AudioCodes 405HD - Enabling Server-Side Authentication (Mutual Authentication); Table 7-3: Server-Side Authentication

To Next Page

To Previous Page

400HD Series IP Phones

Administrator's Manual 154 Document #: LTRT-11973

7.2.2.2 Enabling Server-side Authentication (Mutual Authentication)

You can enable server-side authentication of a connection with the RADIUS and Provisioning

server.

Note: OpenSSL 1.0.2p is supported. This open source version supports SHA2

algorithms.

Table 7-3: Server-side Authentication

Parameter Description

security/ieee802_1x/verify_server_certificate

Configures the phone to verify received server

certificates over a secure EAP-TLS connection.

security/provisioning/verify_server_certificate

Configures the phone to verify received server

certificates over a secure HTTPS connection with a

provisioning server.

Main Page

Table of Contents3
Introduction17
Configuration Methods19
Phone Screen19
Administration Menu19
Configuring the Web Interface's Port19
Table 2-1: Port Parameters19
Configuring User Login Credentials20
Configuration File20
File Syntax20
Linking Multiple Files20
Table 2-2: User Name and Password Parameters20
Creating Configuration Files Using Voiprovision Utility21
Configuration File Format21
Global Configuration File21
Voiprovision Utility Overview21
CSV File22
Template File22
Generated Configuration Files22
Starting the Voiprovision Utility22
Table 2-3: Example of CSV File22
Usage23
Using the Encryption Tool23
Encrypting Configuration Files23
Encrypting Passwords in the Configuration File24
Device Manager25
Table 2-4: OVOC Server Parameters25
Configuring Automatic Provisioning27
Setting up Network for Auto Provisioning28
Provisioning Hunt Order28
Dynamic URL Provisioning28
Table 3-1: DHCP Automatic Provisioning Parameters28
Provisioning Using DHCP Option 16031
Configuring Automatic Provisioning by DHCP Server31
Technician's Digit Key Code31
Provisioning Using DHCP Option 66/6732
Table 3-2: Auto Provisioning Via DHCP Option 66/6732
Provisioning Using DHCP Option 4333
Figure 3-1: Provisioning Using DHCP Option 43 in the DHCP Server33
Provisioning Using the User-Class Option34
Figure 3-2: DHCP Options Assigned to Ipv4 Addresses34
Figure 3-3: Defining User Classes34
Figure 3-4: DHCP User Classes35
Figure 3-5: New Class35
Figure 3-6: Packet Bytes Window35
Figure 3-7: DHCP User Classes [Illustration Only]36
Figure 3-8: Set Predefined Options36
Figure 3-9: Predefined Options and Values37
Figure 3-10: Option Type - Add Audiocodes 160 Option37
Figure 3-11: Predefined Options and Values - Add OVOC Server Location38
Figure 3-12: 'Scope Leased' Folder - Configure Options38
Figure 3-13: Configure Options 139
Figure 3-14: Configure Options 239
SIP SUBSCRIBE and NOTIFY Messages40
Figure 3-15: Server Options40
Figure 3-16: Scope Options Created40
Hardcoded Domain Name for Provisioning Server43
Cached Address of Last Provisioning Server Used43
Redirect Server44
Figure 3-17: Redirect Server Configuration Process44
Static URL Provisioning45
Table 3-3: Static URL Automatic Provisioning Parameters45
Forcing a Reboot on Provisioning46
Table A-4: Forcing a Reboot on Provisioning46
Configuring Networking47
Configuring Date and Time Manually47
Table 4-1: Date Display Format47
Configuring Daylight Saving Time48
Table 4-2: Daylight Saving Time Parameters48
Configuring the NTP Server50
Table 4-3: NTP Server Parameters50
Configuring NTP Server Via DHCP51
Configuring IP Network Settings51
Configuring Static IP Address51
Table 4-4: NTP Server and GMT Parameters51
Configuring Static IP Address on the Phone52
Configuring IP Network Settings52
Table 4-5: Network Settings Parameters52
Configuring Partial DHCP53
Table 4-6: Partial DHCP Parameters53
Configuring LAN and PC Port Settings55
