SBC 7600 Config Guide PDF

Americas Headquarters
Cisco Systems, Inc.

170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Cisco 7600 Series Routers Session Border
Controller Configuration Guide
May, 2009
Text Part Number: OL-13499-04
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCBs public
domain version of the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
CCDE, CCSI, CCENT, Cisco Eos, Cisco HealthPresence, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco Nurse Connect, Cisco Stackpower, Cisco StadiumVision,
Cisco TelePresence, Cisco WebEx, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn and Cisco Store are
service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the
Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without
Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study,
IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar,
PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath,
WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship
between Cisco and any other company. (0903R)
1
Cisco 7600 Series Routers Session Border Controller Configuration Guide
OL-13499-04
C O N T E N T S
About This Guide 21
Objectives 1-21
Document Revision History 1-21
Organization 1-23
Related Documentation 1-24
Cisco 7600 Series Router Documentation 1-24
Cisco IOS Software Publications 1-25
Cisco IOS Release 12.2SR Software Publications 1-25
Document Conventions 1-25
Obtaining Documentation 1-26
CHAPTER 1
SBC on the Cisco 7600 Series Router 1-1
SBC Deployment on the Cisco 7600 Series Router 1-1
SBC Features on the Cisco 7600 Series Router 1-3
Network Address and Port Translation and NAT/FW Traversal 1-5
SBC QoSMarking 1-5
QoS Statistics Collections 1-5
DSCP Remarkings 1-5
DoS Prevention 1-6
SBC Interworking Dual Tone Multifrequency 1-6
Unexpected Source Address Alerting 1-6
SBC RedundancyHigh Availability 1-6
DBE Overload Reporting 1-7
Media Address Pools 1-7
FAX Support 1-7
SBC Multi-VRF 1-7
SBC Adjacencies 1-7
SBC Billing 1-8
SBC Policies 1-8
SBC Transcoding 1-8
SBC Firewall Traversal and Network Address Translator 1-8
SIP Method Profiles 1-8
Header Profiles 1-9
Contents
2
OL-13499-04
Restricting Codecs 1-9
SIP Tel URI Support 1-9
SIP Timer 1-9
H.323 Support 1-9
H.323-SIP Interworking 1-9
Tracking Policy Failure Statistics 1-9
SIP 3xx Redirect Responses 1-10
SIP Call Hold 1-10
SDP Call Hold Interworking 1-10
SIP Call Transfer 1-10
SIP Outbound Authentication 1-10
SIP Inbound Authentication 1-10
SIP-I Transparency and Profile Support 1-10
SIP Configuration Flexibility 1-11
Implementing SBC QoS (Marking) 1-11
DoS Prevention and Dynamic Blacklisting 1-11
Early Media 1-11
P-CSCF Support 1-11
Integration of Resource Management and SIP 1-11
IBCF Processing Support 1-11
SDP Attribute Passthrough 1-12
DBE Signaling Pinhole 1-12
Late-to-Early Media Internetworking 1-12
Secure Media Passthrough 1-12
VRF-Aware DNS Query 1-12
CAC Rate Limiting 1-12
Subscriber Policy 1-12
Support for Media Information 1-12
SIP PING Message Support 1-13
P-KT-UE-IP Feature 1-13
Routing Features 1-13
H.323 Performance Improvement 1-13
SIP Header Manipulation 1-13
SIP Statistics Per Adjacency 1-13
Response Code Mapping 1-14
Provisional Response Filtering 1-14
Parameter Profiles 1-14
Codec Ordering 1-14
Improved Fast Register 1-14
Contents
3
OL-13499-04
Interchassis Redundancy 1-14
Supported MIBs 1-14
CHAPTER 2
ACE Configuration Prerequisites for the SBC 2-1
Restrictions and Usage Guidelines 2-1
Bringing Up the ACE 2-2
Configuring VLANs and Interfaces for the ACE on the Supervisor 2-2
Sessioning and Logging In to the ACE 2-3
Assigning a Name to the ACE 2-4
Configuring ACE Infrastructure 2-4
Configuring the VLAN Interface for Admin Context 2-5
Configuring the FT VLAN Interface 2-5
Configuring the FT Peer 2-6
Configuring the FT Group 2-6
Assigning an IP Address to the ACE 2-7
Configuring a Static Route 2-8
Hairpin Static Route Guidelines 2-9
Accessing the ACE Using a Telnet Session 2-10
Upgrading the SBC Image on the ACE to Release 3.1.00 2-11
Upgrading the SBC Image on the ACE 2-11
Upgrading the SBC Image for Redundant ACE Modules 2-12
Verifying ACE Status as Active SBC Services Card 2-18
Additional Information 2-18
CHAPTER 3
SBC Configuration 3-1
Configuring Unified Model 3-1
Configuring SBE in the Unified Model 3-1
Prerequisites 3-1
Configuring DBE in the Unified Model 3-5
Prerequisites 3-5
Configuring SBC Unified Model (UM): Example 3-6
Configuring Distributed Model 3-7
Configuring DBE 3-7
Prerequisites 3-7
Examples 3-9
Contents
4
OL-13499-04
Troubleshooting Tips 3-10
Distributed Model Configuration Examples 3-10
Configuring the SBC DBE 3-11
Configuring IP and Media IP: Example 3-11
Configuring Multiple IP and Multiple Media IP: Example 3-12
CHAPTER 4
Implementing SBC Interworking DTMF 4-1
PrerequisitesImplementing Interworking DTMF 4-2
Interworking DTMF 4-2
DTMF Packet Generation 4-3
DTMF Packet Detection 4-3
Implementing Interworking DTMF 4-3
Configuring Default Duration of a DTMF Event 4-3
CHAPTER 5
Contents 5-1
PrerequisitesImplementing Unexpected Source Address Alerting 5-1
Restrictions for Unexpected Source Address Alerting 5-2
Configuring Unexpected Source Address Alerting 5-3
Examples of Configuring Unexpected Source Address Alerting 5-4
CHAPTER 6
Implementing SBC RedundancyHigh Availability 6-1
Contents 6-2
PrerequisitesImplementing Redundancy 6-2
Implementing Redundancy on the ACE Module 6-2
Redundancy Configuration Example 6-3
CHAPTER 7
Configuring Data Border Element Overload Reporting 7-1
Contents 7-1
PrerequisitesImplementing DBE Overload 7-2
Contents
5
OL-13499-04
DBE Overload Reporting 7-2
Configuring DBE Overload Reporting 7-2
CHAPTER 8
Contents 8-1
PrerequisitesImplementing Media Address Pools 8-1
Restrictions for Configuring Media Address Pools 8-2
DBE Signaling Pinhole 8-3
Restrictions for DBE Signaling Pinhole 8-3
Configuring Media Address Pools 8-3
Configuring Media Address Pools Example 8-7
CHAPTER 9
Fax Support 9-1
Contents 9-1
Fax Support 9-1
T.38 Passthrough 9-2
Restrictions for Fax Support 9-2
CHAPTER 10
Implementing SBC Multi-VRF 10-1
Contents 10-1
PrerequisitesImplementing Multi-VRF 10-2
Information About Implementing Multi-VRF 10-2
VRF-Aware DNS Query 10-3
Implementing Multi-VRF 10-3
Configuring Multi-VRF 10-3
Configuring a VRF-Aware DNS Query 10-7
This task configures a DNS query for a VRF. 10-7
Associating an H.323 Adjacency with a VRF 10-10
Associating a SIP Adjacency with a VRF 10-12
Configuring DBE with VRFDistributed Model Only 10-14
Configuration Examples for Implementing Multi-VRF 10-16
Configuring Multi-VRF: Example 10-17
Contents
6
OL-13499-04
DNS Query Configuration: Example 10-18
Associating an H.323 Adjacency with a VRF: Example 10-18
Associating a SIP Adjacency with a VRF: Example 10-18
Configuring DBE with VRF (Distributed Model Only): Example 10-21
CHAPTER 11
Implementing SBC Adjacencies 11-1
Contents 11-2
Prerequisites for Implementing Adjacencies 11-2
Information About Implementing Adjacencies 11-2
Properties Common to Both SIP and H.323 Adjacencies 11-3
About SIP Adjacencies in the Deployment 11-3
About H.323 Adjacencies in the Deployment 11-5
How Adjacencies Affect Media Routing 11-6
How to Implement Adjacencies 11-8
Configuring Force-Signaling-Peer Adjacency 11-8
Configuring an H.323 Adjacency 11-9
Assigning H.323 Adjacencies to Adjacency Groups 11-13
Configuring a SIP Adjacency 11-14
Assigning SIP Adjacencies to Adjacency Groups 11-18
SIP Statistics Per Adjacency 11-19
Restrictions for SIP Statistics Per Adjacency 11-20
Configuring SIP Statistics Per Adjacency 11-21
Configuration Examples for Implementing Adjacencies 11-23
Configuring an H.323 Adjacency: Examples 11-23
H.323 Adjacency Example 1 (Two Gateways/Endpoints) 11-23
H.323 Adjacency Example 2 (Gatekeeper in Network) 11-24
Configuring a SIP Adjacency: Example 11-27
SIP UAS Failure Detection 11-28
SIP UAS Failure Detection: Example 11-29
SIP Outbound Flood Protection 11-30
SIP Outbound Flood Protection: Example 11-32
CHAPTER 12
Implementing SBC Billing 12-1
Contents 12-2
Prerequisites for Implementing Billing 12-2
Contents
7
OL-13499-04
Information About Implementing Billing 12-2
Integrated Billing Systems 12-2
Support for Media Information 12-3
Restrictions for Media Information 12-4
How to Implement Billing 12-5
Restrictions for Billing 12-6
Configuring Billing 12-6
Configuration Example of Implementing Billing 12-10
CHAPTER 13
Implementing SBC Policies 13-1
Contents 13-1
Prerequisites for Implementing Policies 13-2
Information About Implementing Policies 13-2
SBC Policies 13-3
Policy Events 13-3
Policy Stages 13-3
Policy Sets 13-6
Policy Tables 13-6
Number Analysis Policies 13-9
Number Validation 13-9
Number Categorization 13-10
Digit Manipulation 13-10
Routing 13-11
Routing Tables and Adjacencies 13-11
Number Manipulation 13-12
Hunting 13-14
MultiARQ Hunting 13-14
Call Admission Control 13-15
Call Admission Control 13-16
Media Bypass in Call Admission Control 13-16
CAC Rate Limiting 13-16
Subscriber Policy 13-17
How to Implement Policies 13-18
Configuring Number Analysis Tables 13-18
Configuring Number Validation 13-18
Configuring Number Categorization 13-23
Configuring Routing Tables 13-28
Contents
8
OL-13499-04
Configuring a Destination Address Table 13-28
Configuring the Destination, Source Domain, and Carrier ID Tables 13-34
Configuring the Category Table 13-37
Configuring the Least Cost Table 13-39
Configuring the Weighted Table 13-41
13-43
Configuring Time-Based Tables 13-43
Configuring Regular Expression-Based Tables 13-46
13-48
Configuring Number Manipulation 13-48
Configuring Hunting and MultiARQ Hunting 13-51
Activating a Routing Policy Set 13-54
Configuring Call Admission Control Policy Sets and CAC Tables 13-54
Activating a CAC Policy Set 13-61
Configuration Examples of Implementing Number Analysis 13-61
Configuring Number Validation: Example 13-61
Configuring Number Categorization: Example 13-62
Configuration Examples of Implementing Call Routing 13-62
Routing with No Load Balancing: Example 13-63
Least-Cost Routing: Example 13-63
Weighted Routing: Example 13-64
Time-Based Routing: Example 13-65
Regular Expression Routing: Example 13-69
Configuration Example of Implementing Call Admission Control Policy Sets and CAC Tables 13-69
CHAPTER 14
Implementing SBC Transcoding 14-1
Contents 14-1
Prerequisites for Implementing Transcoding 14-2
Information About Transcoding 14-2
Transcoding After Rejection 14-2
Codec Filtering 14-4
Restrictions for Transcoding 14-4
Configuring Transcoding After Rejection 14-4
Configuring Codec Filtering Transcoding 14-7
Configuration Examples for Implementing Transcoding 14-9
Verification 14-13
Contents
9
OL-13499-04
CHAPTER 15
Implementing SBC Firewall Traversal and NAT 15-1
Contents 15-1
Prerequisites for Implementing Firewall Traversal and NAT 15-2
Information About Firewall Traversal and NAT 15-2
Implementing Firewall Traversal and NAT 15-4
Changing NAT Status 15-5
SIP PING Message Support 15-6
Configuring Ping Message Support 15-7
Configuration Examples 15-8
CHAPTER 16
SIP Profiles on the Session Border Controller 16-1
Contents 16-1
Information About SIP Profiles 16-2
Method-Profiles 16-3
Restrictions for Configuring Method-Profiles 16-4
Information About Method-Profiles 16-4
Configuring Method-Profiles 16-5
Applying Method-Profiles 16-7
Response Code Mapping 16-8
Restrictions for Response Code Mapping 16-9
Configuring Response Code Mapping 16-9
Applying Response Code Mapping 16-11
Header Profiles 16-12
Restrictions for Configuring Header Profiles 16-13
Information About Header Profiles 16-13
Header Manipulation 16-14
Header Profile Configuration Information 16-15
Configuring Header Profiles 16-15
Applying Header Profiles 16-17
P-KT-UE-IP Header Support 16-19
P-KT-UE-IP Header Information 16-19
Configuring P-KT-UE-IP Header Support 16-19
Provisional Response Filtering 16-21
Provisional Response Filtering Information 16-22
Configuring Provisional Response Filtering 16-22
Contents
10
OL-13499-04
Applying Provisional Response Filtering 16-23
Parameter Profiles 16-24
Restrictions for Configuring Parameter Profiles 16-24
Information About Parameter Profiles 16-25
Configuring Parameter Profiles 16-25
Applying a Parameter Profile to a Header Profile 16-27
Associating with an Adjacency 16-28
SIP Header Public/Private IP Address Information Insertion 16-29
Configuration Examples for SIP Profiles 16-33
Method-Profile Examples 16-33
Applying Method-Profiles Example 16-34
Associating Predefined Header Profiles Example 16-35
Associating Predefined Parameter Profiles Example 16-35
Associating Response Code Mapping Example 16-36
Configuring Header Profiles Example 16-37
Applying Header Profiles Example 16-37
Header Manipulation Examples 16-38
Response Filtering Example 16-44
Parameter Profile Examples 16-44
P-KT-UE-IP Header Support 16-47
CHAPTER 17
Restricting Codecs 17-1
Contents 17-1
Prerequisites for Restricting Codecs 17-2
Restrictions for Codecs 17-2
How to Configure Codec Restriction 17-5
Configuring Codecs 17-5
Configuring a CAC Policy to Use a Codec List 17-7
Examples of Configuring Codecs 17-9
Example of Configuring Codecs Restriction 17-9
Example of Configuring a CAC Policy to Use a Codec List 17-10
Example of Codec Ordering 17-11
Contents
11
OL-13499-04
CHAPTER 18
SIP Tel URI Support 18-1
Contents 18-1
Restrictions for SIP Tel URI Support 18-1
Information About SIP Tel URI Support 18-2
Local and Global Tel URIs 18-2
Tel URI Versus SIP URI 18-2
The Carrier Identification Code Parameter 18-3
CHAPTER 19
SIP Timer 19-1
Contents 19-1
Information About SIP Timer 19-1
How to Configure SIP Timer 19-3
Configuring SIP Timer 19-3
CHAPTER 20
H.323 Support 20-1
Contents 20-1
Prerequisites for H.323 Support 20-2
Restrictions for H.323 Support 20-2
Information About H.323 Support 20-2
Separate H.245 Control Channel 20-3
Restrictions for Separate H.245 Control Channel 20-4
H.245 Passthrough 20-4
Restrictions for H.245 Passthrough 20-4
Slow Start Media Relay 20-4
Restrictions for Slow Start Media Relay 20-5
Codec Mappings 20-5
DTMF Interworking 20-6
Restrictions for DTMF Interworking 20-6
Transcoding 20-7
Restrictions for Transcoding 20-7
RAS Tech Prefix 20-7
Restrictions for RAS Tech Prefix 20-8
User Protocol Timer Control 20-8
Restrictions 20-8
Contents
12
OL-13499-04
T.38 Fax Relay 20-9
T.38 H.245 - SDP Mapping 20-9
H.245 Mode Request 20-10
RAS Maximum Bit Rate 20-10
H.323 Annex D / T.38 Annex B Interoperability 20-10
Restrictions 20-10
Q.931/H.225 Passthrough 20-10
Call Proceeding Passthrough 20-10
Unsupported Messages 20-11
Privacy 20-11
Setting of Protocol Version 20-11
Q.931 / H.225 Base Passthrough Profile 20-11
Restrictions 20-16
H.323 Privacy 20-16
Restrictions and Limitations 20-16
Configuring H.323 Features 20-17
Configuring Separate H.245 Control Channel 20-17
Configuring RAS Tech Prefix 20-18
Configuring User Protocol Timer Control 20-19
Configuring H.323 Privacy 20-22
Configuring Separate H.245 Control Channel and RAS Tech Prefix: Example 20-23
Configuring User Protocol Timer Controls: Example 20-23
CHAPTER 21
H.323-SIP Interworking 21-1
Contents 21-1
Restrictions for H.323-SIP Interworking 21-1
Information About H.323-SIP Interworking 21-2
SIP/H.323 Interworking for Basic Call Hold 21-2
SIP Requirements 21-3
H.323 Requirements 21-3
Basic Call Hold Restrictions 21-4
Basic Call Hold Verification 21-4
CHAPTER 22
Tracking Policy Failure Statistics 22-1
Contents 22-1
Contents
13
OL-13499-04
Restrictions for Tracking Call Policy Failure Statistics 22-1
Information About Policy Failure Statistics 22-2
Policy Failure Statistics for a Specified Time Interval 22-2
Policy Set Statistics 22-2
Automatic Tracking of Policy Failure Statistics 22-3
Policy Failure Statistics and Hunting 22-4
Global Statistics and Call Hunting 22-4
Per-table and Per-entry Statistics and Call Hunting 22-5
Per-adjacency and Per-Account Statistics and Call Hunting 22-5
CHAPTER 23
SIP 3xx Redirect Responses 23-1
Contents 23-1
Information About 3xx Redirect Responses in SIP 23-1
3xx Responses 23-2
Diversion Headers 23-3
How to Configure SBC to Process SIP 3xx Responses 23-3
Configuring SBC to Process SIP 3xx Responses 23-3
Examples of Configuring SBC to Process SIP 3xx Responses 23-5
CHAPTER 24
SIP Call Hold 24-1
Contents 24-1
Information About SIP Call Hold 24-1
Configuring SIP Call Hold 24-2
Restrictions for SDP Call Hold Interworking 24-4
Configuring SDP Call Hold Interworking 24-4
Configuration Examples 24-6
Example of Configuring SIP Call Hold 24-6
Example of Configuring SDP Call Hold Interworking 24-7
CHAPTER 25
SIP Call Transfer 25-1
Contents 25-1
Restrictions for SIP Call Transfer Support 25-2
Contents
14
OL-13499-04
Information About SIP Call Transfer 25-2
REFER Requests 25-2
NOTIFY Messages 25-3
Replaces Headers 25-3
CHAPTER 26
SIP Outbound Authentication 26-1
Contents 26-1
Prerequisites for Implementing SIP Outbound Authentication 26-2
Restrictions for Implementing SIP Outbound Authentication 26-2
Information About SIP Outbound Authentication 26-2
Configuring Outbound Authentication in the SBC 26-2
Authenticating the SBC to Remote Devices 26-3
How to Configure SIP Outbound Authentication 26-3
Examples of Show Commands 26-5
CHAPTER 27
SIP Inbound Authentication 27-1
Contents 27-1
Prerequisites for Implementing SIP Inbound Authentication 27-1
Restrictions for Implementing SIP Inbound Authentication 27-2
Information About SIP Inbound Authentication 27-2
Local Inbound Authentication 27-2
Remote Inbound Authentication 27-2
Interaction with Outbound Authentication 27-3
Failure Modes for Inbound Authentication 27-3
Unacceptable Parameters 27-3
Access-Request Rejection 27-3
Insufficient Memory 27-3
No Match on Authentication Realm 27-3
No Match on Nonce 27-3
Nonce Timed Out 27-3
No Acceptable RADIUS Servers 27-4
How to Configure SIP Inbound Authentication 27-5
Contents
15
OL-13499-04
CHAPTER 28
Implementing SBC QoS (Marking) 28-1
Contents 28-1
Prerequisites for Implementing QoS 28-2
Information About Implementing QoS 28-2
How to Implement QoS 28-2
Configuring QoS Profiles 28-2
Analyzing the SIP Resource-Priority Header 28-4
Configuring a Resource Priority Set on a SIP Adjacency 28-6
Choosing a Qos Profile Using CAC 28-7
Configuration Examples of QoS Profiles 28-10
Configuring a QoS Voice Profile Using IP Precedence Marking: Example 28-10
Configuring a QoS Voice Profile Using DSCP Marking: Example 28-11
Choosing a QoS Profile Using CAC: Example 28-11
Configuration of a SIP Adjacency Using Resource- Priority-Set: Example 28-11
CHAPTER 29
SIP Configuration Flexibility 29-1
Contents 29-1
Restrictions for Implementing SIP Configuration Flexibility 29-1
Information About SIP Configuration Flexibility 29-2
OPTIONS Support 29-2
Restrictions for OPTIONS Support 29-2
Rewriting From Header on Non-Register Requests 29-2
Restrictions for Rewriting From Header on Non-REGISTER Requests 29-2
Rewriting To: Header on Non-REGISTER Requests 29-2
Auto-detecting NAT 29-3
Restrictions for Auto-detecting NAT 29-3
Routing on Wildcard Domains 29-3
Restrictions for Routing on Wildcard Domains 29-3
How to Implement SIP Configuration Flexibility 29-3
CHAPTER 30
SIP-I Transparency and Profile Support 30-1
Contents 30-1
Restrictions for SIP-I Transparency and Profile Support 30-1
Contents
16
OL-13499-04
Information about SIP-I Transparency and Profile Support 30-2
How to Implement SIP-I Transparency and Profile Support 30-2
CHAPTER 31
DoS Prevention and Dynamic Blacklisting 31-1
Contents 31-1
Prerequisites for DoS Prevention and Dynamic Blacklisting 31-2
Restrictions for DoS Prevention and Dynamic Blacklisting 31-2
Information About DoS Prevention and Dynamic Blacklisting 31-3
How to Configure Dynamic Blacklisting 31-4
Configuring Blacklist Parameters for an IP Address, Port, or VPN 31-4
Configuring an End to Blacklisting 31-7
Examples of Configuring, Removing, and Displaying Dynamic Blacklisting 31-7
Example of Configuring Dynamic Blacklisting 31-7
Example of Removing a Source from the Blacklist 31-8
Example of Displaying All Configured Limits 31-8
Examples of Using Show Commands with Blacklisting 31-9
CHAPTER 32
Early Media 32-1
Contents 32-1
Restrictions for the Early Media Support 32-1
Information About Early Media 32-2
CHAPTER 33
Late-to-Early Media Internetworking 33-1
Contents 33-1
Restrictions for Late-to-Early Media Internetworking Support 33-2
Configuring Late-to-Early Media Internetworking 33-2
Configuration Example 33-8
Verification 33-11
Contents
1 7
OL-13499-04
CHAPTER 34
Secure Media Passthrough 34-1
Contents 34-1
PrerequisitesSecure Media Passthrough 34-1
Restrictions for Secure Media Passthrough 34-2
Configuring Secure Media Passthrough 34-2
Example of Configuring Secure Media Passthrough 34-3
CHAPTER 35
P-CSCF Support 35-1
Contents 35-1
Restrictions for Implementing P-CSCF Support 35-3
Information About P-CSCF Support 35-3
Standard Non-IMS Profile 35-3
P-CSCF Access Profile 35-3
P-CSCF Core Profile 35-4
Implementing P-CSCF Support 35-4
Configuring Profiles Inheritance 35-4
CHAPTER 36
Integration of Resource Management and SIP 36-1
Contents 36-1
Restrictions for Integration of Resource Management 36-1
Information about Integration of Resource Management 36-2
CHAPTER 37
IBCF Processing Support 37-1
Contents 37-1
Restrictions for Implementing IBCF Support 37-2
Information About IBCF Support 37-2
Adding to Path Header on REGISTER 37-2
Modifying Service-Route Header on REGISTER 37-3
Routing Based on SIP Route Headers 37-3
Topology Hiding 37-3
Screening of SIP Signaling 37-3
Contents
18
OL-13499-04
Passthrough of From, To, and Contact Headers 37-3
Passthrough of Request URI on REGISTER 37-3
Interworking with P-CSCF, I-CSCF, and S-CSCF 37-3
Handling Messages from Untrusted Domains 37-3
Implementing IBCF Support 37-4
Configuring the Domain Names to Use for IBCF Adjacencies 37-4
CHAPTER 38
Configuring SIP SDP Attribute Passthrough 38-1
Restrictions for Configuring SIP SDP Attribute Passthrough 38-1
Information about SIP SDP Attribute Passthrough 38-2
Configuring SIP SDP Attribute Passthrough 38-2
Example of SIP SDP Attribute Passthrough 38-7
CHAPTER 39
Cisco Session Border Controller Commands 39-1
Command Reference 39-1
Integrated Billing Systems B-1
Event Message Transmission B-2
Multiple Server Support B-2
Event Message Batching B-3
Event Messages Set Overview B-3
Supported Event Message Detail B-5
Signaling_Start B-5
QoS_Reserve B-6
Call_Answer B-6
QoS_Commit B-7
Call_Disconnect B-8
QoS_Release B-8
Signaling_Stop B-8
Media_Statistics B-9
Media_Alive B-9
Time_Change B-10
Administration and Configuration B-10
Integrated Mode Configuration B-10
Administering SBC Billing B-11
Logging and Alarms B-11
Contents
19
OL-13499-04
Fault Tolerance B-11
Warm Failover B-11
Cold Failover B-12
Example for Event Messages from SBC to RADIUS Billing Server B-12
Security B-22
Internal Log Levels C-1
Enabling Syslog Functionality C-2
Definitions D-1
Assumptions D-2
High Level Steps D-2
Pre-Upgrade Procedure D-4
Detailed Upgrade Procedure D-8
Post Upgrade Steps D-12
Context Configuration D-12
Billing Configuration D-12
GL OSSARY
I NDEX
Contents
20
OL-13499-04
21
OL-13499-04
About This Guide
This section describes the objectives and organization of this document and explains how to find
additional information on related products and service:
Objectives, page 21
Document Revision History, page 21
Organization, page 23
Related Documentation, page 24
Document Conventions, page 25
Obtaining Documentation, page 26
Objectives
This document describes the Session Border Controller, hereinafter referred to as the SBC, features that
are supported on the Cisco 7600 series routers.
Document Revision History
Table 1 records technical changes to this document. The table shows the ACE SBC software release
number and document revision number for the change.
Table 1 Document Revision History
Release No. Revision Date Change Summary
Release 3.1.0 OL-13499-04 Nov, 2009 Updated chapter 12 - Implementing SBC
Billing
About This Guide
Document Revision History
22
OL-13499-04
Release 3.1.0 OL-13499-04 May, 2009 Added support for the following features:
SDP Attribute Passthrough
Improved fast register
SIP Statistics Setting
DBE signaling pinhole
Additional changes to SBC billing
H.323 performance improvement
Late-to-Early Media Internetworking
Routing features including:
Routing by category
Source number manipulation
Least-cost routing
Weighted routing
Time-based routing
Regular expression routing
Interchassis redundancy
Secure Media Passthrough
SDP call hold interworking
Response code mapping
SIP header manipulation
Provisional response filtering
Parameter profiles
VRF-Aware DNS Query
CAC Rate Limiting
Subscriber Policy
Debug usability enhancements
Support for Media Information
SIP PING Message Support
P-KT-UE-IP feature
Release 3.0.1 OL-13499-03 October, 2008 Added additional MIBs
Added Appendix C
Release 3.0.00 OL-13499-02 May, 2008 SBE functions added
Release 2.0.00 OL-13499-01 June, 2007 Initial version
Table 1 Document Revision History

About This Guide
Organization
23
OL-13499-04
Organization
This document contains the following chapters and appendices:
Section Title
Chapter 1 SBC on the Cisco 7600 Series Router
Chapter 2 ACE Configuration Prerequisites for the SBC
Chapter 3 SBC Configuration
Chapter 4 Implementing SBC Interworking DTMF
Chapter 5 Unexpected Source Address Alerting
Chapter 6 Implementing SBC RedundancyHigh Availability
Chapter 7 Configuring Data Border Element Overload Reporting
Chapter 8 Media Address Pools
Chapter 9 Fax Support
Chapter 10 Implementing SBC Multi-VRF
Chapter 11 Implementing SBC Adjacencies
Chapter 12 Implementing SBC Billing
Chapter 13 Implementing SBC Policies
Chapter 14 Implementing SBC Transcoding
Chapter 15 Implementing SBC Firewall Traversal and NAT
Chapter 16 SIP Profiles on the Session Border Controller
Chapter 17 Restricting Codecs
Chapter 18 SIP Tel URI Support
Chapter 19 SIP Timer
Chapter 20 H.323 Support
Chapter 21 H.323-SIP Interworking
Chapter 22 Tracking Policy Failure Statistics
Chapter 23 SIP 3xx Redirect Responses
Chapter 24 SIP Call Hold
Chapter 25 SIP Call Transfer
Chapter 26 SIP Outbound Authentication
Chapter 27 SIP Inbound Authentication
Chapter 28 SIP Configuration Flexibility
Chapter 29 Implementing SBC QoS (Marking)
Chapter 30 SIP-I Transparency and Profile Support
Chapter 31 DoS Prevention and Dynamic Blacklisting
Chapter 32 Early Media
Chapter 33 Late-to-Early Media Internetworking
Chapter 34 Secure Media Passthrough
About This Guide
Related Documentation
24
OL-13499-04
Related Documentation
This section lists documentation that might be useful as you configure your Cisco 7600 series router.
The documentation listed below is available online.
Cisco 7600 Series Router Documentation
As you configure your Cisco 7600 series router, you should also refer to the following companion
publication for important hardware installation information:
Cisco 7600 Series Ethernet Services 20G Line Card Hardware Installation Guide
An overview of the Cisco 7600 series router features, benefits, and applications can be found in the
Cisco 7600 Series Internet Router Essentials document located at the following URL:
http://www.cisco.com/en/US/products/hw/routers/ps368/products_quick_start09186a0080092248.html
Some of the following other Cisco 7600 series router publications might be useful to you as you
configure your Cisco 7600 series router.
Cisco 7600 Series Cisco IOS Software Configuration Guide
http://www.cisco.com/en/US/products/hw/routers/ps368/products_installation_and_configuration_
guides_list.html
Cisco 7600 Series Cisco IOS Command Reference
http://www.cisco.com/en/US/products/hw/routers/ps368/prod_command_reference_list.html
Cisco 7600 Series Cisco IOS System Message Guide
http://www.cisco.com/en/US/products/hw/routers/ps368/products_system_message_guides_list.ht
ml
Cisco 7600 Series Internet Router MIB Specifications Guide
http://www.cisco.com/en/US/products/hw/routers/ps368/prod_technical_reference_list.html
Several other publications are also related to the Cisco 7600 series router. For a complete reference of
related documentation, refer to the Cisco 7600 Series Routers Documentation Roadmap located at:
http://www.cisco.com/en/US/products/hw/routers/ps368/products_documentation_roadmaps_list.html
Chapter 35 P-CSCF Support
Chapter 36 Integration of Resource Management and SIP
Chapter 37 IBCF Processing Support
Chapter 38 Configuring SIP SDP Attribute Passthrough
Chapter 39 Cisco Session Border Controller Commands
Appendix A End-to-End SBC Configuration Example on a Cisco 7600 series router
Appendix B Additional Information about Billing Support
Appendix C Additional Information about Syslog Capabilities
Glossary
Index
Section Title

