define alternative mappings through the Number Conversions page. The Aastra AMC Controller performs number formatting in 3 stages (if the concerned menu items are configured): 1. Source pattern to target pattern mappings defined by explicit rules (refer to Number Conversions in 7.1) 2. Considering numbers as internal depending on their length (see column title Internal Length under Numbering Profiles. This means that besides adding the Fixed Prefix, no reformatting is done, because it is assumed that internal numbers are dialable on the PBX without further modification. 3. Automatic conversions based on the Numbering Profile. Number Formatting Overview The graphics starting on the next page will make the process of number formatting more clear. amcc-4_ug_en_2013-06 84 6 Telephony Figure 6.4: To-Number Conversion amcc-4_ug_en_2013-06 85 6 Telephony Figure 6.5: From-Number Conversion amcc-4_ug_en_2013-06 86 6 Telephony Once a match is found in a specific stage, all following stages are skipped. There is no exception to this rule, not even the Number Conversion (7.1). The Aastra AMC Controller will always perform a one step conversion to avoid unnecessary complexity. Select the Numbering Profiles menu entry, and you will see the this mask: 6.6 on page 87 (the content as always will vary depending on your configuration). R EQUIRED S ETTINGS There are no default numbering profiles configured. However, you need to configure at least one to proceed. This step is crucial since it determines how numbers are sent to your PBX. If you make mistakes here, it will lead to no connections or wrong connections at a later point in time. E164 F ORMAT The fields Country Code, Country Prefix, Area Code, Area Prefix have to be set if you want to have the Aastra AMC Controller operate correctly. Please note that numbers on the cell phone are typically dialed in E164 format and therefore need to be reformatted by the Aastra AMC Controller. Figure 6.6: Numbering Profiles Configuration You can add as many Numbering Profiles as you like. Each PBX must later on be associated with a Numbering Profile. You can also define multiple Endpoints referencing the same PBX but using different Numbering Profiles, but this will be considered later. First a general Numbering Profile has to be configured. Depending on how the Numbering Profile is associated with a PBX (To or From Converter Profile), the mappings are applied to the To or the From headers. When applied to the To headers, the direction of the mapping is always applied towards the PBX. From always means from the PBX. amcc-4_ug_en_2013-06 87 6 Telephony • Name This is a name identifying the Numbering Profile in the other masks. You will need to use this name whenever you are referencing to the Numbering Profile defined here. • Country Code The country code is the international prefix number of the country the PBX is located in. This paramter is used in conjunction with the City Code to correctly compose numbers for outgoing calls. You have to specify it here without leading and without plus sign, e. g. 49. On the client, or on the cellular side if we are dealing with a callthrough case, the + sign will be handled automatically. This setting only applies to numbers dialed from your mobile device. Whenever you dial a number starting with your own country code, the Aastra AMC Controller will strip away this country code before extending the call to the PBX. • Country Prefix Prefix to denote that a country code will follow, e.g. 00. This is required for properly converting E164 numbers. As briefly mentioned before it will be 00 for most countries, but not for all, for the US it is for example 011. • Area Code The Area Code is used in conjunction with the Country Code to correctly compose the numbers for outgoing calls. Please note that this only applies to numbers dialed from the mobile device. Whenever you dial a number that starts with your own city code (relative to where the Aastra AMC Controller is positioned), the Aastra AMC Controller would strip away its own Area Code before sending it to the PBX. The area code also has to be specified without any leading zeroes. • Area Prefix Enter the number you have to dial on your phone before making a long distance call. In the US this is a 1, in most European countries a 0. • Outgoing Prefix This is the number that has to be dialed from inside of your Enterprise to call an outside line with your PBX. In most cases this will simply be a single digit. This digit will always be prefixed, unless it is an internal call. amcc-4_ug_en_2013-06 88 6 Telephony • Fixed Prefix A fixed prefix can be added to all numbers sent to the PBX. This can be used for a variety of reasons, e. g. if you want to singalize to the PBX that it is actually an FMC call. This could be used for doing a special treatment in the billing or a least cost routing implementation. If you set a parameter here, it will always be applied. • Internal Length Numbers that do not exceed this length will always be considered as internal numbers. Sometimes there is no real pattern to internal numbers, but, however, they do have a maximum length (since there are few real numbers with three digits). If all numbers should be treated by your configured Numbering Profiles, set the Internal Length to 0. • Minimal Outgoing Format For numbers (outbound calls) exceeding the specified Internal Length the Minimal Outgoing Format can be set to International (full E164 format with Country Prefix and Country Code), National (without the Country Prefix and Country Code), or Subscriber (without Area Prefix and Area Code). Number Conversion Stage 1 As briefly mentioned above, these parameters will be used to do a conversion in three steps. The first step is an explicit specification as described in 7.1. If nothing matches, an automatic fortmatting follwing the next two stages described here will be executed. Number Conversion Stage 2 This stage is meant to enable special treatment for short numbers, meaning Never touch numbers that do not exceed length X, even if they start with e. g. the outbound prefix. Numbers which do not exceed the set Internal Length will only be formatted by adding the Fixed Prefix. Numbers exceeding this length will be formatted along the rules described in Stage 3. If you do not want these exceptions, just set the Internal Length value to 0. Then Stage 2 is completely disabled and all numbers undergo automatic conversions as described below. Note that there must be a valid Numbering Profile before you can define an Endpoint. amcc-4_ug_en_2013-06 89 6 Telephony Number Conversion Stage 3 1. A leading + character is replaced by the country prefix as configured. 2. The number is checked to see whether it starts with the country prefix followed by the country code and area code, as specified. If so, the number is flagged as outgoing and the country prefix together with the country code and the area code are removed. 3. If the previous does not apply the number is examined whether it starts with the country prefix followed by the country code (without area code) if so, the number is flagged as outgoing and the country prefix together with the country code are replaced by the area prefix. 4. If the previous does not apply, the number is checked to see whether it begins with the area prefix and the area code as configured. If so, the number is flagged as outgoing and area prefix together with area code are removed. 5. If the previous does not apply, the number is checked to see whether it begins with a 0 if so, it is flagged as outgoing. 6. All numbers that are flagged as outgoing are prepended by the dial-out prefix as specified. 7. The fixed prefix (if configured) is prepended to all numbers. amcc-4_ug_en_2013-06 90 6 Telephony 6.7 Endpoints In order to be able to configure users, you must first configure the SIP Endpoint(s) that the Aastra AMC Controller should integrate. An Endpoint will be some sort of SIP Server, typically a SIP-capable PBX, but it can also be one of the following: • B2BUA or Softswitch • SIP Proxy • Gateway able to handle registrations. At least one Endpoint has to be configured before you will be able to do any further configuration. Figure 6.7: Endpoint (PBX) Configuration menu Common name The common name of an Endpoint (SIP Host) uniquely identifies it. This name will be used throughout all further configuration. It is used for internal purposes only and should be descriptive, because it is used in other configuration pages. It can be identical to the Hostname (if domain names are used), but it does not have to be. Please note that if the Endpoint is an Aastra BluStar-Server, it has to be named "BSS" or "bss", or its name has to contain "BSS" or "bss" if the BluStar-Server is to be used for Presence, refer to 8.5 and 8.6. Hostname/IP This setting enables you to specify the address for a SIP host either with its IP address or as a fully qualified domain name (FQDN). If you are going to use the FQDN you have to make sure that an appropriate DNS Server is configured on the Aastra AMC Controller. amcc-4_ug_en_2013-06 91 6 Telephony Local Interface Specify the interface to be used for sending and receiving the SIP messages. It will be the IP address of the configured interface from which the PBX will receive all messages. It also has to be able to return messages to this IP; as a consequence all routing and security settings of involved firewalls have to be set accordingly. Different SIP endpoints can be configured to use separate network interfaces. This enables a clean network separation as is sometimes required for security purposes. Foreign Port In some configurations it is necessary to specify the port where the destination host listens for incoming SIP connections. The default port is 5060, which is the standard SIP port. To select this port you can simply leave this field blank. 5060 should be appropriate for most configurations. The recommended range for this port is between 11000 and 11499. The following ports must not be chosen: • Must be equal or greater than 1025 • Must not be the same as the Receiving SIP/TLS Port (by default 5061 and 5062, respectively; refer to Port Settings, 6.4) • The default port 5060 is only supported on LAN Interface 1 • Must not be set to the following ports which are reserved for certain services/protocols: 5222 (XMPP), 5432 (Postgres), 1234/1235 (Worker/Boss, Blade Server scenario), 8021 (Event Socket), 12000 - 16000 (Subscription and SIMPLE Presence). The most frequent reason for using a non-standard port are security considerations to make an attack more difficult. This approach can make denial of service or other attacks more difficult by obscuring that the Aastra AMC Controller is actually a SIPaware device. A lot of the scanning bots used for detecting vulnerable systems on the Internet only check for these standard ports. However, obscuring this port cannot and must not replace real security mechanisms such as digest authentication. Realm The realm parameter specifies the authentication realm used when connecting and authenticating to the Endpoint. If the host is behaving completely compliant to the SIP specifications, it should reject any attempt to register with the wrong realm. All devices connected to the Aastra AMC Controller must hence belong to the same authentication realm to work together. Although the notion of a realm is clearly specified in RFC 2543, many UAs fail to implement it and simply ignore the parameter. Therefore, the likelihood of registrations working even without setting this parameter is very high. amcc-4_ug_en_2013-06 92 6 Telephony Preferred Codec Please select the preferred codec towards this Endpoint. This codec setting will become effective whenever a call is terminated on the Endpoint, or on an IP phone/Gateway connected by it. The codec set here will always represent the first codec offered in the signaling between the Aastra AMC Controller and the Endpoint. A BOUT C ODECS The Aastra AMC Controller supports the G.711 alaw and ulaw, iLBC, G.722 and GSM as well as G.729. The G.711 alaw and ulaw are also supported with a play time of 30 ms . All codecs are always offered, so the Endpoint is completely free to determine the used codec by selecting its preference. However, the specified Preferred Codec will be offered first. If a compressed codec is used between the Endpoint and the Aastra AMC Controller as well as between the Aastra AMC Controller and the Aastra MC Client, it has to be the same compressed codec. Sometimes it is recommended to use a compressed codec (such as ILBC or GSM) towards the Aastra MC Client, because it is less straining for the WLAN network. Especially ILBC is very resilient in bad network conditions and could even lead to better voice quality under certain conditions. When using the Aastra MC Client across a WAN connection, the use of a compressed codec is highly recommended. amcc-4_ug_en_2013-06 93 6 Telephony Outbound Proxy Specify an outbound proxy by entering its IP address here. Specifying an outbound proxy enables you to statically set the next hop for all SIP messages towards an Endpoint. SIP Proxies or Session Border Controllers are often configured as outbound proxies to locate them at the network edge which protects the Aastra AMC Controller and / or the PBX. This option will not really change the routing of the messages except for adding this static routing entry. If this is configured, the Aastra AMC Controller will add a static route header to accommodate this next hop. Other than that everything will remain the same. For more information about outbound proxies, please refer to RFC 3261. 