Specifications

ManualsBrandsShoreTel ManualsComputer equipmentMobility Router 4000

ShoreTel Mobility Router

Administration Guide

September 24, 2013

Summary of content (334 pages)

PAGE 1
ShoreTel Mobility Router Administration Guide September 24, 2013
PAGE 2
Legal Notices Document and Software Copyrights Copyright © 1998-2013 by ShoreTel Inc., Sunnyvale, California, USA. All rights reserved. Printed in the United States of America. Contents of this publication may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without prior written authorization of ShoreTel, Inc. ShoreTel, Inc.
PAGE 3
Table of Contents Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xv Chapter 1 ShoreTel Mobility Router Architecture . . . . . . . . . . . .
PAGE 4
Table of Contents Configuring SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Configuring Support Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Chapter 4 Managing Licenses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26 Adding a License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 5
Table of Contents Chapter 7 Managing Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .64 Certificate Authority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Generating a Certificate Authority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Importing a Certificate Authority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 6
Table of Contents Mobility Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 Mobility Configuration Task List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 Managing Enterprise Locations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110 Creating Campuses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 7
Table of Contents Deleting a Cellular Operator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing Supported Mobile Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Modifying Supported Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Deleting Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing Supported Mobile Device Types . . . . . . . . .
PAGE 8
Table of Contents Unassigning Calling Rules for Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Setting Priority for Calling Rules for Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing User-Defined Calling Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Deleting User-Defined Calling Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing Home Locations . . . . . . . . . . . . . . . . . . .
PAGE 9
Table of Contents Initially Configuring the New Mobility Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Establishing Network Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Reconfiguring the Previously Configured Mobility Router . . . . . . . . . . . . . . . . . . . . . . . . Disabling All Existing Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 10
Table of Contents Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Trends . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . International Toll Calling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Monitoring Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 11
Table of Contents URL-Based Dialing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Providing Android Client Images to Users without Direct Access to the Mobility Router . . . . Self-Provisioning of Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Local Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Remote Users . .
PAGE 12
Before You Start This guide is written for the Administrator of the ShoreTel Mobility Router and is used in conjunction with the ShoreTel Mobility Solution. For more information on related components and documentation, refer to “Related Documentation” on page xv. This individual should be familiar with routing, voice and data configuration, and PBX functionality to use this guide effectively. Organization This guide is documented as described in the following sections.
PAGE 13
Before You Start Organization Table 1: In this Guide Chapter Title Description 8 Configuring Authentication Configure and manage authentication using LDAP, Local users authentication database, RADIUS authentication server, and TACACS+ authentication server 9 Managing Mobility Configure locations including campuses, buildings, floors and route points. 10 Managing IP-PBX Integration Configuring IP-PBX settings including SIP trunk, numbering plan, media, device mobility, and options.
PAGE 14
Before You Start Conventions Table 1: In this Guide Chapter 19 Title Description Troubleshooting Managing client logs, Mobility Router logs, use the Numbering Plan Test Panel, TCP Dump, packet capture, and run network troubleshooting commands. Employ the best practices for using the ShoreTel Mobility Router by utilizing this information in conjunction with the step by step procedures.
PAGE 15
Before You Start Related Documentation Related Documentation Publications in the ShoreTel Mobility solution documentation suite include the following:  ShoreTel Mobility Router Administrator’s Guide (this document)  ShoreTel Mobility Router Hardware Installation Guide  ShoreTel Mobility (mobile device) User’s Guide  ShoreTel Mobility (mobile device) Quick Reference Card  ShoreTel Mobility Platform Support Guide  ShoreTel Mobility Release Notes ShoreTel Mobility Router Administration Gui
PAGE 16
CHAPTER 1 1. ShoreTel Mobility Router Architecture The ShoreTel Mobility solution is designed to make it predictable and simple for Administrators to create network transition points between Wi-Fi and Cellular where calls are expected to handover. These transition points, called Route Points, are used by the ShoreTel Mobility Router to route calls between the two networks.
PAGE 17
1 ShoreTel Mobility Router Architecture PBXs. This allows the Mobility Router to send and receive calls to and from the ShoreTel Mobility Client using the line-side interfaces. The Mobility Router uses the trunk-side interface to send and receive calls from the ShoreTel Mobility Clients when they are in a cellular network.
PAGE 18
CHAPTER 2 2. Getting Started The ShoreTel Mobility Router ships with the operating software already installed. For information about installing and initially configuring the Mobility Router, see the ShoreTel Mobility Router Hardware Installation Guide. After initially setting up the Mobility Router, use the web-based interface to access the ShoreTel Mobility Administration Portal and manage the ShoreTel Mobility solution.
PAGE 19
2 Getting Started Before You Begin Before You Begin For information about supported hardware and software that can be used with the ShoreTel Mobility solution, including web browsers, supported devices and OSs, refer to the ShoreTel Mobility Platform Support Guide. In addition:  Cookies must be enabled for your browser. For information about how to enable cookies, see your browser documentation.  JavaScript must be enabled for your browser.
PAGE 20
2 Getting Started Accessing the Administration Portal 3. Navigate inside the portal using “#” to separate the internal pages from the main part of the portal’s URL.Frequently used pages can be stored/bookmarked for quick navigation. You can also manually type the address is the browser address line. A sample URL is shown in Figure 3.
PAGE 21
2 Getting Started Working with the Administration Portal User Interface Working with the Administration Portal User Interface The Administration Portal consists of three panes, as shown in Figure 4:  Top pane—Use to access the following primary sections of and log out from the Administration Portal.  Configuration—Use these pages to configure the Mobility Router.  Monitor—Use these pages to monitor the Mobility Router using real-time graphics, charts, and reports.
PAGE 22
2 Getting Started Navigating the Administration Portal Navigating the Administration Portal Navigate the Administration Portal by using its left pane. When Configuration is selected in the top pane the left pane contains the following sections:  Groups and Users  Policies  Voice  Mobility  UC (Unified Communications)  Clustering (Mobility Router 4000 or 6000 only)  System When you click a menu item in a section, the associated child pages display underneath.
PAGE 23
2 Getting Started Working with Administration Portal Pages Working with Administration Portal Pages There are some settings that you cannot modify using Administration Portal pages, as they are defined when a mobile device is provisioned during the ShoreTel Mobility Client installation. Any settings that you cannot modify with the Administration Portal are grayed out; you cannot select items from a grayed out list or modify a grayed-out field.
PAGE 24
2 Getting Started Working with Administration Portal Pages If you do not use the Administration Portal for 17 minutes, you are automatically logged out and must log in again before you can continue. After 15 minutes of inactivity, the following message displays: Figure 8: Inactivity Log Out Warning To continue working with the Administration Portal, click Cancel. If you ignore the message, you are automatically logged out in two minutes. To manually log out, see “Logging Out” on page 10.
PAGE 25
2 Getting Started Saving Changes Tip When using expandable/collapsible tables rows, only the visible part of collapsed row is copied. Expand the folder to select each expanded row. Figure 10: Expand / Collapse Row Saving Changes If you make changes, click Apply to save. If you made changes on a page and navigate to another page without clicking the Apply button or using the pushpin (refer to Figure 7), your changes are not saved or retained if you return to the page on which you made changes.
PAGE 26
2 Getting Started Logging Out 2. Click OK to log out. A message confirming that you have logged out displays in the browser. Note Click Cancel to abort the logout process and remain logged in.
PAGE 27
CHAPTER 3 3. Configuring System Settings This chapter contains configuration details for setting the date and time for the Mobility Router, either manually or automatically using a Network Time Protocol (NTP) server, how to keep records and/or log events on the Mobility Router to help monitor the system, and entering Support/Contact information for Mobility Router client/user support.
PAGE 28
3 Configuring System Settings Setting the System Date and Time Setting the System Date and Time You can manually set the system date and time for the Mobility Router or configure it to use a Network Time Protocol (NTP) server to automatically set the system date and time. The system date and time are used to time stamp log messages, certificate time generation, licensing, and call detail records (CDRs).
PAGE 29
3 Configuring System Settings Configuring NTP Configuring NTP If you configure the Mobility Router to get the system date and time from an NTP server, NTP polls the specified server at regular intervals and updates the system date and time so that they are synchronized with the server. By default, NTP is enabled. A default NTP server has already been defined. You can add other NTP servers. Note NTP is enabled, the Mobility Router reads the time from the NTP server, not the time set manually.
PAGE 30
3 Configuring System Settings Configuring NTP 3. In the Server field, type the fully qualified domain name or IP address of the NTP server. The name or IP address can be up to 64 alphanumeric characters. No special characters except periods (.) are allowed. 4. In the Version list, select the version of NTP to be used:  4—Version 4 (default value)  3—Version 3 5. To activate the NTP server, select the Enabled check box.
PAGE 31
3 Configuring System Settings Configuring Logging and Monitoring Options Configuring Logging and Monitoring Options Use the logging options to keep record of events on the Mobility Router. Logging option levels can be set to report based on the desired level of information needed.
PAGE 32
3 Configuring System Settings Configuring Email Configuring Email Use the Email page to specify an SMTP server, mail domain name, and individual email addresses that should receive notification of specific events on the Mobility Router. This setting is optional. Figure 13: Configuring Email Setting General Email Options 1. Select Configuration > System > Logging/Monitoring > Email. The Email page displays and the General tab is active. 2.
PAGE 33
3 Configuring System Settings Configuring Email  High Interface Utilization Event — Network utilization has risen too high.  Low Free Memory Event — Memory usage has risen too high.  High Memory Paging Event —Paging activity has risen too high.  Unexpected Shutdown Event — The system shut down unexpectedly.  Login/Logout — The system sends email notification to administrator with user name and IP address of the user who has logged in or out.
PAGE 34
3 Configuring System Settings Configuring Logging Settings Configuring Logging Settings Use the Logging page to configure the settings by which to monitor events. Figure 14: Configure Logging Configuring Module Settings 1. Select Configuration > System > Logging/Monitoring > Logging. The Modules tab is active. 2. Specify the minimum level of events to be logged for each module.
PAGE 35
3 Configuring System Settings Configuring Logging Settings 3. To save your changes, click Apply. Table 3: Filtering Levels for Logging Mobility Router Events Severity Level Description Provides low-level debugging messages. Generally this logs only developer-targeted messages that contain more detailed information about the internal state of the system. Debug messages can be used for debugging problems where the INFO-level logs do not provide enough information.
PAGE 36
3 Configuring System Settings Configuring Logging Settings Table 3: Filtering Levels for Logging Mobility Router Events Severity Level Description This is the first level of debugging and should be used for brief indications of actions or events. Usually those actions and events are either visible to customer or can be easily explained. debug0 Note: The higher the level (debug0 to debug4), the more details are shown.
PAGE 37
3 Configuring System Settings Configuring Logging Settings Table 3: Filtering Levels for Logging Mobility Router Events Severity Level Description SIP - Strict Filtering Check this option to strictly filter the log specified in “Filter by User ID”. SIP - Miscellaneous All categories not covered by the previous selections. Configuring Local Log Settings 1. Select Configuration > System > Logging/Monitoring > Logging. 2. Click the Local Log tab. 3.
PAGE 38
3 Configuring System Settings Configuring Logging Settings 5. In the Minimum Severity field, select the minimum level of severity at which events are sent. See Table 3 for a list of severity levels and their definitions. 6. To save your changes, click Apply. The Syslog Servers page displays. Modifying Syslog Servers 1. Select Configuration > System > Logging. 2. Click the Syslog Servers tab. 3. Click Modify. 4. Change the fields as needed. 5. To save your changes, click Apply.
PAGE 39
3 Configuring System Settings Configuring SNMP Configuring SNMP Use the SNMP page to enable SNMP on a selected interface and specify a community. SNMP is disabled by default. 1. Select Configuration > System > Logging/Monitoring > SNMP. 2. Click Enable. 3. Select an Interface. By default, the IP address associated with the primary interface is chosen. This interface is used by the Mobility Router for communicating with the SNMP server. 4. Specify a Community. 5. Click Apply.
PAGE 40
3 Configuring System Settings Configuring Support Service Configuring Support Service Select Configuration > System > Support Service to enter a Support email and phone number for Mobility Client users. Figure 15: Support Phone Number When “Call Support” is initiated by the user on the ShoreTel Mobility app, the phone number entered here is called. If the user opts to select “send log”, the information is sent to the email address entered here.
PAGE 41
CHAPTER 4 4. Managing Licenses Before you can enable the ShoreTel Mobility solution an end-user license on the Mobility Router must be added. This license also dictates the number of end users that can use the ShoreTel Mobility solution. In addition, a Secure Remote Voice license may be added for remote functionality.
PAGE 42
4 Managing Licenses Adding a License Adding a License An end-user license key is shipped with the ShoreTel Mobility solution. Enter this license key before enabling end users on the Mobility Router. If you did not receive this license key, send a message to mobilitysupport@shoretel.com. Figure 16: Licensing Information To enter a license key: 1. Select Configuration > System > Licensing > Licenses. 2. Click Add. The Add License page displays. 3.
PAGE 43
4 Managing Licenses Deleting Licenses If the license key has not been entered correctly (for example, some characters are missing, incorrect characters were entered, or extra characters were added), an X in a red box displays in the Valid column. Delete the license and add the license with the correct license key. When the license key has been entered correctly, a checkmark in a green box displays in the Valid column.  Active—License is activated.
PAGE 44
4 Managing Licenses Deleting Licenses To delete a license: 1. Select Configuration > System > Licensing > Licenses. The Licenses page displays. 2. Select the license(s) that you want to delete. To select multiple contiguous items, hold the Shift key while selecting the items. To select multiple non-contiguous items, hold the Ctrl key while selecting the items. 3. Click Delete. When prompted to confirm the deletion, click OK.
PAGE 45
CHAPTER 5 5.
PAGE 46
5 Configuring Network Settings Configuring Hostname and DNS Configuring Hostname and DNS The Hostname/DNS page contains basic networking information about the Mobility Router. Most of this information is entered during the Initial Configuration Wizard and should not require changing. Figure 17: Hostname/DNS 1. Select Configuration > System > Networking > Hostname/DNS. The Hostname/DNS page displays. 2.
PAGE 47
5 Configuring Network Settings Configuring Ethernet Interfaces Configuring Ethernet Interfaces After specifying the basic Ethernet interface in the Initial Configuration Wizard or completing the Hostname/DNS tab (“Configuring Hostname and DNS” on page 31), you can configure the following settings for each Ethernet interface (eth0, eth1):  Interface speed  Duplex settings Some information in the fields under the Interface menu reflect the responses provided during the Initial Configuration Wizard se
PAGE 48
5 Configuring Network Settings Configuring Ethernet Interfaces 5. Verify the interface speed. The default and recommended value is Auto. To change the speed, select one of the following in the Speed list:  10—10 Mbps (This option is not supported if you are going to create a redundancy cluster. For information about redundancy clusters, see “Managing Redundancy Clusters” on page 227.)  100—100 Mbps  1000—1000 Mbps  Auto—Speed is auto-detected 6. Verify the duplex value.
PAGE 49
5 Configuring Network Settings Configuring Routing Settings Configuring Routing Settings Configure the default gateway or create additional static routes using the following procedures. Figure 19: Routing Configuring the Default Gateway By default, the default gateway field is the IP address provided during the Initial Configuration Wizard and should not be changed. The default gateway is the default route for the Mobility Router. 1. Select Configuration > System > Networking > Interface.