About This Guide
Document Conventions
25
OL-13499-04
Cisco IOS Software Publications
Your router and the Cisco IOS software running on it contain extensive features. You can find
documentation on Cisco IOS software features at:
http://www.cisco.com/en/US/products/sw/iosswrel/tsd_products_support_category_home.html
Cisco IOS Release 12.2SR Software Publications
Documentation for Cisco IOS Release 12.2SR, including command reference and system error
messages, is found at:
http://www.cisco.com/en/US/products/ps6922/tsd_products_support_series_home.html
Document Conventions
This documentation uses the following conventions:
Command syntax descriptions use the following conventions:
Nested sets of square brackets or braces indicate optional or required choices within optional or required
elements. For example:
Convention Description
string A string is a nonquoted set of characters shown in italics. For example, when setting an SNMP
community string to public, do not use quotation marks around the string or the string will include the
quotation marks.
bold Bold text indicates commands and keywords that you enter exactly as shown.
italics Italic text indicates arguments for which you supply values.
[x] Square brackets enclose an optional element (keyword or argument).
| A vertical line indicates a choice within an optional or required set of keywords or arguments.
[x | y] Square brackets enclosing keywords or arguments separated by a vertical line indicate an optional
choice.
{x | y} Braces enclosing keywords or arguments separated by a vertical line indicate a required choice.
[x {y | z}] Braces and a vertical line within square brackets indicate a required choice within an optional element.
About This Guide
Obtaining Documentation
26
OL-13499-04
The following conventions are used to attract the attention of the reader:
Caution Means reader be careful. In this situation, you might do something that could result in equipment
damage or loss of data.
Note Means reader take note. Notes contain helpful suggestions or references to materials that may not be
contained in this manual.
Tip Means the following information will help you solve a problem. The tips information might not be
troubleshooting or even an action, but could be useful information, similar to a Timesaver.
Obtaining Documentation
For information on obtaining documentation, obtaining support, providing documentation feedback,
security guidelines, and also recommended aliases and general Cisco documents, see the monthly Whats
New in Cisco Product Documentation, which also lists all new and revised Cisco technical
documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
screen
Examples of information displayed on the screen are set in Courier font.
bold screen
Examples of text that you must enter are set in Courier bold font.
< > Angle brackets enclose text that is not printed to the screen, such as passwords.
! An exclamation point at the beginning of a line indicates a comment line. (Exclamation points are also
displayed by the Cisco IOS software for certain processes.)
[ ] Square brackets enclose default responses to system prompts.
C H A P T E R
1-1
OL-13499-04
1
SBC on the Cisco 7600 Series Router
This chapter provides information about SBC on the Cisco 7600 series router and contains the following
sections:
SBC Deployment on the Cisco 7600 Series Router, page 1-1
SBC Features on the Cisco 7600 Series Router, page 1-3
Supported MIBs, page 1-14
SBC Deployment on the Cisco 7600 Series Router
The Session Border Controller (SBC) enables direct IP-to-IP interconnect between multiple
administrative domains for session-based services providing protocol interworking, security, and
admission control and management. The SBC is a voice over IP (VoIP) device that sits on the border of
a network and controls call admission to that network.
The SBC protects the interior of the network from excessive call load and malicious traffic. Additional
functions provided by the SBC include media bridging and billing services.
The SBC is available as a service in the Cisco 7600 series router and is implemented on a service card.
For ACE SBC Release 3.0.00 or later, the SBC application runs on an Application Control Engine (ACE)
module. (See ACE Configuration Prerequisites for the SBC for more details.)
The SBC service includes two functional areas:
Signaling SBC functionManaged by the signaling border element (SBE), controls access of VoIP
signaling messages to the core of the network, and manipulates the contents of these messages. It
does this by acting as a Session Initiation Protocol (SIP) back-to-back user agent (B2BUA) or H.323
gateway.
Media SBC functionManaged by the data border element (DBE), controls access of media packets
to the network, provides differentiated services and quality of service (QoS) for different media
streams, and prevents service theft. It does this by acting as a real-time transport protocol (RTP)
proxy.
For ACE SBC Release 3.0.00 or later, the SBC can operate in two modes or deployment models, as
follows:
UnifiedIn the unified model, both the SBE and DBE logical entities co-exist on the same network
element. In this model, the signaling entity controls the media local to the router and to a single
service card (the Application Control Engine [ACE]).
1-2
OL-13499-04
SBC Deployment on the Cisco 7600 Series Router
DistributedIn the distributed model, the SBE and the DBE entities reside on different network
elements. Logically, each of the SBE entities controls multiple DBE elements, and each DBE could
be controlled by multiple SBE entities. The SBE interacts with the DBE entities using a session
controller interface (SCI). The SCI interface supports the H.248 protocol.
In this model, the bearer always flows through the DBE, and the SBE participates only in the
signaling flow. This model must be used in conjunction with a third-party SBE that supports the
DBE H.248 profile.
Note For ACE SBC Release 3.0.00 or later, in the distributed model, the SBC can only function as an DBE;
it cannot function as an SBE.
Figure 1 illustrates the unified mode. Figure 2 illustrates the relationships between SBEs, DBEs, and
other network elements.
Figure 1 Relationships Between SBEs/DBEs and Other Network Elements in the Unified
Model
SBE/
DBE
UM
UM
Signaling
Media
PSTN
2
8
0
7
1
8
V
V
V
UM
1-3
OL-13499-04
SBC Features on the Cisco 7600 Series Router
Figure 2 Relationships Between SBEs/DBEs and Other Network Elements in the Distributed
Model
Note ACE SBC Release 3.0.00 or later supports only one virtual data border element (vDBE).
The Cisco 7600 series routers supports the following SBC features:
Network Address and Port Translation and NAT/FW Traversal, page 1-5
SBC QoSMarking, page 1-5
DoS Prevention, page 1-6
SBC Interworking Dual Tone Multifrequency, page 1-6
Unexpected Source Address Alerting, page 1-6
DBE
location 1
SBE
DBE
location 3
V
DBE
location 2
In this diagram, adjacencies 1, 2, and 3 have been
associated with the respective DBE locations. The first
(double line) call comes in over adjacency 1 and is
routed over adjacency 3. The second (single line) call
comes over adjacency 2 and is routed over adjacency 3.
The SBE picks a DBE from the appropriate location to
process the call media.
Signaling
Softswitch
Adjacency 3
Adjacency 1
Adjacency 2
Media
PSTN
1
4
9
5
9
3
V
V
V
V
V
1-4
OL-13499-04
SBC RedundancyHigh Availability, page 1-6
DBE Overload Reporting, page 1-7
Media Address Pools, page 1-7
FAX Support, page 1-7
SBC Multi-VRF, page 1-7
SBC Adjacencies, page 1-7
SBC Billing, page 1-8
SBC Policies, page 1-8
SBC Transcoding, page 1-8
SBC Firewall Traversal and Network Address Translator, page 1-8
SIP Method Profiles, page 1-8
Header Profiles, page 1-9
Restricting Codecs, page 1-9
SIP Tel URI Support, page 1-9
SIP Timer, page 1-9
H.323 Support, page 1-9
H.323-SIP Interworking, page 1-9
Tracking Policy Failure Statistics, page 1-9
SIP 3xx Redirect Responses, page 1-10
SIP Call Hold, page 1-10
SIP Call Transfer, page 1-10
SIP Outbound Authentication, page 1-10
SIP Inbound Authentication, page 1-10
SIP-I Transparency and Profile Support, page 1-10
SIP Configuration Flexibility, page 1-11
Implementing SBC QoS (Marking), page 1-11
DoS Prevention and Dynamic Blacklisting, page 1-11
Early Media, page 1-11
P-CSCF Support, page 1-11
Integration of Resource Management and SIP, page 1-11
IBCF Processing Support, page 1-11
SDP Attribute Passthrough, page 1-12
DBE Signaling Pinhole, page 1-12
Late-to-Early Media Internetworking, page 1-12
Secure Media Passthrough, page 1-12
VRF-Aware DNS Query, page 1-12
CAC Rate Limiting, page 1-12
Subscriber Policy, page 1-12
1-5
OL-13499-04
Support for Media Information, page 1-12
SIP PING Message Support, page 1-13
P-KT-UE-IP Feature, page 1-13
Routing Features, page 1-13
H.323 Performance Improvement, page 1-13
SIP Header Manipulation, page 1-13
SIP Statistics Per Adjacency, page 1-13
SDP Call Hold Interworking, page 1-13
Response Code Mapping, page 1-14
Provisional Response Filtering, page 1-14
Parameter Profiles, page 1-14
Codec Ordering, page 1-14
Improved Fast Register, page 1-14
Interchassis Redundancy, page 1-14
Network Address and Port Translation and NAT/FW Traversal
The DBE performs translation of IP addresses and port numbers (through Network Address and Port
Translation, or NAPT) in both directions and Network Address Translation (NAT) Traversal functions.
NAT converts an IP address from a private address to a public address in real time. It allows multiple
users to share one public IP address. The DBE can learn the NATs public address and latch onto it for
that flow.
SBC QoSMarking
The DBE supports statistics collections and re-marking of differentiated services code point (DSCP) bits
for egress traffic and media relay.
QoS Statistics Collections
The DBE saves all QoS statistics including packets transmitted/second and packets dropped for
exceeding allocated bandwidth on a per-call or per-interface basis. These statistics are available to the
control CPU using IPCP.
DSCP Remarkings
For each media-stream, the DBE receives a DSCP (differentiated services code point) value to use in the
RTP/RTCP packets. The DBE receives these values at the call setup time on a per-flow basis and
maintains the values as a part of the connection table entry. The DBE modifies the type of service (ToS)
bits in the IP header for each outgoing packet and update the checksum accordingly.
1-6
OL-13499-04
DoS Prevention
The Media Packet Forwarder (MPF) component for the SBC running on the Cisco 7600 series router
controls DoS prevention.
Traffic sent to spurious addresses is managed by the ingress line card and never reaches MPF.
Spoofed traffic sent to media addresses:
Usually fails flow classification. This traffic is sent to the IP stack with severe rate limiting.
May pass flow classification. If so, this traffic is forwarded in the media flow, but it is limited
according to the flow spec for the flow. Spoofed traffic sent to the H.248 address and port is passed
to the DBE without rate limiting and, hence, could cause undesirable effects because no
authentication is carried out on this traffic.
Because of this, you expect that the address used by H.248 is only be reachable from within the
trusted network between the DBE and other SBC components. We recommend a setup of a separate
(SBC) interface whose address is only reachable from the private network. Use this setup
exclusively for H.248 traffic.
MPF applies a single rate limit of 10 packets per second to all traffic punted to the IP stack. However,
there should be no legitimate traffic being sent to the DBE media addresses that needs punting other than
the occasional ICMP ping. Hence, this rate limit should not affect any real traffic.
The MPF is only able to protect traffic addressed to one of the SBC Interface addresses. Rogue traffic
sent to other local addresses on the Cisco 7600 router must be policed by other Cisco IOS mechanisms.
SBC Interworking Dual Tone Multifrequency
The SBC automatically selects the best dual tone multifrequency (DTMF) signaling technique based on
the capabilities of the endpoints in a call. DTMF interworking is employed only if the caller and callee
support non-overlapping DTMF event mechanisms (for example, if the caller supports sending DTMF
using the SIP INFO method only and the callee supports receiving DTMF using in-channel RFC 2833
RTP signaling only).
For more details, see Chapter 4, Implementing SBC Interworking DTMF.
Unexpected Source Address Alerting
The SBC provides alerts for any unexpected source addresses that are received. After an unexpected
source address is received, a log is created and an SNMP trap is generated.
For more details, see Chapter 5, Unexpected Source Address Alerting.
SBC RedundancyHigh Availability
The SBC fault tolerance is based on a 1:1 paired-protection model. For each service card running active
SBC components, there can be one service card providing failure protection. The same services must be
provisioned on both cards (one as the primary card, one as the standby card), and the service cards are
then said to be paired. Although from a Cisco 7600 series router perspective, service cards are always
running in active mode, SBC services running on these cards run as either the primary service or the
standby service.
For more details, see Chapter 6, Implementing SBC RedundancyHigh Availability.
1-7
OL-13499-04
DBE Overload Reporting
The SBC provides detailed reporting of the DBE overload conditions.
For more details, see Chapter 7, Configuring Data Border Element Overload Reporting.
Media Address Pools
The SBC provides you with the ability to configure the SBC using a single media address or a range of
media addresses. In addition you can define one or more permissible port ranges for the configured
addresses. This feature allows the administrator to configure or restrict the DBE address by address pool
with or without port range, and define CoS affinity for each port range.
For more information, see Chapter 8, Media Address Pools.
FAX Support
The SBC supports different types of fax over IP calls, using either SIP or H.323.
For more information, see Chapter 9, Fax Support.
SBC Multi-VRF
The SBC support for multi-VRF (virtual''virtual routing and forwarding'' routing and forwarding)
on customer edge (CE) devices (that is, customer premise routers) feature provides the capability of
suppressing provider edge (PE) checks that act to prevent loops when the PE is performing a mutual
redistribution of packets. Multi-VRF:
Allows for the use of only one router to accomplish the tasks that multiple routers usually perform.
Runs on a network without the requirement of Multiprotocol Label Switching (MPLS) and Border
Gateway Protocol (BGP) installed.
For more details, see Chapter 10, Implementing SBC Multi-VRF.
SBC Adjacencies
Accounts and adjacencies are the key objects used to control signaling. An account represents a service
relationship with a remote organization on the SBE with which the SBC interacts. Within each account,
one or more signaling adjacencies must be defined to connect the SBC to devices within that
organization.
An adjacency represents a signaling relationship with a remote call agent. There is one adjacency defined
per external call agent. The adjacency is used to define protocol-specific parameters as well as admission
control and routing policy. Each adjacency belongs within an account. Each incoming call is matched to
an adjacency, and each outgoing call is routed out over a second adjacency.
For more details, see Chapter 11, Implementing SBC Adjacencies.
1-8
OL-13499-04
SBC Billing
The SBC billing component includes the following core features:
Compatibility with existing billing systemsSBC billing fits seamlessly into a providers existing
billing architecture, using existing mechanisms to obtain billing information similar to existing
solutions.
Integration with next-generation technologies and solutionsThe SBC employs next-generation
billing technologies so that service information from SBC, softswitches, voicemail, and unified
messaging applications can be collated and billed in a distributed environment.
The function of the billing component can be broadly divided into two modes:
Standalone, record-based call logging.
Third-party integrated, distributed RADIUS-based call and event logging.
For more details, see Chapter 12, Implementing SBC Billing.
SBC Policies
An SBC policy is a set of rules configured on the SBE that defines how different kinds of VoIP events
are treated by the SBC. An SBC policy allows the user to control the VoIP signaling and media that
passes through the SBC at an application level.
For more details, see Chapter 13, Implementing SBC Policies.
SBC Transcoding
Transcoding is the process of translating a media stream encoded using one codec into a media stream
encoded using another codec. For example, translating a media stream encoded as pulse code modulation
u-law (PCMU) into one encoded as ITU-T G.726-32.
For more details, see Chapter 14, Implementing SBC Transcoding.
SBC Firewall Traversal and Network Address Translator
The SBC enables VoIP signaling and media to be received from and directed to a device behind a firewall
and NAT (network address translator) at the border of an adjacent network, without requiring the device
or firewall to be upgraded. In brief, the SBC achieves this by rewriting the IP addresses and ports in the
call signaling headers and the SDP blocks attached to these messages. SBC does not support options for
keeping pinholes open. Instead, SBC registers messages for signaling pinhole maintenance and
RTP packets for media.
For more details, see Chapter 15, Implementing SBC Firewall Traversal and NAT.
SIP Method Profiles
SIP method profiles are used to control which SIP requests are accepted (whitelists) and which requests are
rejected (blacklists) based on the method of the request.
For more details, see Chapter 16, SIP Profiles on the Session Border Controller.
1-9
OL-13499-04
Header Profiles
Header profiles are used to control which headers are passed through (whitelists) and which headers are
discarded (blacklists) on SIP messages.
For more details, see Chapter 16, SIP Profiles on the Session Border Controller.
Restricting Codecs
The SBC is hard-coded with a set of recognized codecs including all commonly used voice and video
codecs.
For more details, see Chapter 17, Restricting Codecs.
SIP Tel URI Support
The SBC supports Tel Uniform Resource Identifier (tel URI) in SIP messages, permitting call set up
from a SIP IP-phone or SIP User Agent Application to an endpoint in the Public Switched Telephone
Network (PSTN).
For more details, see Chapter 18, SIP Tel URI Support.
SIP Timer
The SIP Timer feature configures a number of SIP timers.
For more details, see Chapter 19, SIP Timer.
H.323 Support
H.323 allows multimedia products and applications from multiple vendors to interoperate and
communicate without concern for compatibility.
For more details, see Chapter 20, H.323 Support.
H.323-SIP Interworking
The H.323-SIP interworking feature allows interworking between SIP and H.323 for Voice over IP
(VoIP) service providers.
For more details, see Chapter 21, H.323-SIP Interworking.
Tracking Policy Failure Statistics
The tracking policy failure statistics feature tracks the number of calls that the SBC rejected based on
the rules established in the number analysis policies, routing policies, or Call Admission Control (CAC)
policies.
For more details, see Chapter 22, Tracking Policy Failure Statistics.
1-10
OL-13499-04
SIP 3xx Redirect Responses
The SIP 3xx redirect response feature configures the SBC to process SIP 3xx responses.
For more details, see Chapter 23, SIP 3xx Redirect Responses.
SIP Call Hold
The SIP call hold feature provides a standard telephony service of putting a caller on hold.
For more details, see Chapter 24, SIP Call Hold.
SDP Call Hold Interworking
The SDP call hold interworking provides two ways of setting up call hold using SIP.
SIP Call Transfer
The SIP call transfer feature allows a wide variety of decentralized multiparty call operations.
For more details, see Chapter 25, SIP Call Transfer.
SIP Outbound Authentication
The SIP outbound authentication feature allows network entities that communicate using SIP to
challenge one another to determine if authorization exists to transmit SIP signaling into the challengers
network.
For more details, see Chapter 26, SIP Outbound Authentication.
SIP Inbound Authentication
The SIP inbound authentication feature provides two modes (local and remote) of SIP inbound
authentication to challenge inbound SIP requests.
For more details, see Chapter 27, SIP Inbound Authentication.
SIP-I Transparency and Profile Support
This feature enables the SBC to pass through the ISDN User Part (ISUP) parameters in SIP messages
that may have been added by a SIP or Public Switched Telephone Network (PSTN) interworking
gateway.
For more details, see Chapter 30, SIP-I Transparency and Profile Support.
1-11
OL-13499-04
SIP Configuration Flexibility
This feature offers flexibility when configuring different features of a SIP adjacency.
For more details, see Chapter 29, SIP Configuration Flexibility.
Implementing SBC QoS (Marking)
This feature provides quality of service (QoS) profiles that the integrator configures for IP packet
marking on the data path.
For more details, see Chapter 28, Implementing SBC QoS (Marking).
DoS Prevention and Dynamic Blacklisting
The denial of service (DoS) prevention and dynamic blacklisting feature blocks malicious endpoints from
attacking the network.
For more details, see Chapter 31, DoS Prevention and Dynamic Blacklisting.
Early Media
The early media feature allows two user agents to communicate before a call is actually established.
For more details, see Chapter 32, Early Media.
P-CSCF Support
The P-CSCF functions as a proxy server for the user equipment; all SIP signaling traffic to and from the
user equipment must go through the P-CSCF.
For more details, see Chapter 35, P-CSCF Support.
Integration of Resource Management and SIP
This feature allows call endpoints to determine whether resources are fully reserved for a media stream
before using it.
For more details, see Chapter 36, Integration of Resource Management and SIP.
IBCF Processing Support
This feature allows the SBC to perform the role of an Interconnection Border Control Function (IBCF)
Session Initiation Protocol (SIP) border gateway, both managing requests across a network border
between IP Multimedia Subsystem (IMS) core networks and interworking with non-IMS core networks,
such as H.323 networks.
For more details, see Chapter 37, IBCF Processing Support.
1-12
OL-13499-04
SDP Attribute Passthrough
The SDP attribute passthrough feature allows the user to change or add certain kinds of attribute lines.
For more details, see Chapter 38, Configuring SIP SDP Attribute Passthrough.
DBE Signaling Pinhole
The DBE signaling pinhole feature allows the user to configure a media address pool for signaling
pinholes to allow the DBE to forward signaling packets to the SBE.
For more details, see Chapter 8, Media Address Pools.
The late-to-early media internetworking feature supports interworking on a per-adjacency basis between
late and early media.
For more details, see Chapter 33, Late-to-Early Media Internetworking.
Thesecure media passthrough feature allows the SBC to reserve additional bandwidth to ensure that the
DBE will allow secure media packets to pass through.
For more details, see Chapter 34, Secure Media Passthrough.
VRF-Aware DNS Query
This feature allows allows DNS queries to be performed on a per-context basis.
For more details, see Chapter 10, Implementing SBC Multi-VRF.
CAC Rate Limiting
The CAC Rate Limiting feature provides for rate limiting all in-call and out-of-call messages.
Subscriber Policy
This feature provides the ability to configure the CAC limits.
This adds support for media information to billing messages.
1-13
OL-13499-04
For more information, see Chapter 12, Implementing SBC Billing.
Release 3.1.0 adds support for SIP PING messages defined in the IETF draft Midcom-unaware
NAT/Firewall Traversal.
For more information, see Chapter 15, Implementing SBC Firewall Traversal and NAT.
P-KT-UE-IP Feature
Release 3.1.0 provides support for P-KT-UE-IP headers.These headers are a type of P-headers used for
a variety of purposes within the networks, including charging and information about the networks a call
traverses.
For more information, see Chapter 16, SIP Profiles on the Session Border Controller.
Routing Features
Release 3.1.0 provides support for additional routing features including routing by category, source
number manipulation, least cost routing, weighted routing, time-based routing, and regular expression
routing.
H.323 Performance Improvement
Release 3.1.0 provides support for H.323 performance improvement.
For more details, see Chapter 20, H.323 Support.
SIP Header Manipulation
Release 3.1.0 provides support for SIP Header Manipulation.
SIP Statistics Per Adjacency
Release 3.1.0 provides support for SIP Statistics per adjacency. This feature allows you to configure the
collection of SIP message statistics at the level of adjacencies.
Release 3.1.0 provides support for SDP call hold interworking. This feature provides two ways for
setting up call hold using SIP.
1-14
OL-13499-04
Supported MIBs
Response Code Mapping
Release 3.1.0 provides support for Response code mapping. This feature provides an ability to
manipulate the SIP response codes when the messages traverse through the SBC.
Provisional Response Filtering
Release 3.1.0 provides support for provisional response filtering. Provisional response filtering makes it
possible to block 183 responses sent by endpoints.
Parameter Profiles
Release 3.1.0 provides support for parameter profiles.
Codec Ordering
Release 3.1.0 provides support for codec ordering.
For more details, see Chapter 17, Restricting Codecs.
Improved Fast Register
Release 3.1.0 provides support for improved fast register.
Interchassis Redundancy
Release 3.1.0 provides support for interchassis redundancy.
For more details, see Chapter 6, Implementing SBC RedundancyHigh Availability
Supported MIBs
The following MIBs are supported in ACE SBC Release 2.0.00 and later for the SBC on the Cisco 7600
series router:
CISCO-STACK-MIB
ENTITY-MIB
1-15
OL-13499-04
Supported MIBs
CISCO-SESSION-BORDER-CONTROLLER-EVENT-MIB
CISCO-SESSION-BORDER-CONTROLLER-CALL-STATS-MIB
For more information about MIB support on a Cisco 7600 series router, refer to the Cisco 7600 Series
Internet Router MIB Specifications Guide at:
http://www.cisco.com/en/US/products/hw/routers/ps368/prod_technical_reference_list.html
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use
Cisco MIB Locator found at:
http://tools.cisco.com/ITDIT/MIBS/servlet/index
If Cisco MIB Locator does not support the MIB information that you need, you can also obtain a list of
supported MIBs and download MIBs from the Cisco MIBs page at:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
To access Cisco MIB Locator, you must have an account on Cisco.com. If you have forgotten or lost your
account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify
that your e-mail address is registered with Cisco.com. If the check is successful, account details with a
new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com
by following the directions found at:
http://www.cisco.com/register
1-16
OL-13499-04
Supported MIBs
C H A P T E R
2-1
OL-13499-04
2
ACE Configuration Prerequisites for the SBC
The SBC application runs on an Application Control Engine (ACE) module (hereafter called ACE). The
ACE runs its own software. For more information on the ACE and for the ACE software release notes,
see http://www.cisco.com/en/US/products/ps6906/tsd_products_support_model_home.html.
The ACE maintains a primary role as the SBC services card.
Note When running an SBC image on the ACE module, Only SBC functionality is supported. ACL
configuration is not supported.
This chapter contains the following sections:
Restrictions and Usage Guidelines, page 2-1
Bringing Up the ACE, page 2-2
Verifying ACE Status as Active SBC Services Card, page 2-18
Additional Information, page 2-18
Feature History for Implementing SBC Configuration Prerequisites
Restrictions and Usage Guidelines
When configuring SBC on the Cisco 7600 series router, follow these restrictions and usage guidelines:
Hardware:
Chassis supported: Cisco 7604, Cisco 7606, Cisco 7606-S, Cisco 7609-S, Cisco 7609, Cisco
7613
Maximum of 9 ACEs can be supported with SBC functionality in Cisco 7600 router
All existing line cards that interoperate with ACE are supported
Supervisors supported with ACE module: 720-3B, 720-3BXL, RSP720-C, and RSP720-CXL
Software:
Release Modification
Release 12.2(33)SRC Added support for ACE20-SBC-K9 with Route Switching Processor
720-1GE.
Release 12.2(33)SRB1 Added support for ACE20-SBC-K9 with Supervisor Engine 720.
2-2
OL-13499-04
Bringing Up the ACE
10,000 number of concurrent connections
Less than 1 ms latency and jitter
Max VLANS 2000
Max shared VLANS100
Max VPNS250
Bringing Up the ACE
Before you can configure the SBC, you need to configure the ACE to do the following tasks:
Pass traffic from the supervisor engine in the Cisco 7600 series router to the ACE
Allow network connectivity
Perform remote management through Telnet
This section describes how to accomplish these tasks:
Configuring VLANs and Interfaces for the ACE on the Supervisor, page 2-2
Sessioning and Logging In to the ACE, page 2-3
Assigning a Name to the ACE, page 2-4
Configuring ACE Infrastructure, page 2-4
Configuring a Static Route, page 2-8
Accessing the ACE Using a Telnet Session, page 2-10
Upgrading the SBC Image on the ACE, page 2-11
Configuring VLANs and Interfaces for the ACE on the Supervisor
Before the ACE can receive traffic from the supervisor engine in the Cisco 7600 series router, you must
create VLAN groups on the supervisor engine, and then assign the groups to the ACE. After you
configure the VLAN groups on the supervisor engine for the ACE, you can configure the VLAN
interfaces on the ACE.
In Cisco IOS software, you can create one or more VLAN groups, and then assign the groups to the ACE.
For example, you can assign all VLANs to one group, or you can create a group for each customer.
You cannot assign the same VLAN to multiple groups; however, you can assign multiple groups to an
ACE. For example, VLANs that you want to assign to multiple ACEs can reside in a separate group from
VLANs that are unique to each ACE.
Note Before you begin, contact your network administrator to determine which VLANs and addresses are
available for use by the ACE.
To configure VLANs for the ACE using Cisco IOS software, perform the following steps:
1. Connect to the supervisor engine to open a session. For example, use Telnet to connect to the
supervisor at the IP address 172.19.110.5 as follows:
linux$ telnet 172.19.110.5
User Access Verification
2-3
OL-13499-04
Bringing Up the ACE
Password: cisco
Router#
2. Create VLANs for SBC route.
Router# config
Router(config)# vlan 87
Note A VLAN for the SBC VRF route is optional; a VLAN for the FT is mandatory (even for a
standalone).
3. Create VLAN interfaces on the supervisor for the FT.
Router(config)# interface vlan23
Router(config)# ip address 23.23.23.1 255.255.255.0
!
4. Create VLAN interfaces on the supervisor for signaling and media addresses.
!
5. Create VLAN groups for the ACE modules by using the svclc vlan-group group_number
vlan_range command in configuration mode.
Router# config
Router(config)# svclc vlan-group 23 23
Router(config)# svclc vlan-group 200 87, 99
If using multiple signaling VLANs per ACE module, you must configure the following:
Router(config)# svclc multiple-vlan-interfaces
6. Assign the VLAN groups to the ACEs by using the svc module slot_number vlan-group
group_number_range command.
Router(config)# svclc module 3 vlan-group 23,200
Router(config)# svclc module 4 vlan-group 23,200
7. View the group configuration for the ACE and the associated VLANs by using the show svclc
vlan-group command:
Router(config)# exit
Router# show svclc vlan-group
8. View VLAN group numbers for all modules by using the show svc module command:
Router# show svclc module
Sessioning and Logging In to the ACE
You can access the ACE two ways from the supervisor engine:
Using a Telnet session. For information on accessing the ACE using a Telnet session, see Accessing
the ACE Using a Telnet Session, page 2-10
Using the the session command. See below.
2-4
OL-13499-04
Bringing Up the ACE
To initially session and log in to the ACE, perform the following steps:
1. Session into the ACE from the supervisor engine by using the session command from the supervisor
engine. For example, to session into the ACE in slot 5:
Router# session slot 5 processor 0
2. At the login prompt, log into the ACE by entering the login username and password. By default, the
username and password are admin:
router login: admin
Password: admin
When the following prompt appears, you are ready to use the ACE command line interface (CLI):
switch/Admin#
To change the default login username and password, see the Cisco Application Control Engine
Module Administration Guide.
3. To prevent this current session from timing out, use the terminal session-timeout command and set
it to 0. By default, a session on the ACE is automatically logged out after 5 minutes of inactivity:
switch/Admin# terminal session-timeout 0
4. Disable the inactivity timeout when you log in to the ACE again by using the login timeout
command in configuration mode. For example:
a. Access configuration mode by using the configure command in Exec mode:
switch/Admin# configure
Enter configuration commands, one per line. End with CNTL/Z
switch/Admin(config)#
b. Disable the inactivity timer by setting the login timeout command to 0:
switch/Admin(config)# login timeout 0
Assigning a Name to the ACE
The hostname is used for the command-line prompts and default configuration filenames. If you
establish sessions to multiple devices, the hostname helps locations of entered commands. By default,
the hostname for the ACE is switch.
To change the hostname for the ACE, use the host command. Enter a case-sensitive name that contains
from 1 to 32 alphanumeric characters. For example, to change the hostname of the ACE from switch to
host1, enter:
switch/Admin(config)# hostname host1
The prompt appears with the new hostname:
host1/Admin(config)#
Configuring ACE Infrastructure
Configuring ACE infrastructure consist of the following activities:
Configuring the VLAN Interface for Admin Context, page 2-5
Configuring the FT VLAN Interface, page 2-5
2-5
OL-13499-04
Bringing Up the ACE
Configuring the FT Peer, page 2-6
Configuring the FT Group, page 2-6
Assigning an IP Address to the ACE, page 2-7
Configuring the VLAN Interface for Admin Context
On the ACE, you must configure VLAN interfaces for Admin context:
1. Configure the interface for administrative context by using the interface vlan command.
host1/Admin(config)# interface vlan 87
2. Assign an IP address to the VLAN interface for client connectivity by using the ip address
command.
host1/Admin(config-if)# ip address 88.103.29.2 255.255.255.0
3. Configure an IP address that floats between active and standby modules for the VLAN interface by
using the alias command.
host1/Admin(config-if)# alias 88.103.29.100 255.255.255.0
4. Configure the IP address for the standby ACE for the interface VLAN.
host1/Admin(config-if)# peer ip address 88.103.29.3 255.255.255.0
5. Enable the interface by using the no shutdown command:
host1/Admin(config-if)# no shutdown
6. Configure the VLAN interface for administrative context by using the interface vlan command.
command.
8. Configure an IP address that floats between active and standby modules for the VLAN interface by
using the alias command.
9. Configure the IP address of the standby ACE for the VLAN interface.
host1/admin(config-if)# no shutdown
Configuring the FT VLAN Interface
Configuring the FT VLAN interface is mandatory even on standalone configurations. Proceed as
follows:
1. Create a dedicated fault tolerance (FT) VLAN over which two redundant peers communicate using
the ft interface vlan command.
host1/Admin(config)# ft interface vlan 23
2-6
OL-13499-04
Bringing Up the ACE
command.
host1/Admin(config)# ip address 23.23.23.10 255.255.255.0
3. Configure the IP address of a standby module for the VLAN interface by using the peer ip address
command.
host1/Admin(config)# peer ip address 23.23.23.11 255.255.255.0
host1/Admin(config)# no shutdown
Caution When modifying the FT VLAN interface :
1. Remove SBC.
2. Remove FT group.
3. Remove FT peer.
4. Modify FT VLAN.
4. Re-add FT peer.
5. Re-add group.
6. Re-add SBC.
Configuring the FT Peer
Configure the FT peer as follows:
Note The default values are 300 for the heartbeat count and 10 for the heartbeat interval; if you don't
set any other values, they will default to these values.
1. Create an FT peer and enter the FT peer configuration mode using the ft peer command.
host1/Admin(config)# ft peer 1
2. Configure the heartbeat interval using the heartbeat command.
host1/Admin(config-ft-peer)# heartbeat interval 300
3. Configure the heartbeat interval using the heartbeat command.
host1/Admin(config-ft-peer)# heartbeat count 10
4. Associate the existing FT VLAN with a peer using the ft-interface vlan command.
host1/Admin(config)# ft-interface vlan 23
Configuring the FT Group
Note Due to the nature of the SBC application, preemption is not supported in inter or intra-chassis HA mode.
2-7
OL-13499-04
Bringing Up the ACE
Configure the FT group as follows:
1. Create an FT group and access the FT group configuration mode using the ft group command.
host1/Admin(config)# ft group 1
2. Use the peer command to associate a peer ACE with an FT group.
host1/Admin(config-ft-group)# peer 1
3. Use the priority command to configure the priority of the active group member.
host1/Admin(config-ft-group)# priority 127
4. Use the peer priority command to configure the priority of an FT group on the remote standby
member.
host1/Admin(config-ft-group)# peer priority 126
5. Use the associate-context command to associate a context with an FT group.
host1/Admin(config-ft-group)# associate-context Admin
6. Place the FT group in service using the inservice command.
host1/Admin(config-ft-group)# inservice
Assigning an IP Address to the ACE
After you assign the VLANs to the ACE, you can assign an IP address to the ACE for client connectivity
over the network.
Note The ACE requires a route back to the client before it can forward a request to a server. Otherwise, a flow
cannot be established.
Use the show vlans command in Exec mode for the Admin context to display the ACE VLANs
downloaded from the supervisor engine. Because show commands are available in Exec mode, you can
use these commands from any configuration mode by including the do command. For example, enter:
host1/Admin(config)# do show vlans
Vlans configured on SUP for this module
vlan55-57 vlan100
To configure a VLAN interface on the ACE and access interface mode to configure the interface
attributes:
1. Access interface configuration mode for the VLAN by using the interface vlan command. For
example, to create interface VLAN 87, enter:
host1/Admin(config-if)#
command. For example, to set the IP address of 88.103.29.2 255.255.255.0 for the ACE, enter:
3. Configure an IP address that floats between active and standby modules for a VLAN by using the
alias command (this step is mandatory for standalone setup). For example, to configure an alias IP
address and mask of 88.103.29.100 255.255.255.0 for the ACE, enter:
2-8
OL-13499-04
Bringing Up the ACE
Note This is a requirement for SBC on the Cisco 7600 series routers. The alias ip address must
match the control address.
4. Configure the IP address of a standby module for the VLAN interface by using the peer ip address
command (this step is mandatory for standalone setup). For example, to configure an IP address and
mask for the peer module 88.103.29.3 255.255.255.02 for the ACE, enter:
Note This is a requirement for SBC on the Cisco 7600 series routers. The alias ip address must
match the control address.
5. Provide a description for the interface by using the description command:
host1/Admin(config-if)# description Client side connectivity
7. Verify that VLAN 87 is up by using the show interface command:
host1/admin(config-if)# do show interface vlan 87
8. To verify network connectivity, use the ping command:
host1/admin(config-if)# do ping 88.103.29.1
9. To display the ARP table, use the show arp command:
host1/admin(config-if)# do show arp
10. Reenter configuration mode by using the exit command:
host1/admin(config-if)# exit
host1/admin(config)#
11. To display the ACE routing table, use the show ip route command:
host1/Admin(config)# do show ip route
Configuring a Static Route
The static route identifes the IP address to which the ACE sends IP packets for remote peer signaling
addresses and to remote media addresses. To set a static route, use the ip route dest_ip_prefix netmask
gateway_ip_address command.
Static routes are necessary for remote peer signaling addresses.
Note See Chapter 3, SBC Configuration, for information on configuring adjacencies.
adjacency sip Access
signaling-address ipv4 88.103.29.100
remote-address ipv4 200.200.200.0 255.255.255.0
signaling-peer 200.200.200.118
attach
2-9
OL-13499-04
Bringing Up the ACE

adjacency sip Core
attach
For example, to create static routes for the remote peer signaling addresses above, enter:
host1/Admin(config)# ip route 200.200.200.0 255.255.255.0 88.103.29.1
Addtionally, in the case of a SIP proxy, additional (hairpin) static routes are necessary.
Note Hairpin static routes must be /32 bit mask (fully qualified). Summary or default routes should not be
used.
Note The forwarding address can be the IP address for the VLAN interface on the supervisor.
Static routes are necessary for remote media addresses.
dbe
media-address ipv4 22.22.179.10
activate
For example, to create static routes for the remote media address above, enter:
Note The media address routes are not necessary if local and remote media addresses are on the same subnet
as the signaling addresses.
Hairpin Static Route Guidelines
Hairpin refers to IP traffic going from the SBC on the ACE through the supervisor on the Cisco 7600
series router and then looping back to the SBC on the ACE. For hairpin static routes, use the following
guidelines:
If the media address is the same as the signaling alias address:
Add a static route on the ACE pointing to an address on the supervisor side, typically the VLAN
supervisor address.
If the media address is different from the signaling alias address:
Add a static route on the ACE pointing to an address on the supervisor side, typically the VLAN
supervisor address.
Add a static route on the supervisor pointing to ACE VLAN alias address.
Disable any ICMP redirects on the VLAN interface to the ACE as shown below:
host1/Admin(config)# interface vlan340
2-10
OL-13499-04
Bringing Up the ACE
host1/Admin(config-if)# no ip redirects
Accessing the ACE Using a Telnet Session
This section explains how to access the ACE using a Telnet session using the configurations shown.
Supervisor configuration:
svclc multiple-vlan-interfaces
svclc vlan-group 24 24
svclc module 3 vlan-group 23,24,200
!
interface Vlan24
ip address 2.4.48.25 255.255.0.0
end
interface GigabitEthernet1/48
switchport
switchport access vlan 24
switchport mode access
no cdp enable
end
ACE configuration:
interface vlan 24
ip address 2.4.48.3 255.255.0.0
alias 2.4.48.10 255.255.0.0
peer ip address 2.4.48.4 255.255.0.0
no shutdown
After the supervisor and ACE configurations are completed, you can use Telnet to access the ACE using
its IP address. To use Telnet to access the ACE:
1. Connect to the supervisor engine to open another session. For example, enter:
linux$ telnet 2.4.48.25
Trying 2.4.48.25...
Connected to 2.4.48.25.
Escape character is '^]
Router#
2. Use Telnet to verify that you can access the ACE interface. For example, to access the ACE from
the VLAN IP address of 2.4.48.10, enter:
linux% telnet 2.4.48.10
Trying 2.4.48.10...
Connected to 2.4.48.10.
Escape character is '^]'.
(Alternately, telnet 127.0.0.x0 where x is the slot number)
3. At the prompt, log in to the ACE. Enter the admin login username and the admin password:
host1 login: admin
Password:
Cisco Application Control Software (Session Border Controller)
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2007, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
2-11
OL-13499-04
Bringing Up the ACE
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.
host1/Admin#
4. Display the Telnet session by using the show telnet command:
host1/Admin# show telnet
Upgrading the SBC Image on the ACE to Release 3.1.00
Upgrading to release 3.1.0 is markedly different from the upgrade procedures that follow. For
information on upgrading to Release 3.1.00, refer to Appendix D, Upgrading to Release 3.1.00.
Upgrading the SBC Image on the ACE
Note When running a supervisor engine with Cisco IOS Release 12.2(33)SRD, TFTP times out when
attempting to copy an image to an ACE module in that chassis. The ACE module is currently running
an SBC image and can boot with eobc from ROMMON, but once booted, it cannot use a TFTP image
from the RSP720-3C-10GE to the ACE directly. This occurs because an internal VRF (iVRF) security
feature is enabled (the default behavior). To prevent this problem, we recommend that you use the
platform ivrf disable command to disable iVRF. The no platform ivrf disable command resets to the
default behavior. You can use the show platform ivrf command to display current status.
Note You can only TFTP from the supervisor.
To install a new SBC image on the ACE module, you need to copy the image to the ACE module and
then reload the ACE module.
1. Copy the SBC image to a local disk on the supervisor engine.
host1/Admin# copy tftp://172.69.17.19/tftpboot/user/c76-sbck9-mzg.3.0.1_AS1_1.bin
disk1:
Destination filename [c76-sbck9-mzg.3.0.1_AS1_1.bin]?
Accessing tftp://172.69.17.19/tftpboot/user/c76-sbck9-mzg.3.0.1_AS1_1.bin...
Loading tftpboot/user/c76-sbck9-mzg.3.0.1_AS1_1.bin from 172.69.1.129 (via Vlan109):
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 32184696 bytes]
32184696 bytes copied in 167.276 secs (192405 bytes/sec)
2. Copy the SBC image from the supervisor engine to the SBC image partition (/mnt/cf) on the ACE
module. The destination IP address will be 127.0.0.x0, where x is the slot number. In this example,
we are copying the image to ACE module in slot 13, so the IP address is 127.0.0.130.
host1/Admin# copy disk1:c76-sbck9-mzg.3.0.1_AS1_1.bin tftp://127.0.0.130/mnt/cf/
Address or name of remote host [127.0.0.130]?
Destination filename [mnt/cf/c76-sbck9-mzg.3.0.1_AS1_1.bin]?
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
2-12
OL-13499-04
Bringing Up the ACE
3. Now that the new SBC image is on the ACE module, you must configure the ACE module to
autoboot from the new image:
host1/Admin# config t
Enter configuration commands, one per line. End with CNTL/Z.
host1/Admin(config)# boot system image:c76-sbck9-mzg.3.0.1_AS1_1.bin
host1/Admin(config)# config-register 1
host1/Admin(config)# end
4. Use the show bootvar command to confirm the ACE module autoboots from the new image.
host1/Admin# show bootvar
BOOT variable = "disk0:c76-sbck9-mzg.3.0.1_AS1_1.bin"
Configuration register is 0x1
5. Reload the ACE card to boot up with the new SBC image:
host1/Admin# reload
This command will reboot the system
Save configurations for all the contexts. Save? [yes/no]: [yes]
Generating configuration....
running config of context Admin saved
Perform system reload. [yes/no]: [yes]
BC7613_13/Admin#
Unmounting ext3 filesystems...
Unmounting FAT filesystems...
Unmounting done...
System Bootstrap, Version 12.2[120],
Copyright (c) 1994-2006 by Cisco Systems, Inc.
Slot D : Running DEFAULT rommon image ...
ACE platform with 1048576 Kbytes of main memory
Loading disk0:c76-sbck9-mzg.3.0.1_AS1_1.bin. Please wait ....
Uncompressing Linux...
Starting the kernel...
Upgrading the SBC Image for Redundant ACE Modules
Note When running a supervisor engine with Cisco IOS Release 12.2(33)SRD, TFTP times out when
attempting to copy an image to an ACE module in that chassis. The ACE module is currently running
an SBC image and can boot with eobc from ROMMON, but once booted, it cannot use a TFTP image
from the RSP720-3C-10GE to the ACE directly. This occurs because an internal VRF (iVRF) security
feature is enabled (the default behavior). To prevent this problem, we recommend that you use the
platform ivrf disable command to disable iVRF. The no platform ivrf disable command resets to the
default behavior. You can use the show platform ivrf command to display current status.
Note You can only TFTP from the supervisor.
To upgrade the SBC image of a redundant pair of ACE modules without impacting service, you proceed
in a manner similar to upgrading the SBC image on the ACE. In this procedure, we are upgrading from
image 3.0.0 to image 3.0.1.
1. Copy the SBC image to a local disk on the supervisor engine.
2-13
OL-13499-04
Bringing Up the ACE
SUP720# copy tftp://172.69.17.19/tftpboot/user/c76-sbck9-mzg.3.0.1_AS3_0_01.bin
disk1:
Destination filename [c76-sbck9-mzg.3.0.1_AS3_0_01.bin]?
Accessing tftp://172.69.17.19/tftpboot/user/c76-sbck9-mzg.3.0.1_AS3_0_01.bin...
Loading tftpboot/user/c76-sbck9-mzg.3.0.1_AS3_0_01.bin from 172.69.1.129 (via
Vlan109):
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 32184696 bytes]
2. Copy the SBC image from the supervisor engine to the SBC image partition (/mnt/cf) on the standby
ACE module. The destination IP address will be 127.0.0.x0, where x is the slot number. In this
example, we are copying the image to ACE module in slot 13, so the IP address is 127.0.0.130.
SUP720# copy disk1:c76-sbck9-mzg.3.0.1_AS3_0_01.bin tftp://127.0.0.130/mnt/cf/
Destination filename [mnt/cf/c76-sbck9-mzg.3.0.1_AS3_0_01.bin]?
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
3. Copy the SBC image from the supervisor engine to the SBC image partition (/mnt/cf) on the active
ACE module. The destination IP address will be 127.0.0.x0, where x is the slot number. In this
example, we are copying the image to ACE module in slot 12, so the IP address is 127.0.0.120.
SUP720# copy disk1:c76-sbck9-mzg.3.0.1_AS3_0_01.bin tftp://127.0.0.120/mnt/cf/
Destination filename [mnt/cf/c76-sbck9-mzg.3.0.1_AS3_0_01.bin]?
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

4. Delete the old software entry in bootvar. Add 3.0.1 entry into bootvar and then add back the 3.0.0
entry into bootvar on active card_A, to synchronize to standby card_B. (by this, we created a
sequenced bootvar with new image as preferred, and old image as backup)
card_A/Admin# show ft group brief

FT Group ID: 1 My State:FSM_FT_STATE_ACTIVE Peer State:FSM_FT_STATE_STANDBY_HOT
Context Name: Admin Context Id: 0

card_A/Admin# show version
...
system image file: [LCP] disk0:c76-sbck9-mzg.3.0.1_AS3_0_00.bin
...
card_B/Admin# show ft group brief

FT Group ID: 1 My State:FSM_FT_STATE_STANDBY_HOT Peer State:FSM_FT_STATE_ACTIVE
card_B/Admin# show version
...
...

card_A/Admin# conf t
card_A/Admin(config)# no boot system image:c76-sbck9-mzg.3.0.1_AS3_0_00.bin
card_A/Admin(config)# boot system image:c76-sbck9-mzg.3.0.1_AS3_0_01.bin
card_A/Admin(config)# boot system image:c76-sbck9-mzg.3.0.1_AS3_0_00.bin
card_A/Admin(config)# config-register 1
2-14
OL-13499-04
Bringing Up the ACE
card_A/Admin(config)# end
card_A/Admin# show bootvar
BOOT variable = "disk0:c76-sbck9-mzg.3.0.1_AS3_0_01.bin;disk0:c76-sbck9-mzg.3.0
.1_AS3_0_00.bin"

card_B/Admin# show bootvar
.1_AS3_0_00.bin"
5. Reload standby on standby ACE card_B (the reload command is permitted in standby mode).
card_B/Admin# reload
Perform system reload. [yes/no]: [yes] y
card_B/Admin#

NOTE: Configuration mode is enabled on all sessions
Sending all processes the TERM signal...
card_B/Admin# Sending all processes the KILL signal...

switch login: Unmounting done...
INIT: Sending processes the KILL signal
Rebooting... Rest
Copyright (c) 1994-2008 by cisco Systems, Inc.
Slot 13: Running DEFAULT rommon image ...