6.8 PBX Configure PBX profiles by combining an Endpoint and a Numbering Profile in this menu. Figure 6.8: PBX Profiles associated with certain Endpoints. Common Name The common name of a PBX profile uniquely identifies it. This name will be used throughout all further configuration. It is used for internal purposes only and should be descriptive, because it is used in other configuration pages. It can be identical to the Endpoint name, but it does not have to be. Endpoint Select the Endpoint on which this PBX is running. Only already configured Endpoints will be available in this drop-down box. amcc-4_ug_en_2013-06 94 6 Telephony Use inactive for Hold In SIP, there are two ways of signaling the Hold feature. Both are implemented through the SDP protocol, where you can either signal a sendonly, or an inactive. By default the Aastra AMC Controller uses the former. However, most PBXs support Hold as a native feature, therefore it might be more appropriate to use inactive to signal Hold. In those cases, the PBX will play back the Hold music. As mentioned, most PBXs do support this, therefore it should be save to deactivate this feature on the Aastra AMC Controller’s side. From Numbering Converter Profile The From-Number Mapping has been introduced to create a uniform number experience on the mobile phone. As mentioned above, the goal is to be able to dial any number that you would also be able to dial from your mobile phone without the Aastra MC Solution. Since most companies have different number policies (e.g. you have to dial a 0 to call out etc.), some mappings are recommendable. The From-Number Converter Profile is only needed if the Caller ID of incoming calls is incorrect, e. g. if the leading 0 for an outside call is attached by the PBX. In those cases it is usually enough to specify the same Number Mapping that you have specified before in the To-Numbering Profiles to revert the changes when receiving calls. For more information also refer to 6.6. To Number Converter Profile Selecting a valid Numbering Profile for each PBX is mandatory. Not doing so, will lead to a failing PBX. To configure a profile, please refer to 6.6 for more information. The Numbering Profile set here will convert the number going to the PBX. These profiles have been introduced to enable a uniform user experience on the Aastra MC Client: the number of a party calling a client should always be displayed in full E164 format. This ensures that a call log entry (missed and received calls) can always be redialed even from the cellular network. amcc-4_ug_en_2013-06 95 6 Telephony F ROM -N UMBER P ROFILE IS O PTIONAL Specifying a From-Number Profile is optional. You should only do so, if the numbers you receive as a Caller ID for inbound a calls (to the Aastra MC Clients) cannot be dialed from the cellular network. S ETTING A N UMBERING P ROFILE IS M ANDATORY At least one Numbering Profile needs to be selected for a PBX. It is not possible to configure a PBX without a Numbering Profile. Before forwarding a call to the PBX, the Aastra AMC Controller will enforce the configured Numbering Profile against the dialed number. This is one of the key concepts of the Aastra MC Solution. While the cellular phone is now an enterprise phone, numbers are assumed to be dialed in E164 or abbreviated E164 format. This is done to provide a uniform behavior between plain cellular mode and enterprise mode. It would be very inconvenient if the stored contact only worked in one of the two modes. The Aastra AMC Controller will do the number formatting to make sure that the SIP endpoints will only get proper enterprise numbers. SIP Trunk This setting concerns the handling of statically roamed calls. They can either be forwarded to the cellular side of the Aastra MC Client through the user registration, or through a separate SIP-Trunk interface. The usual problem with signaling through the user registration is either the display of the correct caller ID of the original caller, or incorrect billing information by matching up the record with the Aastra MC Client. If you are experiencing any of these two problems, you should consider configuring a separate SIP Trunk for handling these calls. After a SIP Trunk has been set up in 6.9, you can assign the SIP Trunk to a PBX with this menu option. This assignment means that all static-roaming calls for the users of this PBX will be handled through the selected SIP Trunk. This setting is optional and only applies to the handling of static roaming calls. If no SIP Trunk is selected, all static roaming calls will be handled through the existing user registration. Country This setting is mandatory. In some situations, the Aastra AMC Controller will create tones (ringback and others). One example for this is the two stage dialing during an amcc-4_ug_en_2013-06 96 6 Telephony FMC-Call-through operation. Since every country has different tones, the Aastra AMC Controller supports a certain set of countries by default. Select the country profile you wish to apply. This should match the country profile of your PBX to create a uniform user experience, since in most situations the tones will come from PBX. The page Country Tone now enables you to upload sound files (wav 16 bit - 8000 hz - mono/1 channel). All sound files uploaded on said page, will be offered in the Country column of the PBX profiles. DTMF Type In older versions DTMF was always sent according to RFC 2833. Now you have the possibility to choose between RFC 2833, SIP INFO and SIP INFO (Cisco) (as specified by Cisco and the most appropriate for a Cisco PBX). Depending on your PBX a certain DTMF Type might be the better standard to select. You can therefore specify different DTMF Types for different PBXs. Mode You have the possibility to assign a different Mode for each PBX profile. There is Disable Separate Profiles, SIP Registration, and Trunking. Disable Separate Profiles and SIP Registration The major difference between Disable Separate Profiles and SIP Registration is that with Disable Separate Profiles, the Aastra AMC Controller will use the same port for all user registrations, whereas with SIP Registration a separate port for each user will be used. SIP Registration is the right choice if your PBX cannot handle all features correctly if the Aastra AMC Controller uses the same port for every user it registers to the PBX. Disable Separate Profiles is the better choice if your PBX supports user differentiation by their SIP identity and does not require the differentiation via port. Disabling the separate profiles improves performance and security since fewer ports are open. However, as already mentioned, there are PBXs which do not support this and the resulting problems might not be immediately obvious since they can only occur during feature signaling. As a conclusion, you should only use the Disable Separate Profiles option if you are absolutely sure that your PBX and the respective software version support this. Trunking With the mode Trunking, calls will be transferred statically between the PBX and the Aastra AMC Controller. This way, PBXs which support SIP Trunks only can be integrated with the Aastra MC Solution. The PBX must send calls to the IP:Port combination of the Aastra AMC Controller, and the Port must be set in the PBX profile if the amcc-4_ug_en_2013-06 97 6 Telephony Trunking mode is chosen. Please note that the Port 5060 is not available for Trunking unless the selected endpoint is configured on a virtual interface for this purpose. Only ports which are not yet assigned, can be used for this mode. In combination with a SIP-to-ISDN gateway, this mode enables the integration of the Aastra AMC Controller with a legacy PBX (i.e. that supports ISDN only). D ISABLE S EPARATE P ROFILES FOR +500 U SERS If more than 500 users are configured, you should use the Disable Separate Profiles option! It will improve the overall performance and reduce the number of required network ports. Please note that with SIP Registration, a separate port is required for each single user. Please note that if you do not select this option with more than 500 users, the firewall on the unit has to be deactivated, because the packet filter on all those ports will consume too much performance. Port The Port has to be set if the PBX Mode Trunking is selected for a PBX profile. This is the port the B2BUA listens on to receive calls from the Trunking-PBX. If left blank, the default port is 12000 for the Trunking Mode, for other modes the Start Port for user registration is assumed. Please note that the Port 5060 is not available for Trunking unless the selected Endpoint is configured on a virtual interface for this purpose. Only ports which are not yet assigned can be used for this mode. In combination with a SIP-to-ISDN gateway, this mode enables the integration of the Aastra AMC Controller with a legacy PBX (i.e. which supports ISDN only). Call Forwarding (CFW) Type Generally, there are three Call Forwarding types: • Standard With the Standard option, the Aastra AMC Controller will use a SIP Notify when forwarding calls. • Via CSTA (PBX-based Call Forwarding with CSTA) This enables you to make call forwarding a PBX-based feature by using the abstraction layer called Computer-Supported-Communications-Applications(CSTA). This will only work if your PBX supports CSTA (please refer to the documentation of your PBX). amcc-4_ug_en_2013-06 98 6 Telephony The Aastra AMC Controller will fetch the status of Call Forwarding (CFW) Rules and it will update rules if a user-request comes in via the Aastra MC Client. However, as soon as PBX-based Call Forwarding is active, there is no possibility to update CFW rules via the web interface of the Aastra AMC Controller. • Via Trunk This option can be used if a PBX does not support CFW via SIP Notify or CSTA. For further routing a call can also be forwarded to the SIP Trunk that is associated with a PBX Profile. Please note that the Aastra AMC Controller will forward the caller ID to the SIP Trunk exactly how it was received in the first place. Corporate Phonebook Assign a Corporate Phonebook to your PBX profile. Corporate Phonebooks will only be available in this drop-down box if they have been configured under Features/Corporate Phonebook Settings (refer to 8.2). PBX-Platform Choose your platform here to automatically activate/deactivate certain settings that are suitable for your used PBX. amcc-4_ug_en_2013-06 99 6 Telephony 6.9 Trunk The Aastra AMC Controller has two ways of signaling statically roamed calls towards the PBX, via a SIP Trunk or a separate media gateway. The standard approach is to make use of the user registration in order to forward an incoming call towards the cellular side of the FMC user. However, this causes problems with several PBXs since special SIP Headers are required to signal the correct A-Number Caller ID to the PBX in those scenarios. The alternative approach involves using a separate SIP Trunk connection without user registrations to signal those calls. An incoming call from the PBX will then be first signaled through the user registrations. The Aastra AMC Controller then has control over the call and will try to reach the user through a SIP connection first. If the user is not registered, the Aastra AMC Controller will signal the outbound cellular call towards the user through the SIP Trunk. The following should give a brief overview of the configuration options for the SIP Trunk connection. If Active Registration is used for a SIP Trunk, the combination "Number@Endpoint" must be unique across the system! The SIP Trunk can point to any SIP Server or SIP gateway, and can be different from the PBX where the users are registered. Note that some PBXs also use a different port for this SIP Trunk connection. With some other systems however, the host and the port for the user registrations and the SIP Trunks are identical. Figure 6.9: SIP Trunk Configuration Name The common name of a SIP Trunk uniquely identifies it. This name will be used throughout all further configuration, as for example with the PBX configuration. It is used for amcc-4_ug_en_2013-06 100 6 Telephony internal purposes only and should be descriptive because it is used in other configuration pages. It can be identical to the host name, but it does not have to be. Endpoint Select the Endpoint for this trunking connection here. Only Endpoints configured in the Endpoint menu (6.7) will be available here! Port The recommended range for this port is between 11000 and 11499. The following ports must not be chosen: • Must be equal or greater than 1025 • Must not be the same as the Receiving SIP/TLS Port (by default 5062 and 5061, respectively; refer to Port Settings, 6.4) • The default port 5060 is only supported on LAN Interface 1 • Must not be set to the following ports which are reserved for certain services/protocols: 5222 (XMPP), 5432 (Postgres), 1234/1235 (Worker/Boss, Blade Server scenario), 8021 (Event Socket), 12000 - 16000 (Subscription and SIMPLE Presence). Diversion Prefix It is possible (not mandatory) to complete the Diversion Header with the Diversion Prefix. Setting the Diversion Prefix might be necessary if there are network devices (gateways etc.) within your network which require phone numbers to be in complete E.164 format. You may use leading zeros or a + in this field. MTC Prefix This can only be applied if no ISDN-screening indicator is in use! This prefix will be added to a call from the Aastra AMC Controller to the Aastra MC Client via a SIP Trunk. This highly depends on how numbers are processed in your network! amcc-4_ug_en_2013-06 101 6 Telephony Active Registration This option enables the active registration of this SIP Trunk on the selected Endpoint. Values behind the item Active Registration in the menu are only read if Active Registration is enabled. Of these values only the "Registration Name" must not be empty (hence marked with an asterisk*). Number The phone number that is required for the Active Registration of a SIP Trunk on your PBX. Registration Name* Give a Registration Name to a SIP Trunk if your Endpoint requires this as the Request URI (instead of the configured Number) for authentication. Registration Password If Active Registration is enabled, the configured number or, alternatively, the Registration Name (if set) will be used as Request URI and user name for registering with the PBX. This password is used for digest authentication. Convert Headers If required, choose headers that should be converted according to the From Converter profile (see 6.6). It’s possible to select: • "From": converts the From-header and the Remote-Party ID; • "PAI": converts the P-Asserted Identity; • "PPI": converts the P-Preferred Identity. amcc-4_ug_en_2013-06 102 6 Telephony 6.10 FMC Numbers Beyond being a dual-mode solution, the Aastra AMC Controller will help you facilitate your mobile telephony experience. When the Aastra MC Client dials one of the configured FMC Numbers, a certain behavior is invoked on the Aastra AMC Controller/PBX side which then handles the incoming call accordingly to the specified Type of the FMC Numbers. As you can see in the WebGUI, these Numbers are configured, activated and specified in the form of a table. For better understanding, however, we will at first explain the Types available in the pull-down box and afterwards the other columns of this table. N UMBERS HAVE TO BE UNIQUE PER PBX All numbers that you configure here - no matter which Type you choose - have to be unique per PBX. This means that the same FMC Numbers can be configured (once!) on several PBX. However, identical FMC Numbers (on different PBXs) must always be used for the same purpose. WATCH OUT FOR P REFIXES /S UFFIXES If a Number does not work or if a call is rejected you should check if that number has any undesired prefixes / suffixes: – P REFIXES MIGHT BE STRIPPED BY THE PBX OR THE MEDIA GATEWAY Configured Numbers must be specified exactly as the Aastra AMC Controller receives the call from the media gateway or the PBX. This means that the numbers configured in the WebGUI should not contain any prefixes that are stripped by the PBX. You can check in a trace to see if the SIP INVITE message sent by the PBX or media gateway contains exactly the number specified here. – AUTHENTICATION P ROBLEMS A call will be rejected if the user cannot be authenticated. This could also have to do with the Caller ID. The Aastra AMC Controller will check up to 10 digits. If less digits are coming in across the gateway, these need to exactly match the configured number. This is necessaryfor security purposes, because otherwise the number cannot be guaranteed to be unique. If you have a number with less digits, the prefix in the Caller ID of the in-coming call also has to match the configured number. To verify if that is the reason, you can conduct a trace of the call coming in across your PBX. Check if the Request URI and the To exactly match the specified number. amcc-4_ug_en_2013-06 103 6 Telephony Figure 6.10: FMC Numbers 6.10.1 Number This field should contain the number exactly as it is called from your PBX or media gateway. Make sure to not have any additional prefixes or suffixes in here and keep in mind that all of these numbers have to be unique per PBX. The Aastra AMC Controller supports the following characters: + ,# , - and *. 