PAGE 50
5 Configuring Network Settings Managing Static Routes Modifying Static Routes 1. Select Configuration > System > Networking > Routing. The Routing page displays. 2. Select the static route to be modified, and click Modify. 3. Make any necessary changes. For information about the fields on this page, see “Adding Static Hosts” on page 36. 4. To save your changes, click Apply. Deleting Static Routes 1. Select Configuration > System > Networking > Routing. The Routing page displays. 2.
PAGE 51
5 Configuring Network Settings Configuring Static Hosts Configuring Static Hosts Static hosts can be optionally defined for the most frequently used hosts. The IP address for the Mobility Router, which you provided as the primary IP address in the Initial Configuration Wizard, is automatically added as a static host. You can define additional static hosts based on your network requirements. Note Static Hosts can be added and deleted but cannot be modified. Figure 20: Static Hosts Adding Static Hosts 1.
PAGE 52
5 Configuring Network Settings Configuring Ports Configuring Ports Port ranges can be optionally configured. The ShoreTel Mobility Router uses default port ranges, but these ranges may be modified. Figure 21: Ports 1. Select Configuration > System > Networking > Ports. 2. Enter the Starting Port and/or Ending Port as appropriate. Note The range for RAST TCP Flow and RAST UDP Flow can not overlap the Media Server RTP port range.
PAGE 53
5 Configuring Network Settings Configuring SSH Configuring SSH Select SSH (Secure Shell) to enable the SSH service on a selected interface. SSH is enabled by default. Figure 22: SSH 1. Select Configuration > System > Networking > SSH. 2. Verify Enable is checked. 3. Select an Interface. By default, the IP address associated with the primary interface is chosen. This interface is used by the Mobility Router for communicating with the SSH server. 4. Click Apply.
PAGE 54
5 Configuring Network Settings Configuring Services Configuring Services Select Services to choose an interface for SIP (Calls towards PBX and Local SMC), RAST Internal Interface for different flows, Client Provisioning, and Client Configuration Management services. By default, the IP address associated with the primary interface is chosen. The ShoreTel Mobility Client application uses this IP address to communicate with the Mobility Router.
PAGE 55
CHAPTER 6 6. Managing Remote Access You can configure the Mobility Router to allow secure remote access, which consists of the following features:  Secure Remote Voice (if your ShoreTel Mobility solution is licensed for it)—Secure Remote Voice allows users to securely place and receive calls using any Wi-Fi network outside of the enterprise or a cellular packet-data network.
PAGE 56
6 Managing Remote Access You can allow individual users or groups to have access to Secure Remote Voice, Secure Enterprise Services, or both features. After configuring the remote-access settings, you can enable remote access when creating users or groups. For information about creating users and groups, see “Managing Groups” on page 176 and “Managing Users” on page 193.
PAGE 57
6 Managing Remote Access Before You Begin Before You Begin Before you start configuring remote access, make sure you have the following:  You have received the Secure Remote Voice key.  You have access to a Public IP address with traffic allowed on TCP and UDP ports. If your network includes a firewall, make sure that the firewall allows external traffic to and from the IP address and its TCP and UDP ports. For Port Range information, refer to “Mobility Router Ports” on page 307.
PAGE 58
6 Managing Remote Access Network Configurations Network Configurations How you configure remote access depends on your network configuration.
PAGE 59
6 Managing Remote Access Network Excludes NAT Network Excludes NAT In this network configuration, the Mobility Router uses the eth0 interface for communications to a default gateway and the internal network. The eth1 interface uses a publicly accessible IP address. The default gateway is connected to a firewall, which must be configured to allow traffic to the publicly accessible IP address.
PAGE 60
6 Managing Remote Access Network Uses Mobility Router Redundancy Cluster and NAT with Firewall Network Uses Mobility Router Redundancy Cluster and NAT with Firewall In this network configuration, there is a cluster of two Mobility Routers. Each Mobility Router uses the eth0 interface for communications to a default gateway and the internal network. Each eth1 interface uses an internal IP address.
PAGE 61
6 Managing Remote Access Network Uses Mobility Router Redundancy Cluster Without NAT Network Uses Mobility Router Redundancy Cluster Without NAT In this network configuration, there is a cluster of two Mobility Routers. Each Mobility Router uses the eth0 interface for communications to a default gateway and the internal network. The eth1 interface uses a publicly accessible IP address. In addition to the physical eth0 interfaces, there is a virtual eth0 IP address that is used to manage the cluster.
PAGE 62
6 Managing Remote Access Configuring General Settings Configuring General Settings After setting up your network, as described in “Before You Begin” on page 42, configure general settings for remote access:  Ethernet interface used for remote access  Virtual IP address of the cluster (only if you have created a redundancy cluster)  Public NAT information  External IP address  UDP port  TCP port  Tunnel interface MTU  Remote client IP lease duration To configure general settings: 1.
PAGE 63
6 Managing Remote Access Configuring General Settings 5. To establish a secure remote connection from an external network, enter a valid FQDN in the Remote Access FQDN field. 6. In the Public NAT area, configure the following:  To enable a public network address translation (NAT) IP address for the Mobility Router, make sure that the Enable check box is selected. By default, this check box is selected. To disable the NAT IP address, clear the Enable check box.
PAGE 64
6 Managing Remote Access Configuring Protocols Configuring Protocols After configuring general settings, you can configure the security protocols for the tunnels that are established between clients and the Mobility Router for sessions using Secure Remote Voice and Secure Enterprise Services.
PAGE 65
6 Managing Remote Access Configuring Protocols 1. Select Configuration > System > Networking > Remote Access > Protocol tab. The following screen displays example settings: 2. In the Datagram TLS/UDP area, to enable DTLS, make sure that the Enable check box is selected. By default, this check box is selected. To disable DTLS, clear the Enable check box. 1.
PAGE 66
6 Managing Remote Access Configuring Protocols 4. In the Keep Alive field, type the interval at which the Mobility Router sends echo messages over the tunnel after client inactivity. The keepalive time can be a value between 2 through 3600 seconds. The default value is 55 seconds. 5. In the Session Timeout field, type the amount of time that the client can be inactive before the session is disconnected. The timeout can be a value between 60 through 65535 seconds. The default timeout is 600 seconds. 6.
PAGE 67
6 Managing Remote Access Configuring Protocols 10. In the Keep Alive field, type the interval at which the Mobility Router sends echo messages over the tunnel after client inactivity. The keepalive time can be a value between 1 through 3600 seconds. The default value is 55 seconds. 11. In the Session Timeout field, type the amount of time that the client can be inactive before the session is disconnected. The timeout can be a value between 60 through 65535 seconds. The default timeout is 600 seconds. 12.
PAGE 68
6 Managing Remote Access Managing Client IP Pools Managing Client IP Pools Note Client IP Pools are used in conjunction with Nokia phones only. Before configuring client IP pool information, you must first set up the client IP pool in your network. You need to assign a new block of IP addresses to be used for remote-access clients or use an exclusion in an existing block of IP addresses.
PAGE 69
6 Managing Remote Access Deleting Client IP Pools Deleting Client IP Pools If you are no longer using You can delete client IP pools if you are no longer using them. Before deleting a client IP pool, make sure that the pool is no longer being used by any ShoreTel Mobility users. WARNING! Deleting an IP by either deleting or modifying an IP pool terminates then restarts an SRV session for clients using these IPs. To delete client IP pools: 1. Select Configuration > System > Networking > Remote Access.
PAGE 70
6 Managing Remote Access Options Options Call Admission Control Use Call Admission Control (CAC) to define the thresholds for Secure Remote Voice calls and to prevent overloading the enterprise WAN connection. An Administrator can allocate maximum amount of available bandwidth for Secure Remote voice traffic as well as restrict the maximum number of simultaneous voice calls allowed through the secure remote access.
PAGE 71
6 Managing Remote Access Call Admission Control 2. In the Call Admission Control area, select Enable. 3. In the Restriction On field, choose Bandwidth, Calls, or Both. 1. Bandwidth - when the total bandwidth used by Secure Remote Voice calls reaches the configured level in kbps, any new calls will be routed through the cellular network. 2. Calls - when the number of calls reaches the configured amount, all new calls are routed through the cellular network. 3.
PAGE 72
6 Managing Remote Access Voice Recording Support  AMR  G.711 μ-Law  G.711 A-Law 5. In the Max Secure Remote Voice Calls field, enter the maximum number of calls allowed. The default is 100. The valid range is 0-1000. 6. Click Apply to save your changes. For information on configuring routing settings, refer to “Configuring Routing Settings” on page 34. Monitoring Call Admission Control To monitor Call Admission Control: 1. Select Monitor > Calls > Call Admission Control. 2.
PAGE 73
6 Managing Remote Access Enabling Remote Access for Groups and Users Enabling Remote Access for Groups and Users You can enable Secure Remote Voice and Secure Enterprise Services for a group or for individual users. If you enable Secure Enterprise Services, you can specify whether access is allowed from cellular packet-data networks or remote Wi-Fi networks when users are not in range of the enterprise network.
PAGE 74
6 Managing Remote Access Enable Remote Access for Users 6. In the Data Services area, select Cellular Data enable access to Secure Enterprise Services when users are outside the enterprise: 7. In the Presence/IM area, enable or disable Presence on the user devices in this group. By default, Presence is disabled.  Select the Enable box.
PAGE 75
6 Managing Remote Access Enable Remote Access for Users 4. Click the Options tab. 5. In the Call Routing area, check Wi-Fi and Cellular Data to enable Secure Remote Voice.
PAGE 76
6 Managing Remote Access Enable Remote Access for Users 6. In the Presence/IM area, enable or disable Presence on the user devices in this group. By default, Presence is disabled. Check the box to enable Presence. When this is checked, options pop up that control whether Presence is available when the device is roaming:  Cellular Data —Select to allow Presence to be shown in cellular packet-data networks.
PAGE 77
6 Managing Remote Access Configuring Mobile Devices for Remote Access Configuring Mobile Devices for Remote Access Before end users can use Secure Remote Voice and Secure Enterprise Services, they must add a remote Wi-Fi access point (for example, home access point or Wi-Fi hotspot) as a preferred connection on the mobile device. See ShoreTel Mobility (Mobile Phone and Tablet) User’s Guide “Changing Network Settings.” for information on how to set access points as a preferred connection.
PAGE 78
6 Managing Remote Access Troubleshooting Remote Access Troubleshooting Remote Access The following lists issues you might encounter after implementing remote access and how to verify your configuration.    Users are not able to create a tunnel on the mobile device.  If you are using a firewall, verify that the appropriate ports and IP addresses are publicly accessible.
PAGE 79
CHAPTER 7 7. Managing Security The ShoreTel Mobility solution uses the following certificates to secure communications between the Mobility Router and mobile devices running ShoreTel Mobility Client:  Certificate authority (CA)—Certificate used by the Mobility Router to sign Mobility Router and client certificates.  Mobility Router certificates—Certificates used by the Mobility Router to identify itself to its clients.
PAGE 80
7 Managing Security This chapter contains the following sections:   “Certificate Authority” on page 66  “Generating a Certificate Authority” on page 66  “Importing a Certificate Authority” on page 68 “Mobility Router Certificates” on page 70  “Locally Generated Certificates” on page 70  “Certificate Signing Request” on page 71  “Generating a Mobility Router Certificate” on page 71  “Importing a Certificate to the Mobility Router” on page 74  “ShoreTel Mobility Client Certificates”
PAGE 81
7 Managing Security Certificate Authority Certificate Authority The certificate authority (CA) in the Mobility Router is used to sign certificates generated by the Mobility Router. The Mobility Router generates and signs a client certificate for every client that is provisioned. The Mobility Router can also generate and sign the Mobility Router certificates if you choose to use a generated certificate instead of an imported certificates.
PAGE 82
7 Managing Security Generating a Certificate Authority 2. Click Generate. The Generate Certificate page displays. The following screen is used for example only. Figure 29: Generate the Certificate 3. In the Country Name field, type the two-letter country code for the country where the Mobility Router is located. The default is US. 4. In the State or Province, field, type the state or province where the Mobility Router is located. 5.
PAGE 83
7 Managing Security  Importing a Certificate Authority If you do not want to restart the Mobility Router, click Cancel. The newly generated certificate will be activated on next restart. Importing a Certificate Authority You can import a Certificate Authority (CA) certificate to the Mobility Router. Note An imported certificate must be in unencrypted Privacy Enhanced Mail (PEM) format and contain the X.509 certificate and the RSA key.
PAGE 84
7 Managing Security Importing a Certificate Authority The following is an example of an imported certificate authority: -----BEGIN CERTIFICATE----MIIDgjCCAuugAwIBAgIET3ISpjANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQGEwJV UzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU3Vubnl2YWxlMREwDwYD VQQKEwhTaG9yZVRlbDEUMBIGA1UECxMLRW5naW5lZXJpbmcxFDASBgNVBAMTC3Jh bXItZGV2MTAuMB4XDTEyMDMyNjE5MTkwMloXDTMyMDMyMjE5MTkwMlowdTELMAkG A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFs ZTERMA8GA1UEChMIU2hvcmVUZWwxFDASBgNVBA
PAGE 85
7 Managing Security Mobility Router Certificates Mobility Router Certificates There are four Mobility Router certificates which establish secure sessions during client provisioning and create HTTPS sessions to the Mobility Router. In addition, these certificates establish mutually authenticated secure remote connections when the clients are outside of the enterprise.
PAGE 86
7 Managing Security Certificate Signing Request Certificate Signing Request Administrators can generate a Certificate Signing Request (CSR) for all Mobility Router Certificates. The Mobility Router stores only one set of CSRs and corresponding private keys per type of certificate, and automatically syncs them to the standby node, if applicable.
PAGE 87
7 Managing Security Generating a Mobility Router Certificate 8. In the Common Name field, type the FQDN, hostname or IP Address for the Mobility Router. Note When generating a Local Access certificate, the default value is the local FQDN of the Mobility Router. When generating a Remote Access certificate, the default value is the external FQDN of the Mobility Router if configured in System > Network > Remote Access > Remote Access FQDN. See “Configuring General Settings” on page 47. 9.
PAGE 88
7 Managing Security Generating a Mobility Router Certificate  Click OK to restart the ShoreTel Mobility service and activate the newly generated certificate.  If you do not want to restart the server, click Cancel. The newly generated certificate will not take effect until the next restart. 14. Refresh the browser to regain access, then log in.
PAGE 89
7 Managing Security Importing a Certificate to the Mobility Router Importing a Certificate to the Mobility Router You can also import a purchased or self-signed certificate for any of the four Mobility Router certificates. For example, if you purchased a certificate from VeriSign, that certificate can be imported and used by the Mobility Router.
PAGE 90
7 Managing Security ShoreTel Mobility Client Certificates 4. Click Import. If the certificate is valid, a Restart prompt displays. If the certificate is not valid, an Error prompt displays. In the case of an error, generate a valid certificate or obtain a new certificate to paste in the field. Note Optionally, click Verify to view if the certificate is valid. 5. Restart the ShoreTel Mobility service and activate the newly generated certificate, click OK.
PAGE 91
7 Managing Security Reviewing the Permit List Reviewing the Permit List Select Configuration > System > Certificate > Permit List. The Permit List page displays. The following information is displayed:  Serial Number— Unique number used to identify each certificate. The Certificate Authority assigns a unique number to each certificate it generates and signs.  Active—Indicates that the certificate is active.
PAGE 92
7 Managing Security Deleting an Entry from the Permit List Deleting an Entry from the Permit List You can delete an entry from the permit list to revoke a particular application for a specific user. Delete an entry from the permit list if a mobile device is lost or you no longer want the user to have access to certain applications. To delete an entry from the Permit List: 1. Select Configuration > System > Certificate > Permit List. 2. Select the entry to be deleted. 3.