.ACE platform with 1048576 Kbytes of main memory

.Loading disk0:c76-sbck9-mzg.3.0.1_AS3_0_01.bin. Please wait ....
a. If the 3.0.1 image fails to boot up with the new image, it will load the previous image that is
defined as the boot source in bootvar. You will need to delete the new software entry from
bootvar on card_A; this will be synchronized to standby card_B.


...
...


...
...

2-15
OL-13499-04
Bringing Up the ACE
.1_AS3_0_00.bin"
BOOT variable = "disk0:c76-sbck9-mzg.3.0.1_AS3_0_00.bin"

b. If the 3.0.1 image boots up but does not work well, you must rollback to the old image by
deleting the new software entry from bootvar on card_A (this will be synchronized to standby
card_B) and reloading standby card_B.


...
...


...
...

.1_AS3_0_00.bin"
card_B/Admin# reload
2-16
OL-13499-04
Bringing Up the ACE
c. If the 3.0.1 image boots up successfully, you will need to switchover to the card with the new
image by deleting the 3.0.1 entry from bootvar on the active card_A so that only the 3.0.0
software entry exist in bootvar. This is to ensure that after you switchover from A to B, A will
still start with 3.0.0 image as standby (you want to make sure card_B functions as the active
card with the 3.0.1 image before you load card_A with the 3.0.1 image).
Note If traffic is running, allowing time for state to synchronize after reloading the standby
card and before failing over to the active card will minimize the impact to calls in
progress.


...
...


...
...

BOOT variable = "disk0:c76-sbck9-mzg.devtest_18SEP08.bin;disk0:c76-sbck9-mzg.3.0
.1_AS3_0_00.bin"
card_A/Admin# ft switchover
This command will cause card to switchover (yes/no)? [no] y
6. If the 3.0.1 image works well as active, you need to delete the 3.0.0 software entry from bootvar
and add new software entry on new active card_B (this will be synchronized to standby card_A).
You will then need to reload standby card_A (it will now load the 3.0.1 image). The upgrade is
finished.


FT Group ID: 1 My State:FSM_FT_STATE_ACTIVE Peer State:FSM_FT_STATE_STANDBY_
HOT
...
...
2-17
OL-13499-04
Bringing Up the ACE

card_A/Admin# show ft group bri

FT Group ID: 1 My State:FSM_FT_STATE_STANDBY_HOT Peer State:FSM_FT_STATE_
ACTIVE

...
...

card_B/Admin# conf t
card_B/Admin(config)# no boot system image:c76-sbck9-mzg.3.0.1_AS3_0_00.bin
card_B/Admin(config)# boot system image:c76-sbck9-mzg.3.0.1_AS3_0_01.bin
card_B/Admin(config)# end

card_A/Admin# reload
card_A/Admin#

NOTE: Configuration mode is enabled on all sessions
Sending all processes the TERM signal...
card_B/Admin# Sending all processes the KILL signal...

switch login: Unmounting done...
INIT: Sending processes the KILL signal
Rebooting... Rest
Copyright (c) 1994-2008 by cisco Systems, Inc.
Slot 12: Running DEFAULT rommon image ...

.ACE platform with 1048576 Kbytes of main memory

.Loading disk0:c76-sbck9-mzg.3.0.1_AS3_0_01.bin. Please wait ....
a. If issues are observed after the 3.0.1 image becomes active, you will need to do a ft switchover
from card_B to card_A so that card_A with the 3.0.0 image is active: card_B will reload with
image 3.0.0.

...
...

2-18
OL-13499-04
Verifying ACE Status as Active SBC Services Card
...
...



card_B/Admin# ft switchover
This command will cause card to switchover (yes/no)? [no] y
Verifying ACE Status as Active SBC Services Card
To verify that the converted and configured ACE is properly running SBC services, run one of the
following commands:
show run sbc
show ft group detail
Additional Information
For additional information on configuring the supervior with an ACE, see the ACE configuration guides
at http://www.cisco.com/en/US/products/ps6906/tsd_products_support_model_home.html.
C H A P T E R
3-1
OL-13499-04
3
SBC Configuration
This chapter provides information on configuring the data border element (DBE) and signaling
borderelement (SBE) for the SBC unified and distributed models.
Note For ACE SBC Release 3.0.00, in the distributed model, the SBC can only function as an DBE; it cannot
function as an SBE.
Note Before upgrading from Release ACE SBC 3.0.1 or ACE SBC Release 3.0.2 to ACE SBC Release 3.1.0,
you must unconfigure billing. After the upgrade, you can reconfigure billing.
Caution Performing bulk running configurations from disk or using cut and paste or tftp: is not recommended
because it may cause CPU spikes that can trigger congestion leading to rejected calls.
Configuring Unified Model
This section contains information on configuring the unified model. It contains the following topics:
Configuring SBE in the Unified Model, page 3-1
Configuring DBE in the Unified Model, page 3-5
Configuring SBE in the Unified Model
This section describes how to configure a SBE on a Cisco 7600 series router:
Prerequisites
In the unified mode, you must configure the SBE before the DBE.
Ensure that CEF is enabled (the default) because the SBC DBE deployment on the Cisco 7600 router
is supported on the Cisco IOS Cisco Express Forwarding (CEF) switch path.
When running SBC with 500 or more active calls, configure the huge buffer size to 65535 bytes with
the buffer huge size 65535 command to ensure the buffer is large enough for H.248 audit responses.
3-2
OL-13499-04
Configure the FT group before configuring DBE.
You must configure the ACE to perform an SBC DNS lookup.
SUMMARY STEPS
1. configure
2. sbc sbc-name
3. sbe
4. adjacency sip adjacency-name
5. signaling-address ipv4 ipv4_IP_address
6. signaling-port port_num
7. remote-address ipv4 ip-address ip-mask
8. signaling-peer peer_name
9. signaling-peer-port port_num
10. attach
11. call-policy-set policy-set-id
12. first-call-routing-table table-name
13. rtg-src-adjacency-table table-id
14. entry entry-id
15. action
16. dst-adjacency target-adjacency
17. match-adjacency key
18. complete
19. active-call-policy-set policy-set-id
20. activate
21. end
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
host1/Admin# configure terminal
Enters global configuration mode.
Step 2 sbc sbc-name
Example:
host1/Admin(config)# sbc mySbc
Creates the SBC service on the SBC and enters into SBC
configuration mode.
Step 3 sbe
Example:
host1/Admin(config-sbc)# sbe
Enters the mode of the signaling border element (SBE)
function of the SBC.
3-3
OL-13499-04
Step 4 adjacency sip adjacency-name
Example:
host1/Admin(config-sbc-sbe)# adjacency sip
sipGW
Enters the mode of an SBE SIP adjacency.
Use the adjacency-name argument to define the name of the
service.
Step 5 signaling-address ipv4 ipv4_IP_address
Example:
host1/Admin(config-sbc-sbe-adj-sip)#
Specifies the local IPv4 signaling address of the SIP
adjacency.
Step 6 signaling-port port_num
Example:
signaling-port 5060
Specifies the local signaling port of the SIP adjacency.
Step 7 remote-address ipv4 ip-address ip-mask
Example:
remote-address 200.200.200.0 255.255.255.0
Restricts the set of remote signaling peers contacted over
the adjacency to those with the given IP address prefix.
Step 8 signaling-peer peer_address
Example:
Specifies the remote signaling peer for the SIP adjacency to
use.
Step 9 signaling-peer-port port_num
Example:
signaling-peer-port 5060
Specifies the remote signaling-peer port for the SIP
adjacency to use.
Step 10 attach
Example:
host1/Admin(config-sbc-sbe-adj-sip)# attach
Attaches the adjacency.
Step 11 call-policy-set policy-set-id
Example:
host1/Admin(config-sbc-sbe)# call-policy-set 1
host1/Admin(config-sbc-sbe-callpolicy)#
Enters the mode of routing policy set configuration within
an SBE entitiy, creating a new policy set, if necessary.
Step 12 first-call-routing-table table-name
Example:
first-call-routing-table ROUTE-ON-DEST-NUM
Configures the name of the first policy table to process
when performing the routing stage of policy for new-call
events.
3-4
OL-13499-04
Step 13 rtg-src-adjacency-table table-id
Example:
rtg-src-adjacency-table MySrcAdjTable
Enters the configuration mode of a routing table (creating
one if necessary) within the context of an SBE policy set
whose entries match the source adjacency.
Step 14 entry entry-id
Example:
host1/Admin(config-sbc-sbe-callpolicy-
rtgtable)# entry 1
Enters the mode for configuring an entry in a routing table,
creating the entry if necessary.
Step 15 action [next-table goto-table-name | complete |
reject]
Example:
host1/Admin(config-sbc-sbe-callpolicy-
rtgtable-entry)# action complete
Configures the action to take if this routing entry is chosen.
Possible actions are:
Set the name of the next routing table to process if the
event matches this entry. This is done using the
next-table keyword and the goto-table-name argument.
Complete the action using the complete keyword.
Reject the indicated action using the reject keyword.
Step 16 dst-adjacency target-adjacency
Example:
host1/Admin(config-sbc-sbe-callpolicy-rtgtable-
entry)# dst-adjacency SIP-AS540-PSTN-GW2
Configures the destination adjacency of an entry in a
routing table.
Step 17 match-adjacency target-adjacency
Example:
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-e
ntry)# match-adjacency ADJ1
Configures the match value of an entry in a number analysis
or routing table whose entries match against the source
adjacency.
Step 18 complete
Example:
host1/Admin(config-sbc-sbe-cacpolicy-
cactable-entry)# complete
Completes the CAC policy set when you have committed
the full set.
Step 19 active-call-policy-set policy-set-id
Example:
host1/Admin(config-sbc-sbe)#
active-call-policy-set 1
Sets the active routing policy set within an SBE entity.
Step 20 activate
Example:
host1/Admin(config-sbc-sbe)# activate
Initiates the DBE service of the SBC.
Step 21 end
Example:
host1/Admin(config-sbc-sbe)# end
Exits SBC-DBE configuration mode and returns to Exec
mode.
3-5
OL-13499-04
Configuring DBE in the Unified Model
This section describes how to configure a DBE on a Cisco 7600 series router:
Prerequisites
Note Even for a standalone configuration, you must configure the FT group before configuring DBE.
SUMMARY STEPS
1. configure
2. sbc sbc-name
3. dbe
4. media-address ipv4 A.B.C.D
5. exit
6. activate
7. end
DETAILED STEPS
Step 1 configure
Example:
Step 2 sbc sbc-name
Example:
configuration mode.
Step 3 dbe
Example:
host1/Admin(config-sbc)# dbe
Creates the DBE service on an SBC and enters into the
SBC-DBE configuration mode.
Step 4 media-address ipv4 {A.B.C.D}
Example:
host1/Admin(config-sbc-dbe)# media-address ipv4
1.1.1.1
Adds the IPv4 address which can be used by the DBE as a
local media address. This address is the SBC virtual
interface address.
3-6
OL-13499-04
Configuring SBC Unified Model (UM): Example
Configuring SBC Unified Model (UM): Example
The following is an example of an SBC UM configuration:
host1/Admin# show run sbc
sbc test
sbe
adjacency sip Access
signaling-port 5060
attach

adjacency sip Core
signaling-port 5060
attach

call-policy-set 1
first-call-routing-table start-table
rtg-src-adjacency-table start-table
entry 1
action complete
dst-adjacency Core
match-adjacency Access
entry 2
action complete
dst-adjacency Access
match-adjacency Core
complete


activate

dbe
Step 5 exit
Example:
host1/Admin(config-sbc-dbe-vdbe)# exit
Returns to the previous submode.
Step 6 activate
Example:
host1/Admin(config-sbc-dbe)# activate
Step 7 end
Example:
host1/Admin(config-sbc-dbe)# end
mode.
3-7
OL-13499-04
Configuring Distributed Model
media-timeout 30
deact-mode normal
activate
In the distributed model, the SBE and the DBE entities reside on different network elements. Logically,
each of the SBE entities controls multiple DBE elements, and each DBE could be controlled by multiple
SBE entities. The SBE interacts with the DBE entities using a session controller interface (SCI). The
SCI interface supports the H.248 protocol.
Note For ACE SBC Release 2.0.00, the SBC supports only DBEs in the distributed model; SBEs are not
supported.
Configuring DBE
This section describes how to configure a DBE on a Cisco 7600 series router:
Prerequisites
Note Even for a standalone configuration, you must configure the FT group before configuring DBE.
SUMMARY STEPS
1. configure
2. sbc sbc-name
3. dbe
4. vdbe global
5. control-address h248 ipv4 A.B.C.D
6. controller h248 controller-index
7. remote-address ipv4
8. transport udp or transport tcp
9. controller h248 controller-index remote-port
10. attach-controllers
11. exit
3-8
OL-13499-04
12. media-address ipv4 A.B.C.D
13. exit
14. activate
15. end
DETAILED STEPS
Step 1 configure
Example:
Step 2 sbc sbc-name
Example:
configuration mode.
Step 3 dbe
Example:
Creates the DBE service on an SBC and enters into the
Step 4 vdbe global
Example:
host1/Admin(config-sbc-dbe)# vdbe
Enters into vDBE configuration submode.
Note In the initial release only one vDBE (the global
vDBE) is supported. The vdbe name is not required.
If specified, it must be global.
Step 5 control-address h248 ipv4 A.B.C.D
Example:
host1/Admin(config-sbc-dbe-vdbe)#
control-address h248 ipv4 210.229.108.254
Configures a DBE to use a specific IPv4 H.248 control
address.
Note The control address must match the alias IP of
the interface VLAN.
Step 6 controller h248 controller-index
Example:
host1/Admin(config-sbc-dbe-vdbe)# controller
h248 1
Configures the H.248 controller for the DBE and enters into
Controller H.248 configuration mode.
The controller-index identifies the H.248 controller for the
DBE.
Step 7 remote-address ipv4 remote-address
Example:
remote-address ipv4 1.1.1.1
Configures the IPv4 remote address of the H.248 controller
for the DBE.
Step 8 transport udp or transport tcp
Example:
host1/Admin(config-sbc-dbe-vdbe)# transport tcp
Configures a DBE to use either TCP or UDP for H.248
control signaling with the specified H.248 controller.
3-9
OL-13499-04
Examples
The DBE does not always attach or detach from its controller immediately. To display information on
whether the controller is attached or detached, use the show sbc dbe controllers command.
The following example uses the show sbc dbe controllers command to display status info showing that
the vDBE with a location ID of 1 on an SBC called mySbc is attached to its controller:
host1/Admin# show services sbc mySbc dbe controllers
SBC Service mySbc
vDBE in DBE location 1
Media gateway controller in use:
H.248 controller address
210.229.108.252:2944
Status: Attached
Step 9 controller h248 controller-index remote-port
Example:
host1/Admin(config-sbc-dbe-vdbe)# controller
h248 1 remote-port
Defines the port to connect to for an H.248 controller.
Step 10 attach-controllers
Example:
attach-controllers
Attaches the DBE to an H.248 controller.
Step 11 exit
Example:
Step 12 media-address ipv4 {A.B.C.D}
Example:
host1/Admin(config-sbc-dbe)# media-address ipv4
1.1.1.1
Adds the IPv4 address which can be used by the DBE as a
local media address. This address is the SBC virtual
interface address.
Step 13 exit
Example:
Step 14 activate
Example:
Step 15 end
Example:
mode.
3-10
OL-13499-04
Distributed Model Configuration Examples
Sent Received Failed Retried
Requests 1 6 0 0
Replies 6 1 0 0
Configured controllers:
H.248 controller 1:
Remote address: 210.229.108.252:2944 (using default port)
Transport: UDP
Troubleshooting Tips
Bad Getbuffer Log Message
Problem:
You run more than 500 active calls on your SBC DBE deployment and the following log message
appears:
*Feb 11 11:35:52.909: %SYS-2-GETBUF: Bad getbuffer, bytes= 34506
-Process= "SBC main process", ipl= 0, pid= 183
-Traceback= 70EDFC 747354 9942D0 AFC6E4 B01AC4 29637B0 2960FCC 24C7F04 24C7918 24C7AD0
24D97AC 24D8790 2987C70
*Feb 11 11:35:52.909: %SBC-2-MSG-0303-0046: (sckrecv2.c 991)
Socket write error.
Sockets error code = 255
Socket ID = 0
*Feb 11 11:35:52.909: %SBC-2-MSG-0303-0025: (sckis.c 112)
General sockets layer error detected.
Sockets error code = 255
*Feb 11 11:35:52.909: %SBC-2-MSG-2E01-0014: (gctpfsm.c 730)
An association with a peer has become disconnected.
Peer's address = 200.10.255.252
Peer's port = 2944
Reason code = 0X04
Workaround:
Change your huge buffer size to 65535 bytes. This is the recommended huge buffer size for deployment
of more than 500 active calls due to the need for increased buffer size for H.248 audit responses.
The following samples that show configuration steps and tips to use for a Cisco 7600 deployment of the
DBE service of an SBC.
Configuring the SBC DBE, page 3-11
Configuring IP and Media IP: Example, page 3-11
Configuring Multiple IP and Multiple Media IP: Example, page 3-12
3-11
OL-13499-04
Configuring the SBC DBE
The following is a sample configuration representing the ordered tasks used to configure an SBC DBE
deployed on the Cisco 7600 router:
interface vlan 87
ip address 87.87.13.101 255.255.255.0
alias 87.87.13.108 255.255.255.0
peer ip address 87.87.13.200 255.255.255.0
no shutdown
ft peer 1
heartbeat interval 300
heartbeat count 10
ft-interface vlan 21
query-interface vlan 87
ft group 1
peer 1
priority 1
associate-context Admin
inservice
sbc infra1
dbe
vdbe
global
dtmf-duration 200
congestion-cleared 60
congestion-threshold 80
unexpected-source-alerting
local-port 2944
controller h248 1
transport udp
attach-controllers
media-timeout 30
overload-time-threshold 100
deact-mode normal
activate
Configuring IP and Media IP: Example
The following example shows the running configuration where the primary IP address and primary
media IP addresses have been configured:
sbc mySbc dbe
vdbe global
use-any-local-port
controller h248 1
attach-controllers
activate
location-id 1
media-address ipv4 1.1.1.1 <== primary local media IP address added using primary IP addr
3-12
OL-13499-04
Configuring Multiple IP and Multiple Media IP: Example
The following example shows the running configuration where a secondary IP address and secondary
media IP address are configured after the primary IP address and primary media address have been
configured:
sbc mySbc dbe
vdbe global
use-any-local-port
controller h248 1
attach-controllers
activate
location-id 1
media-address ipv4 25.25.25.25 <=== secondary media IP addr added using secondary IP addr
C H A P T E R
4-1
OL-13499-04
4
Implementing SBC Interworking DTMF
The Session Border Controller (SBC) enables interworking between in-channel real-time transport
protocol (RTP) signaling using the audio/telephone-event MIME type (RFC 2833) to and from
out-of-band signaling using the SIP INFO or H.245 UserInputIndication.method.
SBC automatically selects the best signaling technique based on the capabilities of the endpoints in a
call. Dual-tone multifrequency (DTMF) Interworking is employed only if the caller and callee support
non-overlapping DTMF event mechanisms (for example if the caller supports sending DTMF using the
SIP INFO method only and the callee supports receiving DTMF only using in-channel RTP signaling).
SBC supports interworking between peers that only support DTMF in the media stream and peers that
only support DTMF in SIP INFO methods. It also supports passing DTMF through in either mode, if
both sides support the mode.
SBC detects whether an endpoint supports sending DTMF tones in SIP INFO messages by inspecting
the accept header in the endpoints messages.
If the header lists application/dtmf-relay then the endpoint supports it.
Absence of the accept header is also taken to mean the feature is supported.
An INFO message is expected to carry a single DTMF tone, with an optional duration. If no duration is
specified then 250ms is used as the default.
See Figure 4-1 for a sample call flow.
Note For ACE SBC Release 3.0.00, this feature is supported in both the unified model and the distributed
model.
For a complete description of commands used in this chapter, refer to Chapter 39, Cisco Session Border
Controller Commands. To locate documentation for other commands that appear in this chapter, use the
command reference master index, or search online.
Feature History for Implementing SBC Transcoding
PrerequisitesImplementing Interworking DTMF, page 4-2
Figure 4-1Sample Call Flow with DTMF interworking, page 4-2
ACE SBC Release 3.0.00 Added support for SBC unified model.
ACE SBC Release 2.0.00 This feature was introduced on the Cisco 7600 series router.
4-2
OL-13499-04
PrerequisitesImplementing Interworking DTMF
Implementing Interworking DTMF, page 4-3
PrerequisitesImplementing Interworking DTMF
The following prerequisites are required to implement interworking DTMF:
On the ACE, you must be an Admin user to enter SBC commands. For more information, see the
Application Control Engine Module Administration Guide at
http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_guide_book09
186a00806838f4.html.
Before implementing interworking DTMF, the SBC must already be created. See the procedures
described in Chapter 2, ACE Configuration Prerequisites for the SBC.
Figure 4-1 Sample Call Flow with DTMF interworking
Interworking DTMF
In the case of interworking of DTMF relay using Network Terminating Equipment (NTE) (RFC 2833)
and out-of-band DTMF using H.245, the SBC detects NTE packets with DTMF digits and punt them to
the supervisor for processing. In the reverse direction, the supervisor instructs the SBC to insert NTE
DTMF packets in an RTP stream. In order to do this, the SBC modifies the RTP headers to insert proper
SSRC values, timestamps and sequence numbers. This special processing needs to be done only on flows
that require the interworking. Such flows are going to be marked during the call-setup.
2
4
1
9
6
5
Caller
(1)
(2)
(3)
(4)
(5)
(6)
(7)
(8)
(9)
(10)
INVITE
Accept: application/dtmf-relay, application/sdp
Allow: INFO, INVITE, ACK, BYE
SDP (PCMU only)
200 OK
SDP (PCMU only)
ACK
Callee SBC
INVITE
SDP (PCMU, Telephone-event)
200 OK
Accept: application/sdp
SDP (PCMU, telephone-event)
ACK
RTP (DTMF)
RTP (DTMF)
INFO (application/dtmf-relay)
INFO (application/dtmf-relay)
4-3
OL-13499-04
Implementing Interworking DTMF
DTMF Packet Generation
When the NTE packets are to be inserted in the middle of a stream that is already sending RTP voice
packets, then the NTE packets will replace the RTP voice packets in a one-to-one manner so that
subsequent voice packets will not need to update their RTP sequence numbers.
DTMF Packet Detection
To detect DTMF NTE packets, the SBC looks at the payload type of every RTP packet and compares it
with that of NTE. In case of a match, the SBC looks at the event number to determine that it is a DTMF
digit. The SBC then copies these packets to the supervisor.
The following section describes how to configure the default duration of a DTMF event.
Note that the SBC UM mode may require you to configure header ALLOW, header ACCEPT, and
method INFO as shown below:
sbc test
sbe
sip header-profile default
header ALLOW
header ACCEPT
sip method-profile default
method INFO )
Configuring Default Duration of a DTMF Event
This task configures the default duration of a DTMF event.
SUMMARY STEPS
1. configure
2. sbc service-name
3. dbe
4. vdbe
5. dtmf-duration duration
4-4
OL-13499-04
DETAILED STEPS
Step 1 configure
Example:
host1/Admin# configure
Enables global configuration mode.
Step 2 sbc service-name
Example:
host1/Admin(config)# sbc mysbc
Enters the mode of an SBC service.
Use the service-name argument to define the name of the
service.
Step 3 dbe
Example:
Enters the mode of an DBE entity within an SBC service.
Step 4 vdbe
Example:
Enters the mode of an vDBE entity within an SBC service.
Step 5 dtmf-duration duration
Example:
host1/Admin(config-sbc-dbe)# dtmf-duration 250
Configures the default duration of a DTMF event in
milliseconds.
C H A P T E R
5-1
OL-13499-04
5
You can configure theSession Border Controller (SBC) to provide alerts for any unexpected source
addresses that are received. After an unexpected source address is received, a log is created and a Simple
Network Management Protocol (SNMP) trap is generated.
model.
Feature History for Unexpected Source Address Alerting
Contents
This module contains the following sections:
PrerequisitesImplementing Unexpected Source Address Alerting, page 5-1
Restrictions for Unexpected Source Address Alerting, page 5-2
Unexpected Source Address Alerting, page 5-2
Configuring Unexpected Source Address Alerting, page 5-3
Examples of Configuring Unexpected Source Address Alerting, page 5-4
PrerequisitesImplementing Unexpected Source Address
Alerting
The following prerequisites are required to implement SBC unexpected source address alerting:
Release 12.2(33)SRC Added support for SBC unified model.
Release 12.2(33)SRB1 This feature was introduced on the Cisco 7600 series router.
5-2
OL-13499-04
Restrictions for Unexpected Source Address Alerting
On the Application Control Engine Module (ACE), you must be an Admin user to enter SBC
commands. For more information, see the Application Control Engine Module Administration Guide
at
186a00806838f4.html
Before implementing unexpected source address alerting, the SBC must already be created. See the
procedures described in Chapter 2, ACE Configuration Prerequisites for the SBC.
Restrictions for Unexpected Source Address Alerting
Review the following restrictions for unexpected source address alerting:
This configuration option should only be enabled on trusted networks where any single such
instance might indicate a threat to network security.
Alerts on the same flow are rate-limited as are the total number of alerts reported at any one time to
ensure management systems are not flooded with reports. There is not a 1-to-1 correspondence
between alerts and incorrect packets.
Diagnosing and resolving the issue of rogue packets is beyond the scope of the SBC function.
Any and all packets from unexpected sources are dropped.
If a packet with unexpected source address/port is received by the data border element (DBE) on a media
address, port, or (if applicable) Virtual Routing Forwarding (VRF) used by a current call, then the DBE
creates a log and generates an SNMP trap on the appropriate media-flow-stats MIB.
The log (level 63) is output to the console automatically (by default). The log is a member of the MEDIA
debug log group. The log includes the local address, port, and VRF where the packets were received and
also the source address and port of the received packet.
An alert is generated the first time an unexpected packet is received on a port after the port is opened for
a call. If additional unexpected packets are received on the same media port, additional alerts are
generated. Any additional alerts are rate-limited. After the call is completed, the media port is assigned
to a new call, and the state is reset. A new alert is then generated if any additional unexpected packets
are subsequently received.
The SNMP trap that is generated will contain the following fields:
The address and port where the unexpected packet was received.
The address and port where the unexpected packet originated.
5-3
OL-13499-04
Configuring Unexpected Source Address Alerting
Configuring Unexpected Source Address Alerting
SUMMARY STEPS
1. configure
2. sbc service-name
3. dbe
4. vdbe global
5. unexpected-source-alerting
6. end
7. show services sbc sbc-name dbe media-flow-stats vrf vrf-name [ipv4 A.B.C.D [port] port number]
DETAILED STEPS
Step 1 configure
Example:
Example:
Enters a submode where alerts can be configured for
unexpected source addresses.
service.
Step 3 dbe
Example:
Step 4 vdbe [global]
Example:
Step 5 unexpected-source-alerting
Example:
host1/Admin(config-sbc-dbe-vdbe-global)#
Sets alerting for unexpected source addresses.
The no form of this command removes alerting for any
unexpected source addresses that are received.
Note The unexpected-source-alerting command
applies only to DBEs in the distributed
model.
5-4
OL-13499-04
Examples of Configuring Unexpected Source Address Alerting
Examples of Configuring Unexpected Source Address Alerting
This section provides a sample configuration and output for configuring unexpected source address
alerting including an example of the information added to the media flow statistics.
To configure unexpected source address alerting, use the following commands:
configure
sbc mysbc
dbe
vdbe
global
end
Step 6 end
Example:
host1/Admin(config-sbc-dbe-vdbe-global)# end
Exits the unexpected-source-alerting mode to DBE mode.
Step 7 show services sbc service-name dbe
media-flow-stats vrf vrf-name [ipv4 A.B.C.D
[port port-number]]
Example:
host1/Admin(config-sbc-dbe)# show services sbc
mysbc dbe media-flow-stats vrf vpn3 ipv4
10.1.1.1 port 24000
Displays detailed information about the media flow
statistics configured on the DBE.
C H A P T E R
6-1
OL-13499-04
6
Implementing SBC RedundancyHigh
Availability
The Session Border Controller (SBC) on the Cisco 7600 series routers supports intra-chassis and
inter-chassis redundancy. You can configure a maximum of two SBCs services in the same Cisco 7600
series router or in a different chassis for redundancy.
SBC fault tolerant redundancy is based on a 1:1 paired protection model. For each active service card
running with the SBC, there should be another service card providing failure protection (that is,
standby). The same services must be provisioned on both cards (one as the primary card, one as the
standby card); in this instance, the service cards are described as paired.
From a Cisco IOS system perspective, service cards are always running in active mode. SBC services
running on these cards, however, run as either a primary service or standby service.
In the distributed model, data border element (DBE) services run as separate Cisco Data Center
Operation System (DCOS) processes (and there may be one or more distributed DBEs per SBE). When
running in this mode, DBE services may be provisioned on different cards within the same physical
device to distribute the processing load across available service cards.
Note For ACE SBC Release 2.0.00, only DBE services are implemented.
model.
The active SBC replicates the state to the standby to provide hot standby support. The SBC process is
fate shared with the Media Packet forwarder component; if one component restarts, the other component
will restart.
Note For a description of commands used in this chapter, refer to the Application Control Engine Module
Command Reference at:
http://www.cisco.com/en/US/products/hw/modules/ps2706/products_command_reference_book09186
a0080685244.html.
Feature History for Implementing SBC Redundancy
ACE SBC Release 3.1.00 Added support for inter-chassis redundancy.
6-2
OL-13499-04
Contents
Contents
PrerequisitesImplementing Redundancy, page 6-2
Implementing Redundancy on the ACE Module, page 6-2
Redundancy Configuration Example, page 6-3
PrerequisitesImplementing Redundancy
The following prerequisites are required to implement SBC redundancy:
at:
186a00806838f4.html
Before configuring SBC service, the fault tolerant (redundancy) configuration must already be
created. See the procedures described in Chapter 2, ACE Configuration Prerequisites for the SBC.
SBC fault tolerance is based on a 1:1 paired-protection model. For each ACE module running active SBC
components, there can be one ACE module providing failure protection. The same services must be
provisioned on both ACE modules (one as the primary card, one as the standby card), and the ACE
modules are then said to be paired. Although from an Cisco IOS system perspective, ACE modules are
always running in active mode, SBC services running on these cards run as either the primary service or
the standby service.
Implementing Redundancy on the ACE Module
In ACE SBC Release 3.0.00, FT group 1 is always associated with the Admin context.
Note The priority for all FT groups should be the same.
Note With VRFs, there is one FT group per-context.
Note You can configure a maximum of two ACE appliances (peers) for redundancy. Each peer appliance can
contain one or more fault-tolerant (FT) groups. Each FT group consists of two members: one active
context and one standby context. An FT group has a unique group ID that you assign.
One virtual MAC address (VMAC) is associated with each FT group and is used as the virtual MAC
address for all alias addresses, on all VLANs in the context under which the ft-group is configured. The
ACE SBC Release 2.0.00 This feature was introduced on the Cisco 7600 series router for DBEs.
6-3
OL-13499-04
Redundancy Configuration Example
format of the VMAC is: 00-0b-fc-fe-1b-groupID. Because a VMAC does not change upon switchover,
the client and server ARP tables does not require updating. To avoid duplicate MAC issues, each pair of
ACE cards connected to the same subnet(s) should use unique FT group IDs.
For information on configuring redundancy on the ACE modules, see Configuring Redundant ACE
Modules at
http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_guide_chapter091
86a0080683a15.html.
Note In the current release, both heartbeat interval and count number are fixed and cannot be changed by a
user.
The following is an example of an SBC redundancy configuration:
On the supervisor
Svclc mod 3 vlan-group 10 !!! create vlan group 10
Svclc vlan-group 10 50,60,70 !!! bind vlan 50, 60 and 70 in same vlan
gr 10
Svclc multiple-vlan-interfaces
On ACE location 1
(On Admin context)

interface vlan 60 !!! config vlan and alias
ip address 60.60.60.60 255.255.255.0
alias 60.60.60.62 255.255.255.0
peer ip address 60.60.60.61 255.255.255.0
no shutdown

ft interface vlan 50 !!! config vlan 50
ip addr ip addr 50.50.50.50 255.255.255.0
peer ip addr 50.50.50.51 255.255.255.0
no shut

ft peer 1 !!! config peer 1
heartbeat count 10
ft group 1 !!! config ft group 1
peer 1
priority 100
peer priority 200
inservice
On ACE location 2
(On Admin context)

interface vlan 60 !!! config vlan and alias
ip address 60.60.60.61 255.255.255.0
6-4
OL-13499-04
alias 60.60.60.62 255.255.255.0
peer ip address 60.60.60.60 255.255.255.0
no shutdown