6.10.2 Active This field activates/deactivates the configured Number for the chosen Type. If the number is not activated, the call to it will be rejected. 6.10.3 6.10.3.1 Type Call-Through All configured Call-Through numbers (on some Aastra MC Client versions this is called "MOC number") will prompt the Aastra AMC Controller to route in-coming cellular calls through the enterprise PBX to keep all supplementary services working. In addition to that, this enables a true single number service: the callee will always see the enterprise number. When dialing a number in a cellular connection, the Call-Through number configured on the Aastra MC Client will be dialed automatically and will be followed by the callee’s telephone number. The sequence of events is that the Aastra MC Client first sets up a call to the Aastra AMC Controller which will then be forwarded to the right destination through the PBX. The Aastra AMC Controller usually does not have "to pick up" the call before forwarding it (one-step-dialing). Sometimes however, one-step dialing might not work, because PSTN providers will cut the resulting phone number after a fixed amount of digits. Numbers up to 18 digits are amcc-4_ug_en_2013-06 104 6 Telephony supported by most providers. These 18 digits must suffice for both the Call-Through number, as well as the dialed number. If the number exceeds 18 digits, your Aastra MC Client will make use of DTMF dialing (check the Aastra MC Client documentation for more information). Then the Aastra AMC Controller will accept, or "pick up" the call and listen for a DTMF sequence. The Aastra MC Client will signal the callee’s number via DTMF which will subsequently be translated to SIP and dialed through the PBX (two-step dialing). It is possible to specify multiple Call-Through numbers. The assumed setup is a large organization with PSTN break-in / break-out in several countries and or locations. In those cases it is advisable to always use the closest Call-Through Number. If you are travelling abroad for example, it is most of the times cheaper to use a dial-in number at your current location rather than always calling home. 6.10.3.2 Callback Number This functionality can be invoked via an HTTP(S) request, if a data channel is available for the Aastra MC Client in question, or by dialing one of the numbers configured here. Just like the Call-Through Type these numbers must have the same format as the number arriving from the PBX when a callback is invoked. This feature reverts the direction of a call to save costs for outbound calls from mobile networks. It is not used in WLAN. The following section explains its basic functionality: • The User dials a number in cellular mode and selects the call type Callback (this varies a bit depending on the used mobile platform, please refer to the available Aastra MC Client documentation). • The Aastra MC Client will initiate a call to the configured number or make an HTTP(S) request if a data channel is available. • The Aastra AMC Controller rejects the call, or processes the HTTP(S) request, and initiates a call back to the Aastra MC Client → the direction of the call is reversed. • The Aastra MC Client picks up the incoming call and transmits the number of the callee via DTMF (the Aastra AMC Controller will play back ringtones etc.). • The call legs are joinded by the Aastra AMC Controller as soon as the the other party picks up. amcc-4_ug_en_2013-06 105 6 Telephony The benefit of this feature: Use Callback instead of the call type Call-Through when traveling abroad. Using Call-through abroad, you have to pay long-distance call rates, because the Aastra AMC Controller is located in the home country. The call type Callback enables you to take advantage of cheaper rates abroad, especially if you use a national SIM card (e.g. prepaid card). Further Configuration: HTTPS and regular Callback • HTTPS is enabled automatically on the Aastra AMC Controller. If HTTP or nondefault ports are to be used, change the settings on the on the page Additional Client Features under the UC tab (refer to 8.1). Caution: the settings for protocol and port on both the Aastra AMC Controller and the Aastra MC Clients must match! Refer to the Aastra MC Client documentation for the settings in concern. • The Callback Number must be set on the Aastra MC Clients in international format. C ODE M APPING It is very important to map the correct ISDN rejection code to the SIP rejection generated by the Aastra AMC Controller because otherwise the user will see a rejection message on the cell phone and might think that the callback has actually failed. Our recommendation is to map the SIP Error Code 488 to ISDN error code 6 to ensure the correct termination of the call. On a gateway this is frequently called SIP to ISDN Error Mapping. 6.10.3.3 SIM Switch In order to lower roaming costs and to accommodate the communication needs, many people use more than one SIM card and hence have more than one number. These multiple SIM cards can be administered using the Aastra AMC Controller. They can be activated from anywhere by dialing one of the SIM-Switch numbers you configure here. This ensures that calls are always forwarded to the currently used and activated number. In order to support this feature, it is possible to configure multiple Cellular Numbers for each user account. In our context multiple numbers means at least two, potentially up to ten numbers, although experience shows that 5 is the practical limit. Switching between those different SIM cards has to be possible without any data connection because availability cannot be guaranteed when needing to do the switch. Therefore amcc-4_ug_en_2013-06 106 6 Telephony activating a different SIM card should be possible simply by making a call to the assigned SIM-Switch number. C ALL - THROUGH SUPPORTED FROM ALL C ELLULAR N UMBERS Please note that for mere Call-through calls a SIM-Switch is not necessary. This feature has been implemented to enable the use of SIM Cards with several numbers (e.g. an extra one for the "home zone"). It is sufficient to specify the homezone number as an Cellular Number (refer to 6.15). 6.10.3.4 MTC Number MTC stands for Mobile Terminated Call. The MTC Number will be associated as Caller ID for your corporate system (Aastra AMC Controller). You could say that this is the identification the Aastra AMC Controller uses towards the Aastra MC Client. If the MTC Number is set in the Aastra MC Client, all Enterprise calls must come with this Caller ID otherwise they will not be handled by the Aastra MC Client. In order to make sure that the number is positively matched, you have to enter your PBX number in international format. 6.10.3.5 Voicemail Number This number is a corporate voice mail number (in contrast to a voice mail number that is given to a user by a cellular network provider). When a user calls this number he may be asked for a user name and/ or password. 6.10.3.6 Remote Control A remote control number can be used to access the Aastra AMC Controller from remote for support purposes (Aastra AMC Controller customer support only). For more system security, trusted remote control numbers can be configured on the page "Remote Control"; refer to 10.7. IMS (Handover) Numbers The Aastra AMC Controller supports IMS3 for handovers. A handover in this context means a switch from one network type (for example WLAN) to another (cellular). With 3 IMS stands for IP Multimedia Subsystem and is a technology mostly driven by mobile operators to provide an operator-centric approach to Fixed-Mobile Convergence (FMC). This standard defines a handover mechanism implemented by all compatible handsets. amcc-4_ug_en_2013-06 107 6 Telephony IMS, the Aastra MC Client calls the predefined IMS number (Cellular to WLAN, or WLAN to Cellular as described below) to signal that another call leg has to be added within the new network.4 The IMS VCC (voice call continuity) handover will work with all VCC compliant handsets and Aastra MC Clients. The network switch is normally done in the background by the Aastra MC Client, unless it is triggered manually by the user. In the case of the WLAN to cellular handover, a cellular call will be made to the number you configure here. The treatment of this number should be similar to the Call-through number, i.e. it has to be registered for the Aastra AMC Controller. Please note that the IMS: to WLAN Number has been deprecated. 6.10.3.7 IMS: to WLAN Number This setting has been deprecated and doesn’t have to be configured. This is a number that must be reachable over Wireless LAN. Since in WLAN, we are only dealing with a pure Client / Server connection and hence this can be a truly arbitrary number. However, to avoid any conflicts, it should still be unique per PBX. 6.10.3.8 IMS: to Cellular Number If this is left blank, the Aastra AMC Controller will automatically use a Callthrough Number for IMS: to Cellular. This number must be a proper fixed line phone number. The routing on the PBX must be configured to have this number registered for the Aastra AMC Controller. This number is used similarly to the Call-through number and can be identical, but it is only used for handover purposes. 6.10.4 Active Registration Enables the registration of this Number on your PBX. With some PBXs it is easier to let endpoints register dynamically (even if this is a trunk connection) rather than doing a static configuration. This is required for some SIP Trunks. If there is a firewall between the Aastra AMC Controller and the Endpoint, this option will keep the firewall open. With the registration information, a suitable PBX can even do NAT handling and it would be possible for the Aastra AMC Controller and the PBX to be in two completely separate networks. All of the columns behind Active Registration only have to be configured if 4 This is contrary to the standard approach, because the Aastra MC Client initiates the second call which makes it much less suitable for Enterprise use (some of the control over the billing is lost). amcc-4_ug_en_2013-06 108 6 Telephony you enable Active Registration. Please note that if Active Registration is not enabled, FMC Numbers may only be registrered over LAN Interface 1. 6.10.5 Endpoint If Active Registration is enabled, you have to specify where this number should be registered. 6.10.6 Registration Name Give a Registration Name to a Special FMC Number if your Endpoint requires this as the Request URI (instead of the configured Number) for authentication. 6.10.7 Registration Password If Active Registration is enabled the configured number or alternatively the Registration Name (if set) will be used as Request URI and user name for registering with the PBX. This password is used for digest authentication. 6.10.8 Deployment Number The deployment number is the number how it has to be dialed from a cellular network. In most cases this will be the Service Access Number in E.164 (international) format. In contrast to the Deployment Number, the Number are the digits as dialed internally: Number equals Deployment Number minus (prefix numbers stripped by the PBX, or other network devices like gateways etc.). If the number in question is an MTC Number, you can enter several Deployment Numbers separated by a dash (-) in this field. M INIMUM C ELLULAR N UMBER L ENGTH If Active Registration is selected for any FMC Numbers, the Maximum Cellular Number Length setting on the Aastra MC Clients has to be set to 0! amcc-4_ug_en_2013-06 109 6 Telephony FMC S TATUS FOR ACTIVE R EGISTRATIONS The status of FMC Numbers with Active Registrations will be displayed on the FMC Status page. N UMBER M ATCHING The Aastra AMC Controller matches the first ten digits by default (maximum). However, there will not be any problems if the number configured here is shorter. amcc-4_ug_en_2013-06 110 6 Telephony 6.11 User Profiles Figure 6.11: User Profiles This is one of the major changes with the latest version of the Aastra AMC Controller. Settings that could formerly be found under Registrations and User Accounts have been restructured and rearranged into User Profiles and User Accounts, both of which have associated pages that are only available in Advanced Mode. A User Profile is a number of settings (see descriptions below) bundled under a User Profile Name and generally associated to a selected PBX. The actual association to a specific PBX Number is done in the User Accounts menu (refer to 6.13). 6.11.1 Name The name of a User Profile must be unique. It serves descriptive purposes, but is also used for differentiating User Profiles on the system 6.11.2 PBX Select the PBX (refer to 6.8) with which the User Profile should be associated. PBXs have to be configured beforehand, otherwise nothing can be selected here. amcc-4_ug_en_2013-06 111 6 Telephony 6.11.3 Security Enable secure connections (TLS for SIP packets or SRTP for speech data) between Aastra MC Client and Aastra AMC Controller. Restrictions may apply depending on the used client platforms and/or versions. Please see client documentation for more information. Activating TLS/SRTP when connected to a MX-ONE System might require additional licenses on the MX-ONE side! 6.11.4 VoIP/WLAN This option allows or denies Voice over WLAN calls. 6.11.5 Method Home Choose the default call method (call type) for the SIM card’s home network. Depending on the (pre)configured Service Access Numbers, the values available here may differ. To configure Service Access Numbers, such as Callthrough, refer to 6.10. 6.11.6 Method Roaming Choose the default call method (call type) while in roaming, i.e. while outside of the SIM card’s home network. Depending on the (pre)configured Service Access Numbers, the values available here may differ. To configure Service Access Numbers, such as Callthrough, refer to 6.10. 6.11.7 LCR File Choose an LCR File that determines when and how mobile least-cost routing (LCR) should be done for this User Profile. Please note that selecting an LCR File here, will override the settings in Method Home and Method Roaming. LCR Files have to be uploaded to the Aastra AMC Controller to be available here (refer to 9.1). amcc-4_ug_en_2013-06 112 6 Telephony 6.11.8 Controller Address Choose the Aastra AMC Controller’s internet address or one of the configured interfaces for client registrations. In most cases the address should be reachable via the Internet. Other possible values are an FMC Domain or the External IP for NAT. 6.11.9 Controller Port Set the port to be used for client registrations. In most cases this should be set to SBC or TLS (if the User Profile uses TLS). 