PAGE 93
CHAPTER 8 8. Configuring Authentication There are four options for user authentication available with the ShoreTel Mobility solution, three of which use AAA (authentication, authorization and accounting) functionality:  Local users authentication database  LDAP authentication against Active Directory (AD), generic LDAP server or Secure LDAP server. In the case of multiple AD forests, one LDAP server is authenticated (AAA).
PAGE 94
8 Configuring Authentication Managing Active Directory/LDAP Managing Active Directory/LDAP An Active Directory/LDAP server can be used for authentication. In the case of multiple AD forests, one LDAP server is used for authentication. Figure 31: Directory Groups Defining an Active Directory/LDAP server is optional and based on the type of authentication to be used.
PAGE 95
8 Configuring Authentication Adding a Directory Server Group Adding an Active Directory / LDAP Group The following procedure configures an Active Directory / LDAP server. Refer to Adding a ShoreTel Directory Group on page 83 for information on adding a ShoreTel Directory Server. 1. Select Active Directory/LDAP to view the following options display. Figure 32: Active Directory/LDAP Group 2. The General page displays.
PAGE 96
8 Configuring Authentication Adding a Directory Server Group 3. Select an Interface. By default, the IP address associated with the primary interface is chosen. This interface is used by the Mobility Router for communicating with the UC server. Note This option is only configurable when used in conjunction with ShoreTel Connect. 4. Type the IP address for the Primary Active Directory/LDAP server. Use the server's FQDN if you plan to enforce the Secure LDAP server certificate verification. 5.
PAGE 97
8 Configuring Authentication Adding a Directory Server Group 16. In the Server Certificate Verification area: a. Uncheck the Manage Certificate if not importing Active Directory Server's CA certificate. In this case, the Mobility Router does not verify the certificate and blindly accepts server certificate. This applies to all Active Directory forests. b. Check Manage Certificate to enforce the server certificate verification.
PAGE 98
8 Configuring Authentication Adding a Directory Server Group To view or change advanced settings: 1. Select Configuration > System > Authentication > Directory. 2. Double-click a Directory Group, or select the group and click Modify. 3. Select a Server. 4. Select the Advanced tab. Figure 34: LDAP Group Advanced Options 5. Make changes as required. (The previous screen is for example purposes only.) 6. Click Apply.
PAGE 99
8 Configuring Authentication Adding a Directory Server Group 1. Select ShoreTel Directory to view the following options display. Figure 35: ShoreTel Directory Group 2. Enter a Name. 3. Select Apply to advance to the ShoreTel Directory Group parameters page.
PAGE 100
8 Configuring Authentication Adding a Directory Server Group 4. Select an Interface. By default, the IP address associated with the primary interface is chosen. This interface is used by the Mobility Router for communicating with the UC server. Note This option is only configurable when used in conjunction with ShoreTel Connect. 5.
PAGE 101
8 Configuring Authentication Adding a Directory Server Group Adding and Enabling Active Directory Forest Note Use Active Directory Forest to search across multiple active directory servers defined in the forest. Only one directory server from the forest may be selected for authentication purposes. You can add a total of five active directory forests. Complete the following steps after the first forest is added using “Adding an Active Directory / LDAP Group” on page 80. 1.
PAGE 102
8 Configuring Authentication Adding a Directory Server Group 4. Select Add. 5. Select Apply after each AD forest is added. 6. Select Query to perform the forest search. The Query screen displays. a. Enter a search string such as a user name in the Search For field. Refer to “Directory Query” on page 266 for more information about this field. b. By default, the Search In drop down menu displays the currently configured active directory forest.
PAGE 103
8 Configuring Authentication Adding a Directory Server Group 8. You have the option to perform a Query or Verify across all enabled forests. Refer to “Directory Query” on page 266 for more information about directory query searches. 9. The first forest configured is the authenticated active directory forest, by default. If appropriate, select Make Auth to make a different forest the authenticated active directory forest. All other servers have directory search capability.
PAGE 104
8 Configuring Authentication Managing Local User Authentication Managing Local User Authentication There are three types of users who require authentication on the Mobility Router:  Administrator—Authenticates to the Mobility Router to administer the ShoreTel Mobility solution.  Monitor—Authenticates to the Mobility Router to monitor the ShoreTel Mobility solution.  End user—Authenticates to the Mobility Router to provision and use the ShoreTel Mobility Client application.
PAGE 105
8 Configuring Authentication  admin  monitor  user Modifying Local Users For non-SIP Local Users, select from the following:  admin  monitor 6. To enable the user, select the Enabled check box. 7. To save your changes, click Apply. Modifying Local Users Note For the admin and monitor default user accounts, you can change only the password To modify a local user: 1. Select Configuration > System > Authentication > Local Users. The Local Users page displays. 2.
PAGE 106
8 Configuring Authentication Managing Order of Authentication Managing Order of Authentication After defining local authentication or adding authentication servers, specify the order in which the Mobility Router performs authentication against the established databases. The order determines the search order that the Mobility Router uses when attempting authentication.
PAGE 107
8 Configuring Authentication Managing Order of Authentication 4. If you have three options for authentication, set the Third field to an option different than the one selected for the First or Second fields. The Mobility Router attempts to authenticate with this setting if it cannot authenticate with the option specified in the First or Second fields. Note One of the Authentication mechanisms for both Admin and User Authentication must be local, and is recommended as the First authentication.
PAGE 108
8 Configuring Authentication Managing RADIUS Authentication Managing RADIUS Authentication You can specify a RADIUS server to be used for authentication as needed. Defining a RADIUS server is optional based on the type of authentication to be used. Configuring Default RADIUS Values You can optionally define default values for certain RADIUS parameters that apply to all RADIUS servers you create for the Mobility Router.
PAGE 109
8 Configuring Authentication Adding a RADIUS Server 4. In the Timeout field, type the number of seconds that elapse before the connection to the RADIUS server times out. The timeout can be a value between 1 through 60 seconds. The default value is 3 seconds. 5. In the Retransmit field, type the number of times the Mobility Router attempts to authenticate to the RADIUS server. The retransmit value can be between 0 through 5. Specifying 0 disables the retransmit feature. The default value is 1. 6.
PAGE 110
8 Configuring Authentication Modifying a RADIUS Server 7. In the Retransmit field, type the number of times the Mobility Router attempts to authenticate to the RADIUS server. The retransmit value can be between 0 through 5. Specifying 0 disables the retransmit feature. 8. To enable the RADIUS server, select the Enabled check box. 9. Click Apply. Modifying a RADIUS Server To modify a RADIUS server: 1. Select Configuration > System > Authentication > RADIUS. The RADIUS page displays. 2.
PAGE 111
8 Configuring Authentication Managing TACACS+ Authentication Managing TACACS+ Authentication You can specify a TACACS+ server to be used for authentication as needed. Defining a TACACS+ server is optional based on the type of authentication to be used. Configuring Default TACACS+ Values You can optionally define default values for certain TACACS+ parameters that apply to all TACACS+ servers you create for the Mobility Router.
PAGE 112
8 Configuring Authentication Adding a TACACS+ Server 5. In the Retransmit field, type the number of times the Mobility Router attempts to authenticate to the TACACS+ server. The retransmit value can be between 0 through 5. Specifying 0 disables the retransmit feature. The default value is 1. 6. Check Accounting to enable tracking of configuration and operational changes to the system. This information is logged on an Accounting log file on a previously configured external TACACS server. 7.
PAGE 113
8 Configuring Authentication Modifying a TACACS+ Server 7. In the Retransmit field, type the number of times the Mobility Router attempts to authenticate to the TACACS+ server. The retransmit value can be between 0 through 5. Specifying 0 disables the retransmit feature. 8. To enable the TACACS+ server, select the Enabled check box. 9. Click Apply. Modifying a TACACS+ Server To modify a TACACS+ server: 1. Select Configuration > System > Authentication > TACACS+. The TACACS+ page displays. 2.
PAGE 114
CHAPTER 9 9. Managing Mobility An enterprise location provides the framework in which you can configure and monitor your mobility network. In an enterprise location, you define the physical representation of the network, consisting of one or more campuses, one or more buildings, and all floors where the ShoreTel Mobility solution is to be deployed.
PAGE 115
9 Managing Mobility Establishing Default Mobility Settings In addition the previous methods to define location, the Mobility Router gathers location information from ShoreTel Mobility Clients on the mobile devices as users roam from access points known by the Mobility Router to unknown access points. If the mobile device roams from a known access point to an unknown access point, ShoreTel Mobility Client sends a query to the Mobility Router with the unknown access point’s information.
PAGE 116
9 Managing Mobility Enterprise Default Settings Enterprise Default Settings To review or change Enterprise default mobility settings: 1. Select Configuration > Mobility > Default Settings. The Enterprise tab is active. Figure 44: Default Enterprise Settings 2. In the Min Wi-Fi to Cellular Roam RSSI field, type the minimum Wi-Fi received signal strength indication (RSSI) threshold below which a call is handed over from Wi-Fi to cellular.
PAGE 117
9 Managing Mobility Enterprise Default Settings 6. To enable use of multiple BSSIDs in your network, select the Multiple BSSID check box. To disable this option, clear the Multiple BSSID check box. By default, this option is selected. We recommend that you leave this option enabled. If the Multiple BSSID option is selected, you can take calibration data from one WLAN, and that data can support all WLANs at that location. If this option is not selected, each WLAN must be calibrated individually. 7.
PAGE 118
9 Managing Mobility Default Home Settings Default Home Settings To review or change home-location default mobility settings: 1. Select Configuration > Mobility > Default Settings. 2. Click the Home tab. Figure 45: Default Home Settings Note Only Nokia devices support the use of home locations. 3. In the Min Wi-Fi to Cellular Roam RSSI field, type the minimum Wi-Fi received signal strength indication (RSSI) threshold below which a call is handed over from Wi-Fi to cellular. The default value is -76.
PAGE 119
9 Managing Mobility Default Cell Data Settings 1. Select the codec from the table. 2. Click Modify. 3. Modify the packet duration. 4. Click Apply to save changes and return to the main screen. Default Cell Data Settings To review or change cell-data default mobility settings: 1. Select Configuration > Mobility > Default Settings. 2. Click the Cell Data tab. Figure 46: Default Cell Data Settings 3. The applicable Codecs display in the table.
PAGE 120
9 Managing Mobility Enterprise Locations Enterprise Locations About Enterprise Locations An enterprise location consists of a campus, a series of buildings, and all the floors where the ShoreTel Mobility solution is deployed. Figure 47 shows an example of an enterprise location. In this example, the campus has three buildings, and each building has two floors. The campus layout is entered as an enterprise location in the Mobility Router.
PAGE 121
9 Managing Mobility About Enterprise Locations on page 112. Figure 48: Example of Route Points on the First Floor of a Building Understanding the Relationship Between Route Points and Default Handover Settings The Min Wi-Fi to Cellular Roam RSSI value specifies the minimum Wi-Fi received signal strength indication (RSSI) threshold below which a call is handed over from Wi-Fi to cellular. This value represents the minimum threshold for weak coverage areas in the network.
PAGE 122
9 Managing Mobility About Enterprise Locations Figure 49 shows the relationship between Route Points and default handover settings at an entry point of a building. Figure 49: Example of the Relationship Between Route Points and Default Handover Settings A handover can take place for any of the following reasons:  A Route Point triggers a handover to cellular as the user exits the building.  A Route Point triggers a handover to Wi-Fi when the user enters the building.
PAGE 123
9 Managing Mobility  Aruba Networks  Cisco Systems  Meru Networks About Enterprise Locations By default, when you integrate a WLAN controller with the Mobility Router, the Mobility Router sends SNMP queries to the WLAN controller for information. Optionally, you can configure the Mobility Router to receive SNMP trap information about transmit power from the WLAN controller. If you choose to do this, you need to define the Mobility Router as a trap receiver on the WLAN controller.
PAGE 124
9 Managing Mobility About Enterprise Locations The Mobility Router compares this information with its known access point list and adds the access point as a known access point. The Mobility Router also sends fingerprints, a list of known cellular networks, and a list of known access points to the ShoreTel Mobility Client. If the ShoreTel Mobility Client finds that its list of known access points are missing fingerprints, the ShoreTel Mobility Client sends the BSSID to the Mobility Router.
PAGE 125
9 Managing Mobility Managing Enterprise Locations Managing Enterprise Locations Creating an enterprise location consists of the following steps:  “Creating Campuses” on page 110  “Creating Buildings” on page 111  “Creating Floors” on page 111  “Creating Route Points for a Floor” on page 112 In addition to manually creating an enterprise location, you can also integrate WLAN controllers with the Mobility Router, as described in “Integrating WLAN Controllers with the Mobility Router” on page 11
PAGE 126
9 Managing Mobility Managing Enterprise Locations Deleting SSIDs from a Campus To delete an SSID from a campus: 1. Select Configuration > Mobility > Enterprise Locations. The Enterprise Locations page displays. 2. Select the campus for which you want to delete an SSID. 3. Select the SSID that you want to delete. 4. Click Delete. The SSID is deleted. Creating Buildings To create a building: 1. Select Configuration > Mobility > Enterprise Locations. The Enterprise Locations page displays. 2.
PAGE 127
9 Managing Mobility Managing Enterprise Locations Deleting Floors To delete a floor: 1. Select Configuration > Mobility > Enterprise Locations. The Enterprise Locations page displays. 2. Select a campus, and select a building. 3. Select the floor that you want to delete. 4. Click Delete. The floor is deleted. Creating Route Points for a Floor After the enterprise location is defined, you can create Route Points for each floor of each building within the campus.
PAGE 128
9 Managing Mobility Managing Enterprise Locations 8. (Optional) To modify default handover settings for this floor, click the Settings tab. 9. In the Min Wi-Fi to Cellular Roam RSSI field, type the minimum Wi-Fi received signal strength indication (RSSI) threshold below which a call is handed over from Wi-Fi to cellular. This value represents the minimum threshold for weak coverage areas in the network.
PAGE 129
9 Managing Mobility Integrating WLAN Controllers with the Mobility Router Modifying Route Points To modify a route point: 1. Select Configuration > Mobility > Enterprise Locations. The Enterprise Locations page displays. 2. Click the campus, then a building, then a specific floor. The Route Point tab for that floor displays at the bottom of the page. 3. Select the Route Point to be modified. 4. Click Modify. 5. Make changes as appropriate.
PAGE 130
9 Managing Mobility Integrating WLAN Controllers with the Mobility Router To add a WLAN controller: 1. Select Configuration > Mobility > WLAN Controllers. The WLAN Controllers page displays. 2. Click Add. The Add WLAN Controller page displays. 3. In the IP Address field, type the IP address of the WLAN controller, and click Add. You can add multiple IP addresses. 4. In the Community String field, type the community string defined for the WLAN controller.
PAGE 131
9 Managing Mobility Integrating WLAN Controllers with the Mobility Router Configuring the Mobility Router as an SNMP Trap Receiver on the WLAN Controller How you configure an SNMP trap receiver on the WLAN controller depends on the controller. The Mobility Router does not receive trap information from the Meru controller, so you do not need to set up the Mobility Router as a trap receiver on the Meru controller. Aruba Specify the Mobility Router IP address as an SNMP trap receiver.