ft interface vlan 50 !!! config vlan 50
ip addr 50.50.50.51 255.255.255.0 ! peer ip address in location 1
peer ip addr 50.50.50.50 255.255.255.0 ! ip address in location 1
no shut
ft peer 1 !!! config peer 1
heartbeat count 10
ft group 1
peer 1
priority 200
peer priority 100
inservice
C H A P T E R
7-1
OL-13499-04
7
Configuring Data Border Element Overload
Reporting
This chapter describes configuration commands that facilitate the Session Border Controllers (SBC)
reporting of data border element (DBE) overload conditions. The DBE reports the following:
Overload of the control plane
Overload of the data plane
Congestion of resources
Overload and congestion are reported, and SBC differentiates the causes.
model.
For a more information on commands used in this chapter, refer to Chapter 39, Cisco Session Border
Feature History for Configuring DBE Overload Reporting
Contents
PrerequisitesImplementing DBE Overload, page 7-2
DBE Overload Reporting, page 7-2
Configuring DBE Overload Reporting, page 7-2
7-2
OL-13499-04
PrerequisitesImplementing DBE Overload
PrerequisitesImplementing DBE Overload
The following prerequisites are required to implement SBC redundancy:
at:
186a00806838f4.html
Before implementing interworking DBE overload, the SBC must already be created. See the
DBE Overload Reporting
H.248 protocol (or Megaco), a VoIP signaling protocol, is used to communicate between a Media
Gateway Controller (MGC) and DBE in a distributed SBC system. The Megaco package H.248.11
allows a media gateway (MG) to generate events when requests to add new terminations exceed a defined
threshold.
The DBE is extended to support this package.
MGC is not extended to use this package.
The H.248.11 package is added as an option in the H.248 Gate Control profile.
Configuring DBE Overload Reporting
This section contains the steps for configuring DBE overload reporting.
SUMMARY STEPS
1. configure
2. sbc sbc-name
3. dbe
4. overload-time-threshold time
5. exit
7-3
OL-13499-04
DETAILED STEPS
Step 1 configure
Example:
Step 2 sbc sbc-name
Example:
Use the sbc-name argument to define the name of
the service.
Step 3 dbe
Example:
Enters the mode of the DBE function of the SBC.
Step 4 overload-time-threshold time
Example:
host1/Admin(config-sbc-dbe)# sbc dbe
Configures the threshold time (in milliseconds) for MG
overload control detection.
If an SBE has subscribed for overload control events, the
DBE sends an overload event notification every time a
request to add a new flow takes longer than this
threshold to process.
The range is 0 2000000000. The default is 100.
Step 5 exit
Example:
host1/Admin(config-sbc-dbe)# exit
Exits the DBE mode and returns to the Exec mode.
7-4
OL-13499-04
C H A P T E R
8-1
OL-13499-04
8
Media Address Pools
You can configure the Session Border Controller (SBC) with a single media address or a range of media
addresses. In addition you can define one or more permissible port ranges for the configured addresses.
This feature allows the administrator to configure or restrict the data border element (DBE) address by
address pool with or without port range, and define class of service (CoS) affinity for each port range.
model.
Feature History for Media Address Pools
Contents
PrerequisitesImplementing Media Address Pools, page 8-1
Restrictions for Configuring Media Address Pools, page 8-2
Media Address Pools, page 8-2
Configuring Media Address Pools, page 8-3
Configuring Media Address Pools Example, page 8-7
PrerequisitesImplementing Media Address Pools
The following prerequisites are required to implement media address pools:
ACE SBC Release 3.1.00 Added support for DBE signaling pinhole.
8-2
OL-13499-04
Restrictions for Configuring Media Address Pools
at
186a00806838f4.html
Before implementing media address pools, you must create a static route. For more information, see
Configuring a Static Route, page 2-8.
Note Creating a static route will fail if the remote peer is on the same VLAN as the interface
VLAN of the media address.
Before implementing media address pools, the SBC must already be created. See the procedures
Restrictions for Configuring Media Address Pools
The restrictions for configuring media address pools are:
The ending address must be numerically higher than the starting address.
The minimum port must be numerically lower than the maximum port.
Port ranges may not overlap.
Address ranges may not overlap.
Address ranges and single addresses may not overlap.
Where a range of addresses are defined in a single command, they will share any port ranges
assigned. If there is a requirement to have different port ranges for different media addresses, then
the addresses must be configured separately.
Media addresses and port ranges may only be deleted before the DBE is activated. After DBE
activation, the DBE must be deactivated in order to delete addresses and port ranges.
After you configure media addresses and pools of addresses, you cannot delete them unless you
delete the DBE.
Media Address Pools
If you do not specify a port range, all possible VoIP port numbers are valid. The full VoIP port range
extends from 16384 to 32767 inclusive.
You can define a CoS affinity for each port range. The set of CoS is consistent with those used for Quality
of Service (QoS) packet marking, and consists of voice and video. If you do not define an associated CoS
affinity, then the affinity is for all call types.
You can modify the extent of existing port ranges or the CoS affinities of existing port ranges or delete
an existing port range. Any configuration changes do not apply to existing calls but apply to calls being
set up after the configuration has been committed.
8-3
OL-13499-04
Configuring Media Address Pools
DBE Signaling Pinhole
You can also configure a media address pool for signaling pinholes by selecting the signaling class of
service. The DBE creates application-level pinholes to allow the DBE to forward signaling packets to
the SBE. Normal IP forwarding is disabled on the SBC interfaces of the DBE to prevent packets reaching
the provider network through the pinholes.
Signaling pinholes are configured in the same way as media pinholes over H.248. They can be
differentiated from media pinholes by session descriptions as defined in the Session Description
Protocol (SDP) in the local and remote descriptors. The m=application line indicates that the
termination is a signaling pinhole.
The DBE forwards only traffic that is received on a configured pinhole. The packet must be addressed
to a VPN, address, and port. A received packet is linked to a pinhole on the basis of the address/port and
VRF Name it was received on. The source address/port are then checked against those configured for the
pinhole. Any traffic received on an SBC interface for which no pinhole can be found is dropped.
The DBE does IP relay for TCP or UDP data. The DBE rewrites information within the IP and UDP or
TCP headers. It does not update any other parts of the forwarded packets.
Signaling pinholes are given the same fault-tolerance protection as media pinholes so that the backup
device can take over forwarding of the signaling traffic in the event of a failure of the primary device.
The DBE allows overlapped local address for signaling pinholes; that is, an SBE is allowed to specify
the same local IP address and local port for different signaling pinholes. However, either the transport
protocol or VRF name must be different in this case so that the local IP address, port, transport protocol,
and VRF name combination are unique for the media or signaling pinhole.
Restrictions for DBE Signaling Pinhole
The following restrictions apply to a DBE Signaling Pinhole:
IPv6 is not supported.
Stream Control Transmission Protocol (SCTP) is not supported.
Domain name in the connection line of the SDP is not supported.
CLI enabling or disabling is not supported..
Media down indications are not supported. (DBE signaling pinholes will not be timed out and are
only closed when done so explicitly by the MGC.)
This section contains the steps for configuring media address pools.
SUMMARY STEPS
1. configure
2. sbc service-name
3. dbe
4. media-address pool ipv4 A.B.C.D E.F.G.H
or
8-4
OL-13499-04
media-address pool ipv4 A.B.C.D E.F.G.H port-range min-port max-port any
or
media-address pool ipv4 A.B.C.D E.F.G.H port-range min-port max-port signaling
or
media-address pool ipv4 A.B.C.D E.F.G.H port-range min-port max-port video
or
media-address pool ipv4 A.B.C.D E.F.G.H port-range min-port max-port voice
or
media-address pool ipv4 A.B.C.D E.F.G.H vrf vrf-name
or
media-address pool ipv4 A.B.C.D E.F.G.H vrf vrf-name port-range min-port max-port any
or
media-address pool ipv4 A.B.C.D E.F.G.H vrf vrf-name port-range min-port max-port signaling
or
media-address pool ipv4 A.B.C.D E.F.G.H vrf vrf-name port-range min-port max-port video
or
media-address pool ipv4 A.B.C.D E.F.G.H vrf vrf-name port-range min-port max-port voice
5. end
6. show services sbc service-name dbe addresses
DETAILED STEPS
Step 1 configure
Example:
host1/Admin# config
Example:
host1/Admin(config)# sbc test
Use the service-name argument to define the name
of the SBC.
Step 3 dbe
Example:
Enters the mode of the DBE function of the SBC.
Step 4 media-address pool ipv4 A.B.C.D E.F.G.H
Example:
host1/Admin(config-sbc-dbe)# media-address pool ipv4
10.10.10.1 10.10.10.20
Creates a pool of sequential IPv4 media addresses
that can be used by the DBE as local media
addresses.
or
8-5
OL-13499-04
media-address pool ipv4 A.B.C.D E.F.G.H port-range
min-port max-port any
Example:
10.10.10.1 10.10.10.20 port-range 16384 30000 any
addresses where the class of service for the port
range is any class of service.
or
min-port max-port signaling
Example:
10.10.10.10 10.10.10.20 port-range 5000 6000
signaling
Configures a media address pool for a signaling
pinhole that can be used by the DBE as local media
addresses.
or
min-port max-port video
Example:
10.10.10.1 10.10.10.20 port-range 16384 30000 video
range is video.
or
min-port max-port voice
Example:
10.10.10.1 10.10.10.20 port-range 16384 30000 voice
range is voice.
or
Example:
21.21.21.10 21.21.21.19 vrf vpn1
for an IPv4 address associated with a specific VPN
routing and forwarding (VRF) instance that can be
used by the DBE as local media addresses.
or
port-range min-port max-port any
Example:
21.21.21.10 21.21.21.19 vrf vpn2 port-range 10000
10099 any
for an IPv4 address associated with a specific VRF
instance that can be used by the DBE as local media
range is any class of service.
or
8-6
OL-13499-04
port-range min-port max-port signaling
Example:
10099 any
range is signaling.
or
port-range min-port max-port video
Example:
10099 video
range is video.
or
port-range min-port max-port voice
Example:
10099 voice
range is voice.
Step 5 end
Example:
Returns to EXEC mode.
Step 6 show services sbc dbe addresses
Example:
host1/Admin# show services sbc dmsbc-node9 dbe
address
Lists the addresses configured on DBEs.
8-7
OL-13499-04
Configuring Media Address Pools Example
This section provides sample configurations for media address pools.
This example shows the creation of a static route for the media pool address.
At the supervisor:
Router(config)# ip route 87.87.29.8 255.255.255.248 87.87.29.100
!
At the ACE:
Router//Admin(config-sbc)# dbe
host1/Admin(config-sbc-dbe)# media-address pool 87.87.29.8 87.87.29.15
The following sample script adds a single address (10.10.10.1), and two ranges of addresses (10.10.11.1
through 10.10.11.10 and 10.10.11.21 through 10.10.11.30) to the default media address pool.
Two port ranges are configured on the single address. The first port range is for voice traffic, and runs
from port 16384 to 20000 inclusively. The second one is for video traffic, and runs from port 20001 to
65535 inclusively.
The first range of addresses also has two similar port ranges configured that apply to all ten addresses
within the range.
The second range of addresses has a single port range defined, and no service class associated with it.
Router//Admin(config-sbc)# dbe
host1/Admin(config-sbc-dbe)# media-address ipv4 10.10.10.1 port-range 16384 20000 voice
host1/Admin(config-sbc-dbe)# media-address ipv4 10.10.10.1 port-range 20001 65535 video
host1/Admin(config-sbc-dbe)# media-address pool ipv4 10.10.11.1 10.10.11.10 port-range
16384 30000 voice
host1/Admin(config-sbc-dbe)# media-address pool ipv4 10.10.11.1 10.10.11.10
port-range 30001 40000 video
20000 40000 any
8-8
OL-13499-04
C H A P T E R
9-1
OL-13499-04
9
Fax Support
The Session Border Controller (SBC) media components enable fax Voice over IP (VoIP) calls. The SBC
supports the following types of fax over IP calls, using either Session Initiation Protocol (SIP) or H.323:
T.38 fax passthrough only over the following protocols:
RTP: Real-time Transport Protocol
UDP-TL: A lightweight transport protocol for fax media that runs over User Datagram Protocol
G.711 passthrough
Note For ACE SBC Release 3.0.00 this feature is supported in both the unified model and the distributed
model.
Feature History for Fax Support
Contents
Fax Support, page 9-1
Restrictions for Fax Support, page 9-2
Fax Support
The SBC supports two types of fax over IP: G.711 passthrough, and T.38 passthrough. Passthrough is a
method of passing a FAX PCM stream across a VoIP network. It involves selecting a high-bandwidth
codec (G.711), disabling silence suppression and enabling echo cancellation. FAX passthrough is
signalled by protocol stacks H.323 and SIP.
9-2
OL-13499-04
Chapter 9 Fax Support
Restrictions for Fax Support
T.38 Passthrough
T.38 is an ITU standard for sending FAX across IP networks in a real-time mode. In the SBC, T.38 fax
calls are sent in-band using a fax-specific codec (rather than a general-purpose audio codec). T.38 fax
uses a separately negotiated stream, which can either be negotiated at the start of the call (bandwidth
will be reserved for it at that point), or renegotiated during the call (which may fail).
T.38 fax passthrough is supported in both SIP and H.323.
Note The bandwidth reserved for a T.38 call is considered sufficient for carrying a T.38 rate of 14, 400 bits
per second and does not reflect the signaled rate in T.38.
Note If an unnumbered datagram protocol transport layer (UDPTL) error correction is used for T.38, then the
bandwidth reservation also includes capacity for up to three redundant parity packets in the T.38 stream.
Restrictions for Fax Support
The following are restrictions for fax support in SBC:
T.38/G.711 interworking is not supported.
Cisco proprietary fax is not supported, although it may work in the passthrough mode, because the
SBC does not police the RTP payload types, only bandwidth. Cisco proprietary fax uses RTP.
Call-agent-signaled upspeed is not supported.
SIP or H.323 T.38 interworking is not supported.
C H A P T E R
10-1
OL-13499-04
10
Implementing SBC Multi-VRF
The Session Border Controller (SBC) provides support for multi-VRF (VPN routing and forwarding) on
customer edge (CE) devices. This feature provides the capability of suppressing provider edge (PE)
checks to prevent loops when the PE is performing a mutual redistribution of packets.
Note VRF is only supported in DBE media address and SBE AAA/H248 control address; DBE H248 control
address does not support VRF.
Note For ACE SBC Release 3.0.00 and later releases, this feature is supported in both the unified model and
the distributed model.
Feature History for Implementing SBC Multi-VRF
Contents
PrerequisitesImplementing Multi-VRF, page 10-2
Information About Implementing Multi-VRF, page 10-2
Implementing Multi-VRF, page 10-3
ACE SBC Release 3.0.1 Added support for VRF-Aware DNS Query.
The following sections were added:
Configuring Multi-VRF
Associating an H.323 Adjacency with a VRF
Associating a SIP Adjacency with a VRF
10-2
OL-13499-04
PrerequisitesImplementing Multi-VRF
Configuration Examples for Implementing Multi-VRF, page 10-16
PrerequisitesImplementing Multi-VRF
The following prerequisites are required to implement SBC multi-VRF:
at:
186a00806838f4.html.
Before implementing multi-VRF, the SBC must already be created. See the procedures described in
Chapter 2, ACE Configuration Prerequisites for the SBC.
Information About Implementing Multi-VRF
The SBC support for multi-VRF on customer edge (CE) devices (that is, customer premises routers)
feature provides the capability of suppressing PE checks that are needed to prevent loops when the PE
is performing a mutual redistribution of packets. Multi-VRF allows for the use of only one router to
accomplish the tasks that multiple routers usually perform. It runs on a network without the requirement
of MPLS and BGP installed.
When VRF is used on a router that is not a PE, the checks can be turned off to allow for correct
population of the VRF routing table with routes to IP prefixes. Multi-VRF is also important because
virtual private network (VPN) functionality is not completely supported on low-end systems. Multi-VRF
provides logical separation of routing instances (and by the implication address space) within one router.
The following summarizes the features of multi-VRF:
Allows a single physical router to be split into multiple virtual routers, where each router contains
its own set of interfaces, routing table, and forwarding table. SBC supports multiple (overlapping and
independent) routing tables (addressing) per customer. Virtual routing contexts are used to separate
routing domains within a single router.
Multi-VRF can be used where multiple routers are required but only one is available.
One physical interface can belong to multiple virtual routers through the usage of subinterfaces
(Frame Relay, ATM, VLANs).
BGP and MPLS are not used.
No connectivity is provided between VRFs (would require using BGP for internal exporting and
importing between VRFs).
When a call is placed between two endpoints in the same VPN site, SBC can route the media directly
between them, to reduce network utilization.
Multi-VRF on SBC provides optimization where both endpoints are on the same VPN, by turning
media bypass on.
For ACE SBC Release 3.0.00, by default, all adjacencies on the same VPN have media bypass turned
on. Media bypass can be turned off by using the media-bypass-forbid command (this command is
implemented for CAC policies only).
10-3
OL-13499-04
Implementing Multi-VRF
Note The VRF name under the adjacency must match the context name.
VRF-Aware DNS Query
This feature allows the SBC to query DNS per VRF. Before ACE SBC Release 3.0.1, all DNS queries
were performed within the Admin context; this feature allows DNS queries to be performed on a
per-context basis.
Implementing SBC multi-VRF is described in the following sections:
Configuring Multi-VRF, page 10-3
Associating a SIP Adjacency with a VRF, page 10-12
Configuring DBE with VRFDistributed Model Only, page 10-14
Configuring Multi-VRF
This task configures the router with the SBC running in multi-VRF mode in unified deployment mode.
Note the relationship between the interface and SBCs service virtual interface (SVI), adjacency, and
data border element (DBE) media-address as required.
SUMMARY STEPS
1. configure
2. context vrf
3. allocate-interface
4. exit
5. ft peer
6. heartbeat interval
7. heartbeat count
8. ft-interface vlan
9. exit
10. ft group
11. peer
12. priority
13. peer priority
14. associate-context
15. inservice
16. ft group
10-4
OL-13499-04
17. peer
18. priority
19. peer priority
20. associate-context
21. inservice
22. exit
23. exit
24. changeto
25. configure
26. interface vlan
27. ip address
28. alias
29. peer ip address
30. no shutdown
DETAILED STEPS
Step 1 configure
Example:
host1/Admin(config)#
Enter ACE module configuration mode.
Step 2 context
Example:
host1/Admin(config)# context my_vrf1
Creates a context.
Note The vrf name under the adjacency must match the
context name.
The example creates a new context my_vrf1.
Step 3 allocate-interface vlan
Example:
host1/Admin(config-context)# allocate-interface
vlan 100
Allocates VLAN 100 to context my_vrf1 to allow the
context to receive the traffic classified for VLAN 100.
Step 4 exit
Example:
host1/Admin(config)# exit
Exit from config-context mode.
Step 5 ft peer
Example:
host1/Admin(config-ft-peer)#
Configures an FT peer and accesses FT peer configuration
mode.
10-5
OL-13499-04
Step 6 heartbeat interval frequency
Example:
host1/Admin(config-ft-peer)# heartbeat interval
100
Configures the heartbeat interval for verification timing
between active and standby FT peers.
Step 7 heartbeat count number
Example:
Configures the heartbeat count for verification timing
between active and standby FT peers.
Step 8 ft-interfac vlan vlan_id
Example:
host1/Admin(config-ft-peer)# ft-interface vlan
99
Associates an existing FT VLAN with a peer.
Step 9 exit
Example:
Exit from config-ft-peer mode.
Step 10 ft group
Example:
host1/Admin(config-ft-group)#
Configures ft group 1 with the default (Admin) context.
Step 11 peer
Example:
Associates a peer ACE with an FT group.
Step 12 priority
Example:
Configures the priority of the active group member.
Step 13 peer priority
Example:
Configures the priority of an FT group on the remote
standby member.
Step 14 associate-context
Example:
host1/Admin(config-ft-group)# associate-context
my_vrf1
Associates a context with an FT group.
Step 15 inservice
Example:
Places an FT group in service.
10-6
OL-13499-04
Step 16 ft group
Example:
host1/Admin(config-ft-group)#
Configures another ft group with non-Admin context.
Step 17 peer
Example:
Associates a peer ACE with an FT group.
Step 18 priority
Example:
Configures the priority of the active group member.
Step 19 peer priority
Example:
Configures the priority of an FT group on the remote
standby member.
Step 20 associate-context
Example:
host1/Admin(config-ft-group)# associate-context
my_vrf1
Associates a context with an FT group.
Step 21 inservice
Example:
Places an FT group in service.
Step 22 exit
Example:
host1/Admin(config-ft-group)# exit
Exit from config-ft-group mode.
Step 23 exit
Example:
Exit from config mode.
Step 24 changeto
Example:
host1/Admin# changeto my_vrf1
Router/vrf1#
Moves from one context on the ACE to another context.
Step 25 configure
Example:
host1/my_vrf1# configure
host1/(config)#
Enter configuration mode of context my_vrf1.
10-7
OL-13499-04
Configuring a VRF-Aware DNS Query
This task configures a DNS query for a VRF.
SUMMARY STEPS
1. configure
2. context vrf
3. allocate-interface vlan
4. exit
5. sbc sbc-name
6. sbe
7. sip dns
8. cache-lifetime 0-1879048
9. cache-limit 0-4294967295
10. exit
12. vrf vrf_name
Step 26 interface vlan
Example:
host1/vrf1(config)# interface vlan 100
Creates a VLAN interface.
The example creates an SVI using VLAN 100.The VLAN
was assigned to this context from the Admin context in Step
3.
Step 27 ip address
Example:
host1/vrf1(config-if)# ip address 77.101.1.2
255.255.255.0
Assigns an IP address to a VLAN interface.
Step 28 alias
Example:
host1/vrf1(config-if)# alias 77.101.1.100
255.255.255.0
Configures an IP address that floats between active and
standby modules for a VLAN interface.
Step 29 peer ip address
Example:
host1/vrf1(config-if)# peer ip address
77.101.1.3 255.255.255.0
Configures the IP address of a standby module for the
VLAN interface.
Step 30 no shutdown
Example:
host1/my_vrf1(config-if)# no shutdown
Enables an interface for use.
10-8
OL-13499-04
13. exit
14. exit
15. exit
16. exit
17. changeto context_name
18. configure
19. ip domain-lookup
20. ip domain-name
21. ip name-server
DETAILED STEPS
Step 1 configure
Example:
Enter ACE module configuration mode.
Step 2 context
Example:
host1/Admin(config)# context my_vrf1
Creates a context.
context name.
The example creates a new context my_vrf1.
Step 3 allocate-interface vlan
Example:
host1/Admin(config-context)# allocate-interface
vlan 100
Allocates VLAN 100 to context my_vrf1 to allow the
context to receive the traffic classified for VLAN 100.
Step 4 exit
Example:
Exits the current mode.
Step 5 sbc sbc-name
Example:
configuration mode.
Step 6 sbe
Example:
Creates the SBE service on an SBC and enters into the
SBC-SBE configuration mode.
Step 7 sip dns
Example:
host1/Admin(config-sbc-sbe)# sip dns
Enters the SIP DNS configuration mode.
10-9
OL-13499-04
Step 8 cache-lifetime 0-1879048
Example:
host1/Admin(config-sbe-dns)# cache-lifetime 444
Configures the lifetime of any DNS entries in the DNS
cache.
Step 9 cache-limit 0-4294967295
Example:
host1/Admin(config-sbe-dns)# cache-limit 14
Configures the maximum number of entries that are
permitted in the DNS cache.
Step 10 exit
Example:
host1/Admin(config-sbe-dns)# exit
Example:
host1/Admin(config-sbc-sbe)# vrf vpn3
Configures an adjacency for an SBC service.
Step 12 vrf vrf_name
Example:
host1/Admin(config-sbc-sbe-adj-sip)# vrf vpn3
Configures a SIP adjacency tied to a specific VPN.
Step 13 exit
Example:
host1/Admin(config-sbc-sbe-adj-sip)# exit
Step 14 exit
Example:
host1/Admin(config-sbc-sbe-adj)# exit
Step 15 exit
Example:
host1/Admin(config-sbe)# exit
Step 16 exit
Example:
Step 17 changeto context_name
Example:
host1/Admin# changeto vrf120
Moves from one context on the ACE to another context.
Step 18 configure
Example:
Enters ACE module configuration mode.
10-10
OL-13499-04
Associating an H.323 Adjacency with a VRF
This task associates an H.323 adjacency with a VPN.
SUMMARY STEPS
1. adjacency h323 adjacency-name
2. vrf vrf_name
3. signaling-address ipv4 local_signaling_IP_address
5. remote-address ipv4 remote_IP_address/prefix
6. signaling-peer [gk] peer_address
8. account account_name
9. media-bypass (Optional command)
10. media-bypass-forbid
11. attach
DETAILED STEPS
Step 19 ip domain-lookup
Example:
host1/Admin(config)# ip domain-lookup
Enables the ACE module to perform a domain lookup
(host-to-address translation) with a DNS server.
Step 20 ip domain-name
Example:
host1/Admin(config)# ip domain-name cisco.com
Configures a default domain name.
Step 21 ip name-server
Example:
host1/Admin(config)# ip name-server
192.168.12.15
Configures a DNS name server on the ACE module. You
can configure a maximum of three DNS name servers.
Step 1 adjacency h323 adjacency-name
Example:
host1/Admin(config-sbc-sbe)# adjacency h323
h323my_vrf1
host1/Admin(config-sbc-sbe-adj-h323)#
Enters the mode of an SBE H.323 adjacency.
Use the adjacency-name argument to define the name
of the service.
10-11
OL-13499-04
Step 2 vrf vrf_name
Example:
host1/Admin(config-sbc-sbe-adj-h323)# vrf
my_vrf1
Ties an H.323 adjacency to a specific VPN.
context name.
Step 3 signaling-address ipv4
local_signaling_IP_address
Example:
Specifies the local IPv4 signaling address of the H.323
adjacency.
Example:
signaling-port 1720
Specifies the local signaling port of the H.323 adjacency.
Step 5 remote-address ipv4 ipv4_IP_address/prefix
Example:
Step 6 signaling-peer [gk] peer_address
Example:
signaling-peer gk 10.10.101.4
Specifies the remote signaling peer for the H.323 adjacency
to use.
Example:
Specifies the remote signaling-peer port for the H.323
adjacency to use.
Step 8 account account_name
Example:
host1/Admin(config-sbc-sbe-adj-h323)# account
h323-vrf1
Defines the H.323 adjacency as belonging to an account on
an SBE.
Step 9 media-bypass
Example:
media-bypass
(Optional) Configure the adjacency to allow media traffic to
bypass the DBE.
This command is optional and will only work on one
adjacency.
Step 10 media-bypass-forbid
Example:
media-bypass-forbid
Configures the H.323 adjacency to forbid media traffic to
bypass the DBE.
If this is not configured, media traffic for calls originating
and terminating on this adjacency flows directly between
the endpoints and does not pass through the DBE, as long as
both adjacencies are on the same VPN.
10-12
OL-13499-04
Associating a SIP Adjacency with a VRF
This task associates a SIP adjacency with a VPN.
SUMMARY STEPS
2. vrf vrf_name
3. signaling-address ipv4 local_signaling_IP_address
5. remote-address ipv4 local_signaling_IP_address/prefix
6. local-id host name
9. account account-name
10. media-bypass (optional)
12. attach
DETAILED STEPS
Step 11 attach
Example:
host1/Admin(config-sbc-sbe-adj-h323)# attach
Example:
sip_vrf1
of the service.
Step 2 vrf vrf_name
Example:
host1/Admin(config-sbc-sbe-adj-sip)# vrf
my_vrf1
Ties an H.323 adjacency to a specific VPN.
context name.
10-13
OL-13499-04
Example:
signaling-address ipv4 88.88.88.88.101.11
adjacency.
Example:
signaling-port 5060
Step 5 remote-address ipv4 remote_IP_address/prefix
Example:
Step 6 local-id host address
Example:
host1/Admin(config-sbc-sbe-adj-sip)# local-id
host 88.88.101.11
Configures the local identity name on a SIP adjacency.
Example:
use.
Example:
adjacency to use.
Example:
host1/Admin(config-sbc-sbe-adj-sip)# account
sip-vrf1
Defines the SIP adjacency as belonging to an account on an
SBE.
Step 10 media-bypass
Example:
media-bypass
(Optional) Configures the adjacency to allow media traffic to
bypass the DBE.
This command is optional and only works on one adjacency.
Example:
media-bypass-forbid
Configures the SIP adjacency to forbid media traffic to
bypass the DBE.
If this is not configured, media traffic for calls originating
and terminating on this adjacency flows directly between
the endpoints and does not pass through the DBE, as long as
both adjacencies are on the same VPN.
10-14
OL-13499-04
Configuring DBE with VRFDistributed Model Only
This task configures DBE with VRF in the distributed model.
SUMMARY STEPS
1. configure
2. sbc sbc-name
3. dbe
4. vdbe global
5. unexpected-source-alerting
6. local-port abcd
7. control-address h248 ipv4 A.B.C.D
8. controller h248 controller-index
9. remote-address ipv4 remote-address
10. remote-port [port-num]
11. transport [udp | tcp]
12. attach-controllers
13. media-address pool ipv4 A.B.C.D E.F.G.H vrf vrfname
14. media-timeout timeout
15. overload-time-threshold time
16. deact-mode
17. activate
Step 12 attach
Example:
10-15
OL-13499-04
DETAILED STEPS
Step 1 configure
Example:
Accesses the configuration mode.
Step 2 sbc sbc-name
Example:
configuration mode.
Step 3 dbe
Example:
Creates the DBE service on an SBC and enter into the
Step 4 vdbe [global]
Example:
Step 5 unexpected-source-alerting
Example:
Sets alerting for unexpected source addresses.
The no form of this command removes alerting for any
unexpected source addresses that are received.
Step 6 local-port {abcd}
Example:
host1/Admin(config-sbc-dbe)# local-port 5090
Configures a DBE to use a specific local port.
Step 7 control-address h248 ipv4 A.B.C.D
Example:
host1/Admin(config-sbc-dbe)# control-address
h248 ipv4 10.0.0.1
Configures a DBE to use a specific IPv4 H.248 control
address.
Step 8 controller h248 controller-index
Example:
host1/Admin(config-sbc-dbe)# controller h248 1
Identifies the H.248 controller for the DBE and enters into
Controller H.248 configuration mode.
Step 9 remote-address ipv4 remote-address
Example:
host1/Admin(config-sbc-dbe-vdbe-h248)#
Configures the IPv4 remote address of the H.248 controller.
10-16
OL-13499-04
Configuration Examples for Implementing Multi-VRF
This section provides the following configuration examples:
Configuring Multi-VRF: Example, page 10-17
Associating an H.323 Adjacency with a VRF: Example, page 10-18
Associating a SIP Adjacency with a VRF: Example, page 10-18
Step 10 remote-port [port-num]
Example:
host1/Admin(config-sbc-dbe-h248)# remote-port
2094
Defines the port to connect to on the SBE for an H.248
controller.
Step 11 transport udp
Example:
host1/Admin(config-sbc-dbe-h248)# transport udp
Configures a DBE to use User Datagram Protocol (UDP) for
H.248 control signaling.
Step 12 attach-controllers
Example:
host1/Admin(config-sbc-dbe)# attach-controllers
Configure a DBE to attach to an H.248 controller.
Step 13 media-address pool ipv4 A.B.C.D E.F.G.H vrf
vrfname
Example:
host1/Admin(config-sbc-dbe)# media-address pool
ipv4 10.10.10.1 10.10.10.20 vrf my_vrf1
Create a pool of sequential IPv4 media addresses for an
IPv4 address associated with a specific VRF instance.
context name.
Step 14 media-timeout timeout
Example:
host1/Admin(config-sbc-dbe)# media-timeout 10
Sets the maximum time a DBE waits after receiving the last
media packet on a call and before cleaning up the call
resources.
Step 15 overload-time-threshold time
Example:
host1/Admin(config-sbc-dbe)#
Configures the threshold for media gateway (MG) overload
control detection.
Step 16 deact-mode normal
Example:
host1/Admin(config-sbc-dbe)# deactivation-mode
normal
Specifies that the DBE of an SBC signals a service change
and terminates all calls upon deactivation of the DBE
service.
Step 17 activate
Example:
Initiates the SBC service.
10-17
OL-13499-04
Configuring DBE with VRF (Distributed Model Only): Example, page 10-21
Configuring Multi-VRF: Example
This sample configuration shows how the Service Virtual Interface (SVI) and adjacencies are added to
associate a VPN to them.
1. Configure the line card interface associated with vrf my_vrf1 on Supervisor.
vrf definition my_vrf1
rd 55:1111
!
address-family ipv4
exit-address-family
!
2. Configure the line card interface associated with vrf my_vrf1 on supervisor.
description ''Connected to CAT-3550-101 Fa 0/13 vlan919''
vrf forwarding my_vrf1
ip address 10.122.3.3 255.255.255.0
interface Vlan 99
ip address 99.101.1.1 255.255.255.0
!
3. Configure the context on ACE card and assign the VLAN.
context my_vrf1
allocate-interface vlan 99
4. Configure the FT group.
Note You must configure the FT group 1 with the default (Admin) context (in this instance,
my_vrf1).
ft group 1
peer 1
priority 127
peer priority 126
associate-context my_vrf1
inservice
5. Configure the interface on my_vrf1 context for which you need to use change to CLI for changing
the context.
ACE-101-UUT1-1/Admin# changeto my_vrf1
ACE-101-UUT1-1/my_vrf1#
interface vlan 99
ip address 99.101.1.2 255.255.255.0
alias 99.101.1.100 255.255.255.0
peer ip address 99.101.1.3 255.255.255.0
no shutdown
ip route 10.0.0.0 255.0.0.0 99.101.1.1
ip route 100.0.0.0 255.0.0.0 99.101.1.1
6. Configure the DBE.
10-18
OL-13499-04
dbe
media-address pool ipv4 88.88.101.12 88.88.101.15 vrf my_vrf1
activate
DNS Query Configuration: Example
This sample configuration configures a DNS query.
context vrf110
context vrf120
sbc mysbc
sbe
sip dns
cache-lifetime 6000
cache-limit 100
...
adjacency sip sip1
vrf vrf110
...
adjacency sip sip2
vrf vrf120
...
ip domain-lookup
ip domain-name test.com
ip name-server 192.168.110.2
ip domain-lookup
ip domain-name test1.com
ip name-server 192.168.120.2
Associating an H.323 Adjacency with a VRF: Example
This sample configuration creates an H.323 adjacency associated with a VPN.
adjacency h323 h323my_vrf1
vrf my_vrf1
signaling-port 1720
account h323-my_vrf1
attach
Associating a SIP Adjacency with a VRF: Example
This example configuration creates a SIP adjacency associated with a VPN. Note that there is an ft group
configured for each context.
10-19
OL-13499-04
ft interface vlan 99
ip address 10.10.10.15 255.255.255.0
peer ip address 10.10.10.16 255.255.255.0
no shutdown
ft peer 1
heartbeat count 10
ft group 1
peer 1
priority 127
peer priority 126
inservice
ip route 10.10.0.0 255.255.0.0 101.101.101.100 ip route 20.20.20.0 255.255.255.0
101.101.101.4
context vlan100
description vlan100
ft group 2
peer 1
priority 127
peer priority 126
associate-context vlan100
inservice
username admin password 5 $1$faXJEFBj$TJR1Nx7sLPTi5BZ97v08c/ role Admin domain
default-domain username www password 5 $1$UZIiwUk7$QMVYN1JASaycabrHkhGcS/ role Admin
domain default-domain
sbc mysbc
sbe
adjacency sip 7200-1
vrf vlan100
inherit profile preset-core
preferred-transport udp
redirect-mode pass-through
authentication nonce timeout 300
signaling-port 5061
dbe-location-id 0
account sip-core
attach

vrf vlan100
inherit profile preset-access
signaling-port 5060
dbe-location-id 0
account sip-core
attach
10-20
OL-13499-04

vrf vlan100
nat force-on
inherit profile preset-core
signaling-port 5063
dbe-location-id 0
account sip-core
reg-min-expiry 3000
attach

sip inherit profile preset-standard-non-ims
retry-limit 3
call-policy-set 1
first-call-routing-table invite-table
first-reg-routing-table start-table
rtg-src-adjacency-table invite-table
entry 1
action complete
dst-adjacency 7200-2
match-adjacency 7200-3
entry 2
action complete
rtg-src-adjacency-table start-table
entry 1
action complete
entry 2
action complete
complete

network-id 2
sip max-connections 2
sip timer
tcp-idle-timeout 120000
tls-idle-timeout 3600000
udp-response-linger-period 32000
udp-first-retransmit-interval 500
udp-max-retransmit-interval 4000
invite-timeout 180
blacklist
global

