Add or Edit SIP Devices

Use this procedure to add SIP devices and register their credentials for secure authentication on the MBG (set-side) and the ICP-side. Credentials for MBG (set-side) and the ICP (icp-side) do not have to be the same.

Note that SIP device access is always restricted to authorized users. Clients must pass a registration at the MBG server before being passed through to the ICP for approval.

To add a SIP device:

  1. On the MBG main page, click the Teleworking tab and then click SIP.
  2. Click the + sign.
  3. Update the device options as required and then click Save.

    Field

    Description

    Notes

    Enabled

    Select to enable the set and allow it to connect to the ICP. Clear the check box to disable access.

    Configured ICP

    Select the ICP to which this device will connect.

    		  

    Set-side username

    Enter the set-side (MBG side) user name for the SIP client you want to authorize.

    For example, smithj.

    Note: In Auchan mode, MiVoice Border Gateway usernames must always be associated with a PNI. MiVoice Border Gateway maps between PNI+DN (set-side username) and DN (ICP-side username). In case of duplicate DNs, MiVoice Border Gateway will not allow new user creation.

    Set-side password

    Enter the set-side password for the SIP client you want to authorize. For security reasons, the password field is always blank.

    Choose a secure password that is not trivial. Ensure that it contains letters, numbers, and punctuation. (For example, Mitel*Server1!)

    If you attempt to configure a weak password, you will receive a warning or be prevented from preceding (depending on whether Permit Weak Passwords is enabled).

    Whenever you update the username, you can either enter a new password or continue to use the existing password. Note that the password field is always blank.

    Confirm set-side password

    Re-enter the set-side password for confirmation.

    ICP-side username

    Enter the Username that this SIP client uses to access the ICP.

    Leaving these fields blanks causes the ICP-side credentials to default to the same values as set-side credentials. If you have configured a non-trivial set-side password, this will not match the password configured in the ICP and connections for this set will be denied.

    We recommend that you enter both credentials for more secure authentication.

    Note: In Auchan mode, MiVoice Border Gateway usernames must always be associated with a PNI. MiVoice Border Gateway maps between PNI+DN (set-side username) and DN (ICP-side username). In case of duplicate DNs, MiVoice Border Gateway will not allow new user creation.

    ICP-side password

    Enter the password that this SIP client uses to access the ICP.

    Confirm ICP-side password

    Re-enter the ICP-side password for confirmation.

    PRACK support

    This option controls whether the "Provisional Response ACKnowledgement" (PRACK) method is used between MBG and the device.

    • Use master setting to use the global PRACK optionprogrammed on the Settings screen. This option controls whether MBG supports PRACK between itself and the peer, and is the default setting for all SIP devices.

    • Enabled to enable MBG to use PRACK with the selected device while the global PRACK option is disabled.

    • Disabled to prevent MBG from using PRACK with the selected device whilethe global PRACK option is enabled.

    For example, if the PRACK option is globally disabled on MBG and the peer but enabled on the SIP device, then MBG will support PRACK only on calls between itself and the device. Alternatively, if the PRACK option is globally enabled on MBG but disabled on the device, then MBG will use PRACK only between itself and the peer but not with the device.

    Default is Use master setting.

    Most peers now support PRACK, which can be useful in interoperability scenarios with the PSTN (see RFC 3262). If the remote SIP device supports PRACK, this option should be enabled.

    Options keepalives

    This option controls whether SIP "OPTIONS" messages are sent to the SIP device as a keepalive mechanism.

    • Use master setting to use the global keepalive option programmed on the Settings screen.

    • Never to prevent keepalives from being sent to the selected device.

    • Always to force keepalives to be sent the selected device.

    • Only Behind NAT to send keepalives only if the remote device is behind a NAT server that is not performing traversal such as STUN.

    Default is Use master setting.

    Gap register and Send options can be used together or separately.

    Heartbeat interval

    If "Options keepalives" is enabled, this is the interval at which keep-alive messages are sent. This setting overrides the "Options interval" programmed on the Settings screen.

    Challenge methods

    Use this setting to specify the challenge methods MBG will use to authenticate the remote SIP device. When an incoming request includes one of these methods, MBG will issue a "401 Authorization Required" response. The device must then retry the request with credentials contained within the message.

