Network Router - Wireless Network Device User Manual

ManualsBrandsPolycom ManualsMusic EquipmentV2IU 4350

Table Of Contents

User Manual

IU 4350 Converged

Network Appliance

V7.2.2 — May 2007

Summary of content (120 pages)

PAGE 1
User Manual V2IU 4350 Converged Network Appliance V7.2.
PAGE 2
Trademark Information Polycom®, the Polycom logo design, [and others that appear in your document] are registered trademarks of Polycom, Inc. [List other trademarks]™ are trademarks of Polycom, Inc. in the United States and various other countries. All other trademarks are the property of their respective owners. © 2007 Polycom, Inc. All rights reserved. Polycom Inc.
PAGE 3
Contents 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1–1 The V2IU 4350 Converged Network Appliance . . . . . . . . . . . . . . . . . . . . . 1–1 T1 Wide Area Network (WAN) Access Router . . . . . . . . . . . . . . . . . . 1–1 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1–2 VoIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 4
User Manual V2IU 4350 Converged Network Appliance System Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3–12 Configure the LAN Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring VLANs in the 4350 . . . . . . . . . . . . . . . . . . . . . . . . . . Modify an Existing VLAN Configuration . . . . . . . . . . . . . . . . . . Delete an Existing VLAN Configuration . . . . . . . . . . . . . . . . . . .
PAGE 5
Contents Configuring Peering Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3–47 Adding an H.323 Prefix Entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3–48 Clients List Lock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3–49 Enabling the Clients List Lock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3–50 H.323 Activity Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 6
User Manual V2IU 4350 Converged Network Appliance 4 System Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4–1 Viewing Software Version, Hardware Platform and the LAN MAC Address 4–1 Viewing the ALG registration code . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4–2 Enter the Registration Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4–2 Viewing Networking Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Routing Information . . . .
PAGE 7
Contents FCC PART 68 NOTICE TO USERS OF DIGITAL SERVICE Regulatory Notices–10 INDUSTRY CANADA (IC) NOTICE . . . . . . . . . . . . .
PAGE 8
User Manual V2IU 4350 Converged Network Appliance 6
PAGE 9
1 Introduction The V2IU 4350 Converged Network Appliance The V2IU 4350 is an intelligent, all-in-one networking solution for enterprises and service providers. It reduces costs by simplifying the deployment, management and security of converged voice, video and data networks. The 4350 provides the following important functions for converged networks: T1 Wide Area Network (WAN) Access Router The 4350 provides an integrated T1 CSU/DSU for small and medium office connectivity.
PAGE 10
User Manual V2IU 4350 Converged Network Appliance • Meets FCC part 68 protection requirements Security A stateful packet inspection firewall is used in combination with a VoIP application layer gateway to provide comprehensive “media-aware” security. The 4350 also supports IPSec for secure site-to-site networking. VoIP The 4350 resolves NAT/FW traversal problems for SIP, MGCP and H.323 traffic. It allows a single public IP address to be used for multiple VoIP clients.
PAGE 11
Introduction — Diffserv marking and policing — Traffic shaping — VoIP call admission control prevents oversubscription of priority queue • Security — Stateful packet inspection firewall — VoIP aware firewall dynamically provisions and closes UDP ports used for VoIP calls — IPSec: 3DES, SHA-1 — NAT/PAT server hides enterprise LAN topology • Passive Call Quality Monitoring — Per call statistics include mean opinion score (average and minimum), jitter, latency, packet loss and much more — Alarms for poor M
PAGE 12
User Manual V2IU 4350 Converged Network Appliance Back Panel The back panel of the 4350E contains the following connections: Name Description A Power Connector Accepts the plug from the supplied power cord to connect the unit to an AC power source B 10/100 Mbps LAN Ports 4 x Local Area Network (LAN) ports to connect the IP phones or an Ethernet switch.
PAGE 13
2 Getting Started Physical Installation The V2IU 4350 is designed for desktop, rack or wall-mount installation. Please observe the following guidelines when installing the system: • Never assume that the AC cord is disconnected from a power source. Always check first. • Always connect the AC power cord to a properly grounded AC outlet to avoid damage to the system or injury.
PAGE 14
User Manual V2IU 4350 Converged Network Appliance • If the T1/E1 port will be used to connect to WAN: — T1 cable to connect the T1/E1 port to a T1 line. Warning To reduce the risk of fire, use only 26 AWG or larger wire (e.g. 24, 22, 20, etc.) to connect the T1 port on your unit to an RJ-45 jack. • Ethernet cables to connect the LAN ports to LAN switches or to individual IP phones.
PAGE 15
Getting Started 4. Mount the 4350 on the wall as shown below. Do not mount the 4350 on the wall as shown below. 1. Connect the power and network cables to the appropriate ports on the back of the system. Warning Secure the power supply using a fastener or nearby shelf so that it does not hang from the power connector. Caution To reduce the risk of fire, use only 26 AWG or larger wire (e.g. 24, 22, 20, etc.) to connect the T1 port on your unit to an RJ-45 jack.
PAGE 16
User Manual V2IU 4350 Converged Network Appliance Connecting the Power and Cables The 4350 comes with an AC power cord and power adapter for connecting the unit to the AC outlet. Warning Caution Always connect the AC power cord to an AC outlet suitable for the power supply that came with the unit in order to reduce the risk of damage to it. • Connect one end of the AC power cord to the power adapter and the other one to the AC outlet.
PAGE 17
Getting Started 2. Launch a web browser on the PC and enter the URL string: 192.168.1.1. Press Return. 3. Enter the username root and the password default to log into the system. The 4350 main configuration menu appears. Note For secure management of your network, be sure to change the default userid and password as described under Change the Administration Password. 4. Configure the system using the information provided in Chapter 3.