redirect-limit 2
deact-mode normal
activate
10-21
OL-13499-04
dbe
media-address ipv4 101.101.101.160 vrf vlan100 port-range 11000 20000 any
location-id 0
media-timeout 30
deact-mode normal
activate
newace4/Admin# changeto vlan100
newace4/vlan100# sh run
interface vlan 100
ip address 101.101.101.1 255.255.255.0
alias 101.101.101.3 255.255.255.0
peer ip address 101.101.101.2 255.255.255.0
no shutdown
ip route 0.0.0.0 0.0.0.0 101.101.101.100
Configuring DBE with VRF (Distributed Model Only): Example
In this example, a context called my_vrf1 is created and a VLAN is allocated for my_vrf1.
context my_vrf1
A fault-tolerant group is created and associated with the context my_vrf1.
ft group 2
peer 1
priority 127
peer priority 126
associate-context my_vrf1
inservice
An SBC is configured with a media address associated to the my_vrf1 context.
sbc j
dbe
vdbe global
local-port 2985
controller h248 1
remote-port 2985
transport udp
attach-controllers
media-address ipv4 97.97.29.100 vrf my_vrf1
media-address pool ipv4 87.87.29.100 87.87.29.101
media-timeout 3600
10-22
OL-13499-04
deact-mode normal
activate
(in the newly created context my_vrf1)
An VLAN interface is created
interface vlan 97
ip address 97.97.29.2 255.255.255.0
alias 97.97.29.100 255.255.255.0
peer ip address 97.97.29.252 255.255.255.0
no shutdown
ip route 200.200.200.0 255.255.255.0 97.97.29.1
ip route 20.20.29.0 255.255.255.0 97.97.29.1
The VLAN interface is associated with my_vrf1 on the supervisor engine:
interface Vlan 97
ip address 97.97.29.1 255.255.255.0
C H A P T E R
11-1
OL-13499-04
11
Implementing SBC Adjacencies
Accounts and adjacencies are the key objects used to control signaling. An account represents a service
relationship with a remote organization on the signaling border element (SBE), with which the Session
Border Controller (SBC) will interact. Within each account, the user defines one or more signaling
adjacencies, which connect the SBC to devices within that organization. The account is used to:
Define customer-specific admission control
Define routing policy configurations
Organize billing records
An adjacency represents a signaling relationship with a remote call agent. There is one adjacency defined
per external call agent. The adjacency is used to define protocol-specific parameters as well as admission
control and routing policy. Each adjacency belongs within an account.
Each incoming call is matched to an adjacency, and each outgoing call is routed out over a second
adjacency. Adjacencies can also be associated with a media gateway location, so that the most
appropriate virtual data border element (vDBE) can be selected for a given call leg. Typically, an SBC
has at least one account representing the internal network.
You can assign each adjacency to an adjacency group, so you can enable and disable features per
interface. For example, you can turn off high bandwidth features on all adjacencies to customers on a
known low-bandwidth link.
Note For ACE SBC Release 3.0.00, this feature is supported in the unified model only.
Controller Commands.. To locate documentation for other commands that appear in this chapter, use
the command reference master index, or search online.
Feature History for Implementing SBC Adjacencies
ACE SBC Release 3.1.00 Added support for improved fast register. This feature maintains
registration data for each registered source address and examines
inbound register messages to determine whether to handle the message
locally or forward it to the SBC.
Added support for SIP Statistics Per Adjacency.
Added support for SIP PING Messages.
11-2
OL-13499-04
Contents
Contents
Prerequisites for Implementing Adjacencies, page 11-2
Information About Implementing Adjacencies, page 11-2
How to Implement Adjacencies, page 11-8
SIP Statistics Per Adjacency, page 11-19
Configuration Examples for Implementing Adjacencies, page 11-23
SIP UAS Failure Detection, page 11-28
SIP Outbound Flood Protection, page 11-30
Prerequisites for Implementing Adjacencies
The following prerequisites are required to implement adjacencies:
commands. For more information, see the Application Control Engine Module Administration
Guide at
186a00806838f4.html.
Before implementing adjacencies, the SBC must already be created. See the procedures described
in Chapter 2, ACE Configuration Prerequisites for the SBC.
Information About Implementing Adjacencies
Adjacencies are used to enable call signaling between the SBE and other voice over IP (VoIP) devices.
The SBC supports adjacencies in both Session Initiation Protocol (SIP) and H.323 network deployments.
In a SIP network, the devices might be user agents, proxies, softswitches, or back-to-back user
agents (B2BUAs). When you configure a SIP adjacency, the SBE functions as a B2BUA within the
SIP network.
In an H.323 network, the devices might be terminals, gateways, or gatekeepers. When you configure
an H.323 adjacency, the SBC functions as a gateway within the H.323 network.
Adjacencies can represent both trunking and subscriber signaling relationships. The network topology
and configuration of an adjacency determine its role.
Further overview details about implementing adjacencies are described in the following sections:
Properties Common to Both SIP and H.323 Adjacencies
About SIP Adjacencies in the Deployment
About H.323 Adjacencies in the Deployment
How Adjacencies Affect Media Routing
11-3
OL-13499-04
Properties Common to Both SIP and H.323 Adjacencies
The following properties are common to both SIP and H.323 adjacencies:
Adjacencies are known by name. The name makes it easy for an SBC policy to reference the
adjacency.
An adjacency has a local address and port for incoming call setup. The IP address must be an address
that matches the VLAN interface alias.
An adjacency has a peer address and port. This is the point of contact for outgoing calls. In the SIP
case, this is only true if the "force-signaling-peer" option is set for that adjacency.
An adjacency forms the output of a routing policy decision. In other words, the routing phase for a
call results in selection of an outgoing adjacency for that call. Normally, adjacency selection is done
based on a destination telephone number prefix. However, two adjacencies can also be bridged
together by using a source adjacency as a routing input.
About SIP Adjacencies in the Deployment
Figure 11-1 shows a simple SIP network where:
SIP subscribers register with the SIP proxy, which acts as a single point of contact for all of them.
The softswitch is a gateway between the SIP network and the public switched telephone network
(PSTN).
The softswitch routing policy assigns a particular phone prefix to each SIP proxy, allowing calls
from the PSTN network to be routed through the proxy to a given subscriber. (In other deployments,
subscribers may register directly with a softswitch without going through a proxy first.)
Figure 11-1 SIP Network
Figure 11-2 shows placement of an SBC in two possible positions within the SIP network, with the
adjacencies noted. Each adjacency enables call setup to one or more neighboring devices, as follows:
ADJ_SIP1A allows call setup between SBC1 and the softswitch.
ADJ_SIP1B allows call setup between SBC1 and the proxy.
ADJ_SIP2A allows call setup between SBC2 and the proxy.
ADJ_SIP_SUBSCRIBERS allows call setup between SBC2 and the subscribers.
Softswitch
SIP proxy
Registration
SIP subscribers
1
5
8
0
0
4
IP IP IP IP
Call setup
Call setup
11-4
OL-13499-04
In the case of SBC2, SIP registrations are being routed through the SBC. Registrations received on
ADJ_SIP_SUBSCRIBERS are being routed to the proxy over ADJ_SIP2A.
The key difference between subscriber and nonsubscriber adjacencies is that:
Nonsubscriber adjacencies have a configured single point of contact, the peer address for the
adjacency.
Subscriber adjacencies do not have a single point of contact and are instead configured to accept
registrations.
SIP registrations require a routing policy to determine which is the correct outgoing adjacency for a
given registration. This works in a very similar way to a call routing policy. See the procedures described
in the Implementing SBC Policies module.
Figure 11-2 Adjacencies in a SIP Network Deployment
The SBC can operate in non-IMS networks using one of three different non-IMS profiles:
An access adjacency faces user equipment, such as a subscriber's telephone, or other SIP device.
A core adjacency links the access adjacency to the registrar.
Peering adjacencies link one registrar to another.
By configuring each of these different types of adjacency with a profile, you can make efficiency and
occupancy gains. For example, the SBC will not store registration information from messages received
from peering adjacencies.
The differences between the above profiles against registrations and calls is as follows:
Softswitch
Registration
SIP subscribers
1
5
8
0
0
5
IP IP IP IP
Registration Call setup
Call setup
Call setup
Call setup
ADJ_SIP1A
ADJ_SIP1B
ADJ_SIP2A
SIP proxy Adjacencies
SBC1
ADJ_SIP_SUBSCRIBERS
SBC2
11-5
OL-13499-04
RegistrationsWhen a subscriber successfully registers from an access adjacency, the SBC
remembers the subscriber's registration details for later use. SBC does not store this information on
core or peering adjacencies.
CallsWhen an outgoing call is received from an endpoint on an access adjacency, the SBC checks
to see if the subscriber is registered. If the subscriber is registered, the SBC applies subscriber
policy to the call. Note that subscribers do not have to be registered to make an outgoing call.
When a call is received on a core adjacency, the SBC checks to see if the endpoint is registered. If
the endpoint is registered, the SBC can apply subscriber policy and route the call to the appropriate
access adjacency. Additionally, if the registered subscriber is known to be behind a NAT, the SBC
configures the call to traverse the NAT. If the endpoint is not registered, the SBC applies routing
policy instead, and routes the call to the appropriate adjacency.
About H.323 Adjacencies in the Deployment
Figure 11-3 shows a simple H.323 network where:
H.323 terminals and gateway both register with the gatekeeper.
Prior to placing a call, an endpoint resolves the destination address with the gatekeeper.
Call signaling flows directly between endpoints (whether terminals or gateway).
Figure 11-3 H.323 Network
Figure 11-4 shows a possible deployment of an SBC in the network, with two adjacencies noted. Each
adjacency allows call setup to one or more neighboring devices.
ADJ_H3231A allows call setup between the SBC and the gateway.
ADJ_H3231B allows call setup between the SBC and the terminals.
An H.323 adjacency may or may not be registered with a gatekeeper. In Figure 11-4, ADJ_H3231B is
registered with a gatekeeper and ADJ_H3231A is not.
Gatekeeper adjacencies can set up calls to multiple endpoints. Their peer address is set to the address
of the gatekeeper.
Non-gatekeeper adjacencies can set up calls to a single remote endpoint. Their peer address is set to
that of the endpoint (for example, a gateway).
Gateway
H.323
terminals
H.323
gatekeeper
1
5
8
0
0
6
IP IP
Registration
and address
resolution
Call setup
11-6
OL-13499-04
Figure 11-4 Adjacencies in an H.323 Network Deployment
How Adjacencies Affect Media Routing
For a distributed SBC deployment, each adjacency is configured with a media location. The media
location is an ID used to select the data border elements (DBEs) suitable for relaying media traffic for
calls set up over the adjacency.
If a call is routed out over the same or different adjacency, the media may bypass a DBE. The media
bypass feature allows the media packets to bypass the SBC to enable the endpoints to communicate
directly to each other. Media packets flow directly without going through the DBE component of the
SBC after the call signaling is done. Signaling packets still flow through the SBC as usual.
The configuration is set per adjacency, and allows media bypass across different adjacencies.
Media-bypass configuration is enabled under adjacency configuration. Media bypass is useful when two
endpoints are on the same subnet, but the DBE is located elsewhere on the network.
Figure 11-5 and Figure 11-6 illustrate how adjacency configuration controls media routing. In this
example:
Adjacency A connects to Peer1
Adjacency B connects to Peer2a and 2b
Adjacency C connects to Peer3
Adjacencies A and B are configured with media location 1. In other words, calls routed over them will
use the same DBE (or set of DBEs) for media. Adjacency C is configured with media location 2.
Gateway
H.323
terminals
H.323
gatekeeper
SBC1
2
4
1
9
6
6
Registration
and address
resolution
Call setup
Adjacencies
Call setup
ADJ_H.3231A
ADJ_H.3231B
IP IP
11-7
OL-13499-04
Figure 11-5 How Adjacency Configuration Controls Media Routing
Now consider three calls: Peer1-Peer3, Peer1-Peer2a, and Peer2a-Peer2b. The media for these calls is
routed as shown in Figure 11-6.
The first call traverses two adjacencies with different media locations. Its media is relayed through
two DBEs.
The second call traverses two adjacencies with the same media location. Its media is relayed through
a single DBE.
The third call traverses a single adjacency with media by pass enabled. Its media is sent directly
between the two peers without involving a DBE.
Figure 11-6 Media Routing for Three Calls: Peer1-Peer3, Peer1-Peer2a, and Peer2a-Peer2b
SBE
1
5
8
0
0
8
Peer1
Call setup
Call setup
Adjacency A
media location = 1
Adjacency C
media location = 2
Adjacency B
media location = 1
media bypass = TRUE
Peer3
Peer2a
Peer2b
DBE
(media
location 1)
1
5
8
0
0
9
Peer1
Peer2a
Peer2b
V
DBE
(media
location 2)
V
Peer3
11-8
OL-13499-04
How to Implement Adjacencies
Adjacencies are the key objects used to control signaling. The user defines one or more signaling
adjacencies, which connect the SBC to devices within that organization. Each incoming call is matched
to an adjacency, and each outgoing call is routed out over an adjacency. The adjacencies are then attached
to the appropriate account. Adjacencies can be associated with a media gateway DBE location, so that
the most appropriate DBE can be selected to route media for a given call leg.
Note The default behavior for SBC is to route INVITE requests to the device specified in the Request URI. If
instead, the user wishes requests to be routed to the signaling peer, then 'force-next-hop behavior should
be enabled by configuring the force-signaling-peer command on the outbound adjacency.
The following sections describe implementing an H.323 adjacency and a SIP adjacency, depending on
your implementation requirements:
Configuring Force-Signaling-Peer Adjacency
Assigning H.323 Adjacencies to Adjacency Groups
Configuring a SIP Adjacency
Assigning SIP Adjacencies to Adjacency Groups
Configuring Force-Signaling-Peer Adjacency
This task configures a force-signaling-peer adjacency.
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
5. force-signaling-peer
6. attach
7. exit
11-9
OL-13499-04
DETAILED STEPS
Configuring an H.323 Adjacency
This task configures an H.323 adjacency.
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
Step 1 configure
Example:
Example:
host1/Admin(config)# sbc umsbc-node10
service.
Step 3 sbe
Example:
Enters the mode of an SBE entity within an SBC service.
Example:
2651XM-5
Enters the mode of a SIP adjacency.
H.323 adjacency.
Step 5 force-signaling-peer
Example:
force-signaling-peer
Forces SIP messages to go to the configured signaling peer.
Step 6 attach
Example:
Step 7 exit
Example:
host1/Admin(config-sbc-sbe-acc-ser)# exit
Exits the sip mode to the sbe mode.
11-10
OL-13499-04
9. remote-address ipv4 ip-address ip-mask
11. attach
12. exit
18. remote-address ipv4 ipv4_IP_address/prefix
20. show services sbc sbe adjacencies detail
21. attach
22. exit
DETAILED STEPS
Step 1 configure
Example:
Example:
service.
Step 3 sbe
Example:
Example:
2651XM-5
H.323 adjacency.
11-11
OL-13499-04
Example:
adjacency.
Example:
signaling-port 5000
Example:
to use.
Example:
adjacency to use.
Step 9 remote-address ipv4 ip-address ip-mask
Example:
Example:
core-sided
an SBE.
Step 11 attach
Example:
Step 12 exit
Example:
host1/Admin(config-sbc-sbe-adj-h323)# exit
Exits the adj-h323 mode to the sbe mode.
Example:
2651XM-6
H.323 adjacency.
11-12
OL-13499-04
Example:
adjacency.
Example:
signaling-port 5050
Example:
to use.
Example:
adjacency to use.
Example:
remote-address ipv4 10.10.l19.0/24
Example:
node-side
an SBE.
Step 20 show services sbc sbe adjacencies detail
Example:
host1/Admin(config-sbc-sbe-adj-h323)# show
services sbc sbc sbe adjacencies sip-shanghai
detail
Shows all the fields specified SIP adjacency.
Step 21 attach
Example:
Step 22 exit
Example:
11-13
OL-13499-04
Assigning H.323 Adjacencies to Adjacency Groups
Use the procedure in this section to assign an H.323 adjacency to an adjacency group.
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
5. group adjacency-group-name
6. exit
DETAILED STEPS
Step 1 configure
Example:
Example:
service.
Step 3 sbe
Example:
Example:
2651XM-5
H.323 adjacency.
Step 5 group adjacency-group-name
Example:
host1/Admin(config-sbc-sbe-adj-h323)# group
isp1
Assigns the H.323 adjacency to an adjacency group.
Use the adjacency-group-name argument to define the
group name.
Step 6 exit
Example:
11-14
OL-13499-04
Configuring a SIP Adjacency
Caution Adjacencies can only be modified when the status is detached. Use the no attach force command to
force the adjacency to go to the detached state.Use the show services sbc adjacencies command to check
the state. To modify an adjacency, use the no attach command first. When a call is active or when the
ping enable feature is running, the adjacency stays in the going down state. During this state, existing
calls are not torn down and new calls are not accepted. The adjacency will not go to detached until all
calls have ended. An adjacency cannot be attached until the adjacency goes to detached.
Note For User-to-Network Interface (UNI) registration support for a SIP inherit profile, you have the option
of using the default value or a a preset-core value. When using the default value for those adjacencies
without specific per-adjacency configuration, the sip inherit profile preset-core command in the SBE
configuration mode (config-sbc-sbe) is applied to the adjacencies by default, and UNI registration
support is enabled for this default configuration. When configuring a a preset-access or a preset-core
value, use the inherit profile preset-access command on the adjacency facing subscribers and the
inherit profile preset-core command on the adjacency facing the the SIP proxy. If you use other
combinations (for example, if both the inbound and outbound adjacencies are configured as preset-core,
the SBC does not store the registration information, nor does it rewrite the Contact: header to make sure
that it is on the signaling path of future messages.
This task configures two session initiation protocol (SIP) adjacencies. The first adjacency is configured
for a gateway/endpoint. The second adjacency is configured with proxy/softswitch.
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
4. sip inherit profile {preset-ibcf-ext-untrusted | preset-ibcf-external | preset-ibcf-internal |
preset-p-cscf-access | preset-p-cscf-core | preset-standard-non-ims}
9. signaling-peer peer_address
12. registration rewrite-register
13. attach
14. exit
11-15
OL-13499-04
16. inherit profile {preset-access | preset-core | preset-ibcf-ext-untrusted | preset-ibcf-external |
preset-ibcf-internal | preset-p-cscf-access | preset-p-cscf-core | preset-peering |
preset-standard-non-ims}
20. fast-register disable
21. signaling-peer peer_name
24. registration target address host_address
25. registration target port port_num
26. attach
27. exit
28. show
DETAILED STEPS
Step 1 configure
Example:
Example:
service.
Step 3 sbe
Example:
Step 4 sip inherit profile {preset-ibcf-ext-untrusted
| preset-ibcf-external | preset-ibcf-internal |
preset-p-cscf-access | preset-p-cscf-core |
Example:
host1/Admin(config-sbc-sbe)# sip inherit
profile preset-standard-non-ims
Configures the global default inherit profile for all
adjacencies.
Example:
sipGW
service.
11-16
OL-13499-04
Example:
adjacency.
Example:
signaling-port 5060
Example:
remote-address ipv4 10.10.121.0/24
Example:
use.
Example:
adjacency to use.
Example:
iosgw
SBE.
Step 12 registration rewrite-register
Example:
registration rewrite-register
Configures SIP REGISTER request rewriting.
Step 13 attach
Example:
Step 14 exit
Example:
Exits adj-sip mode to sbe mode.
11-17
OL-13499-04
Example:
host1/Admin(config-sbc-sbe-adj-sip)# adjacency
sip sipPROXY
service.
Step 16 inherit profile {preset-access | preset-core |
preset-ibcf-ext-untrusted |
preset-ibcf-external | preset-ibcf-internal |
preset-peering | preset-standard-non-ims}
Example:
host1/Admin(config-sbc-sbe-adj-sip)# inherit
profile preset-standard-non-ims
Configures an inherit profile for the SIP adjacency.
Example:
adjacency.
Example:
signaling-port 5060
Example:
Step 20 fast-register disable
Example:
fast-register disable
Disables fast register support on the SIP adjacency.
Example:
use.
Example:
adjacency to use.
11-18
OL-13499-04
Assigning SIP Adjacencies to Adjacency Groups
Use the procedure in this section to assign an SIP adjacency to an adjacency group.
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
5. group adjacency-group-name
6. exit
7. show
Example:
COREvlan
SBE.
Step 24 registration target address host_address
Example:
registration target address 200.200.200.98
Sets the address to use if rewriting an outbound SIP
REGISTER request.
Step 25 registration target port port_num
Example:
registration target port 5060
Sets the port to use if rewriting an outbound SIP REGISTER
request.
Step 26 attach
Example:
Step 27 exit
Example:
Step 28 show
Example:
host1/Admin(config-sbc-sbe)# show
Shows contents of configuration.
11-19
OL-13499-04
DETAILED STEPS
The SIP Statistics Per Adjacency feature allows you to configure the collection of SIP message statistics
at the level of adjacencies. Previously, no statistics were recorded for SIP adjacencies. With this feature
enabled, you can tune the level of statistics setting on an SIP adjacency to get summary or detailed SIP
statistics for each SIP adjacency.
Step 1 configure
Example:
Example:
service.
Step 3 sbe
Example:
Example:
sipGW
service.
Step 5 group adjacency-group-name
Example:
host1/Admin(config-sbc-sbe-adj-sip)# group
InternetEth0
Assigns the SIP adjacency to an adjacency group.
Use the adjacency-group-name argument to define the
group name.
Step 6 exit
Example:
Step 7 show
Example:
host1/Admin(config-sbc-sbe)# show
Shows contents of configuration.
11-20
OL-13499-04
Restrictions for SIP Statistics Per Adjacency
Some SIP messages are not assigned to an adjacency and, therefore, are not counted by the per-adjacency
method statistics. This includes inbound requests that are rejected or dropped before being assigned to
an adjacency.
Inbound SIP requests that are rejected include:
Failure to identify essential headers or parameters in the request including:
Request-URI
Request method
Via header
CSeq header
To header
From header
Call-ID header
Contact header
Failure to parse any header present in request, including:
All the headers listed under the previous bullet
Supported
Require
Content-Type
Replaces
Referred-By
RAck
Session-Expires
Event
To: tag present but doesn't match SBC-specific format
Route header present but cannot be parsed
Transport parameter in Via header does not match received transport
Resource failures in SIP stack
Failure to match an in-dialog request to an existing dialog / transaction / subscription
Glare detection
11-21
OL-13499-04
Inbound SIP requests that are dropped include:
ACK to INVITE for which SBC has not transmitted a final response
ACK to negative final response
ACK not matched to INVITE transaction
Retransmitted requests
Pathological syntax errors (failure to identify message as a request)
The following inbound responses are dropped or converted to internal 5xx before being assigned to an
adjacency:
Note 2xx responses containing syntax errors are passed up to the SIP signaling stack and 3-6xx
responses containing syntax errors are converted to internal 5xx responses before being
passed up to the SIP signaling stack.
Resource failures in SIP stack encountered when processing response
100 Trying responses
CANCEL responses
Retransmitted responses
Syntax errors encountered when parsing / validating 1xx responses, including
Detection of multiple Via headers
Parse errors in any of the following headers, if present
Require
Supported
Session-Expires
Min-SE
Expires
Pathological syntax errors (failure to identify message as a response)
Additionally, the following are not included in the statistics:
Fast-register requests/response
SIP PING requests/response
Configuring SIP Statistics Per Adjacency
Use the procedure in this section to configure the SIP Statistics per adjacency.
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
5. statistics-setting summary/detail
11-22
OL-13499-04
6. exit
DETAILED STEPS
The following example shows the output of the show services sbc sbe sip-method-stats command.
host1/Admin# show services sbc one sbe sip-method-stats sip-inbound1 invite current15
SBC Service ''one''
Adjacency sip-inbound1 (SIP)
Statistics for SIP method INVITE
Total request recieved :0
Total request sent :0
Total 1xx response received :0
Total 1xx response sent :0
Step 1 configure
Example:
Example:
service.
Step 3 sbe
Example:
Example:
sipGW
service.
Step 5 statistics-setting summary/detail
Example:
statistics-setting summary
Enables summary statistics or detailed response-codes
statistics recording on this SIP adjacency.
Step 6 exit
Example:
11-23
OL-13499-04
Configuration Examples for Implementing Adjacencies
Other response received :0
Other response sent :0
Configuring an H.323 Adjacency: Examples
Configuring a SIP Adjacency: Example
Configuring an H.323 Adjacency: Examples
This section contains two example H.323 adjacency configurations:
H.323 Adjacency Example 1 (Two Gateways/Endpoints)
H.323 Adjacency Example 2 (Gatekeeper in Network)
H.323 Adjacency Example 1 (Two Gateways/Endpoints)
In this example, the configuration is performed to support SBC peering with two H.323
gateways/endpoints in two different networks (as shown in shown in Figure 11-7).
Figure 11-7 SBC with Two H.323 Gateways/Endpoints in Two Different Networks
1. Go SBE submode.
configure
sbc umsbc-node10
sbe
V
2651XM-6
V
2651XM-5
SBC
1
5
8
0
1
0
11-24
OL-13499-04
2. Configure an H.323 adjacency name and type (as a result, you will be in the H.323 adjacency
submode).
adjacency h323 2651XM-5
3. Configure the local signaling address and port. All H.323 signaling traffic should be sent to this
address and port by the gateway (default port is 1720).
signaling-port 5000
4. Configure the signaling address and port for the peer gateway. SBC will send all H.323 signaling
traffic to this address and port.
5. Restrict the set of remote signaling peers contacted over the adjacency. To be successful, the address
of the endpoint originating or terminating the call should be within this subnet.
6. Configure the account that the adjacency will belong to.
account core-side
7. Attach the H.323 adjacency. On attaching, the adjacency is activated.
(When attached, no additional configuration changes can be made to the adjacency. To make
changes, execute the no attach command; then make changes and attach afterwards.)
attach
exit
8. Similarly, configure a second adjacency pointing to the gateway in another account, where the calls
will terminate (or vice versa).
adjacency h323 2651XM-6
signaling-port 5050
account node-side
attach
exit
9. Use the show command to verify that the adjacency is attached.
H.323 Adjacency Example 2 (Gatekeeper in Network)
In this example, there is a gatekeeper (as shown in Figure 11-8) in the network. Therefore, everything is
pointing to the gatekeeper on the remote side instead of the gateway; configuring a signaling port is not
required.
The keyword gk is added to the signaling-peer command and an alias is configured. The rest of the
configuration is the same as shown in H.323 Adjacency Example 1 (Two Gateways/Endpoints).
11-25
OL-13499-04
Figure 11-8 SBC with Two H.323 Gatekeepers in Two Different Networks
V
Phone A
Phone B
SBC
AR
AR
AR
AC
AC
AC
200 Net 10 Net
V
1
5
8
0
1
1
RRQ/
RRQ/
AR
AC
RRQ/
RRQ/
7206-GK-3 7206-GK-4
2651XM-5 2651XM-6
11-26
OL-13499-04
1. Go to SBE submode.
configure
sbc umsbc-node10
sbe
2. Configure an H.323 adjacency name signaling-peer gatekeeper, and alias.
adjacency h323 GK-3
alias SBC-GK3
3. Configure the local signaling address and port. All H.323 signaling traffic will be sent to this
address.
signaling-port 5001
4. Restrict the set of remote signaling peers contacted over the adjacency. To be successful, the address
of the endpoint originating or terminating the call should be within this subnet.
5. Configure the account that the adjacency will belong to.
account core-side
6. Attach the H.323 adjacency. On attaching, the adjacency is activated.
(When attached, no additional configuration changes can be made to the adjacency. To make
changes, execute the no attach command; then make changes and attach afterwards.)
attach
exit
7. Similarly, configure a second adjacency pointing to the gateway in another account (as shown in
Figure 11-8), where the calls will terminate (or vice versa).
adjacency h323 GK-4
alias SBC-GK4
signaling-port 5051
account node-side
attach
exit
8. Use the show command to verify that the adjacency is attached.
11-27
OL-13499-04
Configuring a SIP Adjacency: Example
The following example configures two SIP adjacencies. The first adjacency is configured for a
gateway/endpoint. The second adjacency is configured with proxy/softswitch.
1. Go to SBE submode:
sbc sip-signal
sbe
activate
exit
2. Activate DBE, as follows:
dbe
activate
exit
!
3. Create the SIP adjacencies, as follows:
sbc sip-signal
sbe
4. Create the SIP adjacency for gateway/endpoint:
adjacency sip sipGW
signaling-port 5060
account iosgw
attach
5. Create the SIP adjacency for proxy/softswitch:
adjacency sip sipPROXY
signaling-port 5060
account COREvlan
registration target address 200.200.200.98
registration target port 5060
attach
11-28
OL-13499-04
SIP UAS Failure Detection
A User Agent Server (UAS) is a logical entity that generates a response to a SIP request. UAS failure
detection is used to periodically monitor the state of a SIP network entity specified as the signaling peer
on a SIP adjacency. SIP OPTIONS messages are sent to these network entities as a ping mechanism and
a response from the device is expected. If a response is not received from the device it is considered
unreachable and removed from the routing calculations. Calls which cannot be routed through an
alternate device are immediately responded to with a 604 Does Not Exist Anywhere message.
SIP UAS Failure Detection enables the SBC to send a SIP OPTIONS message to the device specified in
the SIP Adjacency Destination Address. If an acceptable response is received within the SIP transaction
timeout period then the routing tables are updated and the device is considered routable.
A ping failure occurs when no acceptable response is received within the SIP transaction timeout period.
If ping-fail-count ping failures occur, then the device is considered to be unreachable. The signaling peer
is considered offline as far as routing is concerned. The SBC sends pings at the rate specified in the
period.
Use the procedure in this section to configure SIP UAS Failure Detection:
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
5. ping-enable
6. ping-interval interval
7. ping-lifetime duration
8. ping-fail-count fail-count
9. exit
DETAILED STEPS
Step 1 configure
Example:
Example:
service.
Step 3 sbe
Example:
11-29
OL-13499-04
SIP UAS Failure Detection: Example
In the following configuration example, PING is enabled on each of three adjacencies. A round robin
call policy is set so that calls are distributed between the three adjacencies in a weighted random manner.
If a UAS is unreachable, calls will be distributed between the remaining two adjacencies.
sbc mySBC
sbe
adjacency sip CallMgrA
ping-enable
ping-interval 5
ping-fail-count 3
ping-lifetime 32
attach
Example:
sipGW
service.
Step 5 ping-enable
Example:
ping-enable
Configures the adjacency to poll its remote peer by sending
SIP OPTIONS pings to it and enters the ping option
submode.
Step 6 ping-interval interval
Example:
host1/Admin(config-sbc-sbe-adj-sip-ping)#
ping-interval 100
Configures the interval between SIP OPTIONS pings sent
to the remote peer.
Step 7 ping-lifetime duration
Example:
ping-lifetime 100
Configures the duration for which SBC waits for a response
to an options ping for the adjacency.
Step 8 ping-fail-count fail-count
Example:
ping-fail-count 10
Configures the number of consecutive pings that must fail
before the adjacencies peer is deemed to be unavailable.
Step 9 exit
Example:
11-30
OL-13499-04
SIP Outbound Flood Protection

adjacency sip CallMgrB
signaling-peer 200.200.200.200.117
ping-enable
ping-interval 5
ping-fail-count 3
ping-lifetime 32
attach

