User's Manual 1160 Document #: LTRT-27045
Mediant 1000B Gateway & E-SBC
Parameter Description
is used. The SBCDiversionMode and SBCHistoryInfoMode
parameters in the IP Profiles table determine the call
redirection (diversion) SIP header to use - History-Info or
Diversion.
SBC Server Auth Mode
configure voip > sbc settings > sbc-
server-auth-mode
[SBCServerAuthMode]
Defines whether authentication of the SIP client is done locally
(by the device) or by a RADIUS server.
[0] (default) = Authentication is done by the device (locally).
[1] = Authentication is done by the RFC 5090 compliant
RADIUS server.
[2] = Authentication is done according to the Draft Sterman-
aaa-sip-01 method.
Note: Currently, option [1] is not supported.
Lifetime of the nonce in seconds
configure voip > sbc settings >
lifetime-of-nonce
[AuthNonceDuration]
Defines the lifetime (in seconds) that the current nonce is valid
for server-based authentication. The device challenges a
message that attempts to use a server nonce beyond this
period. The
parameter is used to provide replay protection (i.e.,
ensures that old communication streams are not used in replay
attacks).
The valid value range is 30 to 600. The default is 300.
Authentication Challenge Method
configure voip > sbc settings >
auth-chlng-mthd
[AuthChallengeMethod]
Defines the type of server-based authentication challenge.
[0] 0 = (Default) Send SIP 401 "Unauthorized" with a
WWW-Authenticate header as the authentication challenge
response.
[1] 1 = Send SIP 407 "Proxy Authentication Required" with
a Proxy-Authenticate header as the authentication
challenge response.
Authentication Quality of Protection
configure voip > sbc settings >
auth-qop
[AuthQOP]
Defines the authentication and integrity level of quality of
protection (QoP) for digest authentication offered to the client.
When the device challenges a SIP request (e.g., INVITE), it
sends a SIP 401 response with the Proxy-Authenticate header
or WWW-Authenticate header containing the 'qop' parameter.
The QoP offered in the 401 response can be 'auth', 'auth-int',
both 'auth' and 'auth-int', or the 'qop' parameter can be omitted
from the 401 response. In response to the 401, the client
needs to send the device another INVITE with the MD5 hash
of the INVITE message and indicate the selected auth type.
[0] 0 = The device sends 'qop=auth' in the SIP response,
requesting authentication (i.e., validates user by checking
user name and password). This option does not
authenticate the message body (i.e., SDP).
[1] 1 = The device sends 'qop=auth-int' in the SIP
response, indicating required authentication and
authentication with integrity (e.g., checksum). This option
restricts the client to authenticating the entire SIP message,
including the body, if present.
[2] 2 = (Default) The device sends 'qop=auth, auth-int' in
the SIP response, indicating either authentication or
integrity. This enables the client to choose 'auth' or 'auth-
int'. If the client chooses 'auth-int', then the body is included
in the authentication. If the client chooses 'auth', then the
body is not authenticated.
[3] 3 = No 'qop' parameter is offered in the SIP 401
To Next Page
Loading...
