Actions

Difference between revisions of "Avaya IP Office 10.1 configuration"

From Zenitel Wiki

(Create a User for the Turbine Station)
(Secure SIP Configuration with Secure RTP)
Line 318: Line 318:
 
<br>   
 
<br>   
  
{{Note}}  Avaya servers may need to enable the option for Use Unencrypted SRTCP
+
{{Note|Avaya servers may need to enable the option for Use Unencrypted SRTCP }}
 +
<br style="clear:both;" />
  
 
== Add certificate on Turbine station ==  
 
== Add certificate on Turbine station ==  

Revision as of 22:09, 23 April 2018

Overview

Configuration and verification operations on the Avaya IP Office and Vingtor-Stentofon Turbine station illustrated in this section were all performed using Avaya IP Office Manager for Avaya IP Office and the web interface for Turbine station (we recommend Firefox or Chrome).

For all other provisioning information such as initial installation and configuration, please refer to the product documentation.

The configuration operations described in this section can be summarized as follows:

  • Launch Avaya IP Office Manager
  • LAN1 Configuration
  • VoIP Configuration
  • Create a SIP Extension for the Turbine station
  • Create a User for the Turbine station
  • Configure SIP Settings on the Turbine station
  • Configure Account Settings on the Turbine station
  • Verification

Prepare for installation

Plan your installation by collecting configuration data you would need to set up the Turbine station.

Parameter Value
Authentication Password* same as defined in section "Create a User for the Turbine Station", Supervisor Settings
Authentication User Name* same as defined in section "Create a User for the Turbine Station", Supervisor Settings
Backup Domain (SIP) address devconnect.backup
Directory Number (SIP ID)* 8352001
Outbound Backup Proxy (optional for UDP) 10.10.16.36
Outbound Backup Proxy Port (default 5060 5061 for TLS
Outbound Proxy (optional for UDP)** 10.10.16.35
Outbound Proxy Port (default 5060)** 5061 for TLS
Outbound Transport UDP/TCP/TLS
RTP Encryption*** only if are using SRTP
Server Domain (SIP) address* devconnect.local
SIP Scheme (default sip)*** sip/sips
SRTP Crypto Type*** only for SRTP
Station name* Turbine
TLS Private Key*** only for TLS
*=required
**=required for TCP and TLS options
***=required for TLS and SRTP crypto type

Avaya IP Office Configuration

Configuration and verification operations on the Avaya IP Office illustrated in this section were all performed using the Avaya IP Office Manager.

The information provided in this section describes the configuration of the Avaya IP Office for this solution.

Launch Avaya IP Office Manager

To launch the Manager application from the Avaya IP Office Manager PC:

  • Select Start > Programs > IP Office > Manager
  • Log in to Avaya IP Office using the appropriate credentials to receive its configuration (not shown)
  • In the IP Office window click Configuration


Launch manager.png

LAN1 Configuration

To disable DHCP:

  • Select IPOSE1635(PBX name) > System (1)
  • Under the LAN1 tab select LAN Settings
  • Click the Disabled radio-button in the DHCP Mode section
  • Click the OK button to save the settings


Lan1 config.png

VoIP Configuration

  • Select the VoIP tab
  • In the Layer 4 Protocol section check the UDP, TCP and TLS boxes
  • Select Port 5060 and 5061 from the dropdown boxes
  • Using the scroll bar on the right-hand side scroll down to the DiffServ Settings section


Voip config 1.jpeg

  • In the DiffServ Settings section select 46 from the DSCP dropdown box and 26 from the SIG DSCP dropdown box
  • Click the OK button to save the settings.


Voip config 2.jpeg

Create a SIP Extension for the Turbine station

The Turbine stations are configured as SIP Extensions on the IP Office.

  • From the Configuration tree right-click Extension and select New followed by SIP Extension

The example below shows the configuration of extension 8352001. Repeat this procedure for each Turbine station extension.
Sip extension 1.jpeg

  • When the new window opens enter the value for the Base Extension

The Extension ID will be automatically filled in.
Sip extension 2.jpeg

  • Select the VoIP tab
  • Select the Allow Direct Media Path checkbox
  • Click the OK button to save the settings


Note icon Turbine stations supports the following codecs: G.711a, G.711u, G.722, G.729



Sip extension 3.jpg

Create a User for the Turbine Station

A user must be configured for all Turbine Station Extensions.

  • From the Configuration tree right-click User and select New


Turbine user 1.jpg
When the User window opens, select the User tab and enter the following:

  • Name
    • Enter a name for this user, e.g. Intercom
  • Password
    • Enter the Password (not mandatory)
  • Confirm Password
    • Enter the Password again (not mandatory)
  • Extension
    • Enter the extension number that was created previously in section "Create a SIP Extension for the Turbine station"


Turbine user 2.jpg

  • Select the Telephony tab
  • Select the Supervisor Settings tab
  • Enter a login code in the Login Code field
  • Click the OK button to save the settings
Note icon Login Code value is used as SIP Authorization Password on the Turbine station




Turbine user 3.jpg

Save Configuration

Once the configuration data is complete, it must be sent to the IP Office.