adjacency sip CallMgrC
signaling-peer 200.200.200.200.115
ping-enable
ping-interval 5
ping-fail-count 3
ping-lifetime 32
attach
call-policy-set 1
first-call-routing-table DestAddr
rtg-dst-address-table DestAddr
entry 1
action next-table RoundRobin
match-address 12
prefix
rtg-round-robin-table RoundRobin
entry 1
action complete
dst-adjacency CallMgrB
entry 2
action complete
dst-adjacency CallMgrC
entry 3
action complete
dst-adjacency CallMgrA
complete
SIP Outbound Flood Protection protects other network elements from excessively high valid traffic in
unusual situations, such as a protection from a flood of generated BYE messages when a neighboring
network element fails.
SIP Outbound Flood Protection sets a maximum rate of outgoing request messages and prevents the rate
of outgoing request messages exceeding this maximum rate. If the limit is reached, outgoing requests
are failed or dropped instead.
SIP Outbound Flood Protection is an addition to the normal CAC policy mechanisms and does not
replace CAC policy. CAC policy allows fine grain control of calls, like, for example, rate limiting of
INVITE requests at configurable scopes. SIP Outbound Flood Protection is intended to provide a simple
overall rate limit for outgoing requests and is especially useful for requests that currently do not involve
CAC policy (such as BYE requests).
Flood protection may be required in the following situations:
11-31
OL-13499-04
Adjacent network element terminating If an adjacent network element terminates (either
normally or due to error) the SBC is likely to detect that the calls that used this element are dead at
approximately the same time and attempt to tear the calls down. With many active calls this can
generate a flood of BYE requests (normally two BYEs for each call).
Rather than allow these BYE messages to transiently overload other network signaling elements the
network administrator may prefer to drop or fail some BYE requests at the SBC.
Local removal of configuration in the SBC If a SIP adjacency is deconfigured using normal
deactivation mode then BYE requests will be sent for all active calls using the adjacency before they
are destroyed.
Again it may be desirable for to limit the rate of outgoing requests prevent other network elements
getting overloaded.
Use the procedure in this section to configure SIP Outbound Flood Protection:
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
5. outbound-flood-rate rate
6. exit
DETAILED STEPS
Step 1 configure
Example:
Example:
service.
Step 3 sbe
Example:
Example:
sipGW
service.
11-32
OL-13499-04
SIP Outbound Flood Protection: Example
The following configuration example sets an outbound flood rate of 100 outbound request signals per
second.
sbc mySBC
sbe
adjacency sip CallMgrA
outbound-flood rate 100
attach
Step 5 outbound-flood-rate rate
Example:
outbound-flood-rate 1000
Configures the maximum desired rate of outbound request
signals on this adjacency (excluding ACK/PRACK
requests) in signals per second.
Step 6 exit
Example:
C H A P T E R
12-1
OL-13499-04
12
Implementing SBC Billing
The Session Border Controller (SBC) billing component includes the following core features:
Compatibility with existing billing systemsTo be able to fit the SBC billing system easily into a
providers existing billing architecture is an important functional requirement. This requirement
entails the use of mechanisms to obtain billing information in a similar fashion to those of the
existing mechanisms.
Integration with next-generation technologies and solutionsEqually important as compatibility
with existing systems is the requirement to employ next-generation billing technologies, so that
service information from SBC, softswitches, voicemail and unified messaging applications, and so
on can be collated and billed in a distributed environment.
High availability and fault tolerance.
Flexible architecture.
The function of the billing component is:
Third-party integrated, distributed Remote Authentication Dial-In User Service (RADIUS)-based
call and event logging.
Note This feature is supported in the unified model only.
Note Before upgrading from Release ACE SBC 3.0.1 or ACE SBC Release 3.0.2 to ACE SBC Release 3.1.0,
you must unconfigure billing. After the upgrade, you can reconfigure billing.
For a complete description of commands used in this chapter, refer to the Cisco Session Border
Controller Commands chapter. To locate documentation for other commands that appear in this chapter,
use the command reference master index, or search online.
Feature History for Implementing SBC Billing
ACE SBC Release 3.1.00 Additional changes to SBC billing.
Added support for media information in billing.
ACE SBC Release 3.0.00 This feature was introduced on the Cisco 7600 series router along with
support for the SBC unified model.
12-2
OL-13499-04
Contents
Contents
Prerequisites for Implementing Billing, page 12-2
Information About Implementing Billing, page 12-2
How to Implement Billing, page 12-5
Configuration Example of Implementing Billing, page 12-10
Prerequisites for Implementing Billing
The following prerequisites are required to implement SBC billing:
at
186a00806838f4.html.
Before implementing interworking billing, the SBC must already be created. See the procedures
To implement billing on the signaling border element (SBE) you must obtain a unique network
element ID for the SBE from your network administrator. In addition, you must perform the
following tasks depending on what form of billing you require.
To implement integrated RADIUS-based call logging, you must first configure the RADIUS
server and set up the RADIUS network infrastructure.
Information About Implementing Billing
The following sections describe SBC billing topologies. It is critical to understand all SBC billing
features and capabilities before performing billing configurations for the SBC.
Integrated Billing Systems
Integrated billing is achieved through the PacketCable Event Messages architecture (see the PacketCable
1.5 Event Messages Specification; PKT-SP-EM1.5-I01-050128) as exemplified in Figure 12-1 where the
SBC is integrated into this architecture. As shown, the billing server and softswitch both support
PacketCable Event Messages.
ISP-A shows SBC operating in a unified model where the billing system is being deployed as a
distributed billing system consisting of three billing servers. The SBC can be configured to send to these
servers in a range of ways, such as to all three simultaneously, or to use one primary and two backups.
In the unified model, the system operates as follows:
The SBC produces event messages (EMs). These event messages are billable or other interesting
events, such as call start, call end, and media-type changes.
12-3
OL-13499-04
The SBC (and other elements of the system), which produces EMs, sends them in real time (or
batched up for network efficiency) using the RADIUS protocol to the billing server.
The billing server collates EMs into call detail records (CDRs). For an example of a CDR, see
Example for Event Messages from SBC to RADIUS Billing Server, page B-12.
Because the Cisco 7600 series routers do not have a local disk, local cache is not supported. In
releases before ACE SBC Release 3.1.00, this meant that if a billing server was unavailable, the EMs
are lost. With ACE SBC Release 3.1.00 two new commands are introduced to prevent losing the
EMs:
The server-retry disable command disables the SBC from automatically retrying a failed
RADIUS server.
The service sbc sbe radius accounting command reactivates connection between the SBC and
a RADIUS server after connectivity is lost or to restart billing after connectivity is restored.
ISP-B shows SBC operating in a distributed model where the billing system is being deployed using a
single billing server and a softswitch.
In the distributed model, the system operates as follows:
Only the SBE communicates with the billing server. That is, no event messages are generated by the
DBE. All media-specific information (for example: gate request information and media statistics) is
sent by the DBE to the SBE, which then generates event messages as required to send to the billing
servers.
The billing server collates billing information both from the SBE and the softswitch to provide the
ISP with a single billing point. The softswitch only interface to the billing service is one of the ways
service providers could use to get billing information. It is outside the scope of SBC billing.
Note The PacketCable 1.5 Event Messages Specification discusses sending the identifying information (the
BCID and FEID) on the outgoing INVITE and responding SDP so that correlation can be done between
the two sets of billing data. SBC does not support this mechanism for intra-domain or inter-domain
transmission. The billing server must perform the correlation using an alternative method (for example,
using the telephone numbers dialed and the time of the call).
Release 3.1.0 added support for media information to billing messages. Prior to Release 3.1.0, the
PacketCable event message (EM) billing interface did not report any of the properties of the media
streams associated with a call other than when the media stream begins and ends, the packets and octets
transmitted, and lost latency and jitter statistics.
Now the Support for Media Information feature defines a new proprietary RADIUS Vendor-Specific
Attribute that can be carried on the QoS_Commit and QoS_Release PacketCable messages.
Use the cdr media-info command to add this attribute to the billing messages to make stream creation
information available to PacketCable billing.
This attribute contains the following information:
The local IP address and port, and remote media endpoint IP address and port, used in the media
stream.
The direction of the media stream (that is, send-only, receive-only, send-and-receive or inactive).
The codecs negotiated for that media stream.
12-4
OL-13499-04
The bandwidth reserved for the media stream.
Restrictions for Media Information
The restrictions for Media Information are:
If an endpoint is behind a NAT, then the endpoint IP address cannot be obtained from the Session
Description Protocol (SDP) and instead is autodetected when the endpoint sends media packets.
This means that the remote address and port may not be known at the point that the gate is
committed; therefore, this information will not be available on the Media_Session_Desc attribute
that is sent on the QoS_Commit PacketCable message. Instead, a zero address is specified.
In particular, in a normal call setup and teardown when an endpoint is behind a NAT, there is no
remote address or port in the Media_Session_Desc sent on the QoS_Commit message, but the
correct remote address and port is in the Media_Session_Desc sent in the QoS_Release message.
The only case in which the SBC would never report a remote address and port is when the call ends
before any media packets have been sent so the remote address is never learnt by the MPF.
12-5
OL-13499-04
How to Implement Billing
Figure 12-1 Integrated Billing Deployment
The SBE can perform billing. The key objects to be configured for billing are the long duration checks
and the physical location of the cache. You can configure up to eight packetcable-em billing instances
(indexed 0-7).
follow the procedure in the following section:
Restrictions for Billing, page 12-6
Configuring Billing, page 12-6
ISP A
ISP B
Billing
server 1
Billing
server 2
Billing
server
IP phone
SBE
SBC Router
Billing
server 3
IP
IP phone
IP
SBE
DBE
Softswitch
Edge
router
Firewall
Telephone
V
Internet
1
4
9
6
0
7
12-6
OL-13499-04
Restrictions for Billing
The restrictions for configuring billing are:
You may not modify any billing configuration items if billing is active.
You may only modify the batch-time and batch-size commands when a method or the billing is
active; all other commands are not allowed. However, those are blocked when more than one method
exists.
You may not modify the ldr-check command at billing level if any methods have been defined.
You may not remove a RADIUS accounting client if it is currently assigned to a billing method.
A RADIUS accounting client must be defined before it is selected in a billing method.
A RADIUS accounting client can be assigned only to a single billing method.
The billing cannot be removed when active or when methods are configured.
The method packetcable command may not be removed while a packetcable-em configuration is
in place.
For PacketCable billing attributes, MTA-UDP_Port on QoS_Reserve, SF_ID, and QoS_Commit and
MTA_Endpoint_name on Signaling_Start messages will always be reported as 0 and 'MTA
Endpoint', respectively. These variables are not currently relevant to SBC processing.
Configuring Billing
This task defines how to configure billing configurations.
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
4. control address aaa ipv4 IP_address
5. radius authentication
6. activate
7. server
8. address ipv4 A.B.C.D.
9. exit
10. exit
11. radius accounting client-name
12. activate
13. concurrent-requests 0-4294967295
14. retry-interval range
15. retry-limit range
16. server server-name
17. address ipv4 A.B.C.D.
12-7
OL-13499-04
18. priority pri
19. key key
20. port port-num
21. exit
22. exit
23. billing
24. ldr-check {HH MM}
25. local-address ipv4 {A.B.C.D.}
26. method packetcable-em
27. packetcable-em method-index transport radius RADIUS-client-name
28. batch-size number
29. batch-time number
30. attach
31. exit
32. activate
DETAILED STEPS
Step 1 configure
Example:
Example:
service.
Step 3 sbe
Example:
Step 4 control address aaa ipv4 IP_address
Example:
host1/Admin(config-sbc-sbe)# control address
aaa ipv4 192.168.113.2
Configure an SBE to use a given IPv4 AAA control address
when contacting an authentication or billing server. This
address is a unique address within the signaling address.
Step 5 radius authentication
Example:
host1/Admin(config-sbc-sbe)# radius
authentication
Configures a RADIUS client for authentication purpose.
12-8
OL-13499-04
Step 6 activate
Example:
host1/Admin/Admin(config-sbc-sbe-acc)# activate
Activates the RADIUS server.
Step 7 server
Example:
host1/Admin(config-sbc-sbe-acc)# server castor
Enters a submode for configuring ordered lists of RADIUS
accounting servers.
Step 8 address ipv4 A.B.C.D.
Example:
host1/Admin(config-sbc-sbe-acc-ser)# address
ipv4 10.0.0.1
Configures the address of the RADIUS server.
Step 9 exit
Example:
Step 10 exit
Example:
host1/Admin(config-sbc-sbe-acc)# exit
Step 11 radius accounting client-name
Example:
host1/Admin(config-sbc-sbe)# radius accounting
set1
Enters the mode for configuring a RADIUS client for
accounting purposes.
Step 12 activate
Example:
host1/Admin(config-sbc-sbe-acc)# activate
Activates the RADIUS client.
Step 13 concurrent-requests 0-4294967295
Example:
host1/Admin(config-sbc-sbe-acc)#
concurrent-requests 34
Sets the maximum number of concurrent requests to the
RADIUS server.
Step 14 retry-interval range
Example:
host1/Admin(config-sbc-sbe-acc)# retry-interval
2000
Sets. the interval for resending an accounting request to the
RADIUS server.
Step 15 retry-limit range
Example:
host1/Admin(config-sbc-sbe-acc)# retry-limit 4
Sets the retry interval to the RADIUS server.
12-9
OL-13499-04
Step 16 server server-name
Example:
host1/Admin(config-sbc-sbe-acc)# server
Cisco-AR1-PC
Enters the mode for configuring an accounting server within
this client.
Step 17 address ipv4 A.B.C.D.
Example:
host1/Admin(config-sbc-sbe-acc-ser)# address
ipv4 200.200.200.153
Configures the address of an accounting server.
Step 18 priority pri
Example:
host1/Admin(config-sbc-sbe-acc-ser)# priority 2
Configures the priority of the accounting server. The pri
argument must be in the range of 1 to 10 (highest to lowest).
Step 19 key key
Example:
host1/Admin(config-sbc-sbe-acc-ser)# key cisco
Configures the RADIUS authentication key or shared secret
to be used for this accounting server.
Step 20 port port-numb
Example:
host1/Admin(config-sbc-sbe-acc-ser)# port 2009
Configures the port that the RADIUS server will use to
receive Access-Request or Accounting-Request packets,.
Step 21 exit
Example:
Step 22 exit
Example:
host1/Admin(config-sbc-sbe)# exit
Step 23 billing
Example:
host1/Admin(config-sbc-sbe)# billing
Configures billing policies.
Step 24 ldr-check {HH MM}
Example:
host1/Admin(config-sbc-sbe-billing)# ldr-check
22 30
Configures the time of day (local time) to run the Long
Duration Check (LDR).
Step 25 local-address ipv4 A.B.C.D.
Example:
host1/Admin(config-sbc-sbe-billing)#
local-address ipv4 10.20.1.1
Configure the local IPv4 address that appears in the CDR.
12-10
OL-13499-04
Configuration Example of Implementing Billing
The following example shows how to configure billing:
host1/Admin(config-sbc-sbe)# control address aaa ipv4 10.10.10.1 vrf default
host1/Admin(config-sbc-sbe)# radius authentication
host1/Admin/Admin(config-sbc-sbe-acc)# server cisco-auth
host1/Admin(config-sbc-sbe-acc-ser)# address ipv4 10.10.10.10
Step 26 method packetcable-em
Example:
host1/Admin(config-sbc-sbe-billing)# method
packetcable-em
Enables the packet-cable billing method.
Step 27 packetcable-em method-index transport radius
RADIUS-client-name
Example:
host1/Admin(config-sbc-sbe-billing)#
packetcable-em 4 transport radius test
Configures a packet-cable billing instance.
Step 28 batch-size number
Example:
host1/Admin(config-sbc-sbe-billing-packetcable-
em)# batch-size 256
Configures the maximum size of a batch when the batch
must be set immediately.
Step 29 batch-time number
Example:
em)# batch-time 22
Configures the maximum number of milleseconds for
which any record is held before the batch is sent.
Step 30 attach
Example:
em)# attach
Activates the billing for a RADIUS client.
Step 31 exit
Example:
em)# exit
Step 32 activate
Example:
host1/Admin(config-sbc-sbe-billing)# activate
Activates the billing instance after configuration is
committed.
12-11
OL-13499-04
host1/Admin(config-sbc-sbe)# radius accounting mars
host1/Admin(config-sbc-sbe-acc)# activate
host1/Admin(config-sbc-sbe-acc)# retry-interval 1000
host1/Admin(config-sbc-sbe-acc)# retry-limit 6
host1/Admin(config-sbc-sbe-acc)# server test
host1/Admin(config-sbc-sbe-acc-ser)# key test
host1/Admin(config-sbc-sbe-acc-ser)# port 3
host1/Admin(config-sbc-sbe-billing)# ldr-check 22 30
host1/Admin(config-sbc-sbe-billing)# local-address ipv4 10.20.1.1
host1/Admin(config-sbc-sbe-billing)# method packetcable-em
host1/Admin(config-sbc-sbe-billing)# packetcable-em 3 transport radius test
host1/Admin(config-sbc-sbe-billing-packetcable-em)# batch-size 256
host1/Admin(config-sbc-sbe-billing-packetcable-em)# batch-time 22
host1/Admin(config-sbc-sbe-billing-packetcable-em)# attach
host1/Admin(config-sbc-sbe-billing-packetcable-em)# exit
host1/Admin(config-sbc-sbe-billing)# activate
12-12
OL-13499-04
C H A P T E R
13-1
OL-13499-04
13
Implementing SBC Policies
A Session Border Controller (SBC) policy is a set of rules that define how the SBC treats different kinds
of voice over IP (VoIP) events. An SBC policy allows you to control the VoIP signaling and media that
passes through the SBC at an application level.
Note For ACE SBC Release 3.0.00 and later releases, this feature is supported in the unified model only.
Feature History for Implementing SBC Policies
Contents
Prerequisites for Implementing Policies, page 13-2
Information About Implementing Policies, page 13-2
ACE SBC Release 3.1.00 Support added for:
Routing features including:
Routing by category
Source number manipulation
Least-cost routing
Weighted routing
Time-based routing
Regular expression routing
CAC Rate Limiting
Subscriber Policy
13-2
OL-13499-04
Prerequisites for Implementing Policies
How to Implement Policies, page 13-18
Configuration Examples of Implementing Number Analysis, page 13-61
Configuration Examples of Implementing Call Routing, page 13-62
Configuration Example of Implementing Call Admission Control Policy Sets and CAC Tables, page
13-69
Prerequisites for Implementing Policies
The following prerequisites are required to implement SBC policies:
at
186a00806838f4.html.
Before implementing policies, the SBC must already be created. See the procedures described in
Information About Implementing Policies
An SBC policy is a set of rules that define how the SBC treats different kinds of VoIP events. An SBC
policy allows you to control the VoIP signaling and media that passes through the SBC at an application
level. Figure 13-1 shows an overview of policy control flow.
Figure 13-1 Policy Control Overview
Number analysis and routing are configured in one type of configuration set, admission control is
configured in another.
Number analysis (NA) determines whether a set of dialed digits represents a valid telephone number
(based on number validation, number categorization, or digit manipulation). Call routing determines the
VoIP signaling entity to which a signaling request should be sent. A destination adjacency is chosen for
the signaling message based on various attributes of the message (for example, based on source account
or adjacency). Routing policy is applied to new call events and to subscriber registration events.
Call Admission Control (CAC) limits the number of concurrent calls and registrations, and restricts the
media bandwidth dedicated to active calls. It allows for load control on other network elements by rate
limiting. Certain events can be completely blocked (using a blacklist) or freely allowed (using a
whitelist), based on certain attributes.
Not all policies are mandatory:
Routing
New call to
a subscriber
Number
analysis
Admission
control
New call New call
Subscriber
registration
New call
Call update
Subscriber
registration
New call
Call update
Subscriber
registration
1
4
9
5
9
6
13-3
OL-13499-04
To call between subscribers, only endpoint routing policy is required.
To call between telephone numbers, only call routing policy is required.
Number analysis and admission control are optional, although they are likely to be required by the
user.
Policies refer to accounts and adjacencies by name. Therefore, you may find it useful to configure and
name adjacencies before configuring policies although this is not required.
The following sections describe the many concepts critical to understanding how to implement SBC
policies:
SBC Policies
Number Analysis Policies
Routing
Call Admission Control
SBC Policies
This section describes the following SBC policies:
Policy Events
Policy Stages
Policy Sets
Policy Tables
Policy Events
Policies are applied to the following events:
New callsWhen new calls are signaled to the SBC, the SBC applies a policy to determine what
happens to the new call request and what constraints the call must satisfy during its lifetime.
Call updatesIf one of the endpoints in a call attempts to renegotiate new media parameters, the
SBC applies policy to ratify the attempt.
Subscriber registrationsIf a subscriber attempts to register through the SBC, the SBC applies policy
to determine what happens to the registration request.
Policy Stages
There are three distinct stages of a policy, which are applied in strict order to the policy events. The
stages in which policy is applied are as follows:
Number analysis
Routing
Admission control
Some of these policy stages are skipped for particular types of events. Figure 13-2 shows the sequence
of the policy stages for each event type.
13-4
OL-13499-04
Figure 13-2 Policy Stages for Event Types
If the policy stages fail, the call is rejected and the failure is propagated back to the calling device (using
either session initiation protocol (SIP) or H.323 signaling, as appropriate) with the error codes in
Table 13-1.
Note If the call fails at the routing or Call Admission Control phase, it is released. There is no attempt to retry.
Whether or not to retry is left to the upstream (calling) device to decide.
The following sections describe policy stages in more detail:
Number Analysis
Routing
Admission Control
Number Analysis
Number Analysis (NA) determines whether a set of dialed digits represents a valid telephone number.
This is achieved by configuring one or more tables of valid dialed digit strings using a limited-form
regular-expression syntax, then matching the actual dialed digits against the different strings in the
tables.
NA policy is applied only to new call events. If NA determines that a new call does not contain a valid
set of dialed digits, the SBC rejects the call, using the error code described in the Policy Stages section.
NA rules are sensitive to the source account and source adjacency of a call, which allows different dial
plans to be configured for different customer organizations, or even for different endpoints.
Routing
New call to
a subscriber
Number
analysis
Admission
control
New call New call
Subscriber
registration
New call
Call update
Subscriber
registration
New call
Call update
Subscriber
registration
1
4
9
5
9
6
Table 13-1 Policy Stage Errors
Component Resulting SIP Error Code Resulting H.323 Error
Number analysis 604 Does not exist
anywhere
ITU-T Q.931 Release Complete UUIE with
H.225 Reason field unreachableDestination
Routing 604 Does not exist
anywhere
ITU-T Q.931 Release Complete UUIE with
H.225 Reason field unreachableDestination
Call Admission
Control
503 Service Unavailable ITU-T Q.931 Release Complete UUIE with
H.225 Reason field noPermission
13-5
OL-13499-04
In addition to validating a dialed number, NA policy can also:
Reformat the dialed digits into canonical form; for example, E.164 format.
Label the call with a category, which is used by the later stages of policy.
Routing
Routing determines the next-hop VoIP signaling entity to which a signaling request should be sent.
Routing of VoIP signaling messages occurs in two stages:
Policy-based routingThe first stage of routing. In policy-based routing, a destination adjacency is
chosen for the signaling message, based on various attributes of the message, discussed later.
Protocol-based routingTakes place after policy-based routing. Protocol-based routing uses a VoIP
protocol-specific mechanism to deduce a next-hop IP address from the signaling peer configured for
the destination adjacency chosen by policy-based routing.
For example, if the destination adjacency is a SIP adjacency and the signaling peer is
uk.globalisp.com, the SBC uses domain name server (DNS) or IP lookup to determine the IP address
and port of the SIP server for the domain uk.globalisp.com, and forwards the appropriate signaling
message to that IP address and port.
Routing policy is applied to new call events and to subscriber registration events.
If a new call event matches an existing subscription, the call is routed automatically to the source IP
address and port of the original subscriber registration. No configured policy is required to achieve this,
and no configured policy can influence the routing of such calls.
Routing policy is not applied to call update events; call update signaling messages are routed
automatically to the destination adjacency that was chosen for the new call event that originated the call.
It is possible that an event cannot be routed, if its attributes do not match a suitable configured routing
rule. In such cases, the SBC rejects the event using a suitable error code.
Admission Control
Call admission control determines whether an event should be granted or refused based on configured
limits for network resource utilization. There are two reasons for performing admission control.
To defend load-sensitive network elements, such as softswitches, against potentially harmful levels
of load precipitated by singular events, such as Do attacks, natural or man-made disasters, or
mass-media phone-ins.
To police the Service Level Agreements (SLAs) between organizations, to ensure that the levels of
network utilization defined in the SLA are not exceeded.
Call admission control policy is applied to all event types. If an event is not granted by admission control
policy, then the SBC rejects it with a suitable error code.
13-6
OL-13499-04
Policy Sets
A policy set is a group of policies that can be active on the SBC at any one time. If a policy set is active,
then the SBC uses the rules defined within it to apply policy to events. You can create multiple policy
sets on a single SBC; this feature has two potential uses:
It enables you to atomically modify the configured policy by creating a copy of the currently active
policy set, making all necessary changes, reviewing the modified policy, and then switching the
active policy set. If a problem is discovered with the new policy set after it is activated, the SBC can
be switched back to using the previous policy set with a single command.
It enables you to create different policy sets for use at different times and to switch between them at
the appropriate times.
Number analysis and routing are configured in a call policy set. Admission control is configured in a
CAC policy set.
Only one policy set of each type can be active at any given time. You can switch the active policy set at
any time. You cannot modify the currently active policy set, but can modify policy sets that are not active.
A new policy set either can be created empty (that is, without any configured policies), or created as a
copy of another policy set. A policy set can be deleted, provided that it is not the active policy set.
When the SBC is initialized, there are no active policy sets. At any time after initialization, the active
policy set can be undefined. While there is no active routing policy, each event that requires routing is
rejected.
Policy Tables
All policy on the SBE is configured in a set of tables. This section describes the overall structure of the
policy tables, as described in the following sections:
Nomenclature
Application of Policy
Policy Table Example
Nomenclature
This section defines some terms that we later use when discussing policy tables.
A policy table has the following properties:
A name that uniquely identifies the table within the scope of a single policy set. Tables in different
policy sets may have the same name.
A type, which defines the criterion that is used to select an entry from the table.
A collection of table entries.
A policy table entry is a member of a policy table. It has the following properties:
A value to match on (the match value). The semantics of this value are determined by the table type.
No two entries in the same table may have identical match values.
An optional action to perform on the event, if it matches this entry.
An optional name of the next table to search for policy, if the event matches this entry.
13-7
OL-13499-04
Application of Policy
The policy tables are searched whenever an event occurs. The policy to be applied to the event is built
up as the tables are searched.
The policy sets contains the following properties, which define which policy tables are searched at each
stage of the policy calculation. The call policy set contains:
First NA policy table to process
First routing policy table to process for calls
First routing policy table to process for endpoint registrations
The CAC policy set contains the first admission control policy table.
When an event occurs, the policy tables are searched as follows. This procedure is followed once for
every stage of policy to which an event is subjected.
The first table for the particular stage of the policy calculation is obtained from the active
configuration set.
The type of the table defines which of the events attributes (for example, the destination number or
the source adjacency) is being examined by this table.
This attribute is compared against the match value of every entry in the table. This results in either
exactly one entry matching the event, or no entries matching the event.
If an entry matches the event, then the action associated with that entry is performed. After the action
is performed, if the entry contains the name of a next table, that table is processed. If there is no next
table, then the policy calculation is complete and processing for this stage of policy ends.
If no entry matches the event, then the policy calculation is complete and processing for this stage
of policy ends.
Policy Table Example
The following example illustrates the flow of control as policy tables are parsed at a particular stage of
policy for a particular event. The event in this example is a new call, received from source account with
destination number 129. The stage of policy considered here is routing.
This example is provided for illustrative purposes only; routing tables are described in detail in the
Routing section.
13-8
OL-13499-04
Figure 13-3 shows the relevant routing tables.
Figure 13-3 Policy Table Example
The policy calculation begins by looking up the first policy table to be used by the routing stage. This is
the table with name RtgAnalyzeSourceAccount. This table is processed as follows:
The match-type of the table is src-account, so the source account of the new call event is compared
with each of the entries in this table.
The table entry that matches on csi provides a match for this new call event. There is no action
associated with this entry, but the entry points to a next table with name
RtgAnalyzeDestCSINumber.
The flow of control then passes to the table with name RtgAnalyzeDestCSINumber. This table is
processed as follows:
The match-type of the table is dst-number, so the destination number of the new call event is
compared with each of the entries in this table.
The table entry that matches on 1xx provides a match for this new call event. The action associated
with this entry is performed; that is, the destination adjacency for the new call event is set to
csi-chester.
This entry does not point to a next table, so the policy calculation for the routing stage ends.
This example shows successful routing of the new call. The outcome is successful because the
destination adjacency of the new call is selected before the policy calculation finishes. It is entirely
possible for the outcome of routing to be unsuccessful for a new call if the routing policy tables do not
assign a destination adjacency to the call before the routing policy calculation ends. For example, the
routing policy illustrated above does not successfully route a new call whose source account is csi and
whose destination number is 911.
sbc sbe first-routing-table
RtgAnalyzeSourceAccount
sbc sbe routing-policy-table RtgAnalyzeSourceAccount
match src-account
match action next table
csi [none] RtgAnalyzeDestCSINumber
pepsi [none] RtgAnalyzeDestPepsiNumber
coca-cola [none] RtgAnalyzeDestCokeNumber
sbc sbe routing-policy-table RtgAnalyzeDestCSINumber
match dest-number
match action next table
1xx
dst-adjacency
csi-chester
dst-adjacency
csi-enfield
dst-adjacency
csi-alameda
[none]
[2-5]xx [none]
61xx [none]
dst-adjacency
csi-reston
7xx [none]
dst-adjacency
csi-edinburgh
8xx [none]
1
4
9
5
9
6
13-9
OL-13499-04
In this example, a single entry is selected from each table that is traversed during the calculation. In
general, at most one entry in any policy table matches an event to which policy is being applied. In cases
in which more than one entry would match an event, the best matching entry is selected.
Number Analysis Policies
Three different types of Number Analysis (NA) policies are configured within NA tables. These types
of NA policies are applied simultaneously to new calls and are described in the following sections:
Number Validation
Number Categorization
Digit Manipulation
Number Validation
Number validation is fundamental to the process of traversing number analysis policy tables. A number
is validated if the NA tables are traversed and the final entry examined contains an action of accept. A
number is not valid if the NA tables are traversed, and the final entry examined contains an action of
reject. A number also is not valid if, at any stage of processing the NA tables, a table with no matching
entries is encountered.
Number analysis tables can be one of the following types:
dst-numberTables of this type contain entries whose match values represent complete numbers.
In such tables, an entry matches an event if the entire dialed digit string exactly matches the match
value of the entry.
dst-prefixTables of this type contain entries whose match values represent number prefixes. In
such tables, an entry matches an event if there exists a subset of the dialed digit string, consisting of
consecutive digits taken from the front of the dialed digit string, that exactly matches the match
value of the entry.
src-accountTables of this type contain entries whose match values are the names of accounts. In
such tables, an entry matches an event if the name of the source account of the event exactly matches
the match value of the entry.
src-adjacencyTables of this type contain entries whose match values are the names of
adjacencies. In such tables, an entry matches an event if the name of the source account of the event
exactly matches the match value of the entry.
carrier-idTables of this type contain entries matching the carrier ID.
Digit-matching NA Tables
The format of the match values of entries in NA tables that match on the destination number or
destination number prefix is a limited-form, regular expression string representing a string of dialed
digits. The syntax used is described in Table 13-2.
Table 13-2 Syntax of Match Values for Entries in Digit-matching NA Tables
X Any numerical digit 0 9.
( ) The digit within the parentheses is optional. For example, (0)XXXX represents 0XXXX
and XXXX.
13-10
OL-13499-04
In such tables, it is always possible that more than one entry in the table may match a particular digit
string. For example, entries that match 1xx and 12x both match a digit string 129. However, a single entry
must be chosen from each table, so the SBC chooses the best matching entry by applying the following
rules in the order given.
Step 1 Choose the longest explicit match.
If the NA table is a dst-prefix type, it is possible that more than one entry specifies an explicit number
(that is, one that contains no X characters or [ ] constructs) and matches the dialed number of the event.
In this situation, the entry with the longest number has priority.
For example, the dialed number begins 011, the number validation table is a dst-prefix type, and there
are two matching entries with numbers 01 and 011. The entry with the number 011 takes priority,
because it is a longer number.
Step 2 If there is no explicit match, choose the longest wildcard match.
If the table does not contain an explicit entry to match the dialed number of the event, the longest
wildcard entry that matches takes priority.
Step 3 If there are multiple wildcard matches of the same length, choose the most explicit.
For example, the dialed number is 01234567890, the NA table is a dst-number type, and there are two
matching entries with match values 0123XXXXXXX and 0123456XXXX. In the first entry, the fifth
digit is a wildcard; in the second entry, the eighth digit is a wildcard, so the second entry takes priority.
If the same number is dialed, and a different NA table has matching entries [01]234XXXXXXX and
0XXXXXXXXXX, the second entry takes priority, because in the first entry the first digit is a wildcard.
Number Categorization
Events can be placed into user-defined categories during NA processing. This is achieved by specifying
a categorization action in an entry of an NA table. Categories are useful, because they may be referred
to later during the admission control policy stage.
At most, one category may be associated with an event. If, during processing of the NA tables, categories
are assigned to an event multiple times, then the last category to be assigned is used. When a category
is assigned to an event, it cannot be deleted, only replaced with another category.
Digit Manipulation
During NA, it is often a requirement to normalize numbersin other words, convert them from the
internal format used by a particular organization or service provider to a canonical format understood
globally in the Internet and PSTN.
[ ] One of the digits within the square brackets is used. For example, [01]XXX represents
0XXX and 1XXX. A range of values can be represented within the square brackets. For
example, [013-5]XXX represents 0XXX, 1XXX, 3XXX, 4XXX and 5XXX.
* The * key on the telephone.
# The # key on the telephone.
Table 13-2 Syntax of Match Values for Entries in Digit-matching NA Tables (continued)
13-11
OL-13499-04
This is achieved by specifying one or more of the following actions in an entry of an NA table:
debriefing nThis action removes the leading n digits from the dialed digit string, or deletes the
entire string if it is n or fewer digits long.
del_suffix nThis action removes the final n digits from the dialed digit string, or deletes the entire
string if it is n or fewer digits long.
add_prefix digit stringThis action adds the given digit string to the front of the dialed digit string.
replace digit stringThis action replaces the entire dialed digit string with the given digit string.
Routing
This section describes the following routing policies:
Routing Tables and Adjacencies
Number Manipulation
Hunting
MultiARQ Hunting
Routing Tables and Adjacencies
This section explains how routing tables are configured on the SBC.
The inputs to the policy-based routing stage are as follows:
The destination number of the event, which is the post-NA dialed digit string (that is, it may have
been modified from the original dialed digit string)This input is present only if the event is a new
call.
The source number of the eventThis input is present only if the event is a new call.
The source adjacency of the event.
The source account of the event.
The routing policy tables examine some or all of these inputs, and produce one of the following outputs:
A single destination adjacency.
A group of adjacencies used for load balancing. One of these is chosen, depending on the load
previously sent to the adjacencies in this group.
Routing tables represent one of the following types:
dst-addressTables of this type contain entries matching the dialed number (after number
analysis). These values are either complete numbers or number prefixes (depending on whether the
prefix parameter is given). Without the prefix parameter, an entry matches an event if the dialed digit
string exactly matches the match value of the entry. With the prefix parameter, an entry matches an
event if there exists a subset of the dialed digit string, consisting of consecutive digits taken from
the front of the dialed digit string that exactly matches the match value of the entry.
Routing actions also match text usernames using a regular expression rather than a literal text string.
Routing actions are considered to match if the regular expression matches at least one part of the
address.
src-addressTables of this type contain entries matching the dialers number or SIP user name.
These values are either complete numbers or number prefixes (depending on whether the prefix
parameter is given). Without the prefix parameter, an entry matches an event if the entire digit string
13-12
OL-13499-04
representing the calling number exactly matches the match value of the entry. With the prefix
parameter, an entry matches an event if there exists a subset of the digit string that represents the
calling number, consisting of consecutive digits taken from the front of this string that exactly match
the match value of the entry.
Routing actions also match text usernames using a regular expression rather than a literal text string.
Routing actions are considered to match if the regular expression matches at least one part of the
address.
src-accountTables of this type contain entries matching the names of accounts. In such tables, an
entry matches an event if the name of the source account of the event exactly matches the match
value of the entry.
src-adjacencyTables of this type contain entries matching the names of adjacencies. In such
tables, an entry matches an event if the name of the source account of the event exactly matches the
match value of the entry.
src-domainTables of this type contain entries matching the source domain names.
Routing actions can match using full regular expressions. Routing actions are considered to match
if the regular expression matches at least one part of the domain.
dst-domainTables of this type contain entries matching the destination domain names.
Routing actions can match using full regular expressions. Routing actions are considered to match
if the regular expression matches at least one part of the domain.
carrier-idTables of this type contain entries matching the carrier ID.
round-robin-tableA group of adjacencies are chosen for an event if an entry in a routing table
matches that event and points to a round-robin adjacency table in the next-table action. A
round-robin adjacency table is a special type of policy table, whose events do not have any
match-value parameters, nor next-table actions. Its actions are restricted to setting the destination
adjacency.
categoryTables of this type contain entries matching on the category that was assigned to the call
during number analysis. You assign the category during number analysis.
timeTables of this type contain entries matching on a user-configured time. The entries can have
overlapping match periods. Time periods can be specified by year, month, date, day of the week,
hour, or minute.
least-costTables of this type contain entries matching on the user-configured precedence (cost) of
the entries. If more than one entry has an equal cost, an entry ise selected based on a user-configured
weight or an entry is selected based on the number of active calls on each route. If routing fails,
then the adjacency with the next lowest cost is selected.
The rules specified in the Digit-matching NA Tables section on page 13-9 govern the format and
matching rules of the match-values of the entries in routing tables of type dst-number, dst-prefix,
src-number and src-prefix.
Number Manipulation
The number manipulation feature enables you to specify various number manipulations that can be
performed on a dialed number after a destination adjacency has been selected.
This enhancement affects the billing functionality as it allows the SBC to display both the original and
the edited dialed number for a call. For example:
<party tye="oig" phoe="01234567890/>
<party tye="trm" phoe="2345678931" editphone=1111111111111/>
13-13
OL-13499-04
Note The phone numbers in the above example are not real.
The number manipulation feature requires that the edit action be allowed in the routing policy entries.
The edit action takes the same parameters as the edit action for the number analysis tables, enabling you
to delete a number of characters from the beginning or end of the dialed string, add digits to the start of
the string, or replace the entire string with another. For example, if the following table were matched:
call-policy-set 1
rtg-src-adjacency-table table1
entry 1
match SipAdj1
edit del-prefix 3
dst-adjacency SipAdj2
action complete
end
end
then the dialed string would have the first of its digits deleted.
In the number analysis stage you can specify categories as shown below.
call-policy-set 1
first-number-analysis-table check-accounts
na-src-account-table check_accounts
entry 1
match-account hotel_foo
action next-table hotel_dialing_plan
entry 2
match-account hotel_bar
action next-table hotel_dialing_plan
entry 3
match-account internal
action accept
na-dst-prefix-table hotel_dialing_plan
entry 1
match-prefix XXX
category internal
action accept
entry 2
match-prefix 9XXX
category external
action accept
Later during routing, the calls are routed based on assigned categories.
call-policy-set 1
first-call-routing-table start_routing
rtg-category-table start_routing
entry 1
match-category internal
action next-table internal_routing
entry 2
match-category external
action next-table external_routing
rtg-src-adjacency-table internal_routing
entry 1
match-adjacency sip_from_foo
dst-adjacency sip_to_foo
action complete
entry 2
match-adjacency sip_from_bar
13-14
OL-13499-04
dst-adjacency sip_to_bar
action complete
rt-dst-address-table external_routing
entry 1
match-address 208111
prefix
dst-adjacency sip_to_foo
action complete
entry 2
prefix
dst-adjacency sip_to_bar
action complete
entry 3
prefix
dst-adjacency sip_to_softswitch
action complete
Note The category of a call cannot be changed in a routing table. Categories are only assigned during number
analysis.
You can also specify various number manipulations to be performed on a dialing or dialed number after
a destination adjacency is selected. The following example adds a prefix of 123 to the source number,
for all calls coming in on SipAdj1 adjacency and destined to SipAdj2.
call-policy-set 1
rtg-src-adjacency-table table1
entry 1
match SipAdj1
edit-src add-prefix 123
dst-adjacency SipAdj2
action complete
Hunting
This enhancement enables the SBC to hunt for other routes or destination adjacencies in case of a failure.
Hunting means the route is retried. There are several ways in which failures can occur, including
CAC policy refuses to admit a call.
Routing Policy Services are unable to route a call.
A call setup failure is received via SIP or H323.
If a CAC policy fails to allow a call, you can attempt to reroute the call using RPS, and try the call
admission policy again. If the SBC receives a call setup failure from SIP or H323, and the error code is
one of the newly configurable sets, then the SBC retries the routing.
MultiARQ Hunting
MultiARQ hunting enables the SBC to hunt for other routes or destination adjacencies using a
non-standard H.323 mechanism based on issuing multiple ARQs to a Gatekeeper for a single call.
MultiARQ hunting works in the following way:
An H.323 endpoint on the SBC sends an admissionRequest (ARQ) to a Gatekeeper as part of
establishing an outbound call leg.
The Gatekeeper contacts other network entities and identifies one or more potential endpoints.
13-15
OL-13499-04
The Gatekeeper returns an admissionConfirm (ACF) which contains a single destinationInfo and no
alternateEndpoints.
The SBC attempts to contact the endpoint identified in the ACF. The endpoint either rejects the call,
or the endpoint is unreachable, and the configuration of hunting triggers indicates that hunting is
possible.
The Gatekeeper may contact other network entities in order to identify further suitable endpoint
identifiers.
The Gatekeeper returns an ACF containing a single destinationInfo and the call attempt continues
as per the first received ACF.
The hunting cycle described above continues until one of the following conditions is met:
An endpoint is contacted and the call completes.
A Gatekeeper ARQ retry is required but a hard coded limit on the number of permitted retry
ARQs has been reached. This limit is currently set to 32.
The Gatekeeper returns an admissionReject, implying that there are no further suitable endpoint
identifiers.
An endpoint returns a rejectReason which is not configured as a hunting trigger.
An endpoint cannot be contacted and connectFailed is not configured as a hunting trigger.
For cases where the call fails, the following processing is performed.
If the call failed as a result of a Gatekeeper returning an admissionReject for the initial ARQ, no
disengageRequest is sent to the Gatekeeper, the call is rejected, and further hunting cannot be
performed by the Routing Policy Services (RPS).
If the call failed as a result of a Gatekeeper returning an admissionReject for a second or subsequent
ARQ, which is the indication that multiARQ hunting has exhausted a list of possible targets, no
disengageRequest is sent to the Gatekeeper, the call is rejected, but further hunting may be
performed by the Routing Policy Services (RPS).
If the call failed as a result of a connection failure or a reject reason, which is not configured as a
hunting trigger, a disengageRequest is sent to the Gatekeeper, the call is rejected, and further hunting
cannot be performed by the Routing Policy Services (RPS).
A limit on the maximum number of permitted ARQs is required to avoid a Denial of Service (DoS) type
problem or attack. If multiARQ hunting is enabled but the Gatekeeper keeps returning the same
destinationInfo (or repeats the cycle of endpoints in a series of ARQs) then there may be no trigger to
end the hunting phase. Imposing a limit on the number ARQs provides a backstop against such a
problem.
This section describes the following:
Call Admission Control, page 13-16
Media Bypass in Call Admission Control, page 13-16
CAC Rate Limiting, page 13-16
Subscriber Policy, page 13-17
13-16
OL-13499-04
Call Admission Control (CAC) limits the number of concurrent calls and registrations, and restricts the
media bandwidth dedicated to active calls. It allows for load control on other network elements by rate
limiting. Certain events can be completely blocked (using a blacklist) or freely allowed (using a
whitelist), based on certain attributes.
Call admission control determines whether an event should be granted or refused based on configured
limits for network resource utilization. There are two reasons for performing admission control.
To defend load-sensitive network elements, such as softswitches, against potentially harmful levels
of load precipitated by singular events, such as DoS attacks, natural or man-made disasters, or
mass-media phone-ins.
To police the Service Level Agreements (SLAs) between organizations, to ensure that the levels of
network utilization defined in the SLA are not exceeded.
Call admission control policy is applied to all event types. If an event is not granted by admission control
policy, then the SBC rejects it with a suitable error code.
Media Bypass in Call Admission Control
The media bypass feature allows the media packets to bypass the SBC, enabling the endpoints to
communicate directly to each other. Media packets flow directly without going through the DBE
component of the SBC after the call signaling is performed. Signaling packets still flow through the SBC
as usual. The configuration is set per adjacency, and allows media bypass across different adjacencies.
In ACE SBC Release 3.0.00, CAC can control whether media-bypass is on or off. The media bypass is
configured both per adjacency and in CAC. However, the default is still to perform media bypass if the
adjacencies are on the same VPN. In addition, CAC can turn media bypass off based on destination or
source prefix and account.
The requirements for this new feature are the following:
The media-bypass-forbid option must be set in a CAC table.
The CAC configuration takes priority over the configuration set on the adjacency.
To perform media bypass between two adjacencies, the following precedence rules take effect:
Both adjacencies must be on the same VPN.
Both adjacencies must be allowed to perform media bypass by CAC.
Both adjacencies must have their per-adjacency media bypass on.
CAC Rate Limiting
For ACE SBC Release 3.1.00, you can limit the number or rate of new calls accepted and the number of
media renegotiations within a call. However, limits are not placed on the following:
Media renegotiations that do not actually change the characteristics of the call.
Any other in-call messages. (In-call messages include any message within the context of a call,
including provisional responses during call setup and call renegotiation messages, but not including
call setup or tear-down messages.)
Internally generated messages
13-17
OL-13499-04
Note You cannot specify limits at the granularity of a specific SIP or H.323 message.
You can also limit the rate and number of registrations passing through SBC. However, limits are not
placed on any other out-of-call messages. (An out-of-call message is any messages that is not following
within the context of a call and that does not form part of registration processing. These are always
classified as either a request or a response.)
ACE SBC Release 3.1.00 allows you to rate limit all in-call and out-of-call messages.
This includes in-call messages at all scopes, as normal. For example:
Configuration at the per-call scope allows you to limit the rate at which an endpoint sends
messages within a call.
Configuration at the dst-adjacency scope allows you to limit the total rate of in-call messages sent
out of an adjacency within all of the calls using that adjacency. (This could ensure that the load out
of an adjacency never exceeds that which the attached network entity can cope with.)
Note SIP INVITE requests, 200 responses and ACK messages, SIP PRACK messages and response, SIP BYE
messages and response, and for H.323 calls, Q.931 SETUP, Q.931 CONNECT and Q.931 RELEASE
messages are not rate-limited.
You can place restrictions on the rate at which out-of-call messages are processed. Configuration is permit-
ted at all scopes except per-call scope (because this scope does not exist for out-of-call messages).
The SBC gracefully rejects in-call messages when the rate exceeds that specified in the CAC. When an
in-call message is not processed, the SBC does the following:
For SIP messages, the SBC rejects the message gracefully, wherever possible. The rejection is sent
back to the sending endpoint, so the call is likely to survive.
Because H.323 messages do not require a response, they cannot be gracefully rejected, so the SBC
drops the message. This is likely to be disruptive for the call.
The SBC gracefully rejects out-of-call messages when the rate exceeds that specified in CAC.
All rate limits must be protocol stack independent; limits must police both SIP and H.323 messages.
In addition to configuring blacklists based on a number of CAC policy failures, you can now allow
blacklists to be applied to endpoints that send in-call or out-of-call messages at a high rate.
Subscriber Policy
A user can subscribe multiple endpoints to the network to allow them to make calls. A subscriber is
one of those endpoints. In a particular network, you might want to limit each subscriber to no more than
a specific number of simultaneous calls. ACE SBC Release 3.1.00 provides a subscriber policy feature
that allows you to limit each subscriber to a specific number of simultaneous calls.
This feature provides the ability to configure the CAC limits. For example, you can configue the
maximum number of concurrent calls, the maximum number of registrations, or the maximum call rate
at different scopes like subcriber, subscriber category, and subscriber category prefix.
You can configure CAC tables:
To associate a subscriber with a subscriber category. Call events between that subscriber and the
core network are also associated with that same subscriber category.
13-18
OL-13499-04
How to Implement Policies
To match on a subscriber category or on a subscriber category prefix (the first n bits of the subscriber
category), and then set limits when matched. The subscriber category prefix specifies the length of
prefix to match. If set to 0, this field is ignored and this entry matches only on explicit subscriber
category matches. If set to any other value than 0, say n, then only the first n bits of each of the call's
subscriber categories is checked for a match.
To to set limits per subscriber category.
To set limits per subscriber.
SBC policies are configured and activated as described in the following sections:
Configuring Number Analysis Tables, page 13-18
Configuring Routing Tables, page 13-28
Configuring the Category Table, page 13-37
Configuring Hunting and MultiARQ Hunting, page 13-51
Configuring Call Admission Control Policy Sets and CAC Tables, page 13-54
Activating a CAC Policy Set, page 13-61
Configuring Number Analysis Tables
This task configures a number analysis table. The types of number analysis configuration are described
in the following sections:
Configuring Number Validation
Configuring Number Categorization
Configuring Number Validation
This task configures number validation for a number analysis table.
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
5. first-number-analysis-table table-name
6. na-dst-prefix-table table-name
7. entry entry-id
8. match-prefix key
9. action [next-table goto-table-name | accept | reject]
13-19
OL-13499-04
10. category category-name
11. entry entry-id
12. edit [del-prefix pd] | [del-suffix sd] | [add-prefix pa] | [replace ds]
13. edit-cic {del-prefix pd | del-suffix sd | add-prefix pa | replace ds}
14. match-prefix key
17. entry entry-id
21. exit
22. exit
23. show
DETAILED STEPS
Step 1 configure
Example:
Example:
host1/Admin(config)# sbc mySbc#
Use the service-name argument to define the name of
the service.
Step 3 sbe
Example:
Example:
host1/Admin(config-sbc-sbe-rtgpolicy)#
an SBE entitiy, creating a new policy set, if necessary.
Step 5 first-number-analysis-table table-name
Example:
first-number-analysis-table hotel_table
when performing the number analysis stage of policy.
13-20
OL-13499-04
Step 6 na-dst-prefix-table table-name
Example:
na-dst-prefix-table hotel_table
Enters the mode for configuring a number analysis table
whose entries match the prefix (the first several digits) of
the dialed number within the context of an SBE policy set.
Commands for other number analysis tables:
na-carrier-id-tableThis table requires additional
commands match-cic and edit-cic (see below)
na-dst-number-table
na-src-accoun-table
na-src-adjacency-table
Example:
host1/Admin(config-sbc-sbe-rtgpolicy-
natable)# entry 1
Enters the mode for configuring an entry in a number
analysis table, creating the entry, if necessary.
Step 8 match-prefix key | match-cic cic
Example:
natable-entry)# match-prefix XXX
Configures the match value of an entry in the number
analysis table.
The match-prefix key argument is a string used to
match the prefix (the starting part) of the dialed
number.
The match-cic cic argument is used with the
na-carrier-id-table command and configures the
match carrier ID code in a table whose entries match
the whole dialed number.
Step 9 action [next-table goto-table-name | accept |
reject]
Example:
natable-entry)# action accept
Configures the action of an entry in a number analysis table.
Configure the name of the next number analysis table to
process if the event matches this entry using the
Configure the call to be accepted if it matches the entry
in the table using the accept keyword.
Configure the call to be rejected if it matches the entry
in the table using the reject keyword.
Step 10 category category-name
Example:
natable-entry)# category external
Configures the category of an entry in the number analysis
table.
Example:
natable-entry)# entry 2
13-21
OL-13499-04
Step 12 edit [del-prefix pd] | [del-suffix sd] |
[add-prefix pa] | [replace ds]
Example:
natable-entry)# edit del-prefix 1
Configures a dial-string manipulation action in a number
analysis table. You are not allowed to do this if the table is
part of the active policy set.
The no version of the command deletes the edit action of the
given entry in the routing table.
The edit command can be set to the following values:
del-prefix pdDelete prefix pd, where pd is a positive
integer specifying a number of digits to delete from the
front of the dialed string.
del-suffix sdDelete suffix sd, where sd is a positive
end of the dialed string.
add-prefix paAdd prefix pa, where pa is a string of
digits to add to the front of the dialed string.
replace dsReplace ds, where ds is a string of digits
that replaces the dialed string.
In the example to the left, the edit command sets entry 2 to
delete 1 digit from the beginning of the dialed string in the
number analysis table.
Step 13 edit-cic {del-prefix pd | del-suffix sd |
add-prefix pa | replace ds}
Example:
natable-entry)# edit-cic del-prefix 4
Configures a carrier identification code (CIC) manipulation
action in any number analysis table.
You are not allowed to do this if the table is part of the active
policy set.
The no version of the command destroys the match value.
del-prefix pd: A positive integer specifying a number
of digits to delete from the front of the carrier ID string.
del-suffix sd: A positive integer specifying a number of
digits to delete from the end of the carrier ID string.
add-prefix pa: A string of digits to add to the front of
the carrier ID string.
replace ds: A string of digits to replace the carrier ID
string with.
The following command sets entry 2 to delete the first digit
of the carrier ID in the current number analysis table.
If you wish to remove the carrier ID entirely from outgoing
messages, he should specify a replacement string of 0 or a
prefix deletion string of 4. For example,
edit-cic del-prefix 4 OR
edit-cic replace 0
Step 14 match-prefix key
Example:
natable-entry)# match-prefix 9XXX
analysis table. The key argument is a string used to match
the start of the dialed number.
13-22
OL-13499-04
reject]
Example:
Example:
natable-entry)# category external
table.
Example:
Example:
reject]
Example:
Example:
natable-entry)# category bar
table.
Step 21 exit
Example:
natable-entry)# exit
Exits from the entry mode to the natable mode.
13-23
OL-13499-04
Configuring Number Categorization
This task configures number categorization for a number analysis table.
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
5. first-number-analysis-table table-name
6. na-src-account-table table-name
7. entry entry-id
8. match-account key
10. entry entry-id
13. entry entry-id
16. na-dst-prefix-table table-name
17. entry entry-id
21. entry entry-id
Step 22 exit
Example:
natable)# exit
Exits from the natable mode to the rtgpolicy mode.
Step 23 show
Example:
Displays the current configuration information.
13-24
OL-13499-04
25. exit
26. exit
27. show
DETAILED STEPS
Step 1 configure
Example:
Example:
the service.
Step 3 sbe
Example:
Example:
an SBE entitiy, creating a new policy set if necessary.
Step 5 first-number-analysis-table table-name
Example:
first-number-analysis-table check_account
when performing the number analysis stage of policy.
Step 6 na-src-account-table table-name
Example:
na-src-account-table check_account
within the context of an SBE policy set with the entries of
the table matching the source account.
Example:
natable)# entry 1
Step 8 match-account key
Example:
natable-entry)# match-account hotel_foo
the source account.
13-25
OL-13499-04
reject]
Example:
natable-entry)# action next-table
hotel_dialing_plan
Example:
Step 11 match-account key
Example:
natable-entry)# match-account hotel_bar
the source account.
reject]
Example:
natable-entry)# action next-table
hotel_dialing_plan
Example:
Step 14 match-account internal
Example:
natable-entry)# match-account internal
the source account.
13-26
OL-13499-04
reject]
Example:
Step 16 na-dst-prefix-table table-name
Example:
host1/Admin(config-sbc-sbe-rtgpolicy-natable-en
try)#
na-dst-prefix-table hotel_dialing_plan
within the context of an SBE policy set with the entries of
the table matching the start of the dialed number.
Example:
Example:
natable-entry)# match-prefix XXX
Example:
natable-entry)# category internal_call
Specifies the category of an entry in a number analysis
table.
reject]
Example:
Example:
13-27
OL-13499-04
Example:
Example:
natable-entry)# category external_call
Specifies the category of an entry in a number analysis
table.
reject]
Example:
Step 25 exit
Example:
natable-entry)# exit
Exits from the entry mode to the natable mode.
Step 26 exit
Example:
natable)# exit
Exits from the natable mode to the rtgpolicy mode.
Step 27 show
Example:
host1/Admin(config-sbc-sbe-rtgpolicy)# show
13-28
OL-13499-04
Configuring Routing Tables
See the following sections:
Configuring a Destination Address Table, page 13-28
Configuring the Destination, Source Domain, and Carrier ID Tables, page 13-34
Configuring the Category Table, page 13-37
Configuring the Least Cost Table, page 13-39
Configuring Time-Based Tables, page 13-43
Configuring Regular Expression-Based Tables, page 13-46
Configuring a Destination Address Table
This task configures a dst-address routing table.
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
6. rtg-dst-address-table table-name
7. entry entry-id
8. match-address key [regex]
9. prefix
11. action [next-table goto-table-name | complete | reject]
12. exit
13. entry entry-id
15. prefix
18. exit
19. entry entry-id
21. prefix
24. exit
13-29
OL-13499-04
25. entry entry-id
27. prefix
30. exit
31. complete name
32. show
DETAILED STEPS
Step 1 configure
Example:
Example:
of the service.
Step 3 sbe
Example:
Example:
Enters the mode of routing policy set configuration
within an SBE entity.
Example:
events.
Step 6 rtg-dst-address-table table-name
Example:
rtg-dst-address-table MyRtgTable
Enters the configuration mode of a routing table within
the context of an SBE policy set with the entries of the
table matching the dialed number (after number
analysis).
Example:
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable)#
entry 1
Enters the mode for configuring an entry in a routing
table, creating the entry, if necessary.
13-30
OL-13499-04
Step 8 match-address key [regex]
Example:
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entr
y)# match-address 334
Configures the match value of an entry in a routing table.
To create a routing table that routes on user name, use
the existing rtg-dst-address-table or
rtg-src-address-table and put a textual value in the
match-address field.
The SBC skips number analysis and performs only
routing when the SIP message contains a user name. The
SBC decides that an address is a user name (as opposed
to a phone number) if it contains any character other
than: \n\n0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, F, plus,
hyphen, period, open-round-bracket,
close-round-bracket.
When the SBC has decided that an address is a user
name, the X in the routing tables is treated not as a
wildcard character, but as a literal X. For example, the
match value of X matches the username X, but not
A.
Step 9 prefix
Example:
y)# prefix
Configures the match-address of this entry to match the
start of the destination address.
Example:
y)# dst-adjacency SIP-AS540-PSTN-GW2
routing table.
reject]
Example:
y)# action complete
Configures the action to take if this routing entry is
chosen. Possible actions are:
Set the name of the next routing table to process if
the event matches this entry. This is done using the
next-table keyword and the goto-table-name
argument.
Reject the indicated action using the reject
keyword.
Step 12 exit
Example:
y)# exit
Exits the entry mode to the rtgtable mode.
Example:
entry 2
13-31
OL-13499-04
Example:
A.
Step 15 prefix
Example:
y)# prefix
Example:
y)# dst-adjacency SIP-AS540-PSTN-GW1
routing table.
reject]
Example:
y)# action complete
argument.
keyword.
Step 18 exit
Example:
y)# exit
Example:
entry 3
13-32
OL-13499-04
Example:
A.
Step 21 prefix
Example:
y)# prefix
Example:
y)# dst-adjacency H323-AS540-PSTN-GW2
routing table.
reject]
Example:
y)# action complete
argument.
keyword.
Step 24 exit
Example:
y)# exit
Example:
entry 4
13-33
OL-13499-04
Example:
A.
Step 27 prefix
Example:
y)# prefix
Example:
y)# dst-adjacency H323-AS540-PSTN-GW1
routing table.
reject]
Example:
y)# action complete
argument.
keyword.
Step 30 exit
Example:
y)# exit
13-34
OL-13499-04
Configuring the Destination, Source Domain, and Carrier ID Tables
This task configures dst-domain and src-domain and carrier ID routing tables.
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
5. rtg-src-domain-table table-name | rtg-dst-domain-table table-name | rtg-carrier-id-table
table-name
6. entry entry-id
7. match-domain key [regex] | match-cic cic
8. edit action
12. exit
DETAILED STEPS
Step 31 complete name
Example:
complete
Completes the full routing policy set when you have
committed the full set.
Step 32 show
Example:
host1/Admin(config-sbc-sbe-rtgpolicy)# show
Step 1 configure
Example:
Example:
the service.
13-35
OL-13499-04
Step 3 sbe
Example:
Example:
an SBE entity.
Step 5 rtg-src-domain-table table-name |
rtg-dst-domain-table table-name |
rtg-carrier-id-table table-name
Example:
rtg-src-domain-table MyRtgTable
Enters the configuration mode of a routing table (creating a
new table if necessary) whose entries match the source or
destination domains, or carrier ID respectively.
You are not allowed to enter the submode of routing table
configuration in the context of the active policy set.
The no version of the command destroys the routing table.
A routing table may not be destroyed if it is in the context
of the active policy set.
Example:
rtgtable)# entry 1
creating the entry, if necessary.
entry-id is a number that uniquely identifies an entry in the
newly created routing table.
Step 7 match-domain key [regex] | match-cic cic
Example:
rtgtable-entry)# match-domain ^cisco.com
Creates or modifies the matching domain or carrier id code
(CIC) of an entry in a routing table.
key is regular expression, not just a string.
cic is the carrier ID that matches the entry in a routing
table.
13-36
OL-13499-04
Step 8 edit action
Example:
rtgtable-entry)# edit del-prefix 1
Configures a dial-string manipulation action in the routing
table. You are not allowed to do this if the table is part of the
active policy set.
front of the dialed digit string.
end of the dialed digit string.
delete 1 digit from the first beginning of the dialed string in
the routing table MyRtgTable.
Example:
Configures a carrier identification code (CIC) manipulation
action in any routing table.
policy set.
string with.
of the carrier ID in the current routing table.
messages, he should specify a replacement string of 0 or a
edit-cic replace 0
13-37
OL-13499-04
Configuring the Category Table
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
5. rtg-category-table table-name
6. entry entry-id
7. match-category word
9. exit
reject]
Example:
Example:
rtgtable-entry)# dst-adjacency
SIP-AS540-PSTN-GW2
routing table.
Step 12 exit
Example:
rtgtable-entry)# exit
Exits the current mode of the configuration.
13-38
OL-13499-04
DETAILED STEPS
Step 1 configure
Example:
Example:
the service.
Step 3 sbe
Example:
Example:
an SBE entity.
Step 5 rtg-category-table table-name
Example:
rtg-category-table MyRtgTable
Enters the submode of configuration of a routing table
whose entries match on the category within the context of
an SBE policy set.
Example:
rtgtable)# entry 1
The value of the entry-id argument is a number that
uniquely identifies an entry in the newly created routing
table.
Step 7 match-category word
Example:
ntry)# match-category emergency
Configures the match value of an entry in a routing table
matching on the category.
13-39
OL-13499-04
Configuring the Least Cost Table
This task configures least cost routing tables. With least cost routing, you configure a routing table based
on the user-configured precedence (cost) of the entries.
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
5. rtg-least-cost-table table-name
6. entry entry-id
7. cost cost
8. weight weight
10. action complete
11. exit
reject]
Example:
Step 9 exit
Example:
13-40
OL-13499-04
DETAILED STEPS
Step 1 configure
Example:
Example:
the service.
Step 3 sbe
Example:
Example:
an SBE entity.
Step 5 rtg-least-cost-table table-name
Example:
rtg-least-cost-table MyRtgTable
whose entries match on the least cost within the context of
an SBE policy set.
Example:
rtgtable)# entry 1
Step 7 cost cost
Example:
ntry)# cost 50
Assigns a cost to the route.
Step 8 weight weight
Example:
ntry)# weight 33
Assigns a weight to the route.
13-41
OL-13499-04
Configuring the Weighted Table
This task configures weighted routing tables. If two or more entries with equal cost exist, and are
selected for routing, then calls are distributed based on the weight configured.
Note The selection of routes between several equal cost routes is a weighted random selection. For each call,
a stateless random decision is made as to which adjacency to use. For a small sample size, the actual
distribution may deviate from the specified distribution. As the sample size increases in number, the SBC
is more likely to achieve the specified distribution. See Weighted Routing: Example, page 13-64.
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
5. rtg-least-cost-table table-name
6. entry entry-id
7. cost cost
8. weight weight
9. dst-adjacency
10. action complete
11. exit
Example:
SIP-AS540-PSTN-GW2
routing table.
Step 10 action complete
Example:
Specifies that routing is complete when an entry matches
this policy.
Step 11 exit
Example:
13-42
OL-13499-04
DETAILED STEPS
Step 1 configure
Example:
Example:
the service.
Step 3 sbe
Example:
Example:
an SBE entity.
Step 5 rtg-least-cost-table table-name
Example:
rtg-least-cost-table MyRtgTable
whose entries match on the least cost within the context of
an SBE policy set.
Example:
rtgtable)# entry 1
Step 7 cost cost
Example:
ntry)# cost 50
Assigns a cost to the route.
Step 8 weight weight
Example:
ntry)# weight 33
Assigns a weight to the route.
13-43
OL-13499-04
Configuring Time-Based Tables
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
5. rtg-time-table table-name
6. entry entry-id
7. match-time {[date yr year_low year_high mon month_low month_high day date_low date_high]
[dow DoW_low DoW_high] [tod hr hour_low hour_high min minute_low minute_high]}
8. precedence precedence
9. dst-adjacency dst_adj
10. action [next-table goto-table-name | complete | reject ]
11. exit
Example:
SIP-AS540-PSTN-GW2
routing table.
Step 10 action complete
Example:
Specifies that routing is complete when an entry matches
this policy
Step 11 exit
Example:
13-44
OL-13499-04
DETAILED STEPS
Step 1 configure
Example:
Example:
the service.
Step 3 sbe
Example:
Example:
an SBE entity.
Step 5 rtg-time-table table-name
Example:
rtg-time-table MyRtgTable
whose entries match on the time within the context of an
SBE policy set.
Example:
rtgtable)# entry 1
13-45
OL-13499-04
Step 7 match-time {[date yr year_low year_high mon
month_low month_high day date_low date_high]
[dow DoW_low DoW_high] [tod hr hour_low
hour_high min minute_low minute_high]}
Example:
ntry)# match-time date yr 2006 2020 mon 1 12
day 1 31
Configures the match time of an entry. A string used to
match the time and can include one or more of the following
specifiers:
date_low - date_highthe inclusive range of dates
(1-31).
datedate
daydate
DoW_low - DoW_highthe inclusive range of days
(Sun-Mon).
dowday of the week
hrhour
hour_low - hour_highthe inclusive range of hours
(0-23).
minute_low - minute_highthe inclusive range of
minutes (0-59).
minminute
monmonth
month_low - month_highthe inclusive range of
months (1-12).
todtime of day
yryear
year_low - year_highthe inclusive range of years.
The high values are optional and if unspecified are set equal
to the low values.
Step 8 precedence precedence
Example:
ntry)# precedence 0
Configures the precedence of the routing entry.
reject]
Example:
13-46
OL-13499-04
Configuring Regular Expression-Based Tables
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
5. description description
7. rtg-dst-domain-table table-name
8. entry entry-id
9. action [next-table goto-table-name | complete | reject ]
10. match-domain key [regex]
11. complete
DETAILED STEPS
Step 10 dst-adjacency dst_adj
Example:
SIP-AS540-PSTN-GW2
routing table.
Step 11 exit
Example:
Step 1 configure
Example:
Example:
the service.
13-47
OL-13499-04
Step 3 sbe
Example:
Example:
an SBE entity.
Step 5 description description
Example:
description dst domain route
Configures descriptive text for a policy set.
Example:
first-call-routing-table
testDstDomainNameRtgTabl
events.
Step 7 rtg-dst-domain-table table-name
Example:
rtg-dst-domain-table MyRtgTable
Enters the configuration submode of a routing table with
entries that match the destination domain.
Example:
rtgtable)# entry 1
reject]
Example:
Step 10 match-domain key [regex]
Example:
rtgtable-entry)# match-domain ^cisco.com
Creates or modifies the match domain of an entry in a
routing table matching on the source domain.
Step 11 complete
Example:
host1/Admin(config-sbc-sbe-rtgpolicy)# complete
the full set.
13-48
OL-13499-04
Configuring Number Manipulation
This task enables you to specify various number manipulations that can be performed on a dialed number
after a destination adjacency has been selected.
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
5. rtg-src-address-table table-id
6. rtg-src-adjacency-table table-id
7. rtg-src-account-table table-id
8. rtg-round-robin-table table-id
9. rtg-carrier-id-table table-id
10. rtg-dst-address-table table-id
11. entry entry-id
12. edit action
14. edit-src [del-prefix pd] | [del-suffix sd] | [add-prefix pa] | [replace ds]
15. exit
DETAILED STEPS
Step 1 configure
Example:
Example:
the service.
Step 3 sbe
Example:
13-49
OL-13499-04
Example:
Enters the mode of the routing policy set configuration in
the SBE mode, creating a new policy set if necessary
Step 5 rtg-src-address-table table-id
Example:
rtg-src-address-table MySrcAddressTable
one if necessary) whose entries match the dialers number
or SIP user name within the context of an SBE policy set.
Step 6 rtg-src-adjacency-table table-id
Example:
rtg-src-adjacency-table MySrcAdjTable
whose entries match the source adjacency.
Step 7 rtg-src-account-table table-id
Example:
rtg-src-account-table MySrcAccTable
one if necessary) whose entries match the source account
within the context of an SBE policy set.
Step 8 rtg-round-robin-table table-id
Example:
rtg-round-robin-table MyRobinTable
Enters the configuration mode of a policy table, whose
events do not have any match-value parameters, nor
next-table actions. Its actions are restricted to setting the
destination adjacency. A group of adjacencies are chosen
for an event if an entry in a routing table matches that event
and points to a round-robin adjacency table in the next-table
action.
Step 9 rtg-carrier-id-table table-id
Example:
rtg-carrier-id-table MyCarrierIdTable
whose entries match the carrier ID.
You are not allowed to enter the mode of the routing table
13-50
OL-13499-04
Step 10 rtg-dst-address-table table-id
Example:
rtg-dst-address-table MyRtgTable
whose entries match the dialed number (after number
analysis) or SIP user name.
Example:
rtgtable)# entry 1
creating the entry if necessary.
Step 12 edit action
Example:
rtgtable-entry)# edit del-prefix 1
Configures a dial-string manipulation action in the routing
table. You are not allowed to do this if the table is part of the
active policy set.
front of the dialed digit string.
end of the dialed digit string.
delete 1 digit from the first beginning of the dialed string in
the routing table MyRtgTable.
13-51
OL-13499-04
Configuring Hunting and MultiARQ Hunting
This task enables SBC to hunt for other routes or destination adjacencies in case of a failure.
Example:
Configures a CIC manipulation action in any routing table.
policy set.
string with.
of the carrier ID in the current routing table.
messages, you should specify a replacement string of 0 or a
edit-cic replace 0
Step 14 edit-src [del-prefix pd] | [del-suffix sd] |
[add-prefix pa] | [replace ds]
Example:
natable-entry)# edit-src del-prefix 1
Configures a source number manipulation action in the
routing table.
policy set.
string with.
Step 15 exit
Example:
Exits the entry mode of the configuration.
13-52
OL-13499-04
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
4. sip | h323 | adjacency sip adjacency-name | adjacency h323 adjacency-name
5. hunting-trigger error-codes
6. exit
7. show services sbc service-name sbe h323 | sip hunting-trigger
DETAILED STEPS
Step 1 configure
Example:
Example:
the service.
Step 3 sbe
Example:
Step 4 sip | h323 | adjacency sip adjacency-name |
adjacency h323 adjacency-name
Example:
host1/Admin(config-sbc-sbe)# sip
Enters one of the following four modes:
sipThe SIP mode comprising all SIP adjacencies
where the configured failure return codes cause hunting
to occur.
h323The H.323 mode comprising all h323
adjacencies where the configured failure return codes
cause hunting to occur.
adjacency sipA destination SIP adjacency where the
configured failure return codes cause hunting to occur.
This command overrides any globally configured retry
error codes.
adjacency h323A destination H.323 adjacency
where the configured failure return codes cause hunting
to occur. This command overrides any globally
configured retry error codes.
13-53
OL-13499-04
Step 5 hunting-trigger error-codes
Example:
host1/Admin(config-sbc-sbe-sip)#
hunting-trigger 415 480
Configures which failure return codes cause hunting to
occur in one of the following four modes:
sip (global SIP scope)
h323 (global H.323 scope)
adjacency sip (destination SIP adjacency)
adjacency h323 (destination H.323 adjacency)
error-codes can have the following values:
In the sip and adjacency sip modes, error-codes
represent a space-separated list of SIP numeric error
codes. The example to the left configures SIP to retry
routing if it receives a 415 (media unsupported) or
480 (temporarily unavailable) error.
In the h323 and adjacency h323 modes, error-codes
represent a space-separated list of H.323 textual error
codes:
noBandwidth
unreachableDestination
destinationRejection
noPermission
gatewayResources
badFormatAddress
securityDenied
the internally-defined value connectFailed
If you type no hunting-trigger, then all error codes are
cleared out. If you type no hunting-trigger x y, then just
the codes x and y are removed from the configured list.
If you enter hunting-trigger x followed by
hunting-trigger y, then x is replaces with y. To set both x
and y as hunting triggers, enter hunting-trigger x y.
Note In the case of the adjacency h323 mode, enter the
noRetry value to specify that routing should never
be retried for this adjacency no matter what failure
return code is received.
Step 6 exit
Example:
host1/Admin(config-sbc-sbe-h323)# exit
Step 7 show services sbc service-name sbe h323|sip
hunting-trigger
Example:
host1/Admin# show services sbc mysbc sbe
h323|sip hunting-trigger
Shows the H.323 or SIP hunting triggers.
13-54
OL-13499-04
Activating a Routing Policy Set
This task activates a number analysis and routing policy set.
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
4. active-call-policy-set policy-set-id
DETAILED STEPS
Configuring Call Admission Control Policy Sets and CAC Tables
This optional task configures Call Admission Control policy sets and CAC tables.
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
4. cac-policy-set policy-set-id
5. first-cac-scope scope-name
6. first-cac-table table-name
Step 1 configure
Example:
Example:
the service.
Step 3 sbe
Example:
Step 4 active-call-policy-set policy-set-id
Example:
Sets the active routing policy set within an SBE entity.
13-55
OL-13499-04
7. cac-table table-name
8. match-type table-type
9. entry entry-id
11. match-value key
12. max-num-calls mnc
13. max-call-rate mcr
14. max-in-call-rate rate
15. max-out-call-rate rate
16. max-bandwidth mbw bwsize
17. callee-privacy callee-priv-setting
18. action [next-table goto-table-name | cac-complete]
19. exit
20. entry entry-id
21. match-value key
22. max-num-calls mnc
23. max-call-rate mcr
24. max-bandwidth mbw bwsize
25. transcode-deny
26. max-regs mr
27. action [next-table goto-table-name | cac-complete]
28. exit
29. exit
30. complete
DETAILED STEPS
Step 1 configure
Example:
Example:
the service.
Step 3 sbe
Example:
13-56
OL-13499-04
Step 4 cac-policy-set policy-set-id
Example:
host1/Admin(config-sbc-sbe)# cac-policy-set 1
Enters the mode of CAC policy set configuration within an
SBE entity, creating a new policy set if necessary.
Step 5 first-cac-scope scope-name
Example:
host1/Admin(config-sbc-sbe-cacpolicy)#
first-cac-scope global
Configures the scope at which to begin defining limits when
performing the admission control stage of policy.
The scope-name argument configures the scope at which
limits should be initially defined. Possible values are:
adj-group
call
dst-account
dst-adj-group
dst-adjacency
dst-number
global
src-account
src-adj-group
arc-adjacency
Features can be enabled or disabled per adjacency group
through CAC configuration the same way this is done per
individual adjacencies. The scope-names for adjacency
groups are:
adj-group
src-adj-group
dst-adj-group
Step 6 first-cac-table table-name
Example:
first-cac-table StandardListByAccount
when performing the admission control stage of policy.
Step 7 cac-table table-name
Example:
cac-table StandardListByAccount
Enters the mode for configuration of an admission control
table (creating one if necessary) within the context of an
SBE policy set.
13-57
OL-13499-04
Step 8 match-type table-type
Example:
cactable)# match-type dst-account
Configures the match-type of an admission control table
within the context of an SBE policy set.
The table-type argument controls the syntax of the
match-value fields of the entries in the table. The table types
available are:
account
adj-group
adjacency
all
call
category
dst-account
dst-adj-group
dst-adjacency
dst-prefix
event-type
policy-set
src-account
src-adj-group
src-adjacency
src-prefix
sub-category
sub-category-pfx
Example:
cactable)# entry 1
Enters the mode to create or modify an entry in an
admission control table.
Example:
cactable-entry)# media-bypass-forbid
Configures whether media-bypass is forbidden for this
entry in an admission control table. You are not allowed to
do this if the table is part of the active policy set.
Not setting this command or issuing the no version of the
command allows media bypass for this entry in the
13-58
OL-13499-04
Step 11 match-value key
Example:
cactable-entry)# match-value SIP-CUSTOMER-1
Configures the match-value of an entry in an admission
control table.
The key argument is a string used to match events. The
format of the key is determined by the match-type of the
enclosing table.
Step 12 max-num-calls mnc
Example:
cactable-entry)# max-num-calls 100
Configures the maximum number of calls of an entry in an
Step 13 max-call-rate mcr
Example:
cactable-entry)# max-call-rate 20
Configures the maximum number of calls per minute for an
entry in an admission control table.
Step 14 max-in-call-rate rate
Example:
cactable-entry)# max-in-call-rate 20
Configures the maximum in-call rate for an entry in an
Step 15 max-out-call-rate rate
Example:
cactable-entry)# max-out-call-rate 20
Configures the maximum out-call rate for an entry in an
Step 16 max-bandwidth mbw bwsize
Example:
cactable-entry)# max-bandwidth 1000000 bps
Configures the maximum bidirectional bandwidth for an
entry in an admission control table. For example, if a
max-bandwidth value is configured, the SBC allows half of
this value in each direction.
The mbw argument is a positive integer specifying the total
maximum rate at which call media should be admitted in
both directions (in bytes per second).
The bwsize argument specifies the transfer size to which
mbw refers. Possible values are:
bps
Kbps
Mbps
Gbps
13-59
OL-13499-04
Step 17 callee-privacy [callee-priv-setting]
Example:
cactable-entry)# callee-privacy never
Configures the level of privacy processing to perform on
messages sent from callee to caller.
The callee_priv_setting argument indicates the specific
callee privacy setting. Possible values are:
neverIndicates to never hide identity.
account-boundaryIndicates to hide identity only if
caller is different account from callee.
alwaysIndicates to always hide identity.
Step 18 action [next-table goto-table-name |
cac-complete]
Example:
cactable-entry)# action cac-complete
Configures the action to perform after this entry in an
admission control table. Possible actions are:
Identify the next CAC table to process using the
Stop processing for this scope using the cac-complete
keyword.
Step 19 exit
Example:
cactable-entry)# exit
Exits from entry to cactable mode.
Example:
cactable)# entry 2
Enters the mode to create or modify an entry in an
Example:
cactable-entry)# match-value SIP-CUSTOMER-2
control table.
The key argument is a string used to match events. The
format of the key is determined by the match-type of the
enclosing table.
Step 22 max-num-calls mnc
Example:
cactable-entry)# max-num-calls 110
Configures the maximum number of calls of an entry in an
Step 23 max-call-rate mcr
Example:
cactable-entry)# max-call-rate 30
Configures the maximum call rate for an entry in an
13-60
OL-13499-04
Step 24 max-bandwidth mbw bwsize
Example:
cactable-entry)# max-bandwidth 2000000 bps
Configures the maximum bidirectional bandwidth for an
entry in an admission control table. For example, if a
max-bandwidth value is configured, the SBC allows half of
this value in each direction.
The mbw argument is a positive integer specifying the total
maximum rate at which call media should be admitted in
both directions (in bytes per second).
The bwsize argument specifies the transfer size to which
mbw refers. Possible values are:
bps
Kbps
Mbps
Gbps
Step 25 transcode-deny
Example:
cactable-entry)# transcode-deny
Forbids transcoding for this entry in an admission control
table.
Step 26 max-regs mr
Example:
cactable-entry)# max-regs 500
Configures the maximum call number of subscriber
registrations for an entry in an admission control table.
Step 27 action [next-table goto-table-name |
cac-complete]
Example:
cactable-entry)# action cac-complete
Configures the action to perform after this entry in an
admission control table. Possible actions are:
Identify the next CAC table to process using the
Stop processing for this scope using the cac-complete
keyword.
Step 28 exit
Example:
cactable-entry)# exit
Exits from entry to cactable mode.
Step 29 exit
Example:
cactable)# exit
Exits from cactable to cacpolicy mode.
Step 30 complete
Example:
cactable-entry)# complete
the full set.
13-61
OL-13499-04
Configuration Examples of Implementing Number Analysis
Activating a CAC Policy Set
This task activates a CAC policy set.
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
4. active-cac-policy-set policy-set-id
DETAILED STEPS
Configuration Examples of Implementing Number Analysis
Configuring Number Validation: Example
Configuring Number Categorization: Example
Configuring Number Validation: Example
The following example shows how to configure number validation for a number analysis table:
Step 1 configure
Example:
Example:
the service.
Step 3 sbe
Example:
Step 4 active-cac-policy-set policy-set-id
Example:
active-cac-policy-set 1
Sets the active CAC policy set within an SBE entity.
13-62
OL-13499-04
Configuration Examples of Implementing Call Routing
host1/Admin(config-sbc-sbe-rtgpolicy)# first-number-analysis-table hotel_table
host1/Admin(config-sbc-sbe-rtgpolicy-natable)# na-dst-prefix-table hotel_table
host1/Admin(config-sbc-sbe-rtgpolicy-natable)# entry 1
host1/Admin(config-sbc-sbe-rtgpolicy-natable)# match-prefix XXX
host1/Admin(config-sbc-sbe-rtgpolicy-natable)# action accept
host1/Admin(config-sbc-sbe-rtgpolicy-natable)# match-prefix 9XXX
host1/Admin(config-sbc-sbe-rtgpolicy-natable)# action accept
Configuring Number Categorization: Example
The following example shows how to configure number categorization for a number analysis table:
host1/Admin(config-sbc-sbe-rtgpolicy)# first-number-analysis-table check-accounts
host1/Admin(config-sbc-sbe-rtgpolicy)# na-src-account-table check_accounts
host1/Admin(config-sbc-sbe-rtgpolicy)# entry 1
host1/Admin(config-sbc-sbe-rtgpolicy-natable-entry)# match-account hotel_foo
host1/Admin(config-sbc-sbe-rtgpolicy-natable-entry)# action next-table hotel_dialing_plan
host1/Admin(config-sbc-sbe-rtgpolicy-natable-entry)# exit
host1/Admin(config-sbc-sbe-rtgpolicy-natable-entry)# match-account hotel_bar
host1/Admin(config-sbc-sbe-rtgpolicy-natable-entry)# action next-table hotel_dialing_plan
host1/Admin(config-sbc-sbe-rtgpolicy-natable-entry)# match-account internal
host1/Admin(config-sbc-sbe-rtgpolicy-natable-entry)# action accept
host1/Admin(config-sbc-sbe-rtgpolicy-natable)# exit
host1/Admin(config-sbc-sbe-rtgpolicy)# na-dst-prefix-table hotel_dialing_plan
host1/Admin(config-sbc-sbe-rtgpolicy-natable-entry)# match-prefix XXX
host1/Admin(config-sbc-sbe-rtgpolicy-natable-entry)# category internal_call
host1/Admin(config-sbc-sbe-rtgpolicy-natable-entry)# match-prefix 9XXX
host1/Admin(config-sbc-sbe-rtgpolicy-natable-entry)# category external_call
Routing with No Load Balancing: Example, page 13-63
Least-Cost Routing: Example, page 13-63
Weighted Routing: Example, page 13-64
Time-Based Routing: Example, page 13-65
13-63
OL-13499-04
Routing with No Load Balancing: Example
host1/Admin(config-sbc-sbe-rtgpolicy)# first-call-routing-table start_routing
host1/Admin(config-sbc-sbe-rtgpolicy)# rtg-dst-address-table start_routing
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable)# entry 1
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match XXX
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# next-table internal_routing
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# exit
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match XXXX
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# next-table external_routing
host1/Admin(config-sbc-sbe-rtgpolicy)# rtg-src-adjacency-table internal_routing
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match sip_to_foo
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# dst-adjacency sip_to_foo
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match sip_to_bar
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# dst-adjacency sip_to_bar
host1/Admin(config-sbc-sbe-rtgpolicy)# rtg-dst-address-table external_routing
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match 208111
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# dst-adjacency sip_to_foo
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match 208222
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# dst-adjacency sip_to_bar
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match X
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# dst-adjacency sip_to_softswitch
Least-Cost Routing: Example
The following example configures a routing table that matches on category and then for each entry routes
the call to a different least-cost table to choose the adjacency.
host1/Admin(config-sbc-sbe-rtgpolicy)# rtg-category-table 1
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-category internal
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# action next-table least_int_cost
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-category external
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# action next-table least_ext_cost
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable)# exit
host1/Admin(config-sbc-sbe-rtgpolicy)# rtg-least-cost-table least_int_cost
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# cost 10
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# dst-adjacency SipAdj1
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# action complete
13-64
OL-13499-04
host1/Admin(config-sbc-sbe-rtgpolicy)# rtg-least-cost-table least_ext_cost
Weighted Routing: Example
In the above example, no two entries in one table have the same cost, so the weight parameter is left at
the default of 1. If two or more entries with equal cost exist, and are selected for routing, then calls are
distributed based on the weight configured (weight being the relative weight of an entry with respect to
the lowest weight in the table). For example, if entry1, entry2, and entry3 are equal cost and have
weights of 1, 2, and 4, respectively, entry2 will route twice the number of calls as entry1, and entry3
will route four times the number of calls as entry1.
In the following example, all calls are routed to entry 1, because it has the lowest cost. However, if
routing fails, the remaining three entries all have the same cost, so the weight parameters determine
which entry is picked. Eighty percent of calls will be routed to SipAdj2 by entry 2, and the remaining
20 percent will be evenly divided between SipAdj3 and SipAdj4 (weights of entry 3 and entry 4 are left
at a default of 1).
host1/Admin(config-sbc-sbe-rtgpolicy)# rtg-least-cost-table table1
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# weight 8
13-65
OL-13499-04
Note The selection of routes between several equal cost routes is a weighted random selection. For each call,
a stateless random decision is made as to which adjacency to use. For example, in the configuration
above, SipAdj2, SipAdj3, and SipAdj4, would be selected with a probability of 80%, 10%, and 10%,
respectively. An implication of this is that the actual distribution may deviate from the specified
distribution, especially for a small sample size. For example, with 10 calls, you may see 7 calls routed
through SipAdj2, 2 calls routed through SipAdj3, and 1 call routed through SipAdj4, instead of the
expected 8:1:1 distribution. However, as the sample size increases, the actual distribution converges
towards the specified distribution. For a large number of calls (on the order of 1000), there is a very good
chance that the SBC achieves the specified distribution.
Time-Based Routing: Example
The following example shows two entries, one that routes traffic to Adj1 at all times and a second with
a higher precedence that routes traffic to Adj2 if the time is between 9 AM and 6 PM on a weekday. When
the two time periods overlap, the one with the higher precedence is chosen.
The two times ranges in entry 1 and entry 2 overlap. In this case, a call made between 9 AM to 6 PM on
weekdays matches on both the entries but entry 2 is preferred due to its higher precedence.
If multiple ranges are specified as in entry 2, the SBC will match the entry only during the intersection
of the ranges. For example, entry 2 matches calls made Monday through Friday between 9 AM to 6 PM.
The range is not Monday 9 AM to Friday 6 PM.
host1/Admin(config-sbc-sbe-rtgpolicy)# rtg-time-table table1
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-time date yr 2006 2020 mon 1
12 day 1 31
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# precedence 5
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-time dow 1 5
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-time tod hour 9 17 min 0 59
The following example configures a rule that routes traffic through adjacency SipAdj1 at all times, and
through SipAdj2 between Monday 9 AM and Friday 6 PM.
12 day 1 31
13-66
OL-13499-04
In the configuration above, entry 2, entry 3, and entry 4 together specify the range Monday 9:00 AM
through Friday 6:00 PM. This could also be accomplished by having one route for the entire time
Monday through Friday with separate ranges to divert traffic during nights as follows:
12 day 1 31
The following example shows how to configure a rule that would route traffic through adjacencies
SipAdj1 and SipAdj2 on Monday and Wednesday, respectively, between 9 AM and 6 PM, and through
SipAdj3 at all other times.
13-67
OL-13499-04
12 day 1 31
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-time tod hour 9 17
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# action complet
The following example shows how to configure a rule that would route traffic through adjacency SipAdj1
on Saturdays and Sundays between 01 Mar 2008 through 30 Mar 2009, and through SipAdj2 all other
times.
12 day 1 31
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-time date yr 2008 2009 mon 3 3
day 1 30
The following example shows how to configure a rule that would route traffic through adjacency SipAdj1
between 10:00 PM and 6:00 AM from Friday to Monday, and through SipAdj2 otherwise.
12 day 1 31
13-68
OL-13499-04
Note Time and day of the week are wrapping ranges, so the minimum can be larger than the maximum.
For example, a single routing entry with the ranges Friday through Monday and 22:00 through
06:00 will match before 6 AM and after 10 PM on Friday, Saturday, Sunday and Monday.
In the following example, a user has all his routers running GMT no matter where they were so that
they can be synchronized. But one router in New York has a time-based routing table that routes traffic
to SipAdj1 at all times apart from Monday through Friday from 9 AM to 6 PM when it routes traffic to
SipAdj2. The user wants these match times to refer to local time so it is necessary enter a time-offset
command (New York is five hours behind GMT) as shown in the example below.
host1/Admin(config-sbc-sbe)# time-offset hour 5 min 0 negative
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# use-time-offset
12 day 1 31
In the next example, a user to creates a routing table where the match times refer to a particular time
zone. All of the routers are synchronized to GMT. But one router, in New York, has a time-based
routing table that routes traffic to SipAdj1 at all times apart from Monday through Friday 9AM to 5PM
when it routes traffic to SipAdj2. The user wants these match times to refer to local time; this can be
accomplished using the timezone-offset command. Because New York is five hours behind GMT, the
following table is needed:
12 day 1 31
13-69
OL-13499-04
Configuration Example of Implementing Call Admission Control Policy Sets and CAC Tables
Regular Expression Routing: Example
The following is an example for regular expression routing.
host1/Admin(config-sbc-sbe-rtgpolicy)# description test dst domain route
host1/Admin(config-sbc-sbe-rtgpolicy)# first-call-routing-table testDstDomainNameRtgTabl
host1/Admin(config-sbc-sbe-rtgpolicy)# rtg-dst-domain-table testDstDomainNameRtgTabl
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# action next-table TextUserNameTable1
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-domain ^abc[de]*\.com regex
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# action next-table TextUserNameTable1
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-domain xyz.com
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# action reject
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-domain pqr.com
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# dst-adjacency sipp-5
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-domain foo.com
host1/Admin(config-sbc-sbe-rtgpolicy)# rtg-dst-address-table TextUserNameTable1
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-address ^min$ty\|ion$ regex
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-address numbered