6.11.10 Callthrough Nr. Select the Callthrough Nr. for this User Profile. This is not a mandatory setting, but it enables many of the features of the Aastra MC Solution. The Callthrough Number has to be preconfigured on the Service Access Numbers page. For more information about configuration and functionality, refer to 6.10. 6.11.11 MTC Nr. The MTC Number is the number sequence that has to be added to internal extensions to be dialable in the public network (full number minus extension = MTC Number). The MTC Nr. has to be preconfigured on the Service Access Numbers page. For more information about configuration and functionality, refer to 6.10. 6.11.12 Voicemail Nr. This is the internal extension a user has to dial to access his/her voice mail. The Voicemail Number has to be preconfigured on the Service Access Numbers page. For more information about configuration and functionality, refer to 6.10. amcc-4_ug_en_2013-06 113 6 Telephony 6.12 User Profiles (advanced) These are the settings and options for User Profiles which are only available in "GUI MODE ADVANCED". None of these settings are mandatory for basic functionality, and default values may be active for some. Figure 6.12: User Profiles (advanced) 6.12.1 Name This is the User Profile Name as entered in the previous menu. This value cannot be changed on the "advanced" page. It serves only for identification. 6.12.2 Cellular DMC DMC can be activated on a per profile basis and is turned off by default. DMC stands for Direct Media Connect. This is a mechanism for letting payload pass directly between two communication endpoints. In the FMC case this would typically be the Aastra MC Client communicating with a phone, or a second Aastra MC Client, connected through a PBX. DMC becomes active after a call is established (via Callthrough). When it is active, the Aastra AMC Controller will not be participating in the media stream, and audio will flow directly between the two endpoints. P OSSIBLE L OSS OF I N -C ALL F EATURES WITH DMC Please note that once the Aastra AMC Controller is out of the media stream, the Aastra MC Client relies on the data channel for invoking in-call features from the PBX. If that data channel is lost, the fallback signalization, i.e. DTMF signalization, via the Aastra AMC Controller is not available. In-call features will then only be available if the used gateway takes over the DTMF-to-SIP-Info translation. amcc-4_ug_en_2013-06 114 6 Telephony C ODECS DMC will only work correctly if the proper codecs are set. The Aastra MC Client needs to utilize a codec that is also supported by the endpoints directly connected to the PBX. iLBC is typically not supported by gateways or IP phones. 6.12.3 Callwaiting Enable call waiting for incoming calls while an active call is still ongoing. 6.12.4 OSD Enable Operator-Supported Dialing (OSD) if the Callthrough Number is automatically dialed by the used operator. Outbound cellular calls are still dialed via the Callthrough Number if • It has been detected that the respective Aastra MC Client is in a roaming state; and/or • a SIM card other than the first SIM card recognized by the application is inserted in the device. 6.12.5 Codec Select the audio codec that should be used between Aastra AMC Controller and Aastra MC Client. Available codecs differ depending on the used Aastra MC Client platform, but the following categories are generally available: • G711: G.711 A-law and U-law, • robust: iLBC, AMR. 6.12.6 Jitter Buffer This defines the size of the Jitter Buffer. Default value is "Medium", but should be increased if the audio is choppy and decreased if the audio is delayed. amcc-4_ug_en_2013-06 115 6 Telephony 6.12.7 Handover Enable automatic handovers to and from WLAN. If access point quality decreases or increases, or if an access point becomes available for VoIP, the handover will be initiated without user interaction. Please note that automatic handovers to cellular networks is not possible on iOS due to platform restrictions! 6.12.8 Allow new Cellular Number This enables the user to add a new Cellular Number to his/her account (via an HTTPS request). A number then doesn’t have to be added beforehand (i.e. before a SIM Switch) on the page "Cellular Numbers" (refer to 6.15). Use with caution, as this may open up the system to unapproved third-party use! If this is activated for a User Profile, or if a user has several GSM Numbers, the SIMSwitch feature becomes available, unless the OTA setting (9.5) "Sim-Switch-Active" has been set to "False" by the system administrator. 6.12.9 Feature File Select a Feature File which enables the available in-call and out-of call features. A default file may be available, but Feature Files generally have to be added beforehand on the respective page (refer to 9.1). 6.12.10 SIM-Switch Nr. Select the SIM-Switch Number that should be used for SIM switches by this user. The SIM-Switch Number has to be preconfigured on the Service Access Numbers page. For more information about configuration and functionality, refer to 6.10. 6.13 User Accounts Each of the User Accounts represents an FMC subscriber. User Accounts are now a combination of what used to be SIP Users and Registrations (up until this latest version of the Aastra AMC Controller). The SIP User and Password are generated automatically by the Aastra AMC Controller and are forwared to the Aastra MC Client via the Redirect Service. amcc-4_ug_en_2013-06 116 6 Telephony In order to associate a User Account with the PBX, a User Profile has to be assigned to each User Account. Assigning several User Profiles to a User Account is not supported, but a User Profile can have several assigned User Accounts. Figure 6.13: User accounts General Configuration amcc-4_ug_en_2013-06 117 6 Telephony 6.13.1 Lastname, Givenname, and Department These settings are for descriptive purposes only. 6.13.2 User Profile Choose one of the pre-configured User Profiles (refer to 6.11). This generally associates the User Account with a PBX. 6.13.3 PBX Number The PBX Number is the number or name the Aastra MC Client uses to register with the PBX for this User Account. This number or name has to be unique across all users configured in the Aastra AMC Controller. 6.13.4 PBX Username Enter the user name of this account on the PBX for authentication purposes. If this field is left empty, the PBX Number will be used. 6.13.5 PBX Password The password setting is mandatory! This password is solely used for Aastra MC Client authentication towards the PBX and has to be entered properly into the client. S ECURITY If you want to ensure security, it is strongly recommended to use safe passwords here, containing at least 6 characters including special characters. You should also make sure not to use dictionary words in this case. AUTHENTICATION P ROCESS AND I SSUES Whenever the Aastra MC Client registers with the Aastra AMC Controller, you will see a SIP 401 response challenging the client. This will prompt the Aastra MC Client to re-send the original request with the correct digest information. If this is again rejected, there is probably a password mismatch. This is the most common reason to check. amcc-4_ug_en_2013-06 118 6 Telephony 6.13.6 Display Name If a display name is added here, it will replace the display name forwarded by the PBX. 6.13.7 Cellular Number When first entering the data for a user, you can add a cellular number in this field. Please note that - on this page - this is the only time it is possible to add a cellular number. Cellular numbers cannot be added in edit-mode. This number will then be saved to the Cellular Numbers page (refer to 6.15) where you can add all further cellular numbers to a user account. Although it is possible to assign multiple Cellular Numbers to a user, his table will only reflect the currently active number for the user in question. In edit-mode, you can select a number from a drop-down box. You can also leave this field blank. Doing so will result in the user being unable to use the system in cellular mode. If a cellular number for a user is configured after the user has been created with a blank number, the newly configured number will automatically become active. 6.13.8 Fast-Forwarding Number The desk-phone number for this User Account. It is used for the the Fast-Forwarding feature. 6.13.9 Email Address Add an email address to a User Account. 6.14 6.14.1 User Accounts (advanced) Lastname, Givenname, Department, and User These three values are fetched from the previous menu and cannot be altered on this page. amcc-4_ug_en_2013-06 119 6 Telephony 6.14.2 SIP Number SIP Numbers are generated automatically (PBX Number plus increment). The SIP Number is used by the Aastra MC Client to register at the Aastra AMC Controller, and is forwarded (along with the Password) to the Aastra MC Client via the Redirect Service. 6.14.3 Password This password is used by the Aastra MC Client for authentication towards the product and is also generated automatically and forwarded (along with the SIP Number) to the Aastra MC Client via the Redirect Service. 6.14.4 Activate User This item has to be checked for a user to be able to use his account. If not checked, the user is disabled. The user will not be able to register, not be able to make calls. If disabled, the number of this user will also not be available in cellular operation. 6.14.5 DnD DnD stands for "do not disturb", which can be used to deactivate a Aastra MC Client for inbound calls. The user will then not receive enterprise calls via the Aastra MC Client, but he will still be able to use it for outbound calls. DnD can be enabled here or on the Aastra MC Client itself. This table will display the currently set DnD status. amcc-4_ug_en_2013-06 120 6 Telephony U SER M ODIFICATIONS Please note that all user changes will take effect immediately after saving even without pressing Apply Configuration. This behavior has changed compared to older versions. When deleting a user, this deletion will cascade to all data associated with this user. Please make sure that this is what you want before confirming the deletion. amcc-4_ug_en_2013-06 121 6 Telephony 6.15 Cellular In order to provide a true FMC solution, the Aastra MC Client also needs to be integrated when in the cell-phone network. The Cellular Number(s) of the handset is used for static roaming, mid-call handovers as well as Call-through calls. You must specify the number exactly as you have to dial it on the PBX for creating an outbound call. If you need a leading zero there for making a PSTN call, it has to be included. • SIP User: Select a user to add a cellular number to. You can of course add multiple cellular numbers per user. Those numbers can be activated in the User Account settings or by calling the configured SIM-Switch Number to activate the currently used SIM card / cellular number. • Cellular Number: This is the cellular number of the handset. It should be entered in international format, i.e. including the country code. You may enter the number with a + or with leading zeroes (for Germany that would be either +49 or 0049). The following characters are legal: – Numbers 0-9 – Letters a-z and A-Z – + # - * (these can be used for tagging purposes towards the PBX) As mentioned above, this number is utilized without doing any mappings for static roaming calls and must be configured exactly as they need to be dialed with the configured SIP Endpoint. • Use Numbering Profiles: Check this option to subject Cellular Numbers to your Numbering Profiles. Please note that if you make use of this option, Cellular Numbers must in any case be configured in international format (with leading zeroes or plus)! SIM-S WITCH If this is activated for a User Profile, or if a user has several GSM Numbers, the SIM-Switch feature becomes available, unless the OTA setting (9.5) "Sim-SwitchActive" has been set to "False" by the system administrator. amcc-4_ug_en_2013-06 122 6 Telephony U NIQUE D IGITS ( TO MATCH ) Please note that Cellular Numbers must unique in the "n" digits spefied in the Global Setting "Number of Cellular-digts to match" (explained on page 74). The default value, i.e. the digits from the end of a Cellular Number that must be unique, is ten digits. Please note that this requirement is part of a software update. If Cellular Numbers do not meet this requirement, they have to be deleted manually. M ATCHING OF C ALLER ID S If the cellular number has 10 digits or less, it must exactly match the Caller ID in Call-through scenarios. The Aastra AMC Controller will check at least 10 digits to make sure that a number does not accidentally match. Please note that the 10digits requirement can be changed to the number of digits specified in the Global Setting "Number of Cellular-digts to match" (explained on page 74). ACTIVATION The first number created for a user is automatically set as the active number for the specified user. Figure 6.14: Cellular Number association amcc-4_ug_en_2013-06 123 7 Features 7.1 Number Conversions This mask allows you to define source and target patterns, activate/disable, delete, edit, move (up/down) a rule and add new ones. The rules are processed from the first to the last. The first match will be used to apply the appropriate mapping. The Number Conversions defined here have priority over the automatic conversions defined in the Numbering Profiles section. This means that if you configure rules here, these will be run through and checked. If a match is found, the configured Numbering Profiles will be completely ignored. If no match is found, the Aastra AMC Controller will continue to execute routing according to the Numbering Profiles. Figure 7.1: Number Conversions Source to target pattern mappings are defined by explicit rules. Incoming Numbers (calls coming from the client) that match a source pattern are reformatted as defined by the target pattern. The source pattern can be any Perl Compatible Regular Expression (PCRE). Every expression entered will be checked for validity but not for semantical sense, so beware! The same holds true for the target pattern. The target pattern can only consist of the digits (0-9) and dollar signs ($). Whenever a piece of a source pattern is enclosed in brackets, it will be considered as captured subpattern that could be inserted in the target pattern by using a $ followed by the number of the bracketed pair. Up to 9 captured substrings can be used. For example, assuming that a leading 0 is 124 7 Features used to dial out, then any of the following definitions shall map the incoming number 911 to the outgoing number 0911, making it possible to call 911 directly from an internal phone. amcc-4_ug_en_2013-06 125 7 Features Examples: Source Pattern (9)(1)(1) (9)(11) (9)(1)1 (911) 911 Target Pattern 0$1$2$3 0$1$2 0$1$21 0$1 0911 Active Yes Yes Yes Yes Yes Table 7.1: Number Mapping Example I E MERGENCY N UMBERS Please note that this 911 should only be understood as an example. Emergency numbers (depending on country) will automatically be handled by the client and will be forwarded through the cellular network. M AP CAREFULLY You should be very careful with this function because wrong rules can destroy the called party’s number, thus rendering the whole solution useless. It can also lead to misconnections due to wrong number mappings. The rule in the middle in the Number Mapping Example I starts the target pattern with a literal 0, copies the content of the first and second bracket pair ($ 1 and $ 2) and appends a literal 1. Most likely you would use the last rule since the source pattern is constant and this rule definition has the best readability. If an incoming number matches several source patterns, the first matching pattern "wins", i.e. as soon as a match is found, no further matching is tried. Copying parts of a source pattern becomes useful when the source pattern contains wildcard characters. E.g. assuming you want all numbers that begin with 0005 or 0006 to be mapped to 55505 or 55506, respectively, followed by the rest of the number, you could define: Source Pattern 000([56])(.