PAGE 18
User Manual V2IU 4350 Converged Network Appliance 2-6
PAGE 19
3 Configuring the V2IU 4350 The V2IU 4350 is a flexible, easy to use converged network appliance that provides many critical networking functions for IP based voice, video and data.
PAGE 20
User Manual V2IU 4350 Converged Network Appliance Configuration Guide For IP Centrex Applications A typical 4350 installation for an IP Centrex application requires no external router or firewall. The 4350 WAN port is connected directly to the T1/E1 line and the LAN port(s) are connected directly to enterprise devices and/or Ethernet switches.
PAGE 21
Configuring the V2IU 4350 • NAT/PAT translation for IP phones and PC’s. This allows a single public IP address to be used on the WAN link to represent all of the private IP addresses assigned to the LAN IP phones and PC’s. • Static NAT entries. This enables the customer to use a WAN public IP address for data servers (web, mail, ftp, etc.) connected behind the 4350. These servers can then be configured with private IP addresses for additional security. • A “VoIP” aware firewall.
PAGE 22
User Manual V2IU 4350 Converged Network Appliance enable Call Admission Control Optional Configuration Guide For Station Side IP PBX Applications Most private enterprise VoIP networks use an IP PBX at the corporate headquarters location to provide voice switching between headquarters, branch offices and the PSTN. The 4350 is used in these environments to securely connect branch office employees to the IP PBX installed in the corporate headquarters location.
PAGE 23
Configuring the V2IU 4350 The IP PBX in the corporate headquarters location performs VoIP signaling and the 4350 acts as a proxy for the voice devices installed at the branch office. Please note that in the configuration the 4350 located at the Headquarters location is acting as a WAN router only. The 4350s installed at the brand offices perform the following functions in this application: • WAN/LAN IP routing. • Traffic shaping and priority queuing to guarantee high quality voice traffic.
PAGE 24
User Manual V2IU 4350 Converged Network Appliance Data Networking Configuration Firewall Configuration Traffic Management Configuration dynamic NAT Optional but recommended static NAT Optional static IP routing Optional enable the data firewall Yes configure basic settings Optional configure advanced settings Optional enable traffic shaping Yes enable Call Admission Control Optional Configuration Guide For Trunk Side IP PBX Applications Companies with existing IP-based WAN links for inte
PAGE 25
Configuring the V2IU 4350 Configuration Outline Task Subtask Configure For Trunk Side IP PBX Application? System Configuration configure LAN/WAN interface Yes set ethernet link rate Optional enable the DHCP server Not required configure SNMP Optional enable the VoIP ALG Not required configure a VoIP subnet route Not required dynamic NAT Not required static NAT Not required static IP routing Not required enable the data firewall Not required configure basic settings Not required co
PAGE 26
User Manual V2IU 4350 Converged Network Appliance Configuration Guide For Hosted Video Applications A typical 4350 installation for hosted video applications is depicted in the diagram below. In this scenario, the 4350s are used to connect all of the video endpoints to the Gatekeeper. The video endpoints should be configured to point to the LAN address of the 4350 as the Gatekeeper and the 4350 will proxy RAS and call setup messages to the Gatekeeper Service Provider ISDN, PSTN Network PSTN H.
PAGE 27
Configuring the V2IU 4350 • Traffic shaping and priority queuing to guarantee high quality video traffic. These mechanisms protect video and data traffic from contending for the same network resources to guarantee low latency and the highest call quality possible for voice and video traffic. At the same time they ensure the best utilization of WAN bandwidth by enabling data traffic to burst up to full line rate in the absence of video calls.
PAGE 28
User Manual V2IU 4350 Converged Network Appliance Configuration Guide For Enterprise Video Applications A typical 4350 installation for enterprise video applications is depicted in the diagram below. In this scenario, the 4350s are used to connect all of the video endpoints to the Gatekeeper. The video endpoints should be configured to point to the LAN address of the 4350 as the Gatekeeper and the 4350 will proxy RAS and call setup messages to the Gatekeeper. Headquarters PC H.
PAGE 29
Configuring the V2IU 4350 call quality possible for voice and video traffic. At the same time they ensure the best utilization of WAN bandwidth by enabling data traffic to burst up to full line rate in the absence of video calls. Precedence is automatically given to traffic coming from video endpoints and other devices using the 4350’s Application Layer Gateway function. • Video NAT/PAT translation for video endpoints and PC’s.
PAGE 30
User Manual V2IU 4350 Converged Network Appliance System Configuration This section explains how to configure the 4350 to function in your IP network. You will configure the T1/E1 WAN interface, Ethernet interfaces, network addresses, DNS settings, default gateway, SNMP settings and change the administrative password. 1. Physically connect to the 4350 as described in Administration of the 4350 on page 2-4. A browser-based configuration GUI should appear, as shown here. 2.
PAGE 31
Configuring the V2IU 4350 3. Press Submit. Configuring VLANs in the 4350 As depicted in the diagram below, VLANs are used to connect the 4350 to an Ethernet switch that has been configured to use VLANs. VLANid 1/2 VLANid 1/3 VLAN Switch 4350 4300T VLANid 1/2/3 VLANid 1/2/3 (VLANid 16) P1 P2 P3 P4 WAN 802.1 EM006 Typically, all VoIP devices are placed in the same VLAN while data devices are placed in a different VLAN. This is to ensure priority treatment of the VoIP traffic on the LAN.