host1/Admin(config-sbc-sbe)# active-call-policy-set 8
Configuration Example of Implementing Call Admission Control
Policy Sets and CAC Tables
The following example shows the working of the CAC and is not meant to be realistic. The total number
of concurrent calls per SBC (global limit) is 5, the number of concurrent calls per subscriber is 1, and
the number of concurrent calls per all non-subscribers is 1.
host1/Admin(config-sbc-sbe-cacpolicy)# first-cac-scope global
host1/Admin(config-sbc-sbe-cacpolicy)# first-cac-table table_1
host1/Admin(config-sbc-sbe-cacpolicy)# cac-table table_1
host1/Admin(config-sbc-sbe-cacpolicy-cactable)# match-type policy-set !!!meaning this is a
CAC Policy Table !!!
host1/Admin(config-sbc-sbe-cacpolicy-cactable)# entry 1
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# match-value subscriber !!!meaning
limits in this entry are applied per subscriber!!!
13-70
OL-13499-04
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# max-num-calls 1
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# action CAC-Complete
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# exit
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# match-value global !!!meaning limits
in this entry are applied globally!!!
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# max-calls 5
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# action cac-complete
In the next example, the total number of concurrent calls per SBC (global limit)is 10, the number of
concurrent calls per subscriber is 2, and the number of concurrent calls per (EACH) non-subscribers is
1. In the configuration, adj1 represents an endpoint which will register with adj2 before making a call,
while adj3 and adj4 are non-subscribers and do not register before making calls.
To support this scenario and to apply the limits described above, you would need the following VPSS
configuration: inherit profile for Adj1 set to preset-access, inherit profile for Adj2 set to preset-core,
inherit profile for both adj3, and adj4 set to preset-standard-non-ims.
Here is the CAC configuration:
host1/Admin(config-sbc-sbe-cacpolicy)# first-cac-table !!! table1
host1/Admin(config-sbc-sbe-cacpolicy)# cac-table table1
host1/Admin(config-sbc-sbe-cacpolicy-cactable)# match-type policy-set
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# match-value subscriber
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# action next-table table2
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# match-value global
host1/Admin(config-sbc-sbe-cacpolicy-cactable)# exit
host1/Admin(config-sbc-sbe-cacpolicy)# complete
host1/Admin(config-sbc-sbe-cacpolicy-cactable)# match-type adjacency
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# match-value adj1
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# max-nums-calls 2
13-71
OL-13499-04
The following example shows how to configure call admission control policy sets and CAC tables:
host1/Admin(config-sbc-sbe-cacpolicy)# first-cac-table STANDARD-LIST-BY-ACCOUNT
host1/Admin(config-sbc-sbe-cacpolicy)# cac-table STANDARD-LIST-BY-ACCOUNT
host1/Admin(config-sbc-sbe-cacpolicy-cactable)# match-type dst-account
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# media-bypass-forbid
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# match-value SIP-CUSTOMER-1
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# max-call-rate 20
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# max-bandwidth 1000000 bps
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# callee-privacy never
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# match-value SIP-CUSTOMER-2
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# max-bandwidth 1000000 bps
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# transcode deny
The following example limits the total number of concurrent calls per SBC (global limit) to 2000 and
number of concurrent calls per subcriber to 5. If a subscriber has 5 calls active, he will not be allowed
to make the 6th call, even if the total number of active calls on SBC is less than 2000. Also, if the total
number of active calls on SBC is 2000, a subscriber will not be allowed to make a call, even if he has no
active calls.
host1/Admin(config-sbc-sbe-cacpolicy)# first-cac-table first_policy_table
host1/Admin(config-sbc-sbe-cacpolicy)# cac-table first_policy_table
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# match-value global
host1/Admin(config-sbc-sbe-cacpolicy)# exit
host1/Admin(config-sbc-sbe)# active-cac-policy-set 1
The following example limits the number of concurrent calls per subscriber to 5 with no global limit:
13-72
OL-13499-04
host1/Admin(config-sbc-sbe-cacpolicy)# first-cac-scope subscriber
host1/Admin(config-sbc-sbe-cacpolicy-cactable)# match-type all
You could also achieve this with the following configuration:
Both the above configurations will limit the number of concurrent calls per subscriber to 5. There is no
global limit.
The following example limits the maximun bandwidth to 1 Mbps for several subscriber categories with
no global limit. This configuration also limits the bandwidth of the subcribers whose source IP address
in the SIP message is 1.1.1.1 and 2.2.2.2 to 1 Mbps.
host1/Admin(config-sbc-sbe-cacpolicy-cactable)# match-type sub-category
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# match-value 1.1.1.1
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# max-bandwidth 1 Mbps
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# max-bandwidth 1 Mbps
13-73
OL-13499-04
This example allows 10 calls, 100 updates, a max-in-call-rate and a max-out-call-rate of 5000 msg/min
for any subscriber category:
host1/Admin(config-sbc-sbe-cacpolicy)# first-cac-scope sub-category
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# max-updates 100
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# max-in-call-rate 5000
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# max-out-call-rate 5000
This example allows 10 calls, 100 updates, and max-in-call-rates and max-out-call-rates of 5000
msg/min for any subscriber:
host1/Admin(config-sbc-sbe-cacpolicy)# first-cac-scope subscriber
This example allows 100 concurrent calls per a customer whose phones have IP addresses in the range
12.12.12.0/24. For those subscribers whose source IP address in the SIP invites falls in the range
12.12.12.0-12.12.12.255, this configuration limits the number of calls to 100. There is no limit placed
on other subscribers.
host1/Admin(config-sbc-sbe-cacpolicy-cactable)# match-type sub-category-pfx
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# match-prefix-len 24
13-74
OL-13499-04
In the following example there are multiple customers. Each customers phones have the IP prefix length
of 16 bits. There are 100 concurrent calls allowed per customer.
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# match-value sub-category-pfx
The following example limits the maximun registrations to 100 per category prefix of 1.1.1.0 and
2.2.2.0 with no limits for others.
host1/Admin(config-sbc-sbe-cacpolicy-cactable)# match-type sub-category-pfx
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# max-regs 100
In the following example all customers have phones with IP address prefix lengths of 24 bits. Each
customer is allowed 10 concurrent calls.
host1/Admin(config-sbc-sbe-cacpolicy)# first-cac-scope sub-category-pfx
13-75
OL-13499-04