+) Target Pattern 5550$1$2 Active Yes Table 7.2: Number Mapping Example II The first bracket pair matches one of the ciphers 5 or 6 and captures the cipher as $1. The dot within the second bracket pair (captured as $2) matches any single character while the following plus sign specifies to repeat the last pattern one or more times. amcc-4_ug_en_2013-06 126 7 Features Please note that a plus is a special character so if you want to match a literal + in a source pattern you must write it as \+. Also note that you cannot use a literal plus sign in the target pattern. Please see http://www.pcre.org for more information about Perl Compatible Regular Expressions. Priority The priority in the Number Conversions determines the order in which these will be matched. The number can be 0 or higher with 0 being the highest possible priority. Source Pattern Enter the source pattern in the above described format. Please note that you can leave this field empty, but then your rule would never match. Target Pattern The match source pattern will be mapped to this. Please use the above described format to write the patterns. This field must not remain empty. Active Rule This checkbox activates and deactivates a rule. It is useful both for debugging purposes as well as for temorarily deactivating certain rules. Any defined rule will only be applied if this option is checked. amcc-4_ug_en_2013-06 127 7 Features 7.2 PBX Access Codes This page allows the configuration of rewrite-rules for access codes sent by the Aastra MC Client towards the PBX. Access codes are used by the PBX to implement platformspecific out-call features, for example "Group Pickup". These Access Codes, however, are configurable in the PBX. The Aastra MC Client supports hiding such access codes behind an easily selectable out-call features menu. If an Access Code for a certain feature changes on the PBX, you would hence need to change the stored code on each Aastra MC Client. To avoid this, you can simply define a mapping here in the web interface of the Aastra AMC Controller. The Aastra AMC Controller will then take the access code sent by the Aastra MC Client and translate it to the correct one towards the SIP Endpoint, namely the PBX. Please note that these access codes are explicitly used for out-call features! O NLY AT THE B EGINNUNG OF N UMBERS These mappings are only applied to the beginning of numbers. Please make sure that they do not "overlap", i.e. PBX Access Codes with identical beginnings are not supported. Example: *23* and *23 can’t be used simultaneously. The Aastra AMC Controller creates a standard set of PBX access codes for each configured PBX (Endpoint). These automatically created rules contain default access codes for Endpoints. However, they can be edited here. The following example should give a better insight into what is actually happening. If a Aastra MC Client user has a predefined setting for a DTMF invoked feature say * on his Aastra MC Client, but used PBX expects #9, you can configure a from-to translation here. 7.2.1 Configuration Steps • Endpoint: This will allow the selection of an endpoint to use. This means that the defined mapping will be applied for all users registered to that Endpoint. • Name: You can configure a descriptive name for the feature. This parameter has purely informational value. amcc-4_ug_en_2013-06 128 7 Features Figure 7.2: Predefined Feature Codes • FMC Feature Code: Configure the feature code to search for in every call. This sequence will be replaced by the respective PBX Feature Code. Both should only contain symbols that can be dialed from a standard phone, namely digits, ∗and # • PBX Feature Code: The code to replace the matched FMC Feature Code with. It should only contain symbols that can be dialed from a standard phone, namely digits, ∗ and # • Use Number Converter: For each rule configured here, you can choose to enable or disable Number Conversion. If Use Number Converter is enabled, the Aastra AMC Controller will map the access code at the beginning and then perform number conversion (as configured) on the rest of the number. 7.2.2 Predefined Feature Codes on the Aastra MC Client Some features are predefined on the Aastra MC Client and cannot be altered there. That means if one of these codes is also used for a specific, but different feature on your PBX, the above mentioned translation has to be configured in this menu. The three currently preconfigured codes on the Aastra MC Client are *8, *9 and #*. See below for the details. #* as Feature Code The code #* is reserved for the MC solution and hence cannot be used from the Aastra MC Client towards the PBX without mapping a PBX Access Code. If we assume that #* is used for accessing the voice mail on your PBX, the following has to be done: • Configure a different code on the client for this feature, for example *5 (or another code that has not been configured for a feature yet). amcc-4_ug_en_2013-06 129 7 Features • Then configure the settings for Endpoint and Name in PBX Access Codes as described above. • Set the value for FMC Feature Code to *5. • As PBX Feature Code select #* • Then Save your changes. amcc-4_ug_en_2013-06 130 7 Features 7.3 FMC Domains If you are using the SBC functionality of the Aastra AMC Controller, you may enter domain names and/or IP addresses here from which the Aastra AMC Controller will then accept requests as well. Using domain names only might make it necessary to reconfigure Aastra MC Clients making them use domain names instead of IP addresses as well. Figure 7.3: FMC User Domains 7.4 User List This menu item enables you to export as well as to import a .csv -file (Comma Separated Values) containing all of your configured user data for a PBX. Select the User Profile The import and export can only be done for one User Profile at a time. Select the User Profile by the Name that you have configured. This sets the destination if you choose Import User List or the source for Export User List. If you select a User Profile that has no configured users for an export, the web interface will display an error. Path of the User List After having selected the destined User Profile you can import an user list with this menu item. This list can be the product of an Export User List of any other Aastra AMC amcc-4_ug_en_2013-06 131 7 Features Controller of the same software version. Upon import, your Aastra AMC Controller will setup the User Profliles for you. If you have a user list from another source than the Export User List feature, it has to resemble the format of a list exported by an Aastra AMC Controller. Simply export a csv file from an Aastra AMC Controller to check the order of settings in the csv file. Its header line will display the order of the user settings. The import will only be done if all lines of the .csv file are formatted correctly (which is guaranteed if you used Export User List), i.e. values have to be separated by semicolons with no semicolon at the end of each line (values for one user). If the format is not correct, an error will occur and all configuration will be reverted to the state prior to the import. amcc-4_ug_en_2013-06 132 7 Features C HANGES WITH THE LATEST VERSION (AMCC 4) With the latest version, User Profiles were introduced, and the amount of values to export or import decreased from 18 to 12. To ensure compatibility with lists imported from versions prior to .17, the header of the .csv-file now has to be included. F ORMATTING I SSUES WITH E XCEL AND C O. Please note that Excel and OpenOffice Calc may add inverted commas to the .csv which is not supported by the Aastra AMC Controller. When (re)saving the file in .csv format make sure that no inverted commas are added. F ILE F ORMAT If you have a .csv -file from a different source or if you put together an user list manually without using the function or for further manual processing. Values have to be separated by semicolons with no semicolon at the end of each line (= values for one user). The following data can be exported or imported with the latest version: #Lastname;Givenname;Department; PBX number;PBX username; PBX password;Displayname; Primary Cellular number;Deskphone; Email address;Cellular number 2; Cellular number 3 Export User List Export all data of currently configured users with this feature. Figure 7.4: Import Users List amcc-4_ug_en_2013-06 133 7 Features 7.5 Additional Country Tones Configuration Upload busy and ringback tones on this page. Depending on where the Aastra MC Solution is used, country tones may differ. The tones can then be assigned on a perPBX basis in the PBX menu (refer to 6.8). Figure 7.5: Upload country-specific tones 7.6 Custom Scripts Use this page to add custom scripts to the Aastra AMC Controller. In most cases, adding custom scripts is not necessary. If necessary, custom scripts should only be added with assistance from our Aastra AMC Controller support. Use the Delete button to delete default scripts. Use the Download button to download any of the default scripts. amcc-4_ug_en_2013-06 134 8 UC 8.1 Client Features With this feature you have the possibility to use an HTTPS connection to send requests from the Aastra MC Clients to the Aastra AMC Controller. Figure 8.1: Additional Client Features: Make internal data available to your users. There are many different usage scenarios of this HTTPS connection. One of them is enabling users to access the complete company or branch directory, or the address book of just one department. General Activation 1. Enter the desired HTTPS or HTTP port into the field if you would like to use a different port and not the default port for HTTPS (448). 2. You can also use HTTP instead of HTTPS. Simply check the box underneath or the Port. →The respectively needed firewall rule on the WAN Interface is configured automatically. 135 8 UC 8.2 Corporate Phonebook Settings Older Aastra AMC Controller versions: Please note that with former versions of the Aastra AMC Controller only one corporate phonebook was supported and only one VCard format could be assigned. If you are still using an older version, please skip the following section about VCards and go to section 8.2.3. C ACHED R ESULTS Please note that search results (of requests form a Aastra MC Client) are cached for a duration of 4 hours. During this time, the Aastra AMC Controller does not forward search requests for the same search pattern, but stores their results for faster display. 8.2.1 Groups It is possible to bundle up to five corporate phonebook profiles into a phonebook group. A group can then be assigned to a PBX profile on the Aastra AMC Controller under TELEPHONY/PBX (refer to 6.8). Figure 8.2: Combine phonebooks to Groups. 8.2.2 VCard Format All corporate phonebooks require the configuration of at least one VCard format. The same VCard format can be assigned to several corporate phonebooks, but you also have the possibility to use a different format per phonebook. amcc-4_ug_en_2013-06 136 8 UC You cannot skip this step and configure your corporate phonebook! The VCard format settings are mandatory. Figure 8.3: VCard Format menu. 1. Description: This value is descriptive only. It helps you identify different VCard formats. 2. Fields and Types: All of the following fields associate a VCard field to a LDAP/Active Directory (AD) type. Click on the "Add"-button to view the help texts. They indicate the default values for each property type. Please note that multiple assignments are possible, i.e. a VCard field may have several LDAP/AD type comma-separated (with space) associations. •First Name/Last Name: the types for the first and the last name items. Both of these items combined make up the value for the Name field of the VCard (and are displayed). These fields can be used to fetch more information than just the first or last name, respectively. For example: entering "sn (Company)" will also fetch the company name for search results if the server provides such information. •Homephone: The property type used for the home-phone number. •Cellphone: The property type used for the mobile-phone number. •Workphone: The property type used for the work-phone number. •Email: The property type used for email addresses. 8.2.3 Phonebook LDAP The server to which you can configure a connection here, has to reachable via Lightweight Directory Access (LDAP). Most commonly this will be an Active Directory Server. The amount of information made available for the Aastra MC Clients via this feature of the Aastra AMC Controller hence depends on the information available on that server. amcc-4_ug_en_2013-06 137 8 UC Figure 8.4: Corp. Phonebook with LDAP 1. Description: This value is descriptive only. It helps you identify several Corporate Phonebooks. 2. Provide the IP address and specify the Port of your Active Directory server, if another port than 389 (the default port for LDAP), is to be used. The default port will be applied if this field is left blank. 3. Search Filter: The default Search Filter has been optimized for MS Active Directory Servers. If you are using an MS Active Directory Servre, it is recommended to leave this setting unchanged. If you are using a different LDAP Server, specify your Search Filter in accordance with RFC2254 . The only legal operator for filters is the equals-character (=). The placeholder for the pattern that is then entered in an Aastra MC Client, is the % (check the tooltip for the default search string). 4. Search base: Specify the location of the search. This is the path that leads to your corporate phonebook on the server. For example (see infobox for more information about directories on LDAP/Active Directory servers): ou=phonebook,dc=example,dc=com 5. Username and Password Enter these values if authentication is required. The username maybe entered like the search base (attribute=value,attribute=value,...). See screenshot on the previous page for an example. 