Version 7.2 1239 Mediant 1000B Gateway & E-SBC
User's Manual 65. Configuration Parameters Reference
Parameter Description
[2] Tel = The "tel" URI is used.
Note: The parameter is applicable only if the
Diversion header is used. The SBCDiversionMode
and SBCHistoryInfoMode parameters in the IP
Profiles table determine the call redirection (diversion)
SIP header to use - History-Info or Diversion.
SBC Server Auth Mode
configure voip > sbc settings > sbc-server-
auth-mode
[SBCServerAuthMode]
Defines whether authentication of the SIP client is
done locally (by the device) or by a RADIUS server.
[0] (default) = Authentication is done by the device
(locally).
[1] = Authentication is done by the RFC 5090
compliant RADIUS server.
[2] = Authentication is done according to the Draft
Sterman-aaa-sip-01 method.
Note: Currently, option [1] is not supported.
Lifetime of the nonce in seconds
configure voip > sbc settings > lifetime-of-
nonce
[AuthNonceDuration]
Defines the lifetime (in seconds) that the current
nonce is valid for server-based authentication. The
device challenges a message that attempts to use a
server nonce beyond this period. The parameter is
used to provide replay protection (i.e., ensures that
old communication streams are not used in replay
attacks).
The valid value range is 30 to 600. The default is 300.
Authentication Challenge Method
configure voip > sbc settings > auth-chlng-
mthd
[AuthChallengeMethod]
Defines the type of server-based authentication
challenge.
[0] 0 = (Default) Send SIP 401 "Unauthorized" with
a WWW-Authenticate header as the authentication
challenge response.
[1] 1 = Send SIP 407 "Proxy Authentication
Required" with a Proxy-Authenticate header as the
authentication challenge response.
Authentication Quality of Protection
configure voip > sbc settings > auth-qop
[AuthQOP]
Defines the authentication and integrity level of quality
of protection (QoP) for digest authentication offered to
the client. When the device challenges a SIP request
(e.g., INVITE), it sends a SIP 401 response with the
Proxy-Authenticate header or WWW-Authenticate
header containing the 'qop' parameter. The QoP
offered in the 401 response can be 'auth', 'auth-int',
both 'auth' and 'auth-
int', or the 'qop' parameter can be
omitted from the 401 response. In response to the
401, the client needs to send the device another
INVITE with the MD5 hash of the INVITE message
and indicate the selected auth type.
[0] 0 = The device sends 'qop=auth' in the SIP
response, requesting authentication (i.e., validates
user by checking user name and password). This
option does not authenticate the message body
(i.e., SDP).
[1] 1 = The device sends 'qop=auth-int' in the SIP
response, indicating required authentication and
authentication with integrity (e.g., checksum). This
To Next Page
Loading...