PAGE 32
User Manual V2IU 4350 Converged Network Appliance • 802.1p is not currently supported 1. Select the Network link. 2. Select Enable VLAN support. 3. Press Submit. Caution Be careful when changing a port from 802.1 to 802.1q mode. Any 802.1 devices connected to that port (such as your management PC!) will loose access to the 4350. Port 4 is only able to receive 802.1 frames, so a PC can always be connected to this port if the configuration of the other ports is unknown. 4. Select System. 5.
PAGE 33
Configuring the V2IU 4350 — 802.1 mode: Assign the port to any ONE VLAN. — 802.1q mode: Assign the port to any number of VLANs Perform steps 1 through 6 above for each VLAN you wish to create. Modify an Existing VLAN Configuration 1. Select the Network link. 2. Select VLAN Settings. 3. Change the desired settings. 4. Press the Modify to modify the VLAN. The Reset button will restore the input area being modified to its previous value. Delete an Existing VLAN Configuration 1. Select the Network link. 2.
PAGE 34
User Manual V2IU 4350 Converged Network Appliance Assign the 4350’s ALG to your Priority VLAN Once you have completed your VLAN configuration you must assign the 4350 ALG to the VLAN containing your VoIP phones. 1. Select the VoIP ALG from the main configuration menu. 2. Use the drop down menu to assign the ALG to the VLAN ID containing your VoIP phones. 3. Press Submit. Configure the WAN Interface The 10/100 Ethernet WAN port is configured as follows: 1.
PAGE 35
Configuring the V2IU 4350 6. Enter the Default Gateway. This is usually the upstream router’s IP address. Packets destined for IP networks not known to the 4350 are forwarded to the default gateway for handling. 7. Enter the Primary DNS Server. The DNS server is used by the 4350 to resolve domain names to IP addresses. The value entered into this field is provided to IP devices that use the 4350 as a DHCP server.
PAGE 36
User Manual V2IU 4350 Converged Network Appliance Protocol Display and set the T1 Layer 2 protocol. Supported protocols are: • HDLC • Cisco HDLC • PPP • ANSI (Frame Relay) • CCITT (Frame Relay) 1. Select the desired T1 protocol. 2. Press Submit. Frame Relay Mode and DLCI When the Protocol is one of ANSI or CCITT, then additional Frame Relay configuration parameters are required. The Frame Relay Mode is usually set to DTE for the customer premises.
PAGE 37
Configuring the V2IU 4350 Timing Display and set the clock timing source for the T1/E1 interface. The timing can be either derived from the network (External) or provided to the T1 interface by the V2IU (Internal). With a carrier-provided T1, the timing is usually derived from the network (External, the default setting). Warning Mismatched timing modes can result in WAN connectivity but with intermittent data loss. Payload Loopback Display and set the loopback setting.
PAGE 38
User Manual V2IU 4350 Converged Network Appliance In addition the 4350 will provide its LAN IP address in DHCP user options 150 and 151 for use by IP phones. Some IP phones use these values for configuration of their TFTP server and MGCP control server addresses. Note The DHCP server in the 4350 should not be used if a DHCP server already exists in the same subnet as the 4350. Also, it is recommended that you assign static IP addresses for common-access devices such as network printers or fax machines.
PAGE 39
Configuring the V2IU 4350 Note If you are not using WINS leave this field blank. The Windows Internal Naming Service (WINS) is a service that keeps a database of computer name-to-IP address mappings so that computer names used in Windows environments can be mapped to IP addresses. The WINS Address is the IP address of the WINS server in your network. This value will be delivered to clients. 1. Enter the TFTP/FTP Server Name (DHCP user option 66).
PAGE 40
User Manual V2IU 4350 Converged Network Appliance Configure Hostname, SNMP and Remote Logging The 4350 can be managed remotely by an SNMP network management system such as HP Openview. The 4350 supports SNMPv1 or SNMPv3 and MIB-II (RFC1213). All MIB-II variables are read only. The MIB variables sysContact and sysLocation are set by the web GUI. Messages generated by the 4350 can be sent to a remote log server. The configuration screen is reached through the Configuration Menu: 1. Select System. 2.
PAGE 41
Configuring the V2IU 4350 2. Enter the System Location. This is a comment string that can be used to indicate the physical location of the 4350. By default, no value is set. 3. Enter the System Contact. This is the administrative contact information for the 4350. By default, no value is set. 4. Enter the SNMP Port. This is the port that the 4350 uses for SNMP communications with the network management system. The default is 161. 5. Press Submit. Disable SNMP 1. Select System. 2. Select System Overview. 3.
PAGE 42
User Manual V2IU 4350 Converged Network Appliance Configure a local Hostname A locally configured hostname is useful for remote management. This name can appear as the identifier string for the 4350 on a system management console. >> Enter a host name in the field provided. Enable Mean Opinion Scoring (MOS) The 4350 produces useful statistics on a per call basis that can be written to syslog. These include MOS, jitter, latency, packet loss and much more. 1. Select System. 2. Select System Overview. 3.
PAGE 43
Configuring the V2IU 4350 The new password must be between 6 and 20 characters in length. Any combination of alpha and numeric characters is accepted. Note 1. Enter the password you chose in step C again in the Confirm Password to ensure that there were no mistakes in the initial entry. 2. Press Submit. Read-only User This feature works by creating a new user with read-only access to the system. All information is displayed in a non-changeable form.
PAGE 44
User Manual V2IU 4350 Converged Network Appliance Note: All open web browsers must be closed when you change between administrative user “root” and read-only “rouser.” 4. Enter a new password. The password must be a minimum of six characters long. 4. Re-enter the new password to confirm it. 5. Click Submit. Now when you access the system using this user name (rouser) and password, all fields are read-only.