PAGE 132
9 Managing Mobility  Integrating WLAN Controllers with the Mobility Router For Cisco controllers, the TX Power Update trap must also be enabled. Tip If you have the previous items configured on the WLAN controller, you do not need to retake calibrations for previous calibrations, even if TX power values have been manually or automatically changed. 9.
PAGE 133
CHAPTER 10 10. Managing IP-PBX Integration The Mobility Router communicates with an enterprise IP-PBX over line-side and trunk-side interfaces. The Mobility Router uses the line-side interface to register all ShoreTel Mobility Clients to their respective IP-PBXs. This allows the Mobility Router to send and receive calls to and from the ShoreTel Mobility Client using the line-side interface.
PAGE 134
10 Managing IP-PBX Integration Adding an IP-PBX Adding an IP-PBX Add an IP-PBX on the Mobility Router for each enterprise IP-PBX with which the Mobility Router communicates. Configuring IP-PBX General Settings To configure IP-PBX general settings: 5. Select Configuration > Voice > IP-PBXs. 6. Click Add to view the General page. Figure 50: IP-PBX General Parameters 7. In the Name field, type the name for the IP-PBX.
PAGE 135
10 Managing IP-PBX Integration Configuring IP-PBX General Settings b. In the Port field, type the port number of the SIP listening port on the IP-PBX that the Mobility Router uses for access. The port number can be between 1024 through 49151, and the default value is 5060. c. In the SIP Transport list, select the protocol used for SIP transport:  udp  tcp d. In the SIP Domain Name field, enter a domain name of the appropriate/logical group for this PBX, for example marketing.shoretel.com.
PAGE 136
10 Managing IP-PBX Integration Configuring SIP Trunk Settings Configuring SIP Trunk Settings To configure SIP trunk settings: Figure 51: SIP Trunk Parameters 1. In the Name field, type the name of the trunk. By default, a name is provided. It is the name you specified on the General tab, with -trunk appended to the name. The name can be up to 50 alphanumeric characters and can contain spaces, hyphens (-), and underscores (-). 2. In the Description field, type a description for the trunk.
PAGE 137
10 Managing IP-PBX Integration Configuring Numbering Plan Settings 5. In the Port field, type the remote port number of the IP-PBX. This is the trunk-side port on the IPPBX. The port number needs to match with the corresponding SIP listening port on your IP-PBX. The default value of this field is 5068. 6. In the Transport list, select udp or tcp. The Mobility Router accepts either UDP or TCP transport on a SIP trunk, but it initiates the session using the transport protocol that you select here.
PAGE 138
10 Managing IP-PBX Integration Configuring Numbering Plan Settings On the ShoreTel Mobility Router, the Numbering Plan tab for an IP-PBX consists of two pages: Basic and Advanced. Figure 52: Basic—Defines default numbering plan parameters that are applied to the IP-PBX numbering plan. You can apply one of the predefined numbering plans to the IP-PBX to start over with a set of default numbering plan values.
PAGE 139
10 Managing IP-PBX Integration Configuring Numbering Plan Settings  Local Country Code (LCC)—Country code of the country in which the Mobility Router is located. A default value for the local country code (LCC) is applied to a numbering plan when it is first added. Verify that the LCC value is correct for the country in which the Mobility Router is located. Modify the LCC value if necessary. The default value depends on the numbering plan template that you chose when you added the IP-PBX.
PAGE 140
10 Managing IP-PBX Integration Configuring Numbering Plan Settings of the numbering plan template. This page allows you to Apply, Reset, and Reload a Numbering Plan template, manage numbering plan pattern tables, and use the test panel to verify the numbering plan tables. Use this mode to add or modify:  Enterprise Country Code (ECC)—(“North America Generic” selection only)  Enterprise extension pattern (EEP)—Pattern that defines a range of extensions within the enterprise.
PAGE 141
10 Managing IP-PBX Integration Configuring Numbering Plan Settings Numbering Plan Parameter Sets A parameter set consists of all parameters needed to complete the numbering plan, for example LEC+LAC+EEP. You may also define additional sets of parameters for the existing numbering plan. Adding a Numbering Plan Parameter Set (Row) To add a new row of a numbering plan parameter set: 1. On the ShoreTel Mobility Router, select Configuration > Voice > IP-PBXs. 2.
PAGE 142
10 Managing IP-PBX Integration Configuring Numbering Plan Settings 3. On the Basic screen, click the Add button. This function may also be performed on the Advanced page.
PAGE 143
10 Managing IP-PBX Integration Configuring Numbering Plan Settings 4. The Add Parameter Set page displays. Tip To use a shortcut to add a row in this table, select an existing row and right-click. Select Duplicate Row. Modify the new row as needed. Figure 55: Add Numbering Plan Parameter Set 5. The following are format examples.
PAGE 144
10 Managing IP-PBX Integration Configuring Numbering Plan Settings 6. To save your changes, click Apply. The table is populated with the new information. Note Expand or reduce the number of visible Numbering Plan Parameters Sets on the Advanced page. Figure 57: Expand Rows Expand or Reduce the number of visible rows Duplicating a Row You can modify a numbering plan parameter set on the Basic or Advanced page. To modify a numbering plan parameter: 1.
PAGE 145
10 Managing IP-PBX Integration Configuring Numbering Plan Settings 1. On the ShoreTel Mobility Router, select Configuration > Voice > IP-PBXs. 2. Double-click the IP-PBX of which you want to delete a numbering plan, then select the Numbering Plan tab. A Cisco Call Manager is used in this example. 3. On the Basic screen, click the Delete button. A prompt asking to confirm the deletion displays. This function may also be performed on the Advanced page. 4.
PAGE 146
10 Managing IP-PBX Integration Configuring Numbering Plan Settings 6. Enter a Description for the numbering plan. Figure 59: Add Column Name 7. Enter a Key. The key is three-letter code that is used to identify the numbering plan parameter when constructing numbering plan table patterns. You cannot change any keys, and the value entered must not be already used in other parameters (IAC, NNC, etc.). 8. Enter a Default Value.
PAGE 147
10 Managing IP-PBX Integration Configuring Numbering Plan Settings 5. Select the column you want to delete from the dropdown window. Click Apply to continue or Cancel to return to the Numbering Plan window without saving changes. Figure 61: Delete Column Numbering Plan Table Patterns Numbering plan tables consist of entries that are composed of patterns.
PAGE 148
10 Managing IP-PBX Integration Configuring Numbering Plan Settings 3. Locate the Numbering Plan Table at the bottom of the page. Figure 62: Numbering Plan Table 4. The numbering plan tables map input numbers to output numbers: Figure 63: Access Call Number Mapping For detailed information on each Numbering Plan Table menu item, refer to Overview of Numbering Plan Table Patterns on page 132.
PAGE 149
10 Managing IP-PBX Integration Configuring Numbering Plan Settings The following is an example for the Outgoing Called Number Mapping table: Figure 64: Sample Outgoing Called Number Mapping This pattern is constructed by combining numbering plan parameters. In this case, the pattern consists of a plus sign preceding the local country code (LCC), local area code (LAC), local exchange code (LEC), and enterprise extension pattern (EEP).
PAGE 150
10 Managing IP-PBX Integration Configuring Numbering Plan Settings Showing Values and Keys of Numbering Plan Parameters By default, if numbering plan parameter keys are used in patterns, the keys are shown in the patterns. For example, the default pattern for the Enterprise Extension Pattern table, which has a default value of 8XXX. To see the value of the (EEP) key in the pattern, you can use the Show Values/Show Keys button. The pattern then uses 8XXX in the pattern rather than (EEP).
PAGE 151
10 Managing IP-PBX Integration Configuring Numbering Plan Settings The following lists the “Key” entries for the VoIP Caller ID Mapping table: Original Caller ID Table 6: Key Number Mapping Example Caller ID for RA Client (EEP) (LAC)(LEC)(EEP) (NPL) (LAC)(NPL) (IAC)(LCC)(NPA)(NPL) (NPA)(NPL) +(LCC)(NPA)(NPL) (NPA)(NPL) +* (IAC)* The following lists the “Values” entries for the VoIP Caller ID Mapping table: Original Caller ID Table 7: Values Number mapping example Caller ID for RA Client 8[
PAGE 152
10 Managing IP-PBX Integration Configuring Numbering Plan Settings Table 8: Allowed Pattern Elements for Numbering Plan Parameters and Numbering Plan Tables Valid and Active States Description [digit1-digit2] Specifies a single digit in a range from digit1 through digit2. For example, if you type 408555120[0-7], the pattern matches only the following phone numbers: 4085551200, 4085551201, 4085551202, 4085551203, 4085551204, 4085551205, 4085551206, and 4085551207.
PAGE 153
10 Managing IP-PBX Integration Configuring Numbering Plan Settings Table 8: Allowed Pattern Elements for Numbering Plan Parameters and Numbering Plan Tables Valid and Active States Description U Specifies a special pattern—Type U to apply if the caller ID is unknown. (key) Numbering plan parameter key, which is a three-letter code and surrounded by parentheses, used in numbering plan table patterns.
PAGE 154
10 Managing IP-PBX Integration Configuring Numbering Plan Settings Numbering Plan Tables The following sections discuss each table.
PAGE 155
10 Managing IP-PBX Integration Configuring Numbering Plan Settings For example, if the caller ID sent to the Mobility Router is 4545, that number gets mapped to 4085554545. This mapped number is sent to the ShoreTel Mobility Client, and this is the caller ID that the user sees on the mobile device. VoIP Caller ID mapping:  Original Caller ID — the pattern for the caller ID sent to the Mobility Router from the calling party.
PAGE 156
10 Managing IP-PBX Integration Configuring Numbering Plan Settings  Original Called Number — the pattern for the phone number originally dialed.  Converted Called Number — the pattern for the mapped phone number that is used to place the call. Emergency Number Pattern Patterns in this table identify emergency numbers (for example, 911). By default, country-specific main emergency number patterns are automatically added to this table.
PAGE 157
10 Managing IP-PBX Integration Configuring Numbering Plan Settings Adding Numbering Plan Table Patterns For any of the numbering plan tables, you can add new patterns to accommodate your requirements. Adding an extremely large number of new patterns (more than 1,000) might slow Mobility Router performance. To test new numbering plan table patterns, you can use the test panel to verify patterns. For more information, see Using the Test Panel on page 143. To add a numbering plan table pattern: 1.
PAGE 158
10 Managing IP-PBX Integration Configuring Numbering Plan Settings Modifying Numbering Plan Table Patterns For any of the numbering plan tables, you can modify patterns to accommodate your requirements. Note When on the Show Value page, Numbering Plan Table Patterns can not be modified. To modify a numbering plan table pattern: 1. Select Configuration > Voice > IP-PBXs. 2. Click the Modify button for the numbering plan tables. The Modify Table Entry page displays.
PAGE 159
10 Managing IP-PBX Integration Configuring Numbering Plan Settings In the following example, an input number of 8000 is specified for the default Outgoing Called Numbers numbering plan table patterns from the North American numbering plan template. The input number matched three patterns, and the pattern with the highest weight of 1 is used for mapping. Figure 66: Example North American Numbering Plan To use the test panel: 1. Select Configuration > Voice > IP-PBXs. 2.
PAGE 160
10 Managing IP-PBX Integration Configuring Media Settings Configuring Media Settings Use the Media tab to configure RTP media related settings:  Select Inband DTMF Detection to enable the inband DTMF detection on the ShoreTel Mobility Router. The preferred setting is disabled as the DTMF detection is typically performed on the PBX or Gateway. However, if your PBX or gateway does not support RFC 2833 based DTMF relay, enable this option.  Select Ringback Detection to enable ringback tone detection.
PAGE 161
10 Managing IP-PBX Integration  Configuring Media Settings Select Force RTP Bridging through the Mobility Router to bridge RTP media streams through the ShoreTel Mobility Router. This option is disabled by default. Note Bridging media through the ShoreTel Mobility Router increases the CPU and network load on the Mobility Router and reduces scalability. Note This option may be used in combination with Mobility Router Transcoding.
PAGE 162
10 Managing IP-PBX Integration   Configuring PBX Options RTP Bridging Off/Transcoding Off: Disable both Force RTP Bridging through the Mobility Router and Mobility Router Transcoding to keep the ShoreTel Mobility Router transparent during SDP negotiations. In this mode, the Mobility Router does not inspect the SDP, and simply forwards it to the other side. Except for special cases (for example, Access calls), RTP packets do not pass through Mobility Router.
PAGE 163
10 Managing IP-PBX Integration Configuring PBX Options  Call Transfer—enables call transfer features, including PBX call transfer, local call transfer, and consultation and blind transfer options when transferring to a deskphone.  Default Enterprise Cellular Call Indicator— selects the option to Prepend Digits to Caller ID, Map Used to Unused Area Codes in North America, Use Numbering Plan Enterprise Full Number Pattern, or None.  Voice Mail—configures voice mail routing.
PAGE 164
10 Managing IP-PBX Integration Configuring PBX Options call transfers the call to the desk phone, the other members of the conference call can hear the desk phone ringing until the user answers the desk phone if a blind transfer is used. This is Blind Transfer.  To prevent conference call members from hearing the desk phone ringing if a ShoreTel Mobility user transfers the call to the desk phone, the Mobility Router select Consultation Transfer.
PAGE 165
10 Managing IP-PBX Integration Configuring Device Mobility 9. Enable or disable the SIP Session Timer. If enabled, enter the session refresh interval. The valid range is 90-65535 seconds, and is enabled by default. 10. To save your changes, click Apply. Configuring Device Mobility Note Device Mobility is available as a Line Side only feature for the Cisco Call Manager.
PAGE 166
10 Managing IP-PBX Integration Modifying an IP-PBX Modifying an IP-PBX You can change the details of an IP-PBX, but any changes should be made carefully so as not to disrupt end-user services. To modify an IP-PBX: 1. Select Configuration > Voice > IP-PBXs. The IP-PBXs page displays. 2. Select the IP-PBX that you want to modify. 3. Click Modify. 4. Make changes as necessary on the General tab. You cannot modify the IP-PBX name. 5. To save your changes, click Apply. 6.
PAGE 167
10 Managing IP-PBX Integration Copying a PBX 5. Fill in the fields as described in Adding an IP-PBX on page 119 or Modifying an IP-PBX on page 151 and save. Once the changes are saved, the name displayed for this IP-PBX changes from “Copy ” to the saved name.
PAGE 168
CHAPTER 11 11. Configuring Voice Settings Voice settings are established to allow the Mobility Router to communicate with an enterprise IP-PBX. You must add an IP-PBX on the Mobility Router so that the Mobility Router can communicate with the PBX. You must also specify access numbers, which are phone numbers that allow users to make and receive calls on their mobile devices while using the ShoreTel Mobility Client.
PAGE 169
11 Configuring Voice Settings Adding Access Numbers Adding Access Numbers To Add access numbers: 1. Select Configuration > Voice > Access Numbers. The Access Numbers page displays. 2. Click Add. 3. In the Name field, type the name for the access number. The name can be up to 50 alphanumeric characters long and cannot contain special characters except for spaces, hyphens (-), and underscores (_). 4. (Optional) In the Description field, type a description for the access number. 5.
PAGE 170
11 Configuring Voice Settings Adding Access Numbers some CDMA mobile devices. For users with these devices, add a separate cellular access number without the plus sign (+) and assign this number to a group that contains only users with CDMA mobile devices. Include the local country code and local area code in the cellular access number. The ShoreTel Mobility Client application uses this phone number to access the Mobility Router from the cellular network.