Table 4-7: Port Settings55
Configuring VLAN Settings56
Configuring Manual or Automatic VLAN Assignment56
Configuring Manual VLAN Assignment to the Phone56
Table 4-8: VLAN Settings56
Configuring Automatic VLAN Assignment to the Phone57
Configuring VLAN Via DHCP Provisioning Path57
Wi-Fi Capability57
Configuring Voip Settings59
Configuring SIP Settings59
Configuring General SIP Settings59
Table 5-1: SIP General Parameters59
Configuring Proxy and Registration62
Table 5-2: Proxy and Registrar Parameters62
Configuring Proxy Redundancy64
Table 5-3: SIP Proxy Server Redundancy Parameters64
Device Registration Failover/Failback66
5.1.2.2.1 Failover66
Table 5-4: Device Registration Failover Parameters66
5.1.2.2.2 Failback67
Preventing Unregistering after Changing Settings and Reloading67
Table 5-5: Device Registration Failback Parameter67
Table 5-6: Preventing Unregistering67
Configuring a Line68
Table 5-7: Line Settings68
Assigning Programmable Keys to Lines (SIP Accounts)69
Configuring Shared Call Appearance70
Figure 5-1: Shared Call Appearance70
Configuring SIP Timers71
Table 5-8: SIP Timers Parameters71
Configuring SIP Qos73
Table 5-9: SIP Qos Parameters73
Configuring SIP Reject Code74
Table 5-10: Reject Code Parameter74
Configuring Dialing75
Configuring Voice Dialing through Vocanom75
Table 5-11: Voice-Dialing Parameter Descriptions75
Configuring General Dialing Parameters76
Table 5-12: Dialing Parameters76
Configuring Auto Redial78
Table 5-13: Automatic Redial on Busy Parameters78
Configuring Dial Tones79
Table 5-14: Dial Tones Parameters79
Configuring DTMF80
Table 5-15: DTMF Transport Mode80
Configuring Digit Maps and Dial Plans81
Table 5-16: Digit Map and Dial Plan Parameters81
Configuring Headset LED to Stay on83
Table 5-17: Headset LED Parameter83
Configuring Default Audio Device84
Table 5-18: Audio Device Parameter84
Configuring Ring Tones85
Configuring Distinctive Ring Tones85
Example of Configuring a Distinctive Ring85
Figure 5-2: Example of the Alert-Info Header85
Table 5-19: Distinctive Ringing Parameters85
Configuring CPT Regional Settings86
Table 5-20: Regional Parameters86
Uploading Ring Tones88
Table 5-21: Ring Tone Parameters88
Configuring Beeps to Headsets When a Call Comes in to a Call Center89
Table 5-22: Configuring Beeps to be Played to Headsets When Calls Come in89
Configuring the Phone to Play Fast Busy Tone if Automatically Disconnected on Remote Side90
Table 5-23: Configuring the Phone to Play a Fast Busy Tone When Automatically Disconnected on90
Configuring Media Settings91
Configuring Media Streaming91
Table 5-24: Media Streaming Parameters91
Configuring RTP Port Range and Payload Type92
Configuring RTP Qos92
Table 5-25: RTP Port Range and Payload Type Parameters92
Table 5-26: RTP Qos Parameter92
Configuring Codecs93
Table 5-27: Codec Parameters93
Configuring OPUS Management95
Table 5-28: OPUS Management Parameters95
Configuring Voice Settings96
Configuring Gain Control96
Configuring Jitter Buffer96
Table 5-29: Jitter Buffer Parameters96
Configuring Silence Compression97
Configuring Noise Reduction97
Configuring Echo Cancellation97
Table 5-30: Silence Compression Parameters97
Configuring Extension Lines98
Table 5-31: Line Parameters98
Configuring Supplementary Services99
Selecting the Application Server99
Table 5-32: General Supplementary Services Parameters99
Configuring Call Waiting100
Configuring Call Forwarding100
Table 5-33: Call Waiting Parameters100
Table 5-34: Call Forward Parameters100
Configuring a Conference101
Table 5-35: Conference Parameters101
Configuring Automatic Dialing102
Table 5-36: Automatic Dialing Parameters102
Configuring Automatic Answer103
Table 5-37: Automatic Answer Parameters103
Configuring Do Not Disturb (Dnd)104