PAGE 45
Configuring the V2IU 4350 When viewing the Network Information page, Subinterfaces are designated in the Interface Information section with the device name and number, separated by a colon (for example, eth0:100). Configuring Subinterfaces To configure subinterfaces, use the following steps: 1. Using the configuration graphical user interface, from the Configuration Menu on the left-hand side, click Network. 2. Click Subinterfaces. The window shown below opens. 3.
PAGE 46
User Manual V2IU 4350 Converged Network Appliance ToS Byte Setting Since the Internet itself has no direct knowledge of how to optimize the path for a particular application or user, the IP protocol provides a limited facility for upper layer protocols to convey hints to the Internet Layer about how the trade-offs should be made for the particular packet. This facility is the “Type of Service” or ToS facility.
PAGE 47
Configuring the V2IU 4350 3. For most situations, you should leave this setting as it is. Only change it if your provider indicates that you should do so. If your provider indicates that you need to change the ToS byte setting, that provider should also provide the other parameters required on this screen. 4. If you have changed the values, click Submit to activate the new settings.
PAGE 48
User Manual V2IU 4350 Converged Network Appliance H.323 Configuration To access the H.323 Settings page, select VoIP ALG > H.323 in the Configuration Menu.
PAGE 49
Configuring the V2IU 4350 The H.
PAGE 50
User Manual V2IU 4350 Converged Network Appliance • H.460.18 Support • Alias Restrictions In the Gatekeeper mode area, select one of the following modes: Item Description None H.323 is disabled. WAN/Provider-side gatekeeper mode Specifies that the system will forward all client RAS messages to the gatekeeper. If this is selected, you must configure the settings in the WAN/Provider-side gatekeeper mode settings area.
PAGE 51
Configuring the V2IU 4350 If LAN/Subscriber-Side Gatekeeper mode is selected, you must configure the following parameters: Item Description LAN/Subscriber-side GK address Enter the IP address of the gatekeeper. Allow public IP in LCF Select the checkbox if the gatekeeper has been deployed with multiple outbound proxies and must decide which proxy to use based on the IP address returned in the LCF. This is an advanced configuration option and should usually not be selected.
PAGE 52
User Manual V2IU 4350 Converged Network Appliance Some RAS messages can be multicast in order to automatically detect gatekeepers. In the Multicast Messages area, you can enable listening to multicast messages. This area includes the following configurable parameter: Item Description Listen to multicast messages Select this checkbox to enable listening to multicast messages. In the H.460.18 Support area, you can configure H.460.18 support.
PAGE 53
Configuring the V2IU 4350 H.323 Activity To access the H.323 Activity page, select VoIP ALG > H.323 Activity in the Configuration Menu. The H.323 Activity page is a read-only page that shows the following information: • Current time • WAN Gatekeeper status • Current payload bandwidth • Estimated total bandwidth • Activity log of recent H.323 events H.323 Alias Manipulation Alias manipulation is performed immediately when a message (such as an ARQ, LRQ or a Setup) is received.
PAGE 54
User Manual V2IU 4350 Converged Network Appliance To access the H.323 Alias Manipulation page, select VoIP ALG > H.323 >Alias Manipulation in the Configuration Menu. This page includes the following areas: 3 - 36 Item Description Destination H323-ID or E.164 Alias Modification table Lists alias manipulation rules. Add a rule Allows you to add new prefixes to the Prefix Routing and Gatekeeping Neighboring table. Item Description Action Indicates whether the rule is to be added or edited.
PAGE 55
Configuring the V2IU 4350 The H.323 Alias Manipulation page includes the following buttons: Item Description Commit Applies the settings configured on this page. Reset Clears all fields and selections and allows you to enter new information. H.323 Neighboring Neighboring and prefix routing can be used to route calls based on a matching prefix in the destination alias of the call.
PAGE 56
User Manual V2IU 4350 Converged Network Appliance This page includes the following areas: Item Description Prefix Routing and Gatekeeper Neighboring table Lists rules for forwarding incoming calls based on their dialed alias. Add a prefix Allows you to add new prefixes to the Prefix Routing and Gatekeeper Neighboring table. Item Description Action Indicates whether the rule is to be added or edited. Prefix Specifies the prefix pattern to be matched against the dialing string.
PAGE 57
Configuring the V2IU 4350 Regular Expressions Alias manipulation patterns and prefixes use regular expressions to match a string in the destination alias. A regular expression can be a string of literal characters to match or a set of special expressions. Alias manipulation patterns can match a sub-string at any location and number of times within the alias. Prefixes are always searched from the left of the alias and cannot match a middle part or the end of the alias.
PAGE 58
User Manual V2IU 4350 Converged Network Appliance Forwarding Rules Forwarding Rules allows a system administrator to forward data traffic for a subnet from one interface to another, overriding the Firewall’s default drop rules. Allowing a subnet to be forwarded is commonly used when servers with public addresses are placed behind the system. Configuring the network in this way allows the system to manage and prioritize bandwidth, sharing it between the VoIP services and the servers.
PAGE 59
Configuring the V2IU 4350 Configuring Forwarding Rules To configure address forwarding rules, use the following steps: 1. Using the configuration graphical user interface, from the Configuration Menu on the left-hand side, click Firewall. 2. Click Forwarding Rules. The window shown below opens.
PAGE 60
User Manual V2IU 4350 Converged Network Appliance 3. On this screen, complete the following information: • IP Subnet: The subnet to be forward through the firewall from the Input Interface to the Output Interface. • Netmask: The network mask to apply to the IP Subnet to create the range of IP addresses that are forwarded through the firewall. • Input Interface: The interface where data is received that is destined for the forwarded subnet (destination address(es)).
PAGE 61
Configuring the V2IU 4350 — Any: for the specified network, allows all ports and protocols through the system. No ports are required because not all protocols support the concept of ports. • Port or Port Range: The port number or port range allowed through the system when UDP or TCP are selected. A port range is specified by separating the starting and ending ports with a colon ':' (for example, 22:80).
