Installation and Operation Manual
Table Of Contents
- Contents
- 1 Introduction
- 2 IP Security
- 3 Configuration
- 3.1 Requirements
- 3.2 Access the GUI
- 3.3 GUI Web Access
- 3.4 Configure the Mobility Master
- 3.5 Configure the Standby Mobility Master
- 3.6 Configure the Pari Master
- 3.7 Configure the Standby Pari Master
- 3.8 Configure the Master
- 3.9 Configure the Standby Master
- 3.10 Plug and Play Configuration
- 3.11 Configure the Radio
- 3.12 Configure Deployment
- 3.13 Add Users
- 4 Operation
- 4.1.1 Name the IPBS and IPBL
- 4.1.2 Change User Name and Password
- 4.1.3 Centralized Management of Administrator and Auditor Accounts Using Kerberos
- 4.1.4 Configure the NTP Settings
- 4.1.5 Certificates
- 4.1.6 License
- 4.2.1 Set DHCP Mode
- 4.2.2 Set a Static IP Address
- 4.2.3 Dynamic IP address via DHCP
- 4.2.4 Link
- 4.2.5 Configure VLAN
- 4.2.6 View LAN Statistics
- 4.2.7 Enable RSTP (only for IPBL)
- 4.2.8 Deactivate LAN Port (only for IPBL)
- 4.3.1 Configure IP Settings
- 4.3.2 Routing
- 4.4.1 Configure LDAP Server
- 4.4.2 Check LDAP Server Status
- 4.4.3 Configure LDAP Replicator
- 4.4.4 Check LDAP Replicator Status
- 4.4.5 Expert tool
- 4.5.1 Change System Name and Password
- 4.5.2 Set Subscription Method
- 4.5.3 Configure Authentication Code
- 4.5.4 Select Tones
- 4.5.5 Set Default Language
- 4.5.6 Set Frequency Band
- 4.5.7 Enable Carriers
- 4.5.8 Local R-Key Handling
- 4.5.9 No Transfer on Hangup
- 4.5.10 No On-Hold Display
- 4.5.11 Display Original Called
- 4.5.12 Early Encryption
- 4.5.13 Configure Coder
- 4.5.14 Secure RTP
- 4.5.15 Configure Supplementary Services
- 4.5.16 Select Mode
- 4.5.17 Set Master Id
- 4.5.18 Enable PARI Function
- 4.5.19 Set Region Code
- 4.5.20 Configure Gatekeeper
- 4.5.21 Registration for Anonymous Devices
- 4.5.22 Conferencing Unit
- 4.5.23 Select Crypto Master Mode
- 4.5.24 Select Mobility Master Mode
- 4.5.25 Connect Mobility Master to other Mobility Master(s)
- 4.5.26 Disconnect Mobility Master from other Mobility Master(s)
- 4.5.27 Connect Mobility Master to a Crypto Master
- 4.5.28 Connect Master to a Mobility Master
- 4.5.29 Enable the Radio
- 4.5.30 Enter IP Address to the PARI Master and the Standby PARI Master
- 4.5.31 Multiple Radio Configuration
- 4.5.32 PARI
- 4.5.33 SARI
- 4.5.34 Configure Air Synchronization
- 4.6.1 Add instance id to the user registration with the IP-PBX
- 4.6.2 IP-PBX supports redirection of registration when registered to alternative proxy
- 4.6.3 Use local contact port as source port for TCP and TLS connections
- 4.6.4 Session Timer (initial value)
- 4.7.1 Configure Messaging
- 4.7.2 Device Management
- 4.7.3 Service Discovery
- 4.7.4 Send Status Log
- 4.7.5 Module Fault List
- 4.8.1 Configure Automatic Firmware Update
- 4.8.2 Configure Logging
- 4.8.3 Configure the HTTP settings
- 4.8.4 Configure the HTTP Client settings
- 4.8.5 SNMP
- 4.8.6 Phonebook
- 4.8.7 Configure IP-DECT to Connect to a Presence System Using ICP
- 4.9.1 Show all Registered Users in the IP-DECT System
- 4.9.2 Search for User Information
- 4.9.3 Add a User
- 4.9.4 Add a User Administrator
- 4.9.5 Export the Users to a csv file
- 4.9.6 Show Anonymous
- 4.10.1 Radios
- 4.10.2 RFPs
- 4.10.3 Sync Ring
- 4.10.4 Sync Ports
- 4.10.5 Air Sync
- 4.10.6 Sync Lost Counter in IPBS
- 4.11.1 Air Sync Overview
- 4.11.2 Disturbances
- 4.11.3 Status
- 4.12.1 Display All Ongoing Calls in the System
- 4.12.2 Display Calls
- 4.12.3 Handover