    To specify methods for the selected device:

    1. Click Override.

    2. Select one or more of the following methods: Invite, Subscribe, Refer, Prack, Bye, Options, Info, Notify, Update. Use Shift-click and Ctrl-click to select multiple items on the list.

    3. After you have finished updating the screen, click Save.

    To use the method(s) programmed on the Settings screen, click Use master setting.

    Default is Use master setting.

    The ACK and CANCEL methods cannot be challenged. REGISTER is always challenged.

    Description

    Enter a description for this SIP client/device.

    For example, JSmith

    Availability

    Select the SIP device/client availability:

    • Everywhere to enable the configured SIP credentials to be used to register a SIP device or WebRTC subscriber.

    • SIP devices only to enable the configured SIP credentials to be used to register a SIP device (but not a WebRTC subscriber).

    • WebRTC only to enable the configured SIP credentials to be used to register a WebRTC subscriber (but not a SIP device).

    Default is Everywhere

    Set-side RTP security

    This setting controls whether streaming between MBG and the specific TeleWorker SET device user should be encrypted (SRTP) or not encrypted (RTP); refer to the MBGEngineering Guidelines for further details.

    Inbound

    • Use master setting: Use the value configured in GLOBAL SIP options menu for the given user.

    • SRTP or RTP: Accept any inbound SRTP or RTP offers on the TeleWorker SET-side for the given user

    • SRTP only: Accept ONLY inbound SRTP offers on the TeleWorker SET-side for the given user – reject inbound RTP offers on the SET side for the given user

    • RTP only: Accept ONLY inbound RTP offers on the TeleWorker SET-side for the given user – reject inbound SRTP offers on the SET side for the given user

    Note: To enable usage of encrypted SRTP streaming, in addition to selecting the SRTP setting, the specific given remote TeleWorker SET device user must be properly configured to use SRTP. Otherwise, calls might fallback to unencrypted RTP streaming or even be rejected.

    Default is Use master setting.

    Outbound

    • Use master setting: Use the value configured in GLOBAL SIP options menu for the given user.

    • SRTP only: Only use SRTP when making outbound offers on the TeleWorker SET-side for the given user

    • RTP only: Only use RTP when making outbound offers on the TeleWorker SET-side for the given user

    • AVP+crypto: Use both SRTP or RTP when making outbound offers on the TeleWorker SET-side for the given user (SRTP preferred over RTP)

    Note: To enable usage of encrypted SRTP streaming, in addition to selecting the SRTP setting, the specific given remote TeleWorker SET device user must be properly configured to use SRTP. Otherwise, calls might fallback to unencrypted RTP streaming or even be rejected.

    Default is Use master setting.

    Preferred cipher

    Use master setting: Use the value configured in GLOBAL SIP options menu for the given user.

    AES_CM_128_HMAC_SHA1_32: Use AES_CM_128_HMAC_SHA1_32 as the preferred cryptosuite over AES_CM_128_HMAC_SHA1_80 when making outbound offers on the TeleWorker SET-side for the given user.

    AES_CM_128_HMAC_SHA1_80: Use AES_CM_128_HMAC_SHA1_80 as the preferred cryptosuite over AES_CM_128_HMAC_SHA1_32 when making outbound offers on the TeleWorker SET-side for the given user.

    Default is Use master setting.

    ICP-side RTP security

    This setting controls whether streaming between MBG and the ICP should be encrypted (SRTP) or not encrypted (RTP); refer to the MBG Engineering Guidelines for further details.

    Inbound

    Use master setting: Use the value configured in GLOBAL SIP options menu for the given user.

    SRTP or RTP: Accept any inbound SRTP or RTP offers on the ICP side for the given user.

    SRTP only: Accept ONLY inbound SRTP offers – reject inbound RTP offers on the ICP side for the given user.

    RTP only: Accept ONLY inbound RTP offers – reject inbound SRTP offers on the ICP side for the given user.

    Note: To enable usage of encrypted SRTP streaming, in addition to selecting the SRTP setting, the remote ICP endpoint must be properly configured to use SRTP. Otherwise, calls might fallback to unencrypted RTP streaming or even be rejected.

    Default is Use master setting.