PAGE 62
User Manual V2IU 4350 Converged Network Appliance Note: A minimum configuration for Peering Proxy would be for inbound only prefixes, since there may be many endpoints to statically route calls to. There might also be a master gatekeeper to which all endpoints are registered. In this case, you would only need 1 prefix pointing to the master gatekeeper and let that gatekeeper signal the other endpoints directly.
PAGE 63
Configuring the V2IU 4350 Proxy provides an access point into this network and is responsible for the E.164 dial plan using NANP (North American Numbering Plans or NAP’s). The NAP’s in this case are 831 and 408. Dial plan integrity is required to insure proper routing of prefix's. This means that if users are to dial into your network, they could be required to enter a “Prefix” on their V2IU with a corresponding destination IP.
PAGE 64
User Manual V2IU 4350 Converged Network Appliance the Peering Proxy IP 10.10.10.1. The Peering Proxy applies the same rule set, in this case, NO matching prefix is found and ANNEX O dialing is applied. The call is now routed to Site A's V2IU. The call is forwarded to the LAN Side PathNavigator where the registered client with the E.164 of 4155551000 is located and the call is gatekeeper routed to the called endpoint. Inbound from Site A to Site C Site A dials: 8315551000@67.40.40.4.
PAGE 65
Configuring the V2IU 4350 Embedded Gatekeeper Mode. In this mode, the endpoint is directly registered, an E.164 registered client match is made, and the call is routed to the called endpoint. Outbound from Site C to Public IP Endpoint Site C dials the public endpoint: 9@61.10.10.4. The PathNavigator receives the call and generates a Q.931 setup to the V2IU for that subnet. The V2IU receives the Call setup from the calling endpoint, and the V2IU looks for a prefix match.
PAGE 66
User Manual V2IU 4350 Converged Network Appliance 3. On this screen, check “Peering-Proxy mode”. 4. Scroll to the bottom of the window and click Submit. Adding an H.323 Prefix Entry You can add prefixes by entering the prefix string and the target address. To add an H.323 prefix entry, use the following steps: 1. Using the configuration graphical user interface, from the Configuration Menu on the right-hand side, click VoIP ALG. 2. Click H.323 Prefixes. The window shown below opens.
PAGE 67
Configuring the V2IU 4350 The prefix routing table shows all currently configured prefixes. The prefixes are searched in the order they are entered. Each prefix can be moved up or down in the list. You can select and delete prefixes. 3. To strip a matching prefix, select the checkbox and click Submit. If you enable this, all matching prefixes are stripped from the destination alias before the call is forwarded. 4. To add an entry, enter the prefix and the address.
PAGE 68
User Manual V2IU 4350 Converged Network Appliance — Manually entering all clients that are allowed to use the system — Running the system without the Client List lockdown feature until all desired clients have registered • Enabling this feature. This feature is useful for lists involved with 911 usage. When this feature is in effect, any message from an unauthorized SIP client will be rejected with a “403 Forbidden” response. MGCP messages will be discarded.
PAGE 69
Configuring the V2IU 4350 H.323 Activity Monitor The H.323 Activity Monitor shows any recent H.323 events that may be of interest to the administrator of the system. The information appears in three columns: • Event/Time • Source • Destination Following this information are a number of lines with event specific information such as call-id, duration, call-status, and so on. Abnormal events have their event specific information listed in red.
PAGE 70
User Manual V2IU 4350 Converged Network Appliance Type of Events The events that may currently be listed in the activity monitor are as follows: • Bandwidth change - the endpoint requested a change of the bandwidth used for its call, only sent if the bandwidth management is enabled. • Call Setup – Only sent if the call was ‘successfully’ established. A call is successfully established if the H.245 media negotiation connection was established. • Call Termination – Sent when a call terminates.
PAGE 71
Configuring the V2IU 4350 • “Attempting to establish outgoing Q.931 TCP connection” Successfully resolved the destination of the call and attempting to establish an outgoing Q.931 TCP connection to the destination. • “Q.931 signaling received and forwarded” Both Q.931 TCP connections have been successfully established and Q.931 signaling has been received and forwarded. • “Callee admission request received” Received an admission request from the destination endpoint and forwarded it to the gatekeeper.
PAGE 72
User Manual V2IU 4350 Converged Network Appliance Call Termination The call termination cause may also give some information about why the call terminated or failed to be established. • “Out of system resources” The call could not be completed because the system was out of system resources. • “Client owning the call has been deleted” The call could not be completed because the client that made this call was deleted during the call setup.
PAGE 73
Configuring the V2IU 4350 The call could not be established because the system already is at the maximum allowed bandwidth. • “Received admission reject” The call was terminated because an admission reject was received from the gatekeeper. • “Received disengage request” The call was terminated because the endpoint requested to tear down the call. • “Received invalid data” The call could not be established because the system received invalid data on the signaling channel.
PAGE 74
User Manual V2IU 4350 Converged Network Appliance VoIP Configuration The 4350 provides a VoIP application layer gateway (ALG) for the SIP, MGCP, and H.323 protocols. The ALG proxies the connection between the VoIP softswitch, IP PBX or gatekeeper and voice and video devices such as IP phones, IADs or softphones. By acting as a proxy the 4350 is able to provide several important functions for IP based voice and video: • Provide NAT/PAT services for voice and video traffic.