Table 5-38: Do Not Disturb Parameters104
Configuring Call Pick up105
Table 5-39: Call Pick up Parameters105
Configuring Message Waiting Indication106
Table 5-40: MWI Parameters106
5.8.10 Configuring Busy Lamp Field107
Table 5-41: BLF Parameters107
5.8.11 Configuring Advice of Charge108
5.8.12 Configuring a Tone to Alert to Long Hold108
Table 5-42: AOC Parameters108
Table 5-43: Reminder Tone after Long Hold108
5.8.13 Disabling the HOLD Key109
5.8.14 Configuring Onhook Disconnect When Held109
Table 5-44: Disabling the HOLD Key109
Table 5-45: Onhook Disconnect When Held109
5.8.15 Configuring the Ringer's Default Audio Device110
Table 5-46: Configuring the Ringer's Default Audio Device110
5.8.16 Enabling Hands Free Mode111
5.8.17 Enabling Supervisors to Listen in111
Table 5-47: Configuring Hands Free Mode111
Table 5-48: Enabling Supervisors to Listen in111
5.8.18 Allowing an Incoming Call When the Phone Is Locked112
Table 5-49: Allowing an Incoming Call When the Phone Is Locked112
5.8.19 Allowing Call Center Agents to Record Welcome Greetings113
Table 5-50: Letting Call Center Agents Record Welcome Greetings113
5.8.20 Enabling the Electronic Hook Switch114
Table 5-51: EHS Parameter114
5.8.21 Disabling the Hard Mute Key on the Phone115
Table 5-52: Disabling the Hard Mute Key on the Phone115
5.8.22 Configuring Call Transfer116
Configuring the TRANSFER Key to Perform Consultative Transfer116
Table 5-53: Configuring a Softkey with Attended and Blind Call Transfer Functionality116
Table 5-54: Changing TRANSFER Key Functionality116
5.8.23 Creating a Speed Dial117
5.8.24 Configuring Call Park118
Table 5-55: Call Park Parameters118
Table 5-56: Functional Key Parameters118
Configuring Volume Levels119
Configuring Gain Control119
Configuring Tone Volume119
Table 5-57: Tone Volume Parameter119
Configuring Ringer Volume120
Table 5-58: Ringer Volume Parameters120
Configuring Speaker Volume121
Table 5-59: Speaker Parameters121
Configuring Handset Volume123
Table 5-60: Handset Gain Parameters123
Configuring Headset Volume125
Table 5-61: Headset Gain Parameters125
Configuring Phone Settings127
Configuring the Phone Directory127
Configuring the Corporate Directory127
Configuring the LDAP-Based Corporate Directory127
Table 6-1: LDAP Parameters127
Loading a Text-Based Corporate Directory File129
Table 6-2: Provisioning Parameters129
Configuring Keys130
Configuring Function and Programmable Keys130
Table 6-3: Function / Programmable Keys Parameters130
Configuring a Configuration File for Speed Dials Only131
Configuring Softkeys132
Table 6-4: Default Softkeys132
Table 6-5: Softkey Parameters132
Configuring Programmable Softkeys (Psks)133
Table 6-6: PSK Parameters134
Configuring a PSK to Allow Paging During an Ongoing Call | Call Hold135
Configuring a PSK for a Customized UI Experience135
Table 6-7: Configuring a PSK for Paging During an Ongoing Call | Call Hold135
Configuring Navigation Control Button Positions137
Table 6-8: Navigation Control Button Positions137
Disabling Hard Keys and Softkeys138
Table 6-9: Parameters that Can be Configured to Disable Hard Keys / Softkeys138
Configuring Paging140
Table 6-10: Configuration File Paging Parameters140
Configuring Barge-In141
Table 6-11: Barge-In Parameters141
Configuring Feature Key Synchronization142
Table 6-12: Feature Key Synchronization Parameters142
Configuring Phone Screen Settings143
Table 6-13: Contrast Parameters - 405HD / 430HD / 440HD143
Table 6-14: Brightness Parameters - 445HD / 450HD / C450HD143
C450HD Screen Saver Configuration146
Table 6-15: Disabling the C450HD IP Phone Screen Saver146
Configuring Personal Settings147
Configuring Language147
Table 6-16: Language Display147
Configuring Security149
Implementing X.509 Authentication149