PAGE 171
11 Configuring Voice Settings  Modifying Access Numbers Handover Number 6. Multiple access numbers may be added per country. To add more numbers, repeat these steps and click Apply. All Country Specific Cellular Access Numbers are added at the top level Access Numbers screen in a folder. 7. To save your changes, click Apply. Modifying Access Numbers To modify an access number: 1. Select Configuration > Voice > Access Numbers. The Access Numbers page displays. 2.
PAGE 172
11 Configuring Voice Settings Viewing Table Rows Viewing Table Rows Note Refer Refer to Copying a Selection on page 9 for information on how to copy a selection on a page. Expand All 1. Click in the Access Numbers Summary page. 2. Right-click to Select All Rows. 3. Right-click to Expand All. Collapse All 1. Click in the Access Numbers Summary page. 2. Right-click to Select All Rows. 3. Right-click to Collapse All.
PAGE 173
11 Configuring Voice Settings Configuring Advanced Voice Settings Exporting a Numbering Plan To export a Numbering Plan: 1. Select Configuration > Voice > Numbering Plan Templates. The Numbering Plan page displays. 2. Select a Numbering Plan to be exported. 3. Click Export to send a numbering plan to a specified location. A directory popup displays. Browse to the appropriate location to save the file, optionally rename the file with a name that represents this numbering plan or country. 4.
PAGE 174
11 Configuring Voice Settings Managing Cellular Operators You typically do not need to modify the SIP server settings. An example of when you might need to modify SIP server settings is if you need to change the port numbers on which the Mobility Router listens to UDP, TCP, or TLS traffic. To configure SIP server settings: 1. Select Configuration > Voice > Advanced > SIP Server. The SIP Server page displays. 2.
PAGE 175
11 Configuring Voice Settings  “Modifying Cellular Operator Settings” on page 163  “Deleting a Cellular Operator” on page 163 Managing Cellular Operators Adding a Cellular Operator The Mobility Router ships with default settings for the most common United States cellular operators. Note Refer If you need to add a cellular operator to the Mobility Router, you or the end user can provision a mobile device for the cellular operator.
PAGE 176
11 Configuring Voice Settings Managing Cellular Operators  In the Cellular VMI Min Ring Time field, enter the Mobility Router's minimum cellular ring time for a Voice Mail Indicator (VMI) cellular call. If the ShoreTel Mobility Client answers before the ring time elapses, the mobile device is turned off or out of range of the cellular network. If end users report that they are running the ShoreTel Mobility Client and are not receiving VMI while they are on the cellular network, increase the ring time.
PAGE 177
11 Configuring Voice Settings Managing Cellular Operators is 15000.  In the Forward Dial Request Abort Timer field, enter the maximum time the Mobility Router waits, after receiving a reverse dial request call, before initiating the reverse dial call. If it does not get the cell call in this time, the Notify message received is ignored.
PAGE 178
11 Configuring Voice Settings Managing Supported Mobile Operating Systems 7. Click Apply to save changes. Modifying Cellular Operator Settings To modify cellular operator settings: 1. Select Configuration > Voice > Advanced > Cellular Operators. The Cellular Operators page displays with a list of available operators displayed. 2. Select the cellular operator to be modified. 3. Click Modify. The Modify Cellular Operator page displays. 4. Make changes as appropriate. 5. To save your changes, click Apply.
PAGE 179
11 Configuring Voice Settings Managing Supported Mobile Device Types 2. Select the operating system description to be modified, then click Modify. The OS Name can not be modified. 3. Select Apply to save changes. Deleting Operating Systems Before deleting an operating system, make sure that no users need are provisioned using that OS. If you delete an operating system, users cannot provision that OS. To delete an Operating System: 1. Select Configuration > Voice > Advanced > Mobile OSs.
PAGE 180
11 Configuring Voice Settings Managing Supported Mobile Device Types 8. In the Wi-Fi Rx Offset field, type the offset that is added to the default Min Cellular to Wi-Fi Roam RSSI value and used to compute the fingerprint RSSI value before being sent to the ShoreTel Mobility Client. If the mobile device is not being used for fingerprinting, you can initially set the value to 0. You might need to adjust this value.
PAGE 181
11 Configuring Voice Settings  Device OEM (Original Equipment Manufacturer)  Operating system  Cellular Rx Offset  Wi-Fi Rx Offset Managing Voice Prompts Managing Voice Prompts The Voice Prompt Profile feature allows the Admin to replace the system default audio for ringback, no answer, not found, busy, comfort noise, and music on hold. These profiles can be assigned to a PBX, enabling all users assigned to this PBX to use the voice prompts from this profile.
PAGE 182
11 Configuring Voice Settings Managing Voice Prompts Adding a Voice Prompt Profile To create a profile: 1. Select Configuration > Voice > Advanced > Voice Prompt Profiles. The Voice Prompt Profile page displays with the default profile. 2. Click Add. 3. Enter a name and description for the new profile. 4. Click Apply. 5. The new profile is added. The default Voice Prompts are associated with the new profile.
PAGE 183
11 Configuring Voice Settings  Sampling rate = 8000  1 channel (mono)  8 bit sample A-law and U-law or 8 or 16 bit sample for PCM Managing Voice Prompts Note Refer The Default Voice Prompt Profile can not be modified. To modify a voice prompt: 1. Select Configuration > Voice > Advanced > Voice Prompt Profiles. The Voice Prompt Profile page displays. 2. Select the profile you want to modify. The profile’s list of prompts displays in the screen below. 3.
PAGE 184
11 Configuring Voice Settings Managing Voice Prompts 5. The imported file is now used for the selected prompt. 6. To remove the new prompt and revert to the default setting, select Restore Default. Deleting Voice Prompt Profiles Before deleting voice prompt profile, make sure that no users are provisioned to that profile. Note Refer The Default Voice Prompt Profile can not be modified. To delete a profile: 1. Select Configuration > Voice > Advanced > Voice Prompt Profiles.
PAGE 185
CHAPTER 12 12. Managing Calling Rules Calling rules direct calls to specified destinations based on user requirements. Calling rule criteria can include a range of days, days of the week, time of day, calling party telephone number, and user location. Based on the calling rule, incoming calls are routed to the specified destination, such as an office telephone, mobile device, or voice mail system.
PAGE 186
12 Managing Calling Rules Creating a Calling Rule You can also add a calling rule when creating or modifying a group or user, which automatically assigns the rule to that group or user. Group calling rules apply to all users in the group. See “Managing Groups” on page 176 and “Managing Users” on page 193 for details about adding calling rules using the Groups and Users pages. The following describes calling rules with location-based constraints that you might create:  From 8:00 a.m. to 6:00 p.m.
PAGE 187
12 Managing Calling Rules Creating a Calling Rule 6. In the From field, type one or more phone numbers for which the calling rule applies. Keep the following in mind when filling in the From field:  If you specify a 7- or 10-digit number, the calling rule is effective only if the designated IP-PBX has a numbering plan that includes entries that maps the short and long version of numbers within the numbering plan. For more information, see “Configuring Numbering Plan Settings” on page 122.
PAGE 188
12 Managing Calling Rules Creating a Calling Rule Table 9: Allowed Patterns for Phone Numbers Valid and Active States Description [*digit1-digit2] Specifies zero or more digits in a range from digit1 through digit2. For example, if you type 408555120[*0-7], the following are some of the number for which the calling rule is applied: 4085551201, and 4085551202, 4085551203. * Specifies zero or more of any digits.
PAGE 189
12 Managing Calling Rules  Modifying a Calling Rule On the Road—Calling rule applies when the user is out of range of the office or home network. Note o take location into account for the calling rule, you or the user must create a home location. For more information, see “Managing Home Locations” on page 206. To have the calling rule apply to all locations, clear the Location Aware Policy check box. By default, the Location Aware Policy check box is not selected. 4.
PAGE 190
12 Managing Calling Rules Deleting a Calling Rule Deleting a Calling Rule You can delete calling rules that have not been assigned to a group or user. Note If a calling rule is assigned to a group or user, you must first unassign the calling rule before you can delete it. For more information, see “Unassigning Calling Rules for a Group” on page 190 or “Unassigning Calling Rules for Users” on page 204. To delete a calling rule: 1. Select Configuration > Policies > Calling Rules.
PAGE 191
CHAPTER 13 13. Managing Groups Creating groups on the Mobility Router allows you to set up logical categories of users based on criteria such as department, geographical location, or any other separation that you choose. You can also use groups to apply policies, such as calling rules, balance loads on an IP-PBX, or apply access numbers. Groups can be mapped to existing groups on the Active Directory or LDAP server.
PAGE 192
13 Managing Groups Creating Groups Creating Groups To create a group on the Mobility Router, configure general settings, security settings, remote access and calling rules before adding users. Configuring General Settings To configure general group settings: 1. Select Configuration > Groups and Users > Groups. The Groups page displays. 2. Click Add. The Add Group page displays, with the General tab active. 3. In the Name field, type the name of the group.
PAGE 193
13 Managing Groups Configuring General Settings  Retrieve All Groups  Retrieve All Groups of Selected User Note You must first complete the Configuration > System > Authentication > Active Directory/LDAP page before this option is available. For information about Active Directory and LDAP authentication, see “Adding a Directory Server Group” on page 79.
PAGE 194
13 Managing Groups Configuring Security Settings Configuring Security Settings Select the Configuration > Groups and Users > Groups > Security tab to define the following security settings for the group:  “PBX-Side Security” on page 179—SIP security used for communication between the Mobility Router and the PBX:  No authentication is used between the Mobility Router and the PBX.  Digest authentication (username and password) is used between the Mobility Router and the PBX.
PAGE 195
13 Managing Groups Configuring Security Settings  Same as RA User ID—Specifies that the digest username for an end-user matches the ShoreTel Mobility user ID. Tip Use the same User ID as the ShoreTel Mobility user ID.  Same as RA User Enterprise Extension—Specifies that the digest username for an enduser matches the Enterprise Extension number.  Default—Specifies that a default digest username is used for all users in the group. 3.
PAGE 196
13 Managing Groups Configuring User Options Configuring User Options Select the Configuration > Groups and Users > Groups > User Options tab to configure the following user options:  “Call Routing” on page 182  “Data Services” on page 182  “Presence/IM” on page 183  “Enterprise Cellular Call Routing” on page 183  “Personal Call Routing” on page 185  “Emergency Call Routing” on page 185  “Call Ignore” on page 186  “Client Privilege” on page 186  “Provisioning” on page 186  “A
PAGE 197
13 Managing Groups Configuring User Options Call Routing To configure Call Routing: 1. Select Wi-Fi to allow users in this group to access voice services over Wi-Fi. Click the Remote Access link to go to the Remote Access page to configure Remote settings including protocols, client IP pool information and options. Refer to “Managing Remote Access” on page 40 for details. 2. Select Cellular Data to allow users in this group to access voice services from cellular packet-data networks. 3.
PAGE 198
13 Managing Groups Configuring User Options Presence/IM Enable or disable Presence on the user devices in this group. By default, Presence/IM is disabled. If Presence is enabled, options pop up to control whether Presence/IM is available when the device is roaming: 1. UC Server Name—Select the name of the server from the drop down menu. The names displayed here are configured under Configuration > UC > Server. Refer to “Managing Unified Communications (Presence)” on page 222. 2.
PAGE 199
13 Managing Groups Configuring User Options a. If Mobile to Fixed Reverse Dial is selected, the Initial Call Settings display. Select Auto, On or Off. The initial setting determines the Reverse Dial Mode upon provisioning. Once the client is provisioned, the user can change the mode from client's call settings menu. Select On to force the Reverse Dial on all future calls. Select Off to turn off the Reverse Dial feature.
PAGE 200
13 Managing Groups Configuring User Options  Enterprise extensions—Select to route calls to enterprise extensions through the enterprise. By default, this option is selected. WARNING! If you clear the Enterprise extensions option, users cannot dial only the extension when calling enterprise phone numbers. Users would need to dial the Enterprise Full Number.  International numbers—Select to route outgoing international calls through the enterprise.
PAGE 201
13 Managing Groups Configuring User Options data; calls may be misdirected to the wrong emergency response center or the emergency response center may make errors when determining your location. ShoreTel is not liable for any resulting error or delay. For more information on configuring emergency number patterns, refer to “Emergency Number Pattern” on page 141.
PAGE 202
13 Managing Groups Configuring Device Options Configuring Device Options Select the Configuration > Groups and Users > Groups > Device Options tab to configure the following device options:  “Maximum Number of Devices” on page 187  “DTMF Error Correction” on page 187  “Caller ID via DTMF” on page 187  “Cellular Call Answer Confirmation” on page 188  “Applying Changes” on page 188 Maximum Number of Devices Select the maximum number of devices per user. The maximum is 5. The default is 1.
PAGE 203
13 Managing Groups Managing Calling Rules for Groups Cellular Call Answer Confirmation The Cellular Call Answer Confirmation feature helps the enterprise user to properly route the call to enterprise voice mail.  When on the cellular network, and this feature is set to None, the Mobility Router does not distinguish between the user answering the call or the cellular voice mail. Select None to send enterprise voice messages to the personal cellular mailbox.
PAGE 204
13 Managing Groups Managing Calling Rules for Groups Calling rules based on the day of the week, time of day, and calling party number provide efficient processing of incoming calls. Calling rules that also consider the user's location provide the user with additional flexibility and convenience when out of the office and require fewer changes, even as the user's schedule changes. You can manage calling rules while creating or modifying groups.
PAGE 205
13 Managing Groups Managing Calling Rules for Groups Modifying Calling Rules To modify a calling rule: 1. Select Configuration > Groups and Users > Groups. The Groups page displays. 2. Select the group to which the calling rule is assigned. 3. Click Modify. The Modify Group page displays. 4. Click the Calling Rules tab. 5. Click Modify. The Modify Calling Rule page displays. 6. Make changes to the calling rule as needed.
PAGE 206
13 Managing Groups Adding Users to a Group Setting Priority for Calling Rules for a Group For a group, calling rules are checked in the order in which they appear in the Calling Rules tab. You can move a calling rule up or down to promote or demote the priority of the calling rule. To set the priority for a calling rule: 1. Select Configuration > Groups and Users > Groups. The Groups page displays. 2. Select the group assigned to the calling rule you want to change. 3. Click Modify.
PAGE 207
13 Managing Groups Modifying Groups Modifying Groups To modify a group: 1. Select Configuration > Groups and Users > Groups. The Groups page displays. 2. Select the group associated with the user you want to change. 3. Click Modify. The group displays, with the General tab active. 4. Make changes to each page as required. 5. To save changes. click Apply on each page. Deleting Groups You can delete groups from the ShoreTel Mobility Router. A group cannot be deleted if there are any users in the group.
PAGE 208
CHAPTER 14 14. Managing Users Each user on the Mobility Router must have a user profile on the Mobility Router. You can create a user profile locally, or the profile can be automatically added when authorized end users perform overthe-air provisioning using their mobile devices. For end-user provisioning to succeed, the user entry must exist locally or exist on the Active Directory or LDAP server.
PAGE 209
14 Managing Users Creating Users  “Finding Users” on page 220  “Viewing Table Rows” on page 221 Creating Users End users can be in one of the following states on the Mobility Router: Table 10: User Status States Description Provisioning Status Authorized—User exists on the Mobility Router but has not completed over-the-air provisioning. Provisioned—User exists on the Mobility Router and has also completed over-the-air self-provisioning. The user can be enabled or disabled.
PAGE 210
14 Managing Users Configuring Line Settings 3. In the Group list, select the group to which the user belongs. Note When a user is created, it inherits all the properties of the group. Any subsequent user customization overrides the group settings. You can override remote-access and call routing options and security settings made for a user by using the “Apply to all existing users in this group” option on the Security and Options tabs for a group.