PAGE 75
Configuring the V2IU 4350 Configure the VoIP ALG In order to configure the VoIP ALG the 4350 must be told where to reach the signaling servers and TFTP server on behalf of the voice devices. 1. Select VoIP ALG. 2. If using VLANs assign the ALG to a specific VLAN id using the drop down menu. 3. If you are using MGCP enter the MGCP Server IP Address, MGCP Media Gateway Port and MGCP Notified Entity Port. 4. If you are using SIP enter the SIP Server IP Address and SIP server port.
PAGE 76
User Manual V2IU 4350 Converged Network Appliance Note It is not necessary to program in an FTP server address if your IP phones use the FTP protocol instead of TFTP to retrieve their images. A relay function is not needed for FTP as the 4350 will forward FTP traffic to the destination server as programmed in your IP phone. 7. Automatic MGCP Re-registration is used to re-register MGCP endpoints every time the network or system restarts.
PAGE 77
Configuring the V2IU 4350 11. The Current payload bandwidth calculates the current video traffic, without IP overhead, traversing the Appliance. The Estimated total bandwidth calculates the total video traffic, plus IP overhead, traversing the Appliance. 12. The H.323 Max Aliases limits the number of aliases that are allowed to register with the Voice Appliance. If this number is exceeded when a client tries to register, the registration will be rejected.
PAGE 78
User Manual V2IU 4350 Converged Network Appliance Note VoIP Subnet Routing is separate and independent from static data routes (see Static IP routing). VoIP subnet routes must be configured for each LAN subnet that contains devices making use of the 4350’s Application Layer Gateway (ALG). These entries tell the ALG that the identified subnet is allowed to make use of its services and what router the ALG should use to reach that subnet. Enter a VoIP Subnet Route 1. Select System. 2.
PAGE 79
Configuring the V2IU 4350 2. Select System Overview. 3. Select VoIP Subnet Routing. 4. Enter the IP Network (e.g. 10.10.12.0). This is the IP address of the remote subnet containing the voice devices. 5. Enter the Netmask (e.g. 255.255.255.0). This is the mask of the IP address of the subnet containing the voice devices. 6. Enter the Gateway (e.g. 10.10.10.2). 7. This is the IP address of the intermediate router that knows the return path to the remote subnet from the 4350. 8.
PAGE 80
User Manual V2IU 4350 Converged Network Appliance Data Networking Configuration The 4350 provides static IP routing and two types of Network Address Translation (NAT) functions for data traffic. This section describes the use and configuration of these features. NAT for Data Traffic NAT allows hosts on a private internal network (the LAN side of the 4350) to anonymously communicate with devices on an external network (the WAN side of the 4350).
PAGE 81
Configuring the V2IU 4350 Configure Dynamic NAT Use Dynamic NAT when you have multiple PCs installed on the LAN side of the 4350 that require Internet or WAN access. Once Dynamic NAT is enabled the 4350 will automatically perform an address translation for all packets to/from the LAN side PCs. 1. From the Configuration Menu select NAT. 2. Use the Enable Lan NAT checkbox to enable or disable dynamic NAT. The default value for dynamic NAT is enabled. 3. Press Submit.
PAGE 82
User Manual V2IU 4350 Converged Network Appliance Delete a Static NAT entry 1. Select NAT. 2. To delete an IP address or a range of IP addresses highlight the entry in the Static NAT Client Entries list and press the Delete key on your keyboard. 3. Press Submit. Static IP routing In addition to locally connected IP networks the 4350 can forward traffic for a remote data network by configuring a static route entry.
PAGE 83
Configuring the V2IU 4350 4. Select the Apply Route checkbox. 5. Enter the IP Network address. This address is the remote data network you would like the 4350 to forward to the gateway. The hosts portion of the IP address should be set to “0”. For example, 10.10.20.0 6. Enter the Netmask of the remote data network. For example, 255.255.255.0 7. Enter the Gateway IP address of the interface that will receive all packets destined for the remote data network. 8. Press Submit. Delete the static route 1.
PAGE 84
User Manual V2IU 4350 Converged Network Appliance The 4350 uses a Stateful Packet Inspection (SPI) firewall to protect data devices installed behind the LAN interface. Voice devices are protected by the 4350 Application Layer Gateway (ALG) as described in VoIP Configuration. The firewall is enabled by default.
PAGE 85
Configuring the V2IU 4350 Action Description Input format Allow TCP Port Allows traffic with the specified TCP port to terminate on the 4350. *Valid values range from 1 through 65535. *Multiple entries are separated by a space Allows traffic with the specified UDP port to terminate on the 4350. *Valid values range from 1 through 65535.
PAGE 86
User Manual V2IU 4350 Converged Network Appliance Allow Hostwise UDP (IP-Port) Allows all traffic matching the specified UDP port numbers and the specified source IP addresses *Multiple entries are separated by a space *Port are specified using a - character. For example: 192.168.3.1-23 for Telnet. *Port ranges are specified using a : character. For example: 192.168.3.1-23:50 means port 23 through 50 *Classful IP addresses are assumed by default. For example: 192.168.3.1 uses a class c mask.
PAGE 87
Configuring the V2IU 4350 • Controls the data transfer rate of far-end WAN TCP devices to limit WAN link congestion. • Supports network-based QoS applications by setting the TOS bits for all VoIP packets sent to the WAN and the LAN. TOS bits are used so that VoIP packets can be prioritized in the network by DiffServ enabled routers. The TOS bit value used by the 4350 is to “minimize delay and maximize throughput”, or 0xb8 hexadecimal.
PAGE 88
User Manual V2IU 4350 Converged Network Appliance 3. Specify the upstream and downstream bandwidth of your WAN link 4. Enter the WAN Downstream Bandwidth in Kbps. 5. Enter the WAN Upstream Bandwidth in Kbps. Note For FT1/T1/E1 links the upstream and downstream bandwidths will always be the same value (the link is full-duplex). Optionally enable priority IP addresses VoIP traffic from devices that use the VoIP ALG function (phones, video stations, softphones on Pcs, etc.