Factory-Set Certificates and Audiocodes Trusted Root CA149
User-Generated Certificates150
External Trusted Root Cas151
Figure 7-1: Certificate151
Loading a Certificate152
Loading the Trusted Root CA Certificate to the Phone152
Loading Trusted Root CA Certificate Using Configuration File152
Figure 7-2: Root CA Certificate152
Table 7-1: Root CA Certificate Parameters152
Loading the Client Certificate to the Phone153
Loading the Client Certificate to a Phone153
Figure 7-3: Client Certificate153
Table 7-2: Client Certificate Parameters153
Enabling Server-Side Authentication (Mutual Authentication)154
Table 7-3: Server-Side Authentication154
Generating a Certificate Signing Request155
Figure 7-4: Certificate Signing Request155
Using Previously Loaded Certificates156
Configuring SIP TLS157
Server Certificate Validation for Secured HTTPS Communications over SSL157
Table 7-4: SIP-Over-TLS Parameters157
Table 7-5: Server Certificate Validation for Secured HTTPS Communications over SSL157
Configuring 802.1X158
Configuring 802.1X in the Phone Screen159
Configuring EAP-MD5 Mode159
Configuring EAP-TLS Mode159
Table 7-6: EAP TLS Parameters159
Configuring 802.1X160
Configuring EAP MD5 Mode160
Configuring SRTP160
Table 7-7: EAP MD5 Parameters160
Table 7-8: SRTP Parameters160
Configuring HTTP/S Login162
Logging into a Remote HTTP/S Server from the Phone163
Table 7-9: HTTP/S Login Authentication163
MAC-Based Authentication164
Table 7-10: Authentication164
Maintaining an IP Telephony Network165
Changing Administrator Login Credentials165
Administration165
Managing Users165
Table 8-1: Username and Password Parameters165
Table 8-2: Administrator Account - Username and Password165
Allowing / Disallowing Management Via the Web Interface166
Restoring Phone Defaults167
Restoring Factory Defaults from the Phone's Screen167
Restarting the Phone167
Enabling Remote Management168
Enabling Telnet Access168
Enabling SSH Access168
Table 8-3: Telnet Parameters168
Monitoring the Network169
Determining Network Status169
Determining LAN Status169
Determining Port Mode Status169
Figure 9-1: LAN Information169
Figure 9-2: Port Mode Status169
Determining 802.1X Status170
Determining Voip Status170
Determining Phone Status170
Viewing Line Status170
Figure 9-3: 802.1X Status170
Figure 9-4: Voip Status - Phone Status170
Figure 9-5: Line Status170
Determining Memory Status171
Figure 9-6: Memory Status171
Table 9-1: Memory Status - Linux Commands171
Viewing Information about a Currently Established Call172
Figure 9-7: Memory Status - Linux Meminfo Command - Displayed Information172
Figure 9-8: Web Interface -Line 1 Call Information172
Viewing Call History173
Figure 9-9: Call History173
Accessing System Information174
Monitoring Quality of Experience174
Configuring Remote Voice Quality Monitoring174
Configuring RTCP Extended Report175
Table 9-2: RTCP_XR Parameters175
Configuring Voice Quality Monitoring176
Table 9-3: Voice Quality Monitoring Parameters176
Diagnosing Problems & Troubleshooting177
Recovering Phone Firmware177
Configuring System Logging (Syslog)177
Table 10-1: Syslog Parameters177
Viewing Error Messages Displayed in the Phone Screen179
Table 10-2: Error Messages Displayed in the Phone Screen179
Debugging Using Packet Recording Parameters180
Table 10-3: Recording Parameters180
Activating Core Dump181
Figure 10-1: Web Interface - Core Dump181
Table 10-4: Core Dump Parameter181
Configuring Port Mirroring182
Table 10-5: Port Mirroring Parameters182
A Configuring Phones in Server-Specific Deployments183
Broadsoft's Broadworks183
Table A-1: Features Supported in a Broadsoft Environment183
Configuring BLF184
Table 10-2: BLF in a Broadsoft Environment184
Configuring Call Forwarding185
Figure A-2: Configuring Call Forwarding Using Broadsoft's Broadworks185