    Outbound

    Use master setting: Use the value configured in GLOBAL SIP options menu for the given user.

    SRTP only: Only use SRTP when making outbound offers on the ICP side for the given user.

    RTP only: Only use RTP when making outbound offers on the ICP side for the given user.

    AVP+crypto: Use both SRTP or RTP when making outbound offers on the ICP side for the given user (SRTP preferred over RTP).

    Note: To enable usage of encrypted SRTP streaming, in addition to selecting the SRTP setting, the remote ICP endpoint must be properly configured to use SRTP. Otherwise, calls might fallback to unencrypted RTP streaming or even be rejected.

    Default is Use master setting.

    Preferred cipher

    Use master setting: Use the value configured in GLOBAL SIP options menu for the given user.

    AES_CM_128_HMAC_SHA1_32: Use AES_CM_128_HMAC_SHA1_32 as the preferred cryptosuite over AES_CM_128_HMAC_SHA1_80 when making outbound offers on the ICP side for the given user.

    AES_CM_128_HMAC_SHA1_80: Use AES_CM_128_HMAC_SHA1_80 as the preferred cryptosuite over AES_CM_128_HMAC_SHA1_32 when making outbound offers for the given user.

    Default is Use master setting.

    Local streaming between device calls

    Select an option:

    • Use master setting to allow the selected remote device to use the global local streaming option programmed on the Settings screen.

    • Enabled to force the remote device to use local streaming always.

    • Disabled to prevent the remote device from using local streaming.

    Default is Use master setting.

    Log verbosity

    At times, it may be necessary to increase log verbosity for specific troubleshooting purposes. Select Normal, Very Quiet, Quiet, Verbose, Very Verbose, or Use master setting to use the Log Verbosity setting programmed on the Settings screen.

    Default is Use master setting.

    Enable Detailed Jitter Log

    Similar to log verbosity, this field controls the jitter log.

    • Use master setting to allow the selected remote IP Phone to use the global jitter log setting programmed on the Settings screen.

    • Enabled to enable detailed logging for the selected device.

    • Disabled to disable detailed logging for the selected device.

    Default is Use master setting.

    RTP Framesize

    This setting overrides the default value requested by the ICP or SIP peer request. It should be changed only if your system has specific requirements. For more information about RTP frame size, see the Engineering Guidelines.

    • Use master setting to allow the selected remote IP Phone to use the global RTP Framesize setting programmed on the Settings screen.

    • Enabled to enable detailed logging for the selected device.

    • Disabled to disable detailed logging for the selected device.

    Default is Use master setting.

    Codec support

    If you are doing secure call recording and the 3rd-party call recording equipment (CRE) only supports G.711a, G.711u and G.729a, you can restrict MBG to using those codecs. If you are not operating under these limitations, you should allow MBG to use an unrestricted range of codecs. :

    • Use master setting to allow the selected remote device to use the global Codec support setting programmed on the Settings screen.

    • Unrestricted to the selected remote device to use any codec.

    • Restricted to G.729, G.711 to force the selected remote device to useG.711a, G.711u, or G.729a.

    Default is Use master setting.

    Tone Injection

    With this option enabled, a configurable tone will be injected into all calls. See Tone Injection for details.

    • Frequency sets the pitch of the tone.

    • Duration defines the length of the tone.

    • Interval controls the time between the played tones.

    • Volume sets the volume of the tone. The values towards zero are louder.

    • Mix/Muxcontrols whether to mix the tone into the audio stream, or replace the audio stream with the tone while playing.

    • Direction defines whether to play the tone in the audio stream going towards:

      • RX: the set

      • TX: the ICP
      • RXTX: both

    Note: To disable the tone, clear the Enabled option and select Use master.

    Default is Use master setting.

Edit SIP Devices

To edit a SIP device:

  1. On the MBG main page, click the Teleworking tab and then click SIP.
  2. In the device listing, locate the device you want edit and click .
  3. Edit device information as required.
  4. Click Save.

Delete SIP Devices

To delete a SIP device:

  1. On the MBG main page, click the Teleworking tab and then click SIP.
  2. In the device listing, locate the device you want to delete and click .
  3. Click Delete. The deletion is confirmed.
Parent topic: Managing Individual Devices