PAGE 89
Configuring the V2IU 4350 Determining the maximum number of concurrent calls The maximum number of concurrent calls that can be supported by the WAN access link is calculated using the following formula: Max calls = (Maximum WAN upstream bandwidth * .85)/VoIP codec rate where, Maximum WAN upstream bandwidth = value entered in step D above (in Kbps) VoIP codec rate = 85.6Kbps for G.711 voice devices or 29.6Kbps for G.729 voice devices. The maximum WAN upstream bandwidth is multiplied by .
PAGE 90
User Manual V2IU 4350 Converged Network Appliance applied to traffic in both the upstream (LAN to WAN) and downstream (WAN to LAN) direction. Each direction is independent of the other and can support different size priority queues. Classifying High priority voice and video traffic generated by endpoint devices is automatically identified by the V2IU’s VoIP Application Layer Gateway. Other VoIP devices (not making use of the ALG) can be defined as high-priority by their IP address.
PAGE 91
Configuring the V2IU 4350 clocked out at the WAN link’s full rate LESS the bandwidth currently being used for high-priority (voice) data. High-priority data is clocked out at the WAN’s full link rate. Any long-lasting burst condition in low-priority data will cause these packets to be delayed and, if necessary, dropped.
PAGE 92
User Manual V2IU 4350 Converged Network Appliance Although RTP makes use of UDP the 4350 appliance is able to provide its own congestion avoidance mechanism for voice traffic using Call Admission Control (CAC).
PAGE 93
4 System Diagnostics The V2IU 4350 provides a powerful set of diagnostic information, troubleshooting tools and utilities for system maintenance to network operators. Viewing Software Version, Hardware Platform and the LAN MAC Address The software version, hardware platform, and LAN MAC address are common pieces of information requested by technical support and are accessed directly through the System page of the 4350 web GUI.
PAGE 94
User Manual V2IU 4350 Converged Network Appliance Viewing the ALG registration code You will also find a link to the ALG registration code on the System page. The registration code enables the ALG and is pre-installed at the factory. If the registration code is inadvertently deleted you can re-enter the code using the following steps: Enter the Registration Code 1. Select System. 2. Select registration code. 3. Select Edit Registration Code. 4. Enter the Registration Code.
PAGE 95
System Diagnostics To view the networking configuration and status of the 4350 proceed to the Network Information page as follows: 1. Select System. 2. Select System Overview. 3. Select Network Information. The following networking information is displayed: Routing Information The system routing table contains the static routes for hosts and networks that are configured on the 4350.
PAGE 96
User Manual V2IU 4350 Converged Network Appliance The interface statistics can point to areas of congestion in the network. If the errors statistic is a few percent or more of the total packets sent it may be an indication of excessive congestion on the network interface. If the congestion is not corrected the quality of voice calls will be affected. The topology of the network attached to the network interface with the errors should be examined and modified to better segment and isolate network traffic.
PAGE 97
System Diagnostics System Logging Messages Displays information logged during system boot and normal operation. Logging messages may indicate unauthorized attempts to access the 4350, process restart messages, and excessive resource utilization messages. Passive Voice Call Monitoring The 4350 monitors live voice calls and performs objective speech quality assessment. This information enables the network operator to assess voice quality for the purposes of SLA tracking or problem isolation.
PAGE 98
User Manual V2IU 4350 Converged Network Appliance Verify Registered Voice and Video Devices The 4350 maintains a list of all registered voice and video devices called a clients list so that it can properly route voice and video calls. At startup, voice and video devices register their IP addresses with the 4350. The 4350 then registers on behalf of the voice and video devices by providing its own WAN IP address to the softswitch, gatekeeper, or IP PBX.
PAGE 99
System Diagnostics Performing a Ping Test A ping test is the most common test used to verify basic connectivity to a networking device. Successful ping test results indicate that both physical and virtual path connections exist between the 4350 and the test IP address. Successful ping tests do not guarantee that all data traffic is allowed between the 4350 and the test IP address but is useful to verify basic reachability. The following steps are used to perform a ping test: 1. Select System. 2.
PAGE 100
User Manual V2IU 4350 Converged Network Appliance The Network Test Tools page will be refreshed and the results of the traceroute test are displayed (this may take several seconds). The Reset button is used to clear the IP address entry used in step D above. Restarting Networking Processes In extreme circumstances while troubleshooting you may be asked to restart the networking processes including the VoIP ALG in the 4350 by technical support. Use the following steps to restart the networking processes: 1.
PAGE 101
5 Saving and Restoring the V2IU 4350 Configuration The V2IU 4350 stores all configuration information for the system in a series of individual files that reside in local flash memory. These files are read at boot time to determine the configuration identity of the 4350 and then stored in RAM as “running” state. As you configure the 4350 the submit command writes the configuration changes to both RAM and flash so that the files stored in flash are always up to date with the running state of the system.
PAGE 102
User Manual V2IU 4350 Converged Network Appliance 1. Use a NULL modem cable to connect to serial port 1 of the 4350 2. Use a terminal emulator such as Hyperterminal set to a baud rate of 9600, 8, 1 and none (databits, stop bits and parity) Alternatively you can connect to the 4350 remotely using SSH: 1. Logon as root 2.
PAGE 103
Saving and Restoring the V2IU 4350 Configuration Delete a Backup File # ewn delete Delete the backup file specified in the filename. Load a Backup File so that it Becomes the Running Configuration # ewn load Loads the specified backup file into RAM and makes it the active running configuration. Warning Issuing this command will automatically restart the 4350 and therefore interrupt any active voice calls and data sessions.