Configuring Dnd186
Figure A-3: Configuring Dnd in Broadsoft's Broadworks - Status186
Figure A-4: Configuring Dnd in Broadsoft's Broadworks186
Configuring FKS187
Using SIP Authentication for Xsi Access187
Configuring Phones to Connect to Xsi I/F Using HTTP/S Authentication187
Configuring Shared Call Appearance189
Figure A-5: Shared Call Appearance with Multiple Call Appearance189
Figure A-6: Broadsoft Server - Assigning Shared Calls Appearance to a User189
Figure A-7: Broadsoft Server - Shared Call Appearance Add191
Setting up a Remote Conference192
Loading the Corporate Directory to the Phone192
A.1.10 Adding a Contact to the Corporate Directory193
A.1.11 Disabling Handset Mode193
A.1.12 Displaying a Message in Agents' Phone Screens194
A.1.13 Changing Phone Screen Backlight Timeout194
Asterisk, Coral and Metaswitch195
Configuring BLF195
Figure A-8: BLF Configuration for Application Server Type - Asterisk195
Genesys SIP Server for Contact Centers196
Configuring Dual Registration to Ensure SIP Business Continuity for Agents196
Enabling Agents to Sign in with Phone Numbers198
Locking Agents' Phones' Alphabetical Keys199
Playing a Beep on an Incoming Call200
Enabling Proactive Mute200
Configuring Automatic Answer201
Regulating the 'Logged Out' Message201
3PCC (Third Party Call Control)202
Disabling Handset Mode203
A.3.10 Changing Phone Screen Backlight Timeout203
A.3.11 Displaying a Message on Agents' Phones204
A.3.12 Configuring a Redundant (Backup) Genesys Server204
Figure A-9: Registering a Phone on the Redundant Genesys Server204
Genband: KBS Softswitch Solution205
Configuring Shared Line Appearance206
Figure A-10: Call Answer Groups206
Figure A-11: Call Answer Groups - Add Group206
Figure A-12: Call Answer Group - Type207
Figure A-13: Call Answer Group - Group Name207
Configuring Call Pickup208
Figure A-14: Call Answer Groups208
Figure A-15: Call Answer Group209
Figure A-16: Number209
Setting up a Remote Conference210
Figure A-17: Advanced210
B Alternative Automatic Provisioning Methods211
Static DNS Record Method211
Figure B-1: Web Interface - Static DNS Record211
Audiocodes' HTTPS Redirect Server213
Figure B-2: HTTPS Redirect Server Directing Phones to Provisioning Server213
C Configuring Automatic Call Distribution (ACD)215
Softkey Display and Command Menu Options218
D Recovering the Phone219
Identifying that the Phone Is in Recovery Mode219
Verifying that the Phone Is in Recovery Mode219
Figure D-1: Identifying Recovery Mode219
Recovering the Phone220
Figure D-2: Verifying Recovery Mode in Wireshark220
Figure D-3: Source Ethernet MAC Address in Wireshark Identical to Phone Base's220
Figure D-4: Recovering the Phone - Configure the PC NIC to Which the Phone Is Connected221
Verifying that the Phone Is Downloading the Image File223
Verifying Using Wireshark223
Figure D-5: Verifying with Wireshark that the Phone Is Downloading Phone .Img File223
Verifying Using Tftpd64224
Figure D-6: Verifying .Img File Download with Wireshark - Filtering by TFTP224
Verifying on the Phone225
E Deploying Audiocodes IP Phones - Use Case227
Preparing Configuration (Cfg) Files for the Enterprise Customer227
Saving the Phone's Default Configuration to File227
Preparing a Global.cfg Configuration File228
Generating MAC-Specific <Private>.Cfg Configuration Files228
Preparing the DHCP Server to Automatically Provision Phones231
Making Sure Phones Are Correctly Provisioned231
F Supported SIP Rfcs and Headers233
SIP Compliance Tables235
SIP Methods235
SIP Headers236
GRTCP-XR Parameters239
H Example SIP - PUBLISH Message241

AudioCodes 405HD - Enabling Server-Side Authentication (Mutual Authentication); Table 7-3: Server-Side Authentication

Table of Contents

Other manuals for AudioCodes 405HD

Related product manuals