- 4.13.1 General
- 4.13.2 Interfaces
- 4.13.3 SIP Interfaces
- 4.13.4 Gatekeeper Interfaces
- 4.13.5 Routes – Configuration
- 4.13.6 Show Active Calls
- 4.15.1 Before Upgrading
- 4.15.2 Upgrading Sequence
- 4.15.3 Software Upgrade from 2.X.X
- 4.15.4 Software Upgrade
- 4.15.5 Configuration After Updating the Firmware From Software Version 2.X.X to Later
- 4.15.6 Configuration After Updating the Firmware From Software Version 3.X.X to Later
- 4.22.1 Update Configuration
- 4.22.2 Update Firmware
- 4.22.3 Update the Boot File
- 4.22.4 Update the RFPs
- 4.27.1 Logging
- 4.27.2 Tracing
- 4.27.3 Alarms
- 4.27.4 Events
- 4.27.5 Performance
- 4.27.6 Config Show
- 4.27.7 Ping
- 4.27.8 Traceroute
- 4.27.9 Environment
- 4.27.10 RFP Scan
- 4.27.11 Service Report
- 4.28.1 Idle Reset
- 4.28.2 Immediate Reset
- 4.28.3 TFTP Mode
- 4.28.4 Boot
- 5 Commissioning
- 6 Troubleshooting
- 7 Related Documents
- Document History
- Appendix A: How to Configure and Use the Update Server
- Appendix B: Local R-Key Handling
- Appendix C: Database Maintenance
- Appendix D: Load Balancing
- Appendix E: Update Script for Configuration of Kerberos Clients
- Appendix F: Install Certificate in the Web Browser
- Appendix G: Used IP Ports
- Appendix H: Configure DHCP Options
TD 92579EN
10 April 2015 / Ver. N
Installation and Operation Manual
IP-DECT Base Station & IP-DECT Gateway (software version 7.2.X)
5
2.2 Introduction to IP Security in IP-DECT
A secure system requires more planning than an unsecured system.
2.2.1 Secure Web Access (https)
For IP-DECT devices
• https access should be enabled
• http access should preferably be disabled
For more information see 4.8.3 Configure the HTTP settings on page 78 .
2.2.2 TLS Certificates
Security in Web-based applications rely on cryptography. Cryptographical systems are only
as secure as their keys. This makes Key Management a critical and often neglected
concern. TLS Certificates have emerged as a clever way of managing large scale key
distribution.
Two certificate management tasks are needed for TLS:
1 Trust relationships when the device must know which third parties (e.g. IP-PBX) it
shall trust in, see
1. Trust Relationships.
2 Device certificates to authenticate the device against third parties, see 2. Certificate
Handling Options with Device Certificates.
1. Trust Relationships
Trust relationships are defined by a trust list in the device. The list contains the certificates
to be accepted by the device for TLS secured connections (e.g. HTTPS, SIPS).
For more information see Trust List on page 39.
2. Certificate Handling Options with Device Certificates
There are three certificate handling options:
• Default Device certificate
The default certificate is supplied with the device. It is a self-signed certificate. Self-
signed certificates provide only encryption, not authentication.
For more information see Default Device Certificate on page 41.
• Self-signed certificates
This option is for customers not planning on having their certificates signed by public
or private CAs. Self-signed certificates
provide encryption but do in most cases not
provide authentication.
For more information see Self-signed Certificates on page 41.
• Certificates signed by a Certificate Authority (CA)
Two options are possible:
- A) Certificates signed by the customer’s own CA. Customers possessing the
knowledge and infrastructure to house their own CA could build an internal