  • Click the Save icon as shown below


Avaya save 1.jpg

  • Once the Save Configuration window opens, click the OK button


Avaya save 2.jpg

Configure Turbine station

The following steps detail the configuration for the Turbine station using the Web Interface of the station. The steps include the following areas:

  • Launch Web Interface
  • Add Root Certificate
  • Administer SIP Settings
  • Configure Direct Access Key

Launch Web Interface

To access the Turbine station web interface:

  • Enter http://<ipaddress> in an Internet browser where <ipaddress> is the IP address of the Turbine station
  • Log in with the appropriate credentials (default username: admin, password: alphaadmin)

The IP-StationWeb screen displays the Station Information.
Turbine web 1.jpg

Administer Main Settings

Under the Station Main tab:

  • Select Main Settings
  • Under Model select :
    • For TCIS stations select:
      • Kit (TKIS-2SIP)
      • Normal (TCIS-1SIP, TCIS-2SIP, TCIS-3SIP)
      • OLED Labels (TCIS-4SIP, TCIS-5SIP)
      • Scrolling Station (TCIS-6SIP)
    • For TCIV stations select:
      • Video Normal (TCIV-2SIP, TCIV-3SIP)
      • Video Scrolling Station (TCIV-6SIP)
    • For TMIS stations select:
      • TMIS1-SIP
  • Click Save when done
  • When a screen appears (not shown) to confirm the setting, click Apply

The Turbine station will now reboot.
Turbine web main.jpg

Administer SIP Settings

Under the SIP Configuration tab:

  • Select SIP Settings to configure the parameters in the Account Settings section
  • Set the Turbine stations support UDP, TCP and TLS configuration options
  • For TCP and TLS options, it is necessary to set Outbound Proxy to have the same value as Server Domain


Account settings sip.jpg

UDP Outbound Transport

Display Name: Enter the desired name
Directory Number (SIP ID): Enter a user extension administered from section "Create a SIP Extension for the Turbine station"
Server Domain (SIP): Enter the Domain of IP Office
Authentication User Name: Enter a user extension administered from section "Create a User for the Turbine Station"
Authentication Password: Enter the Communication Profile Password from section "Create a User for the Turbine Station"
Outbound Proxy (mandatory for TCP and TLS, optional for UDP): Enter the IP address of IP Office and 5060 as the Port for UDP/TCP


Turbine sip udp.jpg

TCP Outbound Transport

Display Name: Enter the desired name.
Directory Number (SIP ID): Enter a user extension administered from section "Create a SIP Extension for the Turbine station"
Server Domain (SIP): Enter the Domain of IP Office.
Authentication User Name: Enter a user extension administered from section "Create a User for the Turbine Station"
Authentication Password: Enter the Communication Profile Password from section "Create a User for the Turbine Station"
Outbound Proxy (mandatory for TCP and TLS, optional for UDP): Enter the IP address of IP Office and 5060 as the Port for TCP


Turbine sip tcp.jpg

Secure SIP Configuration with Secure RTP

Display Name: Enter the desired name.
Directory Number (SIP ID): Enter a user extension administered from section "Create a SIP Extension for the Turbine station"
Server Domain (SIP): Enter the Domain of IP Office.
Authentication User Name: Enter a user extension administered from section "Create a User for the Turbine Station"
Authentication Password: Enter the Communication Profile Password from section "Create a User for the Turbine Station"
Outbound Proxy (mandatory for TCP and TLS, optional for UDP): Enter the IP address of IP Office and 5061 as the Port for TLS
SIP Scheme Select sips from the dropdown
RTP Encryption Select srtp_encryption from the dropdown
SRTP Crypto Type Select from the dropdown as shown
TLS Private Key Select from the dropdown as shown


Turbine sip tls srtp sips.jpg

Note icon Avaya servers may need to enable the option for Use Unencrypted SRTCP



Add certificate on Turbine station

Using SIP TLS requires you to upload a certificate to be able to do encrypted authentication and communication.

This step must be done before the station is able to register to the PBX.

  • Select SIP Configuration tab and from the left hand menu
  • select Certificates.

The Turbine certificates are listed.

  • Click on Choose file and browse to the location of the root certificate .pem file.
  • When selected click on the Upload button

The root certificate is uploaded and is shown in the list (default.pem).

Upload cert.jpg

  • Reboot Turbine station ( Station AdministrationRebootReboot )


Note icon {{{1}}}


Uploading a certificate is only needed when using SIP TLS

Avaya IP Office Configuration

  • Open the Avaya IP Office Manager tool
  • Select System > LAN1 > VoIP
  • Check the TLS box (Default TLS port: 5061, Remote TLS Port: 5061)


Avaya TLS.jpg

Option 1: Enable SRTP at System Level

Secure Real-Time Transport Protocol (SRTP) refers to the application of additional encryption and or authentication to VoIP calls (SIP and H.323). SRTP can be applied between telephones, between ends of an IP trunk or in various other combinations.