PAGE 211
14 Managing Users Configuring Line Settings 4. Click the Line tab. 5. In the Enterprise Extension field, type the short dial number assigned to the user within the enterprise. This number must match the enterprise extension assigned for that user on the IPPBX. Note An enterprise extension must contain a minimum of four digits and can be up to 15 digits long. 6.
PAGE 212
14 Managing Users Configuring Devices 8. In the PBX-Side Security area, select None or Digest. If Digest is selected, you must specify a user ID and password. When the user entry is created, it inherits the group’s PBX-Side security settings. The digest user ID password must match the entry in the Digest Credentials field on the IP-PBX. 9. In the Client-Side Security (Wi-Fi) area, select None or Certificate. 10. In the Client-Side Security (Cellular) area, select None or PIN.
PAGE 213
14 Managing Users Configuring Devices Configuring the Mobility Client 1. Select Configuration > Groups and Users > Users > Devices tab. 2. Select the maximum number of devices allowed for this user. The maximum is 5. The default is 1. 3. Select Apply. 4. Click Add to add a new device. The Add New Device page displays. Tip Adding a new user device is optional. Devices are automatically added once the user completes the provisioning of a new device through Mobility Client.
PAGE 214
14 Managing Users Configuring Devices 10. In the Cellular Network Type list, select the network service type for the mobile device. 11. Select an Operation Mode. 12. The Cellular Call Answer Confirmation feature helps the enterprise user to properly route the call to enterprise voice mail. When on the cellular network, and this feature is set to None, the Mobility Router does not distinguish between the user answering the call or the cellular voice mail.
PAGE 215
14 Managing Users Configuring Devices 15. Click Apply. The device is added to the User Devices table. Click on the device row to display the device’s values in the Device Details table. After the device has been provisioned using the ShoreTel Mobility solution, the provisioning information populates in this table. Tip If a user is associated with only one device, that device and all of its relevant information displays on the same row as the User ID on the top-level User page.
PAGE 216
14 Managing Users Configuring Devices Figure 69: Primary Device on Device Page Figure 70: Make Primary Device on Device Page Configuring Additional Devices Use the Devices tab to add, modify, delete or configure additional devices. Additional devices are configured after the first device has been configured. Typically, the first device configured is the Mobility Client. If one of your additional devices is another mobile device, you have the option to make this device your primary device.
PAGE 217
14 Managing Users Configuring Devices 3. If you have not already selected a maximum number of devices using “Configuring Devices” on page 197, select the maximum number of devices allowed for this user. The range is 1-5. 4. Click Add to add a new device. The Add New Device page displays. Note If modifying an existing device’s configuration, double-click the device in the User Devices table, or select the device then click Modify, then follow these instructions to add a device.
PAGE 218
14 Managing Users Managing Calling Rules for a User Managing Calling Rules for a User When you create or modify a user, you can also create calling rules. This allows you to create and automatically assign the calling rules to the user without first creating a calling rule using the Configuration > Policies > Calling Rules page. You can create, change, assign, unassign, and change the priority of administrator-defined calling rules. You can also modify or delete user-defined calling rules.
PAGE 219
14 Managing Users Managing Calling Rules for a User Modifying Calling Rules To modify a calling rule: 1. Select Configuration > Groups and Users > Users. The Users page displays. 2. Select the user whose calling rule you want to change. 3. Select Modify. The Modify User page displays. 4. Click the Calling Rules tab. 5. Click Modify. The Modify Calling Rule page displays. 6. Make changes to the calling rule as needed. Assigning Calling Rules to Users To assign a calling rule to a user: 1.
PAGE 220
14 Managing Users Managing Calling Rules for a User Setting Priority for Calling Rules for Users Calling rules are checked in the order the are listed within the user calling rules screens. You can move a calling rule up or down to promote or demote the priority of the calling rule. Note If a user has multiple devices, the calling rules apply to all devices. In addition, location-based calling rules apply to each device based on the device's location (for example, enterprise, home, on the road, etc.).
PAGE 221
14 Managing Users Managing Home Locations Modifying User-Defined Calling Rules To modify user-defined calling rules: 1. Select Configuration > Groups and Users > Users. The Users page displays. 2. Select the user to view the user-defined calling rule. 3. Click Modify. The user displays with the General tab selected. 4. Click the Calling Rules tab. 5. In the User Defined area, select the calling rule that you want to modify. 6. Click Modify. 7. Make changes as necessary. 8.
PAGE 222
14 Managing Users Managing Home Locations Users can also create and manage home locations using the ShoreTel Mobility Client on their mobile devices. Users can also manage home locations using the User Portal. For information about managing home locations with the ShoreTel Mobility Client, see the ShoreTel Mobility User’s Guide for Nokia or contact your IT department for information on using the ShoreTel Mobility User Portal. Note Home Location usage is only supported by Nokia and BlackBerry devices.
PAGE 223
14 Managing Users Managing Home Locations 10. Click Apply to save your changes. 11. The applicable codecs display in the table. Use the Up or Down buttons to select the highest priority codec supported by both ends. Move the codecs into their appropriately ranked order for usage, the top codec being the highest priority. To modify the packet duration of a codec: a. Select the codec from the table. b. Click Modify. c. Modify the packet duration. d.
PAGE 224
14 Managing Users Managing Home Locations  Min Cellular to Wi-Fi Roam RSSI—Minimum Wi-Fi RSSI threshold that must be available for a call to be handed over from cellular to Wi-Fi. The valid value range is -95 through -40, and the default value is -70.  Min Voice RSSI—Minimum RSSI threshold for incoming and outgoing voice calls. This value represents the minimum RSSI allowed for initiating a voice call. If this value is not met or exceeded, then Wi-Fi is not available.
PAGE 225
14 Managing Users Managing Home Locations 2. Click the Home Locations tab. 3. In the Name area, select the home location to which you want to add the cellular information. 4. In the Cellular area, click Add. The Add Cellular Home Location page displays. 5. In the Name list, select the user’s cellular service provider. 6. In the LAC field, type the LAC, which is a unique number that is assigned to a location area. 7. In the Cell ID field, type the identification number of the mobile device. 8.
PAGE 226
14 Managing Users Managing Home Locations To delete home Wi-Fi information: 1. Select Configuration > Groups and Users > Users. 2. Click the Home Locations tab. 3. In the Name area, select the home location to which you want to add the Wi-Fi information. 4. In the Wi-Fi area, click Delete. The Wi-Fi information is deleted.
PAGE 227
14 Managing Users Configuring User Options Configuring User Options Select the Configuration > Groups and Users > Users > Options tab to configure the following user options:  “Call Routing” on page 213  “Data Services” on page 213  “Presence/IM” on page 214  “Enterprise Cellular Call Routing” on page 214  “Personal Call Routing” on page 216  “Call Ignore” on page 217  “Client Privilege” on page 217  “Provisioning” on page 218  “Applying Changes” on page 218 ShoreTel Mobility
PAGE 228
14 Managing Users Configuring User Options Call Routing To configure Call Routing: 1. Select Wi-Fi to allow users to utilize Wi-Fi networks for voice calls. Click the Remote Access link to go to the Remote Access page to configure Remote settings including protocols, client IP pool information and options. Refer to “Managing Remote Access” on page 40 for details. 2. Select Cellular Data to allow users to utilize cellular data networks for voice calls. 3.
PAGE 229
14 Managing Users Configuring User Options Presence/IM Enable or disable Presence on the user devices in this group. By default, Presence/IM is disabled. If Presence is enabled, options pop up to control whether Presence/IM is available when the device is roaming: 1. UC Server Name—Select the name of the server from the drop down menu. The names displayed here are configured under Configuration > UC > Server. Refer to “Managing Unified Communications (Presence)” on page 222. 2.
PAGE 230
14 Managing Users Configuring User Options Note Changing the Initial Call Setting after provisioning does not change the client running the configuration. Note If the Mobile to Fixed Reverse Dial Mode is set to Auto, reverse dial is automatically triggered when the following conditions are met:  A non-U.S.-based SIM is roaming. For example, if a user with a United Kingdom SIM card is travelling outside the country.  A Non-U.S.
PAGE 231
14 Managing Users Configuring User Options  International numbers—Select to route outgoing international numbers through the enterprise. Clear this option to have international calls go directly over the cellular network. By default, this option is selected.
PAGE 232
14 Managing Users Configuring User Options A personal-mode call is an outgoing call that is placed directly over the cellular network, rather than through the enterprise. Note Dual PersonaTM is supported on Nokia and BlackBerry clients only. Cellular Voice Mail Indicator Select the Cellular Voice Mail Indicator check box to enable the enterprise voice mail message indicator on the mobile device when it is on the cellular network. By default, this option is enabled.
PAGE 233
14 Managing Users Modifying Users Provisioning In the Provisioning area, check the Prevent users from changing devices by re-provisioning box to disallow users from provisioning with their credentials on another phone. The default is read from the selection in the Groups area. In association with this feature, if the maximum number of devices per user has been reached, use Configuration > Users > (select Modify)> Devices tab to specify a device to delete. This allows the new device to be provisioned.
PAGE 234
14 Managing Users Moving Multiple Users to a Group 1. Select Configuration > Groups and Users > User. The User page displays. 2. Select the users that you want to disable. 3. Click Disable. The users that you selected are now disabled. Moving Multiple Users to a Group When creating or modifying a user, you can move the user to another group.
PAGE 235
14 Managing Users Copying a User Copying a User When creating or modifying a user, you can copy the user to another User ID. To copy a User: 1. Select Configuration > Groups and Users > User. The User page displays. 2. Select the user that you want to copy. 3. Select Copy. 4. A new User template is created and displays Copy at the top of the window. 5. Fill in the fields as described in “Creating Users” on page 194 and save.
PAGE 236
14 Managing Users Viewing Table Rows 5. You can click on a column heading to alphabetically sort all pages by that criteria. For example, to sort by PBX type, click on the PBX column heading to view an alphabetical listing of all PBXs. 6. The current page number displays at the bottom-right. Select a new page number to begin with and the number of rows to follow using the Go to page field and the Retrieve pulldown on the bottom-right. The valid values are 50, 100 and 500.
PAGE 237
CHAPTER 15 Managing Unified Communications (Presence) 15. The ShoreTel Mobility Router extends enterprise Unified Communications (UC) to mobile devices. By connecting to an enterprise UC server, the Mobility Router retrieves the Presence of all non-mobile and mobile users in the enterprise making their Presence state available to all ShoreTel Mobility mobile users.
PAGE 238
15 Managing Unified Communications (Presence) Enabling Presence 2. Click Enable. Unified Communications is not active on the Mobility Router if this field is not selected. 3. Select Configuration > UC > Server. 4. Select Add. 5. Select a Server Type.  If using OCS/Lync, select (Communicator Web Access) CWA Version type R1 or R2.  If using XMPP and if a service search is required, enter the search service Jabber ID configured on the XMPP server in the Directory Service JID field.
PAGE 239
15 Managing Unified Communications (Presence)  Modifying Presence For multi-party instant messaging, enter the conference service Jabber ID configured on the XMPP server in the Conference Service JID field. Multi-party instant messages are not supported if this field is left blank. 6. Enter the Name of your UC server. 7. Select an Interface. By default, the IP address associated with the primary interface is chosen. This interface is used by the Mobility Router for communicating with the UC server.
PAGE 240
15 Managing Unified Communications (Presence) Modifying Presence 2. Select the server to be modified and click Modify. Make any necessary changes. Click Apply to save the changes. Note If you make changes to a user configuration, the user must restart the ShoreTel Mobility Client application before their service can continue. Any configuration change made to the user parameters affects calls being routed to the ShoreTel Mobility Client and the Client’s handover behavior.
PAGE 241
15 Managing Unified Communications (Presence) Disabling Presence Disabling Presence To disable Presence functionality for all users: 1. Select Configuration > UC > General. The General page displays. 2. Uncheck the Enable box and click Apply. Note To make Group-based presence changes, refer to “Configuring User Options” on page 181. To make User-based presence changes, refer to “Configuring User Options” on page 212.
PAGE 242
CHAPTER 16 16. Managing Redundancy Clusters The Mobility Router provides stateful high availability by using redundancy clusters. A redundancy cluster consists of two Mobility Routers. One Mobility Router is the active (primary) node, and the other Mobility Router is the standby (secondary) node. The standby node becomes the active node if the original active node fails, ensuring that calls are not dropped.
PAGE 243
16 Managing Redundancy Clusters About Redundancy Clusters About Redundancy Clusters A redundancy cluster consists of two ShoreTel Mobility Router 4000 or 6000 Series appliances. Each redundancy cluster must have a unique cluster name. Note Clustering is not supported on ShoreTel Mobility Router 2000 Series appliances. Failover occurs due to the following:  The active node is powered off.  The eth0 interface cable of the active node is removed or disconnected.
PAGE 244
16 Managing Redundancy Clusters Redundancy Cluster Prerequisites Redundancy Cluster Prerequisites Before you start configuring redundancy clusters, make sure you have the following:  Two ShoreTel Mobility Router 4000 Series appliances  Each Mobility Router has a unique IP address and hostname.  Both Mobility Routers are running the same image of ShoreTel Mobility system software (Version 2.0 or later).  Both Mobility Routers are in the same subnet.
PAGE 245
16 Managing Redundancy Clusters Creating a Cluster with Two New Mobility Routers Creating a Cluster with Two New Mobility Routers If you have two new or factory-default Mobility Routers that you want to configure as a cluster, you perform the following tasks for each Mobility Router. Configuring the First Mobility Router To create a redundancy cluster, perform the following tasks for the first Mobility Router: 1.
PAGE 246
16 Managing Redundancy Clusters Configuring the Second Mobility Router Configuring Redundancy Cluster Settings To configure redundancy cluster settings: 1. Login to the first Mobility Router. 2. Select Configuration > Clustering > Redundancy. The Redundancy page displays. 3. Select the Enabled check box to enable redundancy on this Mobility Router. 4. In the Name field, type the name of the redundancy cluster.
PAGE 247
16 Managing Redundancy Clusters Configuring the Second Mobility Router Initially Configuring and Establishing Network Connectivity Before you can create a redundancy cluster, you must initially configure the second Mobility Router with the Initial Configuration Wizard, and verify that the Mobility Router has network connectivity. Configuring Redundancy Cluster Settings To configure redundancy cluster settings: 4. Login to the first Mobility Router. 5. Select Configuration > Clustering > Redundancy.
PAGE 248
16 Managing Redundancy Clusters Creating a Redundancy Cluster with a Configured Mobility Router and a New Mobility Router Creating a Redundancy Cluster with a Configured Mobility Router and a New Mobility Router If you have a Mobility Router that is already configured with users with mobile devices who are currently provisioned, you can preserve the configuration of that Mobility Router when creating a redundancy cluster.
PAGE 249
16 Managing Redundancy Clusters Reconfiguring the Previously Configured Mobility Router Disabling All Existing Users To preserve the existing user configurations after creating the redundancy cluster, you must disable all the existing users on the Mobility Router: 1. Select Configuration > Groups and Users > Users. The Users page displays. 2. Select all users. 3. Click Disable. All the users are disabled. Note If there are multiple pages of existing users, complete this action for each page.
PAGE 250
16 Managing Redundancy Clusters Reconfiguring the Previously Configured Mobility Router Importing the Existing Mobility Router Certificate as the Virtual Certificate You must copy the existing Mobility Router certificate and import it as the Mobility Router virtual certificate: 1. Select Configuration > System > Certificate > Mobility Router > Clustered. The Mobility Router page displays. 2. If a certificate was imported for Mobility Router > Standalone > Local Access, the same procedure is followed.