6. Encoding: If your LDAP (Active directory) sever uses an encoding other than UTF-8, specify the encoding used by it here. 7. Select the VCard format for your Corporate Phonebook. 8. When the configuration is finished, click the Save button to save your changes and APPLY CONFIGURATION. amcc-4_ug_en_2013-06 138 8 UC 25 R ESULTS Please note that the maximum number of results that can be returned to the Aastra MC Clients is limited to 25 per search pattern. If this does not return the contact that a user is looking for, the search pattern should be refined. A BOUT S ERVER PATHS Most Active Directories/ LDAP servers work with a very different "path" structure if you compare them to regular hierarchical, i.e. from-top-to-bottom, paths. They are commonly set up in OUs, so called organization units. Example dc=company, dc=com, ou=colleagues, ou=department As this example suggests, the LDAP structure first states the domain, and then the path from the lowest sublevel to the top level. Since the Domain is already known to the Aastra AMC Controller, the path you give should start with the top level on the server. Before version 10684, it was not possible to enter LDAP server paths in the "OUformat". They had to be translated (manually) to hierarchical paths. Please refer to the appropriate documentation if your Aastra AMC Controller version dates before 10684. amcc-4_ug_en_2013-06 139 8 UC 8.3 XMPP Endpoints XMPP is used for both Presence and Instant Messaging (IM). For those features, the Aastra AMC Controller behaves very similarly to the SIP-telephony scenario. It will act as an XMPP client and connect to any standard XMPP server. XMPP is the most used Presence and Instant-Messaging protocol, used for example by the Jabber or Openfire servers. There are both free and commercial servers available. You can also hook up to a Hosted Presence Network as for example GoogleTalk and bring the full functionality of your account there to the mobile phone. For a longer list of publicly available Instant Messaging servers, take a look at the XMPP website. In order to use the XMPP functionalities you have to configure XMPP Endpoints and XMPP Users. As mentioned, this approach is very similar to the IP telephony approach. The concept of XMPP Endpoints and XMPP Users is essentially identical to the concept of SIP Endpoints and SIP User Accounts. Please note that the Aastra AMC Controller uses TLS for XMPP connections. Figure 8.5: XMPP Endpoints The following explains the configuration of the required parameters in detail. Configure an XMPP Endpoint 1. XMPP Endpoint Name Configure a descriptive name for the XMPP Endpoint here, and it will be used in other menus. 2. Connect Server Enter the IP address or the host name of the XMPP Server. This could be your your internal XMPP server or a public server like GoogleTalk or jabber.org. Note amcc-4_ug_en_2013-06 140 8 UC that the Aastra AMC Controller only registers user accounts - configuring XMPP Endpoints only is not sufficient. 3. Domain You can configure a domain name here that is used in XMPP communication. XMPP works with addresses very similar to email addresses. It is a user part followed by a domain name. If the domain name resolves to your XMPP-Server IP address, it is completely save to leave this field blank, since the default setting is always the name of the connect server. If this is not the case, it is necessary to specify the proper domain name here. 4. Port This field contains the port number of the XMPP server to register with. The XMPP default port is 5222 and is used if you leave the field blank. You have to define XMPP User accounts for any Presence or IM functionality to work. The configuration of an XMPP Endpoint only has no effect. amcc-4_ug_en_2013-06 141 8 UC 8.4 XMPP Users The concept of XMPP users is that every identity on the XMPP Server is associated with a user on the FMC system. As such, each FMC User can be assigned an XMPPuser account in order to use instant messaging and presence features. This mapping between an XMPP user and an FMC user is created here. Figure 8.6: XMPP Users C REATE ACCOUNTS Before you can register the XMPP users to your XMPP server, you have to create the XMPP accounts on your XMPP server. Refer to your XMPP server documentation for this. Some XMPP servers allow the creation of a user account directly via the XMPP protocol. If that is the case, you can create your XMPP account with an external XMPP client like Miranda IM, Pidgin (Windows and Linux) etc. PARALLEL U SAGE With XMPP, it is possible to register multiple clients for any user. This means that you can use the XMPP functionality of the Aastra AMC Controller and with your standard presence client. amcc-4_ug_en_2013-06 142 8 UC Add XMPP Users The following explains the configuration of the XMPP users in detail. 1. FMC User Name Select the FMC User that should be assigned to this XMPP account. You can only select one of the FMC Users that you have already created. Therefore to enable a client to register with the Aastra AMC Controller an FMC User needs to be created prior to associating it to an XMPP User. 2. XMPP Endpoint Name Select the XMPP endpoint you would like to use for this XMPP account. A drop-down list contains the names of the XMPP Endpoints you created. 3. XMPP User Name Configure your XMPP Username here. If your XMPP login for example is test123 @ jxmppserver.org you only have to enter the user part (test123) here. 4. Password Configure the password for the XMPP User. 5. Activate XMPP User Check this box to activate the XMPP user. If the account is not activated the Aastra AMC Controller will not try to connect to the XMPP server and hence the Presence and IM functionalities for the user in question remain disabled. 6. Priority XMPP priorities range from 0 - 255 (higher number equals higher priority). This setting comes into play if a user is registered with the same XMPP account via a PC-client (like PSI) and via the Presence feature of the Aastra MC Client. If the priority set here is higher than the one set in the PSI settings, the presence state of the Aastra MC Client will be displayed to connected contacts. amcc-4_ug_en_2013-06 143 8 UC 8.5 SIMPLE Users This page gives you the opportunity to assign SIMPLE (Session Initiation Protocol (SIP) for Instant Messaging and Presence Leveraging Extensions) Users to User Accounts. Please note that the Aastra AMC Controller only supports SIMPLE with an Aastra BluStar-Server! Accounts for authentication have to be set up on the page "BluStarServer", refer to 8.6. Figure 8.7: SIMPLE Users F ORMER V ERSIONS Presence via SIMPLE used to be activated on a per-PBX basis (with a checkbox in the menu PBX ). 1. Select the SIP User you would like to associate to a SIMPLE account. 2. Activate the user to enable the SIMPLE service for his/her account. 3. Select the Endpoint this SIMPLE User belongs to. Please note that if the Endpoint is an Aastra BluStar-Server, it has to be configured like other Endpoints (refer to 6.7), and it has to be named "BSS" or "bss", or its name has to contain "BSS" or "bss". Authentication for a BSS has to be set up on the page "BluStarServer" , refer to8.6. 4. Enter the email address that should be used for IM with SIMPLE. amcc-4_ug_en_2013-06 144 8 UC 8.6 BluStar-Server Figure 8.8: Integrate your BluStar Server for Presence. 8.6.1 SIMPLE BluStar Server Select the User Profile from that is associated to your SIMPLE User accounts, and enter Username and Password as they are configured on the BSS. Refer to the BSS documentation. To bring the BluStar-Server functionality to the Aastra MC Client, SIMPLE User accounts have to be added (refer to 8.5). For successful BSS usage with the Aastra MC Clients, email addresses have to be available on the used device and saved as "work email" in the native contacts. To integrate other XMPP or SIMPLE infrastructure in your system with the Aastra AMC Controller, please refer to the respective pages: for XMPP refer to 8.3 and 8.4; for SIMPLE Presence please refer to 8.5. amcc-4_ug_en_2013-06 145 8 UC Please note that the BluStar-Server currently only supports Presence ("see who’s online"), but not instant messaging (IM). 8.6.2 BluStar Web URL Enter your BluStar Web URL here. If a BluStar Web URL is configured, BluStar Web offers additional presence states and contact lookups in a separate screen of the Aastra MC Client. Currently only available for the Aastra MC Client for iPhone, Android and Blackberry 10.2.1 or later (with Android Runtime). amcc-4_ug_en_2013-06 146 8 UC 8.7 Groupware You have the possibility to employ your Aastra MC Solution as a reverse proxy. By doing so, it can shield a server within your LAN and make it available for Aastra MC Clients sending requests in the WLAN area. If you choose to do so, please make sure that the utilized port is not the port used by the Web Management of the GUI. The default port for the Web Management is 443 unless it has been customized in the System tab under Port Numbers in the GUI. Please check this if you are not sure. Figure 8.9: Groupware Access (HTTPS Reverse Proxy) amcc-4_ug_en_2013-06 147 9 Deployment 9.1 Feature/LCR Profile Upload This menu gives you the possibility to manage (add, delete, and download) profiles for Least Cost Routing (LCR) and Feature files. Feature File Tool A software tool is available to simplify the setup of feature files. Click "Get Editor" to go to the download page. If you have a Feature or LCR file saved locally on your computer, click the "Choose File" button to select the file, and click Upload to add the file. The Aastra AMC Controller detects what kind of file (Feature or LCR) is being uploaded, but note that LCR files have to have the file extension .lcr! LCR files with default values can also be generated and edited with the WebGUI of the Aastra AMC Controller (refer to 9.3). Customized feature files can only be created by using the tool mentioned above. 148 9 Deployment 9.2 Feature/LCR Profile Reader You can view currently available Feature and LCR files on this page. Online editing is not possible here, but the reader may be helpful when locally putting a new Feature or LCR file together. Please note that using the Feature File tool to generate Feature Files is absolutely recommended. Please find the link to this tool on the previous page of the WebGUI (refer to 9.1). Figure 9.1: Feature / LCR File Reader 9.3 LCR Profile Lists This page lets you view and delete a list of the currently available LCR files, but you can also add a template for a new file by clicking the "Add" button. The file with the name you enter will then appear on the "LCR Profiles" page. amcc-4_ug_en_2013-06 149 9 Deployment 9.4 LCR Profiles On this page you can view and edit LCR files already uploaded to (refer to 9.1) or generated by (refer to 9.3) the Aastra AMC Controller. The following further explains the setup of an LCR file which determines how calls from the Aastra MC Clients will be routed. Example Outline your rule with the following conditional settings: 1. Target: Target Number Pattern is the start sequence of the phone number(s) for which you would like to set up a rule. Whenever a matching number is dialed, and if the other conditional parameters (Roaming) and Mobile Country Code matches as well, the configured action (Call-Through, Cellular Callback, Direct Cellular and HTTPS Callback) will be taken. The Target Number Pattern will in most cases be country codes. • Since you probably do not know whether all numbers in the users’ phone books are configured with leading zeros or with a leading "+", you should configure every country code twice. One pattern starting with "00" and one with "+". • If an asterisk (*) is set as a target pattern (see screenshot for "always_callback"), this rule will be applied to all calls if the remaining conditional parameters match as well. We will call this kind of rule "star rule" from now on. 2. Roaming specifies whether the desired behavior is to be done in a roaming situation or not. It enables you to set a different LCR behavior depending on the network. The options are: "home" (no roaming, calls are done via the network provider of the used SIM card) and "foreign" network (roaming), and "disabled" (in any case). amcc-4_ug_en_2013-06 150 9 Deployment A N OTE ABOUT R OAMING There are certain countries where a user might be roaming within that country where a network provider does not cover the whole country. This is for example the case in the US as well as in India. 3. Calltype – Enterprise: "Enterprise" (Call-Through) enables you to "leave" your mobile costs in the home network of your used SIM card. Target Number Patterns which trigger this feature will be routed through the Aastra AMC Controller, making use of cheaper landline fares from there on. – Direct: If this is set to "1" for true, all calls matching this rule will not be routed by the Aastra AMC Controller. They will hence stay in the mobile/cellular world. – HTTPS Callback: Invoking Callbacks via HTTPS is faster and might hence be a desireable alternative to Cellular Callback. If HTTPS Callback is selected, the Aastra MC Client will fall back to a Cellular Callback if HTTPS is not available. – Cellular Callback: This triggers a Callback in a mere cellular network (where no GPRS is available). This feature saves corporate costs whenever outgoing calls are more expensive than a call from the PBX to the Aastra MC Client. 