To configure SRTP at the system level:

  • Select System > VoIP Security
  • Under Media select Preferred


Avaya srtp 1.jpg

When enabling SRTP on the system, the recommended setting is Best Effort (Preferred).

In this scenario, IP Office uses SRTP if supported by the other end, and otherwise uses RTP.

If the Enforced setting is used, and SRTP is not supported by the other end, the call is not established.

Option 2: Enable SRTP Per Extension

  • Select Extension > ext # > VoIP
  • Disable option Same As System and configure parameters


Avaya srtp 2.jpg

  • Save configuration

Upload Certificate to Avaya IPO

In Avaya IP Office Manager:

  • Select File > Advanced > Security Settings
  • Select Security > System > Certificates
  • Enable option Use different Identity Certificate for Telephony
Note icon {{{1}}}


Avaya makes incoming TLS connections, and in that case it is necessary to have a private key.

To upload Private Key and Certificate:

  • Under Telephony Certificate click Set
  • Select Paste from clipboard option


Security manager telephony.jpg

In our example, we are using the default.pem certificate and default.key private key.

Private Key
Private key.jpg

Certificate
Avaya certificate.jpg

  • Change option Received Certificate Checks from None to Low (or higher)


Security manager add cert.jpg

  • Click Add to add default.pem to Trusted Certificate Store (choose between Import certificate from file or Paste from clipboard)
  • Click OK and Save configuration

Configure Direct Access Keys

In the web interface of the Turbine station select SIP Configuration tab:

  • Select Direct Access Key Settings > DAK 1 to configure it
  • In the Idle field select Call To from the dropdown and enter the extension number to be called when the DAK 1 key is pressed
  • In the Call field select Answer/End Call and On Key Press


Dak setting sip.jpg

Backup Domain Configuration

This section provides configuration procedures for configuring redundacy, backup, and server for the Turbine station.

Select SIP Configuration > SIP Settings to configure the following in the Account Settings section

All configuration is the same as in section "Administer SIP Settings" with additional fields for configuration Backup and Backup 2 servers:


Backup Domain (SIP): This is the secondary (or fallback) domain. If the station loses connection to the primary SIP domain, it will switch over to the secondary one. This can be either an IP address in regular dot notation or hostname.

Backup Domain 2 (SIP): This is the tertiary SIP domain used as backup in case the primary and secondary domains fail. This can be either an IP address in regular dot notation or hostname.

Outbound Backup Proxy (mandatory for TCP and TLS, optional for UDP transport protocol): Enter the IP address of Session Manager and 5060 (5061) as the Port for UDP/TCP (TLS)

Outbound Backup Proxy 2 (mandatory for TCP and TLS, optional for UDP transport protocol): Enter the IP address of Session Manager and 5060 (5061) as the Port for UDP/TCP (TLS)


Select Registration Method from the dropdown:

  • Parallel
    • In Parallel mode the IP station will try to be registered to all configured SIP servers at the same time. The station will use the primary SIP server for outgoing calls if available, otherwise it will use the next available backup server. In this mode, the station can receive calls from multiple SIP servers at the same time. This mode is not recommended in a Cisco Unified CallManager cluster with multiple publishers and subscribers.
  • Serial
    • Serial registration means that the station will always register to the next available SIP server. The station starts by registering to the primary SIP server, then if the station loses contact with the primary SIP server it will register to the backup server. If the station loses contact with the backup server, then it will register to the secondary backup server. If the station loses contact with the secondary backup server, it will register to the primary SIP server.
  • Top-Down
    • Top-Down registration means that the station will try to be registered to the primary SIP server, but periodically poll the backup servers to check that they are up without registering. If the primary SIP server shuts down, then the station will register to the next backup server that is up. If the primary SIP server starts up, the station will unregister at the backup server and switch back to the primary server.
  • Cisco
    • Cisco registration is the same as Top-Down for the primary and backup servers, while the secondary backup server will register to its configured server in parallell.


Backup ipo.jpg

Verification steps

This section provides the tests that can be performed to verify the correct configuration of Session Manager and the Turbine station.

Verify Avaya IP Office SIP Endpoint Registration

  • Open the IP Office System Status application and click Extensions
  • Verify that Turbine endpoints are successfully registered as shown below


Avaya endpoint check.jpg

Verify Turbine Station SIP Registration

In the Turbine station web interface:

  • Select Station Main > Station Information
  • Verify that the status shows Registered under Server Domain (SIP)

Place a call to another endpoint to verify basic call operation.
Turbine registration.jpg

Verify Successful Calls

Place a call to and from the Turbine station endpoint. Verify that 2-way audio can be heard and validate that the call terminates successfully.

Related Articles

This section references the Avaya and Zenitel product documentation that are relevant to these Application Notes.

These documents form part of the Avaya technical reference documentation suite. Further information may be available from http://support.avaya.com or from your Avaya representative.

Avaya IP Office Manager 10.1, Document 15-601011, Issue 1, June 2017

The Zenitel Turbine documentation can be found at http://www.zenitel.com.