PAGE 251
16 Managing Redundancy Clusters Configuring the Second Mobility Router 1. Select Configuration > Groups and Users > Users. The Users page displays. 2. Select all users. 3. Click Enable. All the users are enabled. After enabling existing users, you now need to configure the second Mobility Router, as described in “Configuring the Second Mobility Router” on page 236.
PAGE 252
16 Managing Redundancy Clusters Creating a Redundancy Cluster with a Configured Mobility Router with Remote Access and a 7. This IP address is the management address you access when you need to configure the redundancy cluster. This is the IP address that mobile devices and the IP-PBX communicate with, rather than one of the individual physical IP addresses. 8. To save your changes, click Apply. 9. The Services Restart message displays.
PAGE 253
16 Managing Redundancy Clusters Initially Configuring the New Mobility Router Initially Configuring the New Mobility Router After configuring the first Mobility Router of the redundancy cluster, configure the Mobility Router and establish it in your network using the Initial Configuration Wizard. For more information, see “Initially Configuring and Establishing Network Connectivity” on page 232.
PAGE 254
16 Managing Redundancy Clusters Reconfiguring the Previously Configured Mobility Router Now you must change the IP address and hostname of the Mobility Router, as described in “Changing the Hostname and IP Address of the Mobility Router” on page 234.
PAGE 255
16 Managing Redundancy Clusters Reconfiguring the Previously Configured Mobility Router 8. Click Import. If the certificate is valid, a Restart prompt displays. If the certificate is not valid, an Error prompt displays. In the case of an error, generate a valid certificate or obtain a new certificate to paste in the field. 9. Restart the ShoreTel Mobility service and activate the newly generated certificate, click OK. Note If you do not want to restart the Mobility Router, click Cancel.
PAGE 256
16 Managing Redundancy Clusters Adding the Second Mobility Router to the Redundancy Cluster 2. Select all users. 3. Click Enable. All the users are enabled. After enabling existing users, you now need to configure the second Mobility Router, as described in “Configuring the Second Mobility Router” on page 236. Adding the Second Mobility Router to the Redundancy Cluster After configuring the first Mobility Router of the redundancy cluster, perform the following tasks on the second Mobility Router: 1.
PAGE 257
16 Managing Redundancy Clusters Managing Redundancy Clusters 1. Select Configuration > Clustering > Redundancy. The Redundancy page displays. 2. Select Enable. 3. In the Name field, type the name of the cluster. This should be the same cluster name as the master configuration. 4.
PAGE 258
16 Managing Redundancy Clusters Removing a Second Mobility Router from Redundancy Cluster Removing a Second Mobility Router from Redundancy Cluster ShoreTel Mobility Routers in a Standby node may be removed from the Redundancy Cluster. This node will fall out of the Cluster. 1. Login to the Standby ShoreTel Mobility Router using the physical IP address of the Standby box. 2. Select Monitor > Clustering > Redundancy to verify the IP addresses of the Master and Standby Mobility Routers. 3.
PAGE 259
16 Managing Redundancy Clusters Monitoring Cluster Status Monitoring Cluster Status After you have configured the redundancy cluster, you can monitor its status. The Redundancy monitoring page allows you to check the state of each Mobility Router and which one is the active node. Troubleshooting The following lists issues you might encounter after implementing redundancy clusters and how to verify your configuration. The second Mobility Router fails to join the cluster and is in the Unknown state.
PAGE 260
16 Managing Redundancy Clusters Troubleshooting Check the Mobility Router log and search for “503 Policy Check Failure.” If you see this message, the SIP server needs to reregister with the PBX to get the new registration state to respond to the client’s registration request. To do this, do one of the following:  Disable the user, and then enable the user again.  Wait for the timeout of 180 seconds so that the SIP server sends a new PBX registration request.
PAGE 261
CHAPTER 17 17. Maintaining the System You can reboot, restart, shut down, and restore the factory-default settings for the Mobility Router. System level maintenance also allows you to manage Mobility Router and Client images, in addition to viewing detailed records that are scheduled for export. Use the system level maintenance to configure to bulk provision users and perform a directory query.
PAGE 262
17 Maintaining the System Backup the Mobility Router Backup the Mobility Router The Mobility Router configuration can be backed up to an FTP, SCP, or TFTP server by using the On Demand method or by scheduling a backup. Note To restore a configuration, refer to “Restoring the Mobility Router Configuration” on page 249. On Demand Backup To perform and On Demand back up of the Mobility Router configuration: 1. Select Maintenance > System > On Demand Backup. 2.
PAGE 263
17 Maintaining the System Scheduled Backup 8. Select Backup. The Mobility Router displays a status prompt indicating the backup is in progress. If the backup is successful, the “Backup Succeeded” message displays. If the backup fails, the “Backup failed. See server log” message displays. Scheduled Backup To schedule a back up of the Mobility Router configuration: 1. Select Maintenance > System > Scheduled Backup. The Schedules tab displays any previous scheduled backup yet to be performed.
PAGE 264
17 Maintaining the System Restoring the Mobility Router Configuration 8. In the Path field, type the path to the directory to which you want to save the configuration file, for example “/home/user/backup/”. Note The FTP or TFTP server must be running for the backup to succeed. WARNING! /var/tmp” should not be used in the local host machine for backups. This is a temporary folder and the file is susceptible to being deleted. Use an external host to complete the backup. 9. Enter the Filename Prefix.
PAGE 265
17 Maintaining the System Restoring Factory-Default Settings 5. Enter the Password for the User. 6. In the Path field, type the path to the directory from which to retrieve the file, for example “/home/ user/backup/”. Note The FTP or TFTP server must be running for the backup to succeed. 7. Check Include License, Include Network Information and/or Include Certificates as appropriate. 8. Select Restore. Status about the restore process displays.
PAGE 266
17 Maintaining the System Restarting Mobility Router Services Restarting Mobility Router Services You can restart the services on the Mobility Router. You might need to restart services if there are problems with calls on mobile devices, and nothing appears to be wrong with the Mobility Router configuration or the mobile devices. If you restart the Mobility Router and you have a redundancy cluster enabled, active calls are not disrupted.
PAGE 267
17 Maintaining the System Rebooting the Mobility Router Rebooting the Mobility Router You can reboot the Mobility Router. A reboot restarts services and also restarts the entire system. An example of when you might need to reboot is if you have problems connecting to the network interfaces. If you reboot the Mobility Router and you have a redundancy cluster enabled, active calls are not disrupted. If you do not have a redundancy cluster, active calls might be dropped.
PAGE 268
17 Maintaining the System Starting and Stopping Mobility Router Services Starting and Stopping Mobility Router Services If you need to contact ShoreTel Technical Support, you might be asked to restart one or more Mobility Router services. WARNING! Do not restart any Mobility Router services unless directed to do so by Technical Support. To start or stop a Mobility Router service: 1. Select Maintenance > Start/Stop Services.
PAGE 269
17 Maintaining the System Managing Mobility Router Images Managing Mobility Router Images The Mobility Router contains two hard-drive partitions. When you receive a Mobility Router, it has the factory-default system image installed on each partition. The Mobility Router Images page provides information about Mobility Router images that have already been installed and options to upload a new Mobility Router image from an URL or a local file.
PAGE 270
17 Maintaining the System Uploading and Installing Mobility Router Images to the Mobility Router Uploading and Installing Mobility Router Images to the Mobility Router You can install Mobility Router images from a local file system or using HTTP, SCP, or FTP. Note If you are uploading the Mobility Router image from a local file system, you must use the Microsoft Internet Explorer Web browser.
PAGE 271
17 Maintaining the System Changing the Mobility Router Image Used at the Next Reboot Changing the Mobility Router Image Used at the Next Reboot After installing a Mobility Router image, you can specify that it be used at the next reboot: 1. Select Maintenance > System > Images > Mobility Router. The Mobility Router Images page displays. 2. In the list of installed Mobility Router images, select the image to be used at the next Mobility Router reboot. 3. Click Set Next Boot.
PAGE 272
17 Maintaining the System Reviewing Available Client Images Reviewing Available Client Images To review available client images, select Maintenance > System > Images > Client. The Client Images page lists the available client images. Installing Client Images You can install client images to the Mobility Router from a local file system or using HTTP, SCP, or FTP. Note If you are uploading the Mobility Router image from a local file system, you must use the Microsoft Internet Explorer Web browser.
PAGE 273
17 Maintaining the System Detail Records Scheduled Export WARNING! When you upload and install a Mobility Router image, you cannot use the Administration Portal until the upload and installation are finished. To install a Mobility Router patch image: 1. Select Maintenance > System > Images > Patch Mobility Router. The Patch Mobility Router page displays. 2.
PAGE 274
17 Maintaining the System  Next Run—The date and time of the next export.  Status—Information about the status of last run. Bulk Provisioning of Users To schedule a new Detailed Record for export: 1. Click Add. The Add Schedule page displays. 2. Enter the hostname or IP address of the location to send the exported record. 3. Select the Frequency at which the record will be exported, Daily, Weekly, Monthly. Select Disable to cancel the frequency. 4.
PAGE 275
17 Maintaining the System Generating ShoreTel Client Provisioning file provisioning, the ShoreTel Mobility Client does not need to prompt users for information during provisioning. If any of the field is missing or empty in the provisioning file, the Client prompts the user for the missing information. Table 11 describes the fields of the ShoreTel Provisioning file.
PAGE 276
17 Maintaining the System Generating ShoreTel Client Provisioning file To generate an ShoreTel Provisioning File: 1. Select Maintenance > Users > Bulk Provisioning. 2. On the Client Provisioning File tab, select Silent Provisioning or Remote Provisioning as necessary. 3. Check the Delete Provisioning File box if you want the client to delete the provisioning file upon successful provisioning. This option is off by default. 4. Select File Type.
PAGE 277
17 Maintaining the System Generating ShoreTel Client Provisioning file 7. Click Save to save the file to your local disk. BlackBerry Enterprise Server (BES) Policy Settings for the Mobility Router During provisioning, the ShoreTel Mobility Client can automatically pre-populate the Mobility Router’s Local and Remote IP Addresses, and Remote Port from a BES IT policy.
PAGE 278
17 Maintaining the System Generating ShoreTel Client Provisioning file 5. To add or change the settings, refer to your BlackBerry Enterprise Server documentation or the ShoreTel Mobility Router Integration Guide for BlackBerry® Enterprise Server (BES). Provisioning URL for iOS and Android An Android or iOS end-user can use a provisioning URL as a link to provision their device. The user must have previously installed the ShoreTel Mobility Client on the device.
PAGE 279
17 Maintaining the System Generating ShoreTel Client Provisioning file To access the default provisioning URL: 1.Select Maintenance > Users > Bulk Provisioning. 2.Select the Provisioning URL tab. The provisioning URL has the following structure: shoretel://provision?=&=... Note Parameter values must be URL-encoded. All parameters are optional. If a parameter is not specified, the current default value is used.
PAGE 280
17 Maintaining the System Bulk Importing Users to the Mobility Router Bulk Importing Users to the Mobility Router A CSV (Comma Separated Value) file can be used to automatically create users on ShoreTel Mobility Router. The first row of the file, also known as the header row, contains the tags separated by commas that define the content of subsequent rows.
PAGE 281
17 Maintaining the System Directory Query Directory Query The ShoreTel Mobility Router provides Admin users with tools to lookup users in the corporate directory. To search for a user: 1. Select Maintenance > Users > Directory Query. 2. In the Search For field, enter the digits or letters of the user to lookup. This is a wide search criteria. To narrow the criteria, select the “more” button to expand the options for searching.
PAGE 282
CHAPTER 18 18. Monitoring the System You can monitor the status and usage of the Mobility Router by using the reports that are available as part of the ShoreTel Mobility solution. Historical data and real-time reports are available.
PAGE 283
18 Monitoring the System Using the Dashboard Using the Dashboard When you first log in as an administrator, the Dashboard is shown. Use the Dashboard to quickly get an overview of the activity on the Mobility Router. To access the Dashboard, select Monitor > Dashboard. The Dashboard displays, as shown in Figure 71. Figure 71: Example of the Dashboard The Dashboard includes the following information:  System Status—Shows the hostname and model number of the Mobility Router.
PAGE 284
18 Monitoring the System   Using the Dashboard  Total Devices—Number of devices associated with this Mobility Router.  Provisioned Devices—Number of devices that are provisioned on this Mobility Router.  Registered Devices—Number of devices currently registered over the VoIP network and connected to the Mobility Router.  Total Users—Number of users who have been created and authorized on the Mobility Router.  Active Calls—Number of current active calls.
PAGE 285
18 Monitoring the System Monitoring Call Status Monitoring Call Status The following types of usage reports are available for the Mobility Router:  “Active Calls Reports” on page 270  “Call Admission Control” on page 271  “Detail Records” on page 272  “Summary” on page 274  “Trends” on page 276  “International Toll Calling” on page 277 Active Calls Reports The Active Calls report displays calls currently active on the Mobility Router.
PAGE 286
18 Monitoring the System Call Admission Control To search for Active Calls: 3. Select Monitor > Calls > Active Calls. 4. In the Session ID dropdown window, select the means by which to find the Active Call. The options are Session ID, User ID, To and From. 5. Select the criteria by which to find the user. The options are equal to or contains. 6. Type the appropriate string in the search field and press Enter. All rows containing the configured criteria display in the table. 7.
PAGE 287
18 Monitoring the System  Detail Records Rejected calls due to call limit - The number of SRV calls, since last reset, that were rejected due to the number of SRV calls limitation. Please note that such calls are routed through cellular network as long as cellular network is available at that time. See “Call Admission Control” on page 55. Detail Records Call detail records (CDRs) are available on the Mobility Router. CDRs provide detailed information about completed calls on the Mobility Router.
PAGE 288
18 Monitoring the System Detail Records  Last 30 days—retrieves records from the last 30 days, including the current day.  Custom—Specify a range of days/times in the From and To fields that appear if this option is selected. 4. Select the number of records to be displayed per page. Select 10, 20, 30, or 50 from the list. 5. Set the filter to select the CDR records for an event. Specify None, Call Handover Event, Secure Remote Voice or Reverse Dial.
PAGE 289
18 Monitoring the System  Summary Remote—exports the record to a remote location.  Enter the hostname or IP address of the location to send the exported record.  Select the protocol by which to export the record, FTP, SCP or TFTP.  Enter the User ID. Records are exported for the user specified.  Enter the password for the User.  Enter the path to where the record will be exported. The string must begin with a “/”. 12. Click Save.
PAGE 290
18 Monitoring the System Summary  Last 1 hour—retrieves records for the hour when the request is made. For example, if the request is made at 3:45 p.m., the record is displayed from 2:45 p.m. to 3:45 p.m.  Last 24 Hours—retrieves the record for the previous 24 hours. For example, if the request is made at 3:45 p.m., the record is displayed from yesterday at 3:45 to today at 3:45 p.m.  Last 7 Days—Retrieves records from the last 7 days, including the current day.
PAGE 291
18 Monitoring the System Trends Trends Call Trends reports display the trends for VoIP and cellular call usage throughout the last hour, day, week, month, or specified custom time period. This information applies to completed calls on the Mobility Router. To view a Call Trends report, select Monitor > Calls > Trends. You can change the format of Call Trends reports.