4. Mobile Country Code: Mobile Country Code (MCC) is another condition to match. Each network (provider) has a mobile country code. In some countries (for example Germany) this mobile country code is the same for all providers. However, this is not the case in all countries (USA, India and more). A list of Mobile Country Codes can be found at Wikipedia.org Use a star rule to disable this parameter! amcc-4_ug_en_2013-06 151 9 Deployment 9.5 OTA Profiles Configurations can be deployed "over the air" (OTA), and this page displays all currently available User Profiles with their respective OTA (settings) profile. Each OTA profile consists of a set of keys (setting names) and their values. Because available values vary by the used Aastra MC Client platform, the documentation of all key-value pairs and their associated settings is included in the Aastra MC Client manuals. Whenever you select a key, the default value will be loaded. amcc-4_ug_en_2013-06 152 9 Deployment Figure 9.2: A sample OTA Profile. amcc-4_ug_en_2013-06 153 9 Deployment 9.6 Client Deployment The Aastra AMC Controller implements a very simple deployment mechanism for the Aastra MC Client’s configuration. The data is retrieved and partially automatically generated from User Profiles and Accounts. Use the deployment method Redirect Server for an initial configration download, or select Force Configuration Download for configuration updates. If you would like to deploy a new configuration set to several users, hold Ctrl and A to highlight them all and then select your Deploy Type. For more security, use the "Optional Redirect Server PIN" to activate a pop-up on the Aastra MC Client-side in which the user has to enter that PIN to download the configuration. There will be instant confirmation of the successful or failed deployment. For deployment details and possible error causes, refer to the Deployment Status page (10.8). R EDIRECT S ERVER S ERVICE The Redirect Server deployment option is a free-of-charge service offered by Aastra Technologies Ltd. Its domain name is hard-coded in the Aastra MC Clients. When you select the "Redirect Server" option here, the users’ Cellular Numbers and the IP of your Aastra AMC Controller will be forwarded to the Redirect Server at the Aastra Technologies Ltd. headquaters. Since the host name of the Redirect Server is hard coded, the only thing a user has to enter to trigger a configuration download is his or her own mobile number. The Redirect Server will then deploy the Download URL (of your Aastra AMC Controller) to the user(s). Once the URL has been deployed, the Redirect Server will delete the received data. H OW TO GET A ASTRA MC C LIENT SOFTWARE The Aastra MC Client is available for individual downloads in all major App(lication) Stores for all supported platforms. Just browse the respective market for "Aastra MC Client" and download and install it like any other application for your smartphone. amcc-4_ug_en_2013-06 154 10 Diagnostics 10.1 FMC Status The status displays the active PBX registrations, the registered users, as well as all active calls. You can always press Reload to refresh the displayed information. The page will not refresh automatically while it’s open. The displayed information in detail includes: • FMC Numbers/Trunk Registrations: this will display the registration status of your FMC Numbers if any of them are using Active Registration, which means that the Aastra AMC Controller will register them as "its" phone numbers on your PBX. • Active Endpoint Registrations: every registration to the PBX as well as its status will be listed here. All registrations should be in the Status REGED signifying that they are correctly registered with the SIP endpoint. • Registered Users: this displays all users that are currently registered via IP and via which Transport protocol (UDP or TCP). The Reg. Mode shows you how an Aastra MC Client is registered (example: this will be "InfoReg" for signaling only/singlemode Aastra MC Clients). The User-agent shows you which Aastra MC Client platform is used, along with the software/client version. The IP address and port will give you some indication as to where these users are registered from. Note that if you see the local host’s IP address here, this indicates that the user registered from behind a NAT network. • Call Status: this will show all active calls; the Name represents the local user, and the Connected User field the party the user is connected to. You will not see who initiated the call in this screen, only that a call is ongoing. 155 10 Diagnostics Figure 10.1: Status Page amcc-4_ug_en_2013-06 156 10 Diagnostics 10.2 IM This status page will list all SIP (FMC) Users currently connected to an IM account. It displays the IM Type(XMPP or SIMPLE, refer to 8.4 and 8.5, respectively),the current status of an IM User (online, offline, etc.), as well as the Connection Status to the IM Host (the server is either "UP" or "DOWN" for XMPP, Reged, i.e. registered, or Failed for SIMPLE Presence). Figure 10.2: Overview of IM Users and IM host connections amcc-4_ug_en_2013-06 157 10 Diagnostics 10.3 Statistic This page will show you the overall call statistics since the implementation of the Aastra AMC Controller or since the last reset of this part of the database (use the Reset button for this). The collection (and reset) of the data displayed here is based on SNMP. This page will also show the date of the last reset or the start date (if no reset has been done) of the call data collection. The select box will give you the option to display the collected data per user. But only active users, i.e. users who have placed calls will be selectable here. For all details about the display table, please go to chapter 13. It is explained there along with some information about SNMP on this Aastra AMC Controller. Figure 10.3: Call Statistics table after a couple of calls amcc-4_ug_en_2013-06 158 10 Diagnostics 10.4 Call Status This page shows the last 20 calls per SIP User sorted by Start-Time. The Call Status page shows the Duration, the network ( Media: WLAN or cellular, incl. handover) in which the call was established, as well as the Call Type (Static Roaming, Enterprise, Callback etc.) If the SIP User initiated the call the field Originator will have the value "Yes". The Call Quality WLAN and Call Quality PBX indicate the current call quality for Voice over WLAN calls in percent (100% being optimal call quality). It is determined respecting jitter and packet loss. Additionally, the column Call Quality Features displays whether Noise Suppression (NS) or Acoustic Echo Cancelation (AEC) are used for a call (still to be considered "experimental"). Hangup-Cause will display if the call was canceled or cleared normally, rejected or failed, and the Hangup-Reason shows the event code for the termination of the call. The last colum shows the other party’s number or extension and, if the information is available, the platform of the other party’s Aastra MC Client(Peer ). Figure 10.4: This is the Call Status page after one call has been placed. amcc-4_ug_en_2013-06 159 10 Diagnostics Call Status Settings The option Disable Call Status logging allows you to disable the data collection. Clear all entries deletes the already collected data. Please note that Disable Call Status logging also deactivates the Call Statistic page! 10.5 LDAP If a lightweight directory access protocol (LDAP) server has been configured to grant access to the corporate phonebook (refer to 8.2), you can check the connection status between the Aastra AMC Controller and this LDAP server by clicking on the title bar or the menu. At first, nothing visual will happen; the Aastra AMC Controller will check the connection which might take from a couple of seconds to up to a minute or two. It will then display that the verification of the connection has been successful or unsuccessful. If there are problems and the Aastra AMC Controller cannot connect to the LDAP server, it will try to give you some information in the error message indicating where the error might originate. amcc-4_ug_en_2013-06 160 10 Diagnostics 10.6 System This page shows if the basic services (like NTP and DNS) are running. It will also show if the Redirect Server for configuration deployments towards the Aastra MC Clients is available (PING). Figure 10.5: System Status page with running services. amcc-4_ug_en_2013-06 161 10 Diagnostics 10.7 Remote Control If activated, remote control via dial-in becomes available for the Aastra AMC Controller customer support. Figure 10.6: Remote Control and Trusted remote control caller numbers Trusted remote control caller numbers Adding trusted remote control caller numbers may not be necessary, depending on how remote control calls should be initiated. There are generally two ways to initiate successful remote control calls: 1. Enable the call type "Remote Control" by configuring a Remote Control Number as a Service Access Number (refer to 6.10); or by 2. Calling the Callthrough number from a configured trusted remote control caller number. If trusted remote control caller numbers are configured, remote control calls will only be allowed from those numbers no matter which call type (Remote Control or Callthrough) is used! If a Remote Control number is configured as a Service Access Number, remote control calls, even from trusted caller numbers, are prohibited. For maximum security, combine a Remote Control Service Access Number with trusted remote control caller numbers! amcc-4_ug_en_2013-06 162 10 Diagnostics 10.8 Deployment Status This page shows you whether configuration deployments have failed or succeeded by date, as well as the overall outcome of your configuration deployments. The available data will look similar to this: Figure 10.7: Recently deployed configurations amcc-4_ug_en_2013-06 163 10 Diagnostics 10.9 Syslog-File This page displays the last lines of the Syslog output the Aastra AMC Controller produces. Figure 10.8: Syslog File The output also depends on the Syslog settings and the mode that is configured there (see 10.10 for a more detailed description of the possible settings). If Debug is used there, a lot of information will be displayed.The output can be refreshed by pressing the Reload button. It is also possible to adapt the number of lines displayed, by entering the desired number into the Number of Lines field. L OGS LOST WITH R EBOOT By default, the Syslog file is stored in a RAM disk on the device. This means that the information is lost after a reboot. In order to implement a persistent storage, an external Syslog Server is recommended. AUTOMATIC L OG R OTATION The Aastra AMC Controller performs log rotation on a regular basis to avoid filling up the storage space. This log rotation will compress the current syslog file. All files are stored in the /var/log/ directory and can be accessed e.g. via WinSCP. amcc-4_ug_en_2013-06 164 10 Diagnostics 10.10 Logging Specify an external syslog server here, on which all important messages of the Aastra AMC Controller are logged. Syslog is a standard for logging system messages under Unix and Linux and meanwhile also many other platforms including Windows. It supports both local and remote (i.e. over the network) logging. The configuration of a Syslog server and appropriate log level are especially recommended if the Aastra AMC Controller is operated as a firewall! Figure 10.9: Logging How to configure Syslog 1. Specify the IP address of your Syslog server 2. then choose one of the following log levels from the drop-down box: •Debug: All messages are logged. •Info: All messages, but real debugging messages are logged. •Notice: All messages important for the user are logged. •Warning: All messages describing failures are logged. •Error: All error messages are logged. •Critical: All critical failure messages are logged. •Alert: All messages preventing a service from functioning properly are logged •Emergency: All messages preventing a service from functioning are logged amcc-4_ug_en_2013-06 165 10 Diagnostics This log level determines which messages shall be logged. 3. Check the box "Local logfile" if you wish to save logs on your Aastra AMC Controller (additionally to or instead of an remote Syslog server). If there is no local computer available as a Syslog Server for saving the selected messages, you can either install a free syslog server (available in the Internet), or you can use the local logging on the Aastra AMC Controller. This logging is, however, limited to the space available there. In order to enable the local logging, simply enable the Local Logfile checkbox. amcc-4_ug_en_2013-06 166 10 Diagnostics 10.11 Tools The debugging tools allow you to easily track down the reasons for network connectivity problems over the web interface. Figure 10.10: Debugging tools The following tools are available: 10.11.1 Ping Ping sends network packets to a computer and waits for the response while measuring the elapsed time until a response arrives. This program is able to examine if a computer is reachable or not. For this reason it is applicable for instance to check whether the connection to a certain host is working. You can easily trace down the reason for connectivity problems by trying to ping the first gateway on the way, then the second and so forth. Once that fails, you will know exactly which link is the problem. 10.11.2 Traceroute Usually, traceroute is used after you have detected a specific network problem with the ping tool to further narrow down the reason. This program traces the path packets take from the Aastra AMC Controller to a certain host. It can complement and expedite certain debugging approaches taken with ping. The output is shown in real time, line after line. This means: if ping does not respond for several seconds, the probability that the address is not reachable is very high. amcc-4_ug_en_2013-06 167 10 Diagnostics T RACEROUTE MAY BE BLOCKED Please note that when trying to trace routes over the internet, some routers will block this attempt. You will then be unable to get the desired information for a traceroute although the network connection is working properly. IP A DDRESS INSTEAD OF H OST N AME If you assume that an internet connection is inoperable, you have to define the IP address of your Aastra AMC Controller instead of your system name, because in this case the DNS service is likely to be unable to resolve system names. amcc-4_ug_en_2013-06 168 10 Diagnostics 10.12 SNMP This menu item contains configuration of the SNMP Daemon. The SNMP Daemon offers basic system information and a service to monitor the Aastra AMC Controller system status. If you would like to manage the Aastra AMC Controller remotely via SNMP, a read-write access has to be configured accordingly. This includes the surveillance of running processes, disk-space usage and the CPU’s load average. The following parameters can be set up (compare figure 10.11): SNMP Basic Settings In this menu section you can switch the SNMP service on-/ off and configure the basic setup. • SNMP read community string Specify a SNMPv1 or SNMPv2c community that will be allowed read-only access. • SNMP read/write community string Specify a SNMPv1 or SNMPv2c community that will be allowed read-write access. • Enable SNMP trap sending This checkbox enables active monitoring. The SNMP Daemon will send traps if a process is not running or if disk space is running low. Additionally a trap is sent when the SNMPD Daemon is started and stopped. • SNMP trap community name Specify the community name which will be used in traps. Trap destination You can specify one or more ip-addresses here as a destination for SNMP traps. Proxy This option enables the SNMP Daemon to act as a proxy, passing certain requests to a SNMP service running on another machine. The following configuration settings are available: • IP address The IP-address of the machine to which the proxy should forward. amcc-4_ug_en_2013-06 169 10 Diagnostics • Port Optional: The port on which the target machine is listening for SNMP. Default is port 161. • Password The SNMP community string on the target machine. • SNMP Version Choose between SNMP version 1 or 2c. • Object-ID (OID) Optional: Part of the OID tree which should be passed through to the target machine. Default is the whole OID tree 1.3. Setting up the SNMP daemon 1. Check Active to enable SNMP daemon. 2. Provide configuration details for the basic setup as described above. Click Save to save your changes. Your changes will be applied after selecting Apply configuration. 3. In addition to the Basic settings you can specify one or more Trap destinations and Proxies to be used by the SNMP daemon. 