PAGE 104
User Manual V2IU 4350 Converged Network Appliance 5-4
PAGE 105
6 Upgrading the V2IU 4350 This chapter describes how to upgrade your 4350 to the latest software release available from Polycom. It is recommended that you reboot the 4350 prior to performing the upgrade. This is to make sure there is enough dynamic memory available to handle the upgrade process. Warning When you update your software telephone services will be unavailable for several minutes.
PAGE 106
User Manual V2IU 4350 Converged Network Appliance 4. Enter the Download Server address of ftp.support.polycom.com. 5. Enter the Filename: flash.bin 6. Press Submit. You can follow the progress of the upgrade by selecting the refresh the upgrade status link. Warning Do not change the configuration or power off the device until the write is 100 percent complete. The 4350 may become unusable if the write is interrupted. The flash write can take up to 5 minutes depending on the speed of the download server.
PAGE 107
Appendix Troubleshooting Tips This section contains possible solutions to problems regarding the installation of the V2IU 4350. I am having trouble reaching the Internet through the 4350. We recommend connecting a PC directly (or via a switch) to the LAN port of the 4350. The default LAN IP address of the 4350 is 192.168.1.1 so please be sure that the IP address of the PC is on the same network (such as 192.168.1.2).
PAGE 108
User Manual V2IU 4350 Converged Network Appliance 5. Select Network Test Tools. 6. Enter the softswitch address in the IP Address to Ping field. 7. Press Ping. Specifications WAN Ports 1xT1 CSU/DSU or 10/100 Ethernet LAN Ports 4x10/100 Ethernet (switched) Serial Ports 1xRS-232 Dimensions Height (1.
PAGE 109
Regulatory Notices Important Safeguards Read and understand the following instructions before using the system: • Close supervision is necessary when the system is used by or near children. Do not leave unattended while in use. • Only use electrical extension cords with a current rating at least equal to that of the system. • Always disconnect the system from power before cleaning and servicing and when not in use. • Do not spray liquids directly onto the system when cleaning.
PAGE 110
V2IU 4350 Converged Network Appliance User Manual The SOFTWARE PRODUCT is protected by copyright laws and international copyright treaties, as well as other intellectual property laws and treaties. The SOFTWARE PRODUCT is licensed (not sold) to you, and its use is subject to the terms of this Agreement. This is NOT a sale contract. 1.GRANT OF LICENSE.
PAGE 111
Regulatory Notices 2.6Copyright. All title and copyrights in and to the SOFTWARE PRODUCT (including but not limited to any images, photographs, animations, video, audio, music, text, and “applets” incorporated into the SOFTWARE PRODUCT), the accompanying printed materials, and any copies of the SOFTWARE PRODUCT are owned by POLYCOM or its suppliers. Title, ownership rights, and intellectual property rights in the SOFTWARE PRODUCT shall remain in POLYCOM or its suppliers.
PAGE 112
V2IU 4350 Converged Network Appliance User Manual may use the resulting upgraded SOFTWARE PRODUCT only in accordance with the terms of this Agreement. If the SOFTWARE PRODUCT is an upgrade of a component of a package of software programs that you licensed as a single product, the SOFTWARE PRODUCT may be used and transferred only as part of that single SOFTWARE PRODUCT package and may not be separated for use on more than one PRODUCT. 6.WARRANTY AND WARRANTY EXCLUSIONS. 6.1Limited Warranty.
PAGE 113
Regulatory Notices RANGE OF THE INTENDED USE, OR BY ACCIDENT, FIRE, LIGHTNING, POWER CUTS OR OUTAGES, OTHER HAZARDS, OR ACTS OF GOD. 7.LIMITATION OF LIABILITY. YOUR USE OF THE SOFTWARE PRODUCT IS AT YOUR SOLE RISK. YOU WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE TO YOUR COMPUTER SYSTEM OR LOSS OF DATA THAT RESULTS FROM THE DOWNLOAD OR USE OF THE SOFTWARE PRODUCT.
PAGE 114
V2IU 4350 Converged Network Appliance User Manual WITHIN CALIFORNIA BETWEEN CALIFORNIA RESIDENTS, AND BY THE LAWS OF THE UNITED STATES. The United Nations Convention on Contracts for the International Sale of Goods (1980) is hereby excluded in its entirety from application to this Agreement. 11.2Entire Agreement. This Agreement represents the complete agreement concerning the SOFTWARE PRODUCT and may be amended only by a writing executed by both parties.
PAGE 115
Regulatory Notices translated into another language. (Hereinafter, translation is included without limitation in the term “modification”.) Each licensee is addressed as “you”. Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program).
PAGE 116
V2IU 4350 Converged Network Appliance User Manual or distribution medium does not bring the other work under the scope of this License. 3.
PAGE 117
Regulatory Notices to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7.
PAGE 118
V2IU 4350 Converged Network Appliance User Manual write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
PAGE 119
Regulatory Notices (3) If the unit appears to be malfunctioning, it should be disconnected from the telephone lines until you learn if your equipment or the telephone line is the source of the trouble. If your equipment needs repair, it should not be reconnected until it is repaired. (4) If the telephone company finds that this equipment is exceeding tolerable parameters, the telephone company can temporarily disconnect service, although they will attempt to give you advance notice if possible.
PAGE 120
V2IU 4350 Converged Network Appliance User Manual Caution Users should not attempt to make such connections themselves, but should contact the appropriate electric inspection authority, or electrician, as appropriate.” WARRANTY AND REPAIR SERVICE CENTER: The RAM Group Kent McDonald kent.macdonald@theramgroup.com (403) 266-5840 x 100 This Class (B) digital apparatus complies with Canadian ICES-003.