PAGE 292
18 Monitoring the System  International Toll Calling  Last 1 hour—retrieves records for the hour when the request is made. For example, if the request is made at 3:45 p.m., the record is displayed from 2:45 p.m. to 3:45 p.m.  Last 24 Hours—retrieves the record for the previous 24 hours. For example, if the request is made at 3:45 p.m., the record is displayed from yesterday at 3:45 to today at 3:45 p.m.  Last 7 Days—Retrieves records from the last 7 days, including the current day.
PAGE 293
18 Monitoring the System  International Toll Calling  User ID—Provides report data on the user specified. Fill in the user ID if this option is selected. The entry must match a user ID on the Mobility Router. Records are retrieved for the user specified.  Group Name—Provides report data on the group specified. Fill in group name if this option is selected. The entry must match a group name on the Mobility Router. Records are retrieved for the group specified.
PAGE 294
18 Monitoring the System Monitoring Users Monitoring Users You can view information about events taking place on the Mobility Router in real-time. The following reports are available:  “Active Users” on page 279  “Active Remote Users” on page 281  “Location” on page 283  “User Monitoring” on page 284  “Top “N” Users” on page 285 Active Users The Active Users report displays a list of active users on the Mobility Router.
PAGE 295
18 Monitoring the System Active Users  Expires In seconds  Service (All, Voice or Data)  Link (Wi-Fi-local, Wi-Fi-remote, or Cell Data)  Expires in (Sec) Active Users can be searched for and filtered based on multiple criteria. Search for Active User To search for Active Users: 1. Select Monitor > Users > Active Users. The Active Users page displays. 2. In the User ID dropdown window, select the means by which to find the Active User.
PAGE 296
18 Monitoring the System Active Remote Users Monitor an Active User To monitor an active user: 1. Select a user. 2. Double-click this user, or click User Monitoring. The User Monitoring page displays. For information about user monitoring, see “User Monitoring” on page 284. Active Remote Users You can monitor the currently active remote sessions and associated counters. To review the Active Remote User report, select Monitor > Users > Active Remote Users.
PAGE 297
18 Monitoring the System Active Remote Users Active Remote Users can be searched for and filtered based on multiple criteria. Search for Active Remote User To search for Active Remote Users: 1. Select Monitor > Users > Active Remote Users. The Active Remote Users page displays. 2. In the User ID dropdown window, select the means by which to find the Active User. The options are User ID, Session ID, LAN IP, Protocol, Established. 3. Select the criteria by which to find the user.
PAGE 298
18 Monitoring the System Location Location When a mobile device is connected to a preferred connection, the Mobility Router gets information about the location of the mobile device as part of the communication between the device and the Mobility Router. To review the User Location report, select Monitor > Users > Location.
PAGE 299
18 Monitoring the System User Monitoring User Location can be searched for and filtered based on multiple criteria. To search for User Location: 1. Select Monitor > Users > Location. The Location page displays. 2. In the User ID dropdown window, select the means by which to find the Active User. The options are User ID, Campus, Building, Floor, BSSID, Wi-Fi SSID. 3. Select the criteria by which to find the location. The options are equal to or contains. 4.
PAGE 300
18 Monitoring the System Top “N” Users Top “N” Users The Top “N” Users report can be used to display specific information about the most active users on the Mobility Router. To review the Top “N” Users report, select Monitor > Users > Top ‘N’. This information can be filtered to report on all the following types of criteria:    Selection Type (All)  User ID—Provides report data on the user specified. Fill in the user ID if this option is selected.
PAGE 301
18 Monitoring the System  Top “N” Users Custom—Specify a range of days/times in the From and To fields that appear if this option is selected.  Number of Records (Records)—Specify the number of user records to be displayed. Select 10, 50, 100, 500.  Report Type (Total Call Minutes)—Select the type of call information to be displayed.
PAGE 302
18 Monitoring the System Monitoring Redundancy Cluster Status Monitoring Redundancy Cluster Status To review redundancy cluster status, select Monitor > Clustering > Redundancy. The Redundancy page displays. The following basic cluster information is listed:  Name—Cluster name  Management Address—IP address of the virtual IP address used to manage the cluster  Switchover—Switches from the master ShoreTel Mobility router to the Standby router.
PAGE 303
18 Monitoring the System Monitoring System Status Monitoring System Status You can review the status of the following:  Interfaces (See “Reviewing Interface Status” on page 288.)  Access points (See “Reviewing Access Point Information” on page 289.)  Remote Access Counter (See “Reviewing Remote Access Counters Information” on page 291.) Reviewing Interface Status You can review the status of the eth0, eth1, and loopback (lo) interfaces on the Mobility Router.
PAGE 304
18 Monitoring the System Reviewing Access Point Information Reviewing Access Point Information You can review information about the access points in your ShoreTel Mobility solution network. To review access point information, select Monitor > System > Access Points. The Access Points page consists of the following tabs:  Office—Lists all access points in the enterprise Wi-Fi network.  Home— Lists access points in the Home Wi-Fi network.
PAGE 305
18 Monitoring the System Reviewing Access Point Information 6. The current page number displays at the bottom-right. Select a new page number to begin with and the number of rows to follow using the Go to page field and the Retrieve pulldown on the bottom-right. The valid values are 50, 100 and 500. For example, enter Go to row 101 and select Retrieve 50 to begin sorting the rows on number 101 and end on number 151. 7. Select Prev or Next to view the pages before or after the current page. 8.
PAGE 306
18 Monitoring the System Reviewing Remote Access Counters Information Reviewing Home Access Point Information To review information about access points in the home, select Monitor > System > Access Points. Select the Home tab. Table 18: Office Access Point Information Column Title Description UserID The name of the User. Name Name for the Access Point location. BSSID Basic service set identifier (BSSID) of the access point. Wi-Fi SSID Service set identifier (SSID) of the access point 18.0.0.
PAGE 307
18 Monitoring the System Reviewing Remote Access Counters Information To review information about remote access counters, select Monitor > System > Remote Access Counters.
PAGE 308
18 Monitoring the System Reviewing Remote Access Counters Information  Session Start Successes—After a handshake is successful and the tunnel is established, the number of times that clients sent proper session start requests, and the Mobility Router responds successfully.  Session Start Failures—Number of times the Mobility Router denies requests.  Permit List Check Failures—Client was not on permit list and tried to connect to the Mobility Router, and the request is denied.
PAGE 309
CHAPTER 19 19. Troubleshooting Client and Mobility Router logs are available to assist in troubleshooting the ShoreTel Mobility Client and the Mobility Router.
PAGE 310
19 Troubleshooting Managing Client Logs Managing Client Logs The Mobility Router stores up to 500 client log files before replacing the oldest files. Reviewing Client Logs To review a client log: 1. Select Troubleshooting > Client Logs. The Client Logs page displays. 2. Select a client log to review. 3. Click View. The client log opens in a new browser window. 4. Scroll through the log to review the activity for the selected client. 5. When finished, close the browser window.
PAGE 311
19 Troubleshooting Deleting Client Logs The following is an example of a client log file name: sydney.8000.N95.Mon_Aug_26_2008_15_10_55.txt. Deleting Client Logs To delete a client log: 5. Select Troubleshooting > Client Logs. The Client Logs page displays. 6. Select the client log that you want to delete. 7. Click Delete. The client log is deleted from the Mobility Router. Refreshing the Client Log List To refresh the client log list: 1. Select Troubleshooting > Client Logs.
PAGE 312
19 Troubleshooting Running ping Running ping Run the ping command to check the reachability of a host and network connectivity. The ping command sends Internet Control Message Protocol (ICMP) echo request messages to the host and listens for ICMP echo response messages from the host. To run the ping command: 1. Select Troubleshooting > Commands. 2. In the Command list, select ping. 3. In the Host field, type the IP address or name of the device that you are trying to ping. 4. Click OK.
PAGE 313
19 Troubleshooting Running nslookup The first row of the output lists the target destination, maximum number of hops, and packet size. Each numbered row provides information about one hop. The rows are listed in the order in which the hops occur, starting with the hop closest to the Mobility Router. Each row for a hop lists the time in milliseconds (ms) for each packet to reach the destination and return to the host.
PAGE 314
19 Troubleshooting Running Sniffer To run the netstat command: 1. Select Troubleshooting > Commands. 2. In the Command list, select netstat. 3. (Optional) In the Flags field, type the options that you want to use with the netstat command. 4. Click OK. The netstat output displays. Running Sniffer Run the Sniffer to monitor the command exchange between the ShoreTel Mobility Router and the associated IP-PBX. 1. Select Troubleshooting > Commands. 2.
PAGE 315
19 Troubleshooting Internal Call Routing Table Internal Call Routing Table Select Troubleshooting > Internal Call Routing Table to display the internal call routing table used by the SIP Server to route calls to the various internal modules. This table is useful for debugging voice call routing issues. Managing Mobility Router Logs To view the Mobility Router logs: 1. Select Troubleshooting > Mobility Router Log > View.
PAGE 316
19 Troubleshooting Managing Mobility Router Logs Table 20: Unknown Access Point Information Log Name Description OLP The Off-Line Processing (OLP) Server retrieves configuration and monitoring data via the database server and helps with such offline processing tasks as CDR export, call summary reporting and trending, etc. Provisioning Provisioning of SMRC log events. Remote Access Secure Remote Voice (a.k.a Secure Tunnel [RAST] in log data) log events.
PAGE 317
19 Troubleshooting Managing Mobility Router Logs a. Click View to see the contents of the entire file. b. Click View Continuous to see the data in the file as it is written. c. Click Save to Local Disk to select a location to download the Mobility Router log, then click Save. When the log is saved, a “Transfer complete” message displays on the Mobility Router Logs page.  The Mobility Router log is saved to your computer.
PAGE 318
19 Troubleshooting Managing Technical Support Snapshots Managing Technical Support Snapshots If you need to contact Technical Support, you might be asked to provide a support snapshot, which is a a compressed file that contains files that provide information about the Mobility Router. Generating Support Snapshots When you generate a support snapshot, a set of files containing diagnostic information is compressed (.tgz) and added to the Mobility Router. To generate a support snapshot: 1.
PAGE 319
19 Troubleshooting Saving System Snapshots Saving System Snapshots After generating a support snapshot, you can save it to your computer’s hard drive. To save a support snapshot: 1. Select Troubleshooting > Support Snapshots. 2. Select the support snapshot that you want to save. 3. Click Save. Select a location to download the Mobility Router log, then click Save. 4. Navigate to the location to which you want to save the support snapshot, and if necessary, change the name of the snapshot.
PAGE 320
19 Troubleshooting Capturing Packets Capturing Packets You can capture (dump) packet details on a specific interface by using the Packet Capture function. To capture packets: 1. Select Troubleshooting > Packet Capture. 2. Select the Interface on which to capture the packets. Valid interfaces are Any, Eth0, Eth1 and lo (loopback). 3. Select the Protocol to capture. The options are ARP, ICMP, TCP and UDP. 4. Enter number of packets to be captured. The range is 1-100000. 5.
PAGE 321
19 Troubleshooting Test Dialer 7. To save a summary of the dump, click to File then click Save. Select a location to download then click Save. Test Dialer The test dialer is used to troubleshoot call processing and signalling issues in the ShoreTel Mobility Router with respect to the user. To test a user’s incoming or outgoing calls through the Mobility Router: 1. Select Troubleshooting > Test Dialer. 2. Select Enable. Enter a valid User ID for the test. 3.
PAGE 322
APPENDIX A A. Deployment Best Practices The following section contains best practice information to aid in the deployment of a ShoreTel Mobility Router. Mobility Router Ports The following table lists the TCP/IP ports that are utilized on the Mobility Router for communications as described in “Managing Remote Access” on page 6-40. As shown in the table, some of these ports are configurable by the Administrator.
PAGE 323
A Deployment Best Practices Mobility Router Ports Table 21: Mobility Router ETH 0 Ports Used in Line-Side Integration ShoreTel Mobility Router Administration Guide 308
PAGE 324
A Deployment Best Practices Mobility Router Ports Table 1: Mobility Router ETH 0 Ports Used in Line-Side Integration (continued) ShoreTel Mobility Router Administration Guide 309
PAGE 325
A Deployment Best Practices Mobility Router Ports Table 1: Mobility Router ETH 0 Ports Used in Line-Side Integration (continued) ShoreTel Mobility Router Administration Guide 310
PAGE 326
A Deployment Best Practices Secure LDAP Certificate Requirements for Active Directory Domain Controllers Secure LDAP Certificate Requirements for Active Directory Domain Controllers When an enterprise has a multi-tier (such as a two-tier or three-tier) CA hierarchy, the enterprise may not automatically have the appropriate certificate for LDAPS authentication on the domain controller.
PAGE 327
A Deployment Best Practices URL-Based Dialing 6. Use the Certificate Export Wizard to save the CA certificate in Base 64 encoded X.509 (.CER) format. Figure 72: Certificate Export Wizard 7. Save the certificate. This certificate is a text file which you can open in a text editor and copy / paste as needed. URL-Based Dialing Use the URL-based dialing feature to join conferences or dial extension digits to an automated attendant using the associated link in a conference meeting invitation.
PAGE 328
A Deployment Best Practices URL-Based Dialing Table 22: URL-Based Dialing Per Device Device Wait/prompt 2 second pause BlackBerry “;” “,” iOS “;” “,” The feature is available under the following conditions:  A device using the ShoreTel Mobility Client is in corporate/enterprise Wi-Fi network.  A device using the ShoreTel Mobility Client is in Cellular Network and has registered to the ShoreTel Mobility Router for Secure Enterprise Features.
PAGE 329
A Deployment Best Practices Providing Android Client Images to Users without Direct Access to the Mobility Router Note Functionality may vary depending on the device. Refer to the ShoreTel Mobility client User Guides for usage examples and more information per device.
PAGE 330
A Deployment Best Practices Self-Provisioning of Users 1. Generate an email. 2. Provide a copy of the ShoreTel Mobility Router address, for example “http://10.11.12.13/i” and instruct the user to follow the procedures on that page. 3. The user uses the link to setup their device(s). Tip To provide the user with better automation, you can include the Username in the initial configuration information. To add the username, add the parameter “?userid=” to the link in Step 2. For example, http://10.
PAGE 331
A Deployment Best Practices Self-Provisioning of Users Tip To provide the user with better automation, you can include the Username in the initial configuration information. To add the username, in step 2, add the parameter “?userid=” to the ShoreTel Mobility Router installation web page address. For example, http://10.11.12.13/i?userid=bobsmith The password can also be added by including “&pw=”. Please use caution if using this approach for setting up your users.
PAGE 332
APPENDIX B B. Third-Party Software Notices RADVISION Portions of this software are © 1996-2008 RADVISION Ltd. All intellectual property rights in such portions of the Software and documentation are owned by RADVISION and are protected by United States copyright laws, other applicable copyright laws and international treaty provisions. RADVISION and its suppliers retain all rights not expressly granted. OpenSSL Copyright (c) 1998-2008 The OpenSSL Project. All rights reserved.
PAGE 333
B Third-Party Software Notices Original SSLeay 5. Products derived from this software may not be called “OpenSSL” nor may “OpenSSL” appear in their names without prior written permission of the OpenSSL Project. 6. Redistributions of any form whatsoever must retain the following acknowledgment: “This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http:// www.openssl.
PAGE 334
B Third-Party Software Notices Original SSLeay 4. If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include an acknowledgement: “This product includes software written by Tim Hudson (tjh@cryptsoft.com)” THIS SOFTWARE IS PROVIDED BY ERIC YOUNG “AS IS”' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.