4. Use Add to add an entry and fill out the form. Use delete an existing entry. amcc-4_ug_en_2013-06 to edit, or to 170 10 Diagnostics Figure 10.11: SNMP Configuration amcc-4_ug_en_2013-06 171 10 Diagnostics 10.13 Firewall Report This section shows the over-all number and size of dropped packets and additional information about the matched rule (protocol, input/output interface, source and destination). Depending on the direction of packets, rules are joined in three chains INPUT, OUTPUT, and FORWARD. Information about dropped packets may be helpful for testing connections or improving your firewall rules. The information shown on this page is a summary of packets dropped by the firewall and will be refreshed every time you choose this menu item or click Refresh . You can also reset firewall packet counters by clicking Reset . Figure 10.12: Firewall report amcc-4_ug_en_2013-06 172 10 Diagnostics 10.14 Net. Trace The Network Trace enables you to collect network information for error analysis and solution. This graphical interface for tracing uses tcpdump in the background. U SE S UPPORT T RACE FOR S UPPORT R EQUESTS To improve data exchange between customers and our support team, the menu Support Trace has been added. Please refer to page 176 if you are looking for this option. Recording a new trace 1. From the drop-down box select a network interface to listen on. In order to gather information from all interfaces, choose ANY. 2. Additionally, you can input certain other options for tcpdump via the Command Line. You can specify port numbers, protocols, the number of packets to be traced and many other options. A trace file created by tcpdump can then be viewed by a network packet analyzer such as Ethereal. An introduction to the network monitoring using these tools would be far beyond the scope of this manual, but there is a lot of documentation available on the web. Some briefly explained parameters: •-s0 Usually only the first 64 bytes of a packet will be traced. This reduces especially the size of long running traces. Please note that traces especially on the LAN interface can get very large rather quickly if no filters are specified. The -s0 parameter will remove the 64 Byte limitation. The entire packet including the payload will be visible in the trace file. •port 5060 This will introduce a filter into the trace only for the packets with source or destination •src host 10.10.10.10 This will restrict the tracing to all packets coming from the specified host. The IP 10.10.10.10 is of course just an example. amcc-4_ug_en_2013-06 173 10 Diagnostics •dst host 10.10.10.10 This will restrict the tracing to all packets going to the specified host. •proto tcp You could also use protocols ip, icmp, udp here. This will trace only the specified packets. An example combining several of the above parameters would be for example -s0 port 5060. This would trace only SIP traffic, or to be more accurate all traffic on Port 5060. 3. Click on Start to start the trace. In order to stop and download the trace file, simply click on Stop and confirm saving the file to your disk. If you just want to check, whether the trace is already completed (e.g. in case you have specified a maximum size for files or a number of packets to be traced) click on Status . Your trace will not be interrupted, if it is still running. amcc-4_ug_en_2013-06 174 10 Diagnostics Figure 10.13: Starting trace Figure 10.14: Downloading trace file amcc-4_ug_en_2013-06 175 10 Diagnostics 10.15 Sup. Trace If there is a reoccurring error on your system and you need support, please record a Support Trace and let it run until the error has occurred again. This functionality will collect overall runtime information about your system and is very helpful in finding errors fast and reliably. After starting the Support Trace, please wait approx. 15 seconds before making the first text call. As soon as you click on stop , there will be an option to download the collected information. If the memory is about to run out the information gathering will be stopped automatically. So if the error has not occurred and the memory is full,i.e. the support trace recording has stopped, please download the support trace (to eliminate it on the Aastra AMC Controller) and conduct another support trace to capture the crucial information. Figure 10.15: This is where the Support Trace is started and stopped R ESTART OF THE SIP-P ROXY C OMPONENT If the SIP Proxy (Dual-Mode Server component on the status page) is active, it will be restarted when a support trace is recorded. This can be checked on the Status page. The SIP Proxy is usually active unless your Aastra AMC Controller runs in slave mode. As a result of this restart you might have to make your phones re-register. Most IP-phones, however, register by themselves in periodic intervals. amcc-4_ug_en_2013-06 176 11 Initial Setup via the Console If you log in via the (RS232) console, a login menu opens. You will see the following prompt: login: The only available user to login is root, with the same password as the admin’s password in the browser interface, initially sesam. You should change this password via the browser as soon as possible! There’s also a possibility to use separate passwords for the web interface and the console. Activate the setting "Separate CLI and GUI admin password" on the page "Change Password"; refer to 3.2. If this setting is deactivated, the option "W" (see below) will not be available. The menu pages do the same as the analog Web-GUI pages, but with reduced functionality: =======================[ Main menu ]======================== 1: 2: 3: 4: 5: Configure Configure Configure Configure Configure first LAN interface second LAN interface WAN interface SSH and HTTPS ports Routing 6: Firewall/NAT P: D: T: L: W: Physical Network Settings Set domain name server Set timezone Change language CLI Password Separate A: Apply configuration H: Shutdown R: Reboot 177 11 Initial Setup via the Console E: Exit -----------------------------------------------------------Please enter your choice: The setup of the follow-menus is self-explanatory. For example, by pressing 1 and RETURN, you will see the following: =============[ Configure first LAN interface ]============== Current values: IP address: 192.168.140.1 IP netmask: 255.255.255.0 -----------------------------------------------------------1: Enable DHCP 2: Change IP address 3: Change IP netmask S: Save and back to previous menu B: Back to previous menu -----------------------------------------------------------Please enter your choice: amcc-4_ug_en_2013-06 178 12 Factory and Password Reset (via console) The Aastra AMC Controller supports both a factory reset and a password reset. The latter just resets the password while the factory reset restores the complete configuration to factory default. If you forgot your password, you must have physical access to the device in order to do the reset. N O S OFTWARE R ESET Note that the factory reset has no influence on the installed software. The factory reset will only restore the complete configuration of the device (all contained in the /etc directory) to safe factory defaults for the currently installed software version. In order to change the software version, you need to upgrade or downgrade the software of the device. 12.1 Password Reset via RS232 After connecting a serial console or a keyboard and monitor you need to power up or reboot your box (press Ctrl-Alt-Delete). Then wait until you see the following prompt: SYSLINUX 1.62 0x3e713b13 Copyright (C) 1994-2001 H. Peter Anvin boot: Enter passwordreset and press enter. Your Aastra AMC Controller will boot normally but with the password reset to the default password. 12.2 Factory reset via RS232 After connecting a serial console or a keyboard and monitor you need to power up or reboot you box (press Ctrl-Alt-Delete). Then wait until you see the following prompt: 179 12 Factory and Password Reset (via console) SYSLINUX 1.62 0x3e713b13 Copyright (C) 1994-2001 H. Peter Anvin boot: Enter factoryreset and press enter. Your Aastra AMC Controller box will boot, perform a factory reset and the reboot again. After that your box will boot up normally, but of course needs to be reconfigured as all settings are reset to the factory defaults. Note that you have to be quick enough here, otherwise your box will reboot normally. Once you entered the first letter, you can wait as long as you like. amcc-4_ug_en_2013-06 180 13 Accounting Table via SNMP The Aastra AMC Controller collects accounting information on a per user basis in one of its database tables. This information can be fetched and reset via Simple Network Management Protocol (SNMP). Get the accounting table Please contact our support team to get the accounting table. The table contains (among others) the following keys: 1. sipNumber The SIP Number shows you the user to whom all remaining information in the line belongs. 2. gsmCalls The value displayed here will show the total amount of cellular calls made by this SIP User since the last reset of the database (we will describe later how this particular accounting table can be reset). 3. wlanCalls Just like the above mentioned cellular calls, the value given here will be the total amount of wireless calls made by this SIP User. 4. toGsmHandover Shows the total amount of handovers made from WLAN to cellular networks. 5. toWlanHandover Shows the total amount of handovers made from cellular networks to WLAN. 6. abnormallyAborted Shows the number of calls which were abnormally aborted by the PBX, i.e. call terminated by the PBX for example with: • 488 (not acceptable here) • 500 ( Server error) 181 13 Accounting Table via SNMP • BUT NOT 486 (Busy Here) • and rejections of calls 7. droppedCalls Shows the number of calls dropped by the Aastra AMC Controller, because of RTP timeouts or crashed sessions. 8. shortCalls Displays the number of calls with durations below or equal to 10 seconds. 9. minCallDuration Shows the duration (in seconds) of the shortest call made. 10. avgCallDuration Displays the average duration of all calls. 11. maxCallDuration Displays the maximum duration of all calls. 12. staticRoaming Shows the number of calls made from a Static Roaming situation. 13. callthrough Shows how many times Callthrough was used. 14. callback Shows how many times Callback was used. amcc-4_ug_en_2013-06 182 Index 911, 126 Accounting, 181 Activate further SIM cards, 106 area code, 88 Area Prefix, 88 Associating SIP Trunks, 96 automatic conversions, 84 B2BUA (port settings), 82 Backup Configuration Backup, 21 Failover Server, 31, 33 Remote Backup, 26 Slave, 31 User Data, 131 VRRP(Routers), 48 Basic Settings System, 16 Bottom Menu Bar, 14 Browser, 11 call features, 66 Call Log, 95 Call-through Early Media, 70 Call-through Number, 103 Callback, 103 Callback Number, 105 Caller ID Mapping, 95 Cellular Number (User Accounts), 119 Cellular Numbers, 122 Cellular to WLAN number, 108 Change Password, 18 Client Deployment, 154 Client Early Media, 71 Codec, 93 Codecs (PBX), 93 Common Name, 91 Configuration Backup, 21 country code, 88 country prefix, 88 Country Tones, per-PBX Sound Profiles, 134 Custom Firewall Rules, 57 deactivate users, 120 Debugging, 167 Default Password, 12 DHCP server, 38 Dial-in GSM, 104 Disable Number Converter, 72 Display names, 119 DNS (System), 17 Domain Name Server (System), 17 Dropped Packages, 172 DSCP, 53 DTMF Detection, 71 DTMF mode, 71 DUALMODE Port Settings, 82 SBC (Port Settings), 82 Dualmode Feature Access, 66 FMC User Domains, 131 Global Settings, 70 RTP options, 80 Early Media Call-through , 70 Client , 71 emergency call, 126 Endpoint, 91 183 Index Error Diagnostics, 167 Error Logs, 165 Etherreal, 173 External IP for NAT, 78 Factory Reset, 179 features, 66 firewall report, 172 Firewall Support, 172 fixed prefix, 89 FMC Enterprise Configuration, 69 FMC Status Page, 155 FMC User Domains, 131 From Header Mapping, 95 Global Settings, 70 Groupware, 147 GUIConcepts, 14 Handover Numbers, IMS, 107 handover, 108 Hold, 95 HTTPS port, 29 HTTPS Reverse Proxy, 147 Import/Export User List, 131 IMS, 107 In-band DTMF, 71 In-call features, 66 inactive, 95 install update, 20 Instant Messaging, 140 Interface Handling(FMC), 68 internal length, 89 internal numbers, 84 Interval Keepalives, 79 Keepalives (TCP), 79 LAN Interface 1, 38 LDAP Status, 160 License Information, 37 link, 167 amcc-4_ug_en_2013-06 local interface, 92 Log Levels, 165 Logging Messages, 165 Main Frame, 14 Main Navigation, 14 Mass Provisioning, 131 Media Stream Trace, 174 Multiple Cellular Numbers, 106 NAT, 68 External IP, 78 Network Trace, 173 NTP (Server), 47 Number Conversion, 89 number conversion, 90 Number Conversions, 124 Number Converter, 72 number converter, 95 Number Formatting Number Conversions, 124 Stages of Conversion, 72 Number Profile, 83 Operating Mode, 32 Outbound Proxy, 94 outgoing call prefix, 88 Page Header, 12 password, 18 Password Reset, 179 Passwords System, 18 PBX Access Codes, 128 PBX Configuration, 91 PBX Realm, 92 Ping, 167 Port Handling (FMC), 68 Ports (General), 29 Ports FMC, 82 Presence, 140 Problems with FMC Numbers, 103 Protocol Tracing, 174 Provisioning, 131 184 Index QoS, 53 Realm (PBX), 92 Redundancy VRRP, 48 Refresh, 172 Remote Backup, 26 Remote Logging Server, 165 Remote Update, 19 Restart, 37 restore configuration, 21 Restore Values, 35 Revert Configuration, 24 RFC 2833, 71 RFC3168, 81 Rollback, 24 RTP, 80 SDP, 95 Security, 68, 112 Database Security Key, 63 server features, 67 Session Border Controller, 68 SIM Switch, 106 Single Number Service, 104 SIP Host Configuration, 91 SIP INFO, 71 SIP number, 118 SIP Options, 77 Sip Traces, 174 SIP Trunk, 100 SIP Trunk Configuration, 100 SIP User Account, 116 SIP User Password, 118 SNMP, 181 SNMP (Daemon), 169 source pattern, 84 Special FMC Numbers, 103 SSH port, 29 Synchronize Database, 31 Failover Operation, 33 Operating Mode, 32 Master Mode, 32 Slave Mode, 33 amcc-4_ug_en_2013-06 Standalone mode, 32 Syslog, 165 Syslog File, 164 System Log Information, 165 System Name, 17 target pattern, 84 tcpdump, 173 Time and Date, 17 time zone, 17 Timeout Registration to PBX, 77 Users, 73 TLS Certificates, 60 Top Menu Bar, 12 Topology Hiding, 68 ToS, 53 TOS for media, 81 Trace Parameters, 173 Traceroute, 167 Traces, 167 Trunk Configuration, 100 Update, 19 User Profiles, 111 User Provisioning, 131 Virtual Interface, 44 VRRP, 48 WAN Interface, 42 WebGUI Access, 11 Wireshark, 173 WLAN Busy Sound, 71 WLAN to Cellular number, 108 XMPP Endpoints, 140 XMPP Users, 142, 143 185 c 2013 Aastra Technologies Limited. All rights reserved. This document contains proprietary information, which is protected by copyright. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, or translated into another language, without the prior written consent of Aastra Technologies Limited. NOTICE The information in this document is subject to change without notice. AASTRA MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Aastra shall not be liable for errors contained herein, neither for incidental nor for consequential damages in connection with the furnishing, performance, or use of these materials.
© Copyright 2024