13-76
OL-13499-04
C H A P T E R
14-1
OL-13499-04
14
Implementing SBC Transcoding
encoded using another codec. For example, translating a media stream encoded as Pulse Code
Modulation u-law (PCMU) into one encoded as ITU-T G.726-32.
The primary reason for transcoding configurations is to configure the capabilities of external media
transcoding devices when these devices cannot be discovered automatically. In-band auto-discovery of
transcoder capabilities is currently not supported. Therefore, this step must be done when configuring
all connections to all current remote transcoding devices.
Note Transcoding configurations can be skipped altogether if the described reason does not apply.
Media gateways are allowed to connect whether or not configuration has been supplied for them. To help
avoid configuration errors, the signaling border element (SBE) logs a warning if an incoming connection
is received from a media gateway that is not a data border element (DBE) and does not have transcoding
configured.
Note For ACE SBC Release 3.0.0 and later, this feature is supported in the unified model only.
Feature History for Implementing SBC Transcoding
Contents
Prerequisites for Implementing Transcoding, page 14-2
Information About Transcoding, page 14-2
Configuration Examples for Implementing Transcoding, page 14-9
14-2
OL-13499-04
Prerequisites for Implementing Transcoding
Prerequisites for Implementing Transcoding
The following prerequisites are required to implement SBC transcoding:
at
186a00806838f4.html.
Before implementing transcoding, the SBC must already be created. See the procedures described
All SBE and DBE configurations required to make simple calls must already be configured.
Transcoding configurations follow these configurations.
Information About Transcoding
encoded using another codec. For example, translating a media stream encoded as PCMU into one
encoded as G.726-32.
Transcoding requires specialized digital signal processor (DSP) hardware, which is not available within
SBC itself. A Cisco MGX 8880 device can be used to provide transcoding function for one or more
SBCs.
The SBC supports two types of transcoding:
Transcoding After Rejection, page 14-2
Codec Filtering, page 14-4
Transcoding After Rejection
The SBC automatically brings the transcoding device into use for any call requiring transcoding between
these codecs, as long as the Call Admission Control (CAC) policy configuration does not preclude the
transcoder service from being supplied for the call. When a call that requires transcoding is set up, the
SBE goes through the following steps:
Receives an initial signaling request from the calling endpoint. This triggers the SBE to perform
initial call setup on the incoming and outgoing DBEs. The SBE then forwards the request to the
called endpoint.
Receives a response from the called endpoint that indicates that none of the codecs in the initial
request are acceptable. These responses include:
415Unsupported media type (SIP)
488Not acceptable here (SIP)
Failure to identify common codec during Terminal Capability Exchange procedure of H.245
protocol.
This triggers the SBE to bring a transcoder into the call that is inserted in the media path between
the incoming and outgoing DBEs. A new request is sent to the called endpoint, indicating the new
codec type generated by the transcoder.
14-3
OL-13499-04
SBE may then have to iterate through the list of codecs the transcoder supports until it finds one that
is acceptable to the called endpoint. When this is done, the call is connected and media transmission
begins.
Figure 14-1 shows where the transcoder sits in the network, and the path taken by the media in a
transcoded call.
Figure 14-1 Transcoding Configuration
Note Although Figure 14-1 shows two DBEs, transcoding is possible with a single DBE. With a single DBE,
the media flows through the DBE twice, once on its way from the sending endpoint to the transcoder and
a second time as it flows from the transcoder to the receiving endpoint.
For the Session Border Controller (SBC) to program the transcoder, it must be registered. The
transcoding device acts as an H.248 media gateway, so it needs to be configured with the IP address and
port of the SBE or SBC to connect to. The SBE or SBC acts as an H.248 Media Gateway Controller. (See
the documentation for the transcoder device for notes on how to do this. The documentation for the Cisco
MGX 8880 can be found at
http://www.cisco.com/en/US/products/hw/gatecont/ps3869/products_configuration_guide_book09186
a0080535937.html.)
In addition, the SBE must have the following specific configuration:
An H.248 control address and port must be configured (using the sbe control address ipv4 and sbe
control address h248 port commands). By default, this is on port 2944, and it is the address and
port to which the transcoder must connect.
An explicit media gateway needs to be configured (using the sbe media-gateway ipv4 command).
The explicit media gateway must have its list of supported codecs defined so that the SBC knows
which codecs the transcoder can translate between, and it must be identified as a transcoder (using
the sbe media-gateway ipv4 codecs and sbe media-gateway ipv4 transcoder commands).
The show services sbc sbe media-gateway-associations command can be used to check that the
transcoder has correctly registered with the SBE. If this has happened, the transcoder should appear
in the list of known media gateways with an active association.
Phone
Fax
MGX/VXSM
as Transcoder
7600/SBC
Fax/Modem
Call Generator
RTP H.248
SIP/H.323/RTP
AS350-GW-A AS350-GW-B
SIP/H.323/RTP
T1/E1 ISDN Line T1/E1 ISDN Line
PSTN PSTN
Phone
Fax
V V
14-4
OL-13499-04
Codec Filtering
The SBC allows you to restrict which codecs a particular call, caller and callee are allowed to use by
whitelisting certain codecs. Initially all recognized codecs are on the whitelist. If a codec is requested
which is absent from the call, caller, or callee codec whitelist, then the call still proceeds, but the
forbidden codecs are removed from the offer and media gate configuration.
By supporting caller and callee codec lists, the SBC is able to make more intelligent transcoding
decisions. If the codec support of either the calling or the called endpoint is known, then setting the
caller and/or callee lists in a CAC policy is appropriate. However it may be that other considerations,
such as the source adjacency, will affect the codec decision, in which case the per-call codec list can still
be used.
For example, if the caller and callee codec lists are set to 'A and B', then all calls would use codec A.
However, if a call had come across a transit network X (as indicated by the source adjajcency) that only
supported codec B, then the user could have an extra policy matching on source adjacency X, setting the
per-call codec list to B. Calls crossing network X would then be forced to use codec B.
You can also limit the minimum packetization period of each codec, by configuring a value for the lowest
acceptable minimum packetization period for each permitted codec. If a session is requested with a
packetization period below this limit, the call still proceeds, but DC SBC increases the packetization
period to the configured minimum value.
Restrictions for Transcoding
Review the following restrictions for transcoding:
The H.323 fast-start calls will be dropped to slow-start procedure if transcoding is required. This
can be achieved by either the callee side rejecting fast-start request or by configuring the
h245-tunnel disable command in the adjacency table.
No transcoding support for H.323 to SIP Interworked calls.
Configuring Transcoding After Rejection
In this configuration area, the user supplies a configuration for a list of remote media gateways that may
need to be managed by the SBE. This is not required when transcoding is not needed.
The primary reason for transcoding configurations is to configure the capabilities of external media
transcoding devices when these devices cannot be discovered automatically. In-band auto-discovery of
transcoder capabilities is currently not supported. Therefore, this step must be done when configuring
all connections to all current remote transcoding devices.
Note Transcoding configurations can be skipped if the described reason does not apply.
By default, media gateways are allowed to connect whether or not configuration has been supplied for
them. To help avoid configuration errors, the SBE logs a warning if an incoming connection is received
from a media gateway that is not a DBE and does not have transcoding configured.
The basic steps for implementing transcoding are as follows:
1. Configure the IP address, port, and transport protocol for H.248 media gateway controller on SBC.
This step may not be required if the Media Gateway Controller has already been configured.
14-5
OL-13499-04
2. Configure the media gateway IP address.
3. Configure the codecs to be transcoded (for example, between ITU-T G.711ulaw and ITU-T
G.729A).
4. Specify the media gateway as a transcoder.
5. Activate SBE.
This task implements transcoding for SBC.
Once configured, the SBC automatically brings the transcoding device into use for any call requiring
transcoding between the codecs as long as the call admission control (CAC) policy configuration does
not preclude the transcoder service from being supplied for the call using the transcode-deny command
(See the Configuring Call Admission Control Policy Sets and CAC Tables section in the Implementing
SBC Policies module).
Note In an H.323 adjancency configuration, you must use the h245-tunnel disable comannd for H.323
FastStart transcoded calls.
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
4. control address h248 index index-number
5. ipv4 ipv4_IP_address
6. port port-number
7. transport [transport-type]
8. exit
9. media-gateway ipv4 IPv4_IP_address
10. codecs codec-list
11. transcoder
12. exit
13. activate
14. end
14-6
OL-13499-04
DETAILED STEPS
Step 1 configure
Example:
Example:
service.
Step 3 sbe
Example:
Enters the mode of an SBE entity within a SBC service.
Step 4 control address h248 index index-number
Example:
host1/Admin(config-sbc-sbe)# control address
h248 index 0
Configures an SBE to use a given IPv4 H.248 control
address
Step 5 ipv4 ipv4_IP_address
Example:
host1/Admin(config-sbc-sbe-ctrl-h248)# ipv4
1.1.1.1
Configures an SBE to use a given IPv4 H.248 control
address.
Step 6 port port-number
Example:
host1/Admin(config-sbc-sbe-ctrl-h248)# port
2000
Configures an SBE to use a given IPv4 H.248 port for H.248
communications.
Step 7 transport [transport-type]
Example:
host1/Admin(config-sbc-sbe-ctrl-h248)#
transport udp
Configures transport type for H.248 communications.
Step 8 exit
Example:
Exits the current configuration mode.
Step 9 media-gateway ipv4 IPv4_IP_address
Example:
host1/Admin(config-sbc-sbe)# media-gateway ipv4
10.0.0.1
Configures a media gateway.
14-7
OL-13499-04
Configuring Codec Filtering Transcoding
Configure codec filtering transcoding as shown below.
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
4. media-gateway ipv4 IPv4_IP_address
5. codecs codec-list
6. transcoder
7. exit
8. cac-policy-set
9. cac-table
10. entry entry_num
11. caller-codec-list list-name
12. exit
13. exit
Step 10 codecs codec-list
Example:
host1/Admin(config-sbc-sbe-mg)# codecs m=audio
1234 RTP/AVP 0 18,a=rtpmap:0
PCMU/8000,a=rtpmap:18 G729A/8000
Configures the codecs supported by the media gateway.
Step 11 transcoder
Example:
host1/Admin(config-sbc-sbe-mg)# transcoder
Configures the media gateway with transcoder support.
Step 12 exit
Example:
host1/Admin(config-sbc-sbe-mg)# exit
Exits to the sbe command mode level.
Step 13 activate
Example:
Initiates the SBC service after all SBE address
configuration has been successfully committed.
Step 14 end
Example:
Ends the configuration session.
14-8
OL-13499-04
14. codec-list list-name
15. codec codec-name
16. exit
DETAILED STEPS
Step 1 configure
Example:
Example:
service.
Step 3 sbe
Example:
Step 4 media-gateway ipv4 IPv4_IP_address
Example:
host1/Admin(config-sbc-sbe)# media-gateway ipv4
10.0.0.1
Configures a media gateway.
Step 5 codecs codec-list
Example:
host1/Admin(config-sbc-sbe-mg)# codecs m=audio
1234 RTP/AVP 0 18,a=rtpmap:0
Configures the codecs supported by the media gateway.
Step 6 transcoder
Example:
Configures the media gateway with transcoder support.
Step 7 exit
Example:
Exits the media gateway configurationmode.
Step 8 cac-policy-set
Example:
Enters the CAC policy submode.
14-9
OL-13499-04
Configuration Examples for Implementing Transcoding
The example below is a configuration of transcoding after rejection.
host1/Admin(config-sbc-sbe)# control address h248 index 1
host1/Admin(config-sbc-sbe-ctrl-h248)# ipv4 88.88.133.2
host1/Admin(config-sbc-sbe-ctrl-h248)# port 2000
Step 9 cac-table
Example:
host1/Admin(config-sbc-sbe)# cac-table 1
Creates or configures an admission control table.
Step 10 entry
Example:
host1/Admin(config-sbc-sbe-cacpolicy-cactable)#
entry 1
Creates or modifies an entry in a table.
Step 11 caller-codec-list list-name
Example:
host1/Admin(config-sbc-sbe-cacpolicy-cactable-e
ntry)# caller-codec-list test
Lists the codecs which the caller leg of a call is allowed to
use.
Step 12 exit
Example:
exit
Exits the CAC table entry configuration mode.
Step 13 exit
Example:
Exits the CAC-policy-set configuration mode.
Step 14 codec-list list-name
Example:
host1/Admin(config-sbc-sbe)# codec-list
my_codecs
Creates a codec list.
Step 15 codec codec-name
Example:
host1/Admin(config-sbc-sbe-codec-list)# codec
PCMU
Adds a codec to a codec list.
Step 16 end
Example:
Ends the configuration session.
14-10
OL-13499-04
host1/Admin(config-sbc-sbe-ctrl-h248)# transport udp
host1/Admin(config-sbc-sbe-ctrl-h248)# exit
host1/Admin(config-sbc-sbe)# media-gateway ipv4 10.0.0.1
host1/Admin(config-sbc-sbe-mg)# codecs m=audio 1234 RTP/AVP 0 18,a=rtpmap:0
host1/Admin(config-sbc-sbe-mg-codecs)# transcoder
host1/Admin(config-sbc-sbe-mg-codecs)# exit
Below is an example of codec filtering transcoding.
Router(config)# interface vlan 130
Router(config)# interface vlan 200
host1/Admin(config)# ft interface vlan 20
host1/Admin(config)# ip address 10.10.101.21 255.255.255.0
host1/Admin(config-ft-peer)# heartbeat interval 300
host1/Admin(config)# ft-interface vlan 20
host1/Admin(config-ft-group)# associate-context Admin
host1/Admin(config)# snmp-server community cisco group Network-Monitor
host1/Admin(config)# snmp-server community public group Network-Monitor
host1/Admin(config)# snmp-server community private group Network-Monitor
host1/Admin(config)# sbc sbc-11
host1/Admin(config-sbc-sbe-mg)# codecs m=audio 20000 RTP/AVP 0 8 18,a=rtpmap:0
PCMU/8000,a=rtpmap:8 PCMA/8000,a=rtpmap:18 G729/8000


host1/Admin(config-sbc-sbe)# adjacency sip SIPP81
host1/Admin(config-sbe-adj-sip)# nat force-off
host1/Admin(config-sbc-sbe-adj-sip)# preferred-transport udp
host1/Admin(config-sbc-sbe-adj-sip)# redirect-mode pass-through
host1/Admin(config-sbe-adj-sip)# authentication nonce timeout 300
host1/Admin(config-sbe-adj-sip)# signaling-address ipv4 10.130.10.4
14-11
OL-13499-04
host1/Admin(config-sbc-sbe-adj-sip)# signaling-port 5060
host1/Admin(config-sbc-sbe-adj-sip)# remote-address ipv4 10.0.244.81 255.255.255.255
host1/Admin(config-sbc-sbe-adj-sip)# signaling-peer 10.0.244.81
host1/Admin(config-sbc-sbe-adj-sip)# signaling-peer-port 5060
host1/Admin(config-sbc-sbe-adj-sip)# dbe-location-id 0
host1/Admin(config-sbc-sbe-adj-sip)# reg-min-expiry 3000

host1/Admin(config-sbc-sbe)# adjacency sip SIPP91
host1/Admin(config-sbc-sbe-adj-sip)# nat force-off
host1/Admin(config-sbc-sbe-adj-sip)# authentication nonce timeout 300
host1/Admin(config-sbc-sbe-adj-sip)# signaling-address ipv4 10.130.10.4

host1/Admin(config-sbc-sbe)# sip inherit profile preset-core
host1/Admin(config-sbc-sbe-cacpolicy)# first-cac-table table
host1/Admin(config-sbc-sbe-cacpolicy)# first-cac-scope call
host1/Admin(config-sbc-sbe-cacpolicy)# averaging-period 60
host1/Admin(config-sbc-sbe)# cac-table table
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# match-value SIPP81
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# max-bandwidth 64009 Gbps
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# max-channels 4294967295
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# early-media-type full-duplex
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# early-media-timeout 0
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# caller-codec-list allow711u
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# caller-privacy never
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# callee-hold-setting standard
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# caller-hold-setting standard
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# match-value SIPP91
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# callee-codec-list allowg729
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# callee-hold-setting standard
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# caller-hold-setting standard
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# complete

host1/Admin (config-sbc-sbe)# active-cac-policy-set 1
host1/Admin (config-sbc-sbe)# retry-limit 3
host1/Admin (config-sbc-sbe)# call-policy-set 1
host1/Admin(config-sbc-sbe-rtgpolicy)# first-call-routing-table table
14-12
OL-13499-04
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# dst-adjacency SIPP91
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-address 318X
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# prefix
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# complete

host1/Admin (config-sbc-sbe)# active-call-policy-set 1
host1/Admin(config-sbc-sbe)# sip max-connections 2
host1/Admin(config-sbc-sbe)# sip timer
host1/Admin(config-sbc-sbe-sip-tmr)# tcp-idle-timeout 120000
host1/Admin(config-sbc-sbe-sip-tmr)# tls-idle-timeout 3600000
host1/Admin(config-sbc-sbe-sip-tmr)# udp-response-linger-period 32000
host1/Admin(config-sbc-sbe-sip-tmr)# udp-first-retransmit-interval 500
host1/Admin(config-sbc-sbe-sip-tmr)# udp-max-retransmit-interval 4000
host1/Admin(config-sbc-sbe-sip-tmr)# invite-timeout 180

host1/Admin (config-sbc-sbe)# codec-list allow711u
host1/Admin(config-sbc-sbe-codec-list)# codec PCMU

host1/Admin (config-sbc-sbe)# codec-list allowg729
host1/Admin(config-sbc-sbe-codec-list)# codec G729

host1/Admin(config-sbc-sbe)# h323
host1/Admin(config-sbc-sbe-h323)# ras timeout arq 5000
host1/Admin(config-sbc-sbe-h323)# ras retry arq 2
host1/Admin(config-sbc-sbe-h323)# ras timeout brq 3000
host1/Admin(config-sbc-sbe-h323)# ras retry brq 2
host1/Admin(config-sbc-sbe-h323)# ras timeout drq 3000
host1/Admin(config-sbc-sbe-h323)# ras retry drq 2
host1/Admin(config-sbc-sbe-h323)# ras timeout grq 5000
host1/Admin(config-sbc-sbe-h323)# ras retry grq 2
host1/Admin(config-sbc-sbe-h323)# ras timeout rrq 3000
host1/Admin(config-sbc-sbe-h323)# ras retry rrq 2
host1/Admin(config-sbc-sbe-h323)# ras rrq ttl 60
host1/Admin(config-sbc-sbe-h323)# ras timeout urq 3000
host1/Admin(config-sbc-sbe-h323)# ras retry urq 1
host1/Admin(config-sbc-sbe-h323)# h225 timeout proceeding 10000
host1/Admin(config-sbc-sbe-h323)# h225 timeout establishment 180000
host1/Admin(config-sbc-sbe-h323)# h225 timeout setup 4000
host1/Admin(config-sbc-sbe-h323)# ras rrq keepalive 45000

host1/Admin(config-sbc-sbe-adj-h323)# adjacency timeout 30000
host1/Admin(config-sbc-sbe)# blacklist
host1/Admin(config-sbc-sbe-blacklist)# global

host1/Admin(config-sbc-sbe-blacklist)# address-default

host1/Admin(config-sbc-sbe)# redirect-limit 2
host1/Admin(config-sbc-sbe)# deact-mode normal
host1/Admin (config-sbc-sbe)# activate
host1/Admin(config-sbc-dbe)# location-id 0
host1/Admin(config-sbc-dbe)# deact-mode normal
host1/Admin (config-sbc-dbe)# activate
14-13
OL-13499-04
Verification
Verification
Use the following commands to verify operation:
The following example shows the SBC and media communications.
host1/Admin# show services sbc slt-n2 sbe media-gateway-associations
SBC Service "slt-n2"
Media gateway 192.169.125.1:2944
Gateway Protocol = megaco
Transport Protocol = UDP
Local Address = 22.46.0.11:2944

Requests 117 2 1 7
Replies 2 116 - 0
Command Purpose
show services sbc sbe media-gateway-associations Displays a list of known media gateways with an active
association.
14-14
OL-13499-04
Verification
C H A P T E R
15-SBC-1
OL-13499-04
15
Implementing SBC Firewall Traversal and NAT
The Session Border Controller (SBC) enables voice over IP (VoIP) signaling and media to be received
from and directed to a device behind a firewall and NAT (Network Address Translator) at the border of
an adjacent network, without requiring the device or firewall to be upgraded. In brief, the SBC achieves
this by rewriting the IP addresses and ports in the call signaling headers and the Session Description
Protocol (SDP) blocks attached to these messages. The SBC does not support options for keeping
pinholes open. Instead, SBC registers messages for signaling pinhole maintenance and Real-Time
Protocol (RTP) packets for media.
The SBC supports the Session Initiation Protocol (SIP) extension for Symmetric Response Routing
(RFC 3581). (There is currently no support for H.323.)
Note For ACE SBC Release 3.0.0 and later, this feature is supported in both the unified model and the
distributed model.
Feature History for Implementing SBC Firewall Traversal and NAT
Contents
Prerequisites for Implementing Firewall Traversal and NAT, page 15-2
Information About Firewall Traversal and NAT, page 15-2
Implementing Firewall Traversal and NAT, page 15-4
SIP PING Message Support, page 15-6
ACE SBC Release 3.1.00 Support was added for SIP PING messages.
ACE SBC Release 3.0.00 This feature was introduced on the Cisco 7600 series routers along with
15-SBC-2
OL-13499-04
Prerequisites for Implementing Firewall Traversal and NAT
Prerequisites for Implementing Firewall Traversal and NAT
The following prerequisites are required to implement SBC firewall traversal and NAT:
at
186a00806838f4.html.
Before implementing firewall traversal and NAT, the SBC must already be created. See the
Adjacencies must be configured before implementing firewall traversal and NAT. See the procedures
described in the Implementing SBC Adjacencies module.
Information About Firewall Traversal and NAT
The SBC enables VoIP signaling and media to be received from and directed to a device behind a firewall
and NAT at the border of an adjacent network, without requiring the device or firewall to be upgraded.
In brief, the SBC achieves this by rewriting the IP addresses and ports in the call signaling headers and
the SDP blocks attached to these messages.
Firewalls prevent unwanted traffic from entering, or leaving, a network by performing basic packet
filtering. Firewalls filter packets purely by examining packet headers, and do not parse or understand the
payload of the packets. Therefore, they do not filter out all types of unwanted traffic. For example,
firewalls do not perform Call Admission Controlthe SBC application does.
Firewalls, however, are valuable because they efficiently filter out large categories of unwanted traffic,
leaving application-aware devices such as SBCs with much less work to do. An external firewall filters
packets from the external network, but allows all packets from an internal network to pass through
unfiltered. An internal firewall filters packets from the internal network, but allows all packets from the
external network to pass through unfiltered (since they have already passed the external firewall).
Firewalls by default do not accept packets from the network, but are configured with rules that allow
them to select and accept certain packets. Therefore, packets are admitted to (or from) the network based
on explicit configuration, and not on default configuration.
The SBC application also incorporates the NAT function. NATs separate a network into distinct address
spaces. The NAT component of the SBC separates the internal network address space from the external
network address space. The NAT maintains a table of mappings from {external address, port} to
{internal address, port} and vice versa. The table is a dual-index table, so a particular mapping can be
looked up given either the internal or external addressing information. The NAT uses this table to rewrite
the headers of the IP packets that it forwards.
On receiving an IP packet from the external network, the NAT looks in its table for the destination
address and port of the packet (which will be an address from the external address space). If a mapping
is found, then the destination address header in the IP packet is changed to contain the corresponding
internal address and port from the table, and the packet is forwarded towards the internal network. If no
mapping is found, the packet is discarded.
15-SBC-3
OL-13499-04
Information About Firewall Traversal and NAT
On receiving an IP packet from the internal network, the NAT looks in its table for the source address
and port of the packet (which will be an address from the internal address space). If a mapping is found,
then the source address header in the IP packet is changed to contain the corresponding external address
and port from the table, and the packet is forwarded towards the external network. If no mapping is
found, then a new mapping is created: the NAT dynamically allocates a new external address and port
from the external address space for the packet (and all future packets from this source address and port
tuple).
SBC does not support options for keeping pinholes open. Instead, SBC registers messages for signaling
pinhole maintenance and RTP packets for media. The key to solving this problem is the fact that the
customers NAT has to open pinholes to allow the IP phone to send signaling packets and media packets
to the public network, and the customers firewall has to allow these packets through.
Inbound signaling and media from the public network can therefore be made to traverse the customers
firewall and NAT by directing them at the pinholes address and port on the public network side of the
customers NAT. The pinholes for signaling and media have different lifetimes.
The signaling pinhole, once created, is reused for all call signaling.
The media pinhole is created anew for each media stream, because the source and destination ports
of the media stream are dynamically allocated per call.
The signaling pinhole is ideally created when the IP phone first comes online, and then kept open until
the phone goes offline again. Media pinholes are created created when the SIP invite arrives at the SBC.
Figure 15-1 illustrates the data path for support of firewall traversal and NAT with the SBC.
Figure 15-1 Firewall Traversal and NAT
SBE NAT/FW
DBE
RTP RTP
Signaling
Scrubbing
Topology
Hiding
SIP UA
A: IP1: 10.1.1.1
REGISTER
200 OK
SDP4
(rx on IP4)
INVITE: user B
(via1,contact1,
SDP1)
1
5
8
0
1
3
INVITE: user B
(via1,contact1,
SDP2)
200 OK
SDP3
(rx on IP3)
200 OK
SIP Proxy
B2BUA
IP2:30.3.3.3
IP
SIP UA
B: IP3: 20.2.2.2
IP
NAT/FW
15-SBC-4
OL-13499-04
Implementing Firewall Traversal and NAT
This task implements firewall traversal and NAT.
SUMMARY STEPS
Note If the adjacency was previously attached, the no attach command must be issued before nat-enable.
1. configure
2. sbc service-name
3. sbe
5. nat force-on
9. signaling-peer [gk] peer_name
11. attach
DETAILED STEPS
Step 1 configure
Example:
Example:
service.
Step 3 sbe
Example:
Example:
SIP_7301_1
of the service.
15-SBC-5
OL-13499-04
Changing NAT Status
When you change NAT status, the change does not become effective immediately. You must cycle the
adjacency as shown in this task.
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
Step 5 nat force-on
Example:
host1/Admin(config-sbc-sbe-adj-sip)# nat
force-on
Sets the SIP adjacency to assume that all endpoints are
behind a NAT device
Example:
adjacency.
Example:
signaling-port 5000
Example:
host1/Admin(config-sbc-sbe--adj-sip)#
Step 9 signaling-peer [gk] peer_name
Example:
signaling-peer athene
use.
Example:
host1/Admin(config-sbc-sbe--adj-sip)#
Specifies the remote signaling-peer port for the adjacency
to use.
Step 11 attach
Example:
15-SBC-6
OL-13499-04
5. no attach
6. nat force-off
7. attach
DETAILED STEPS
Release 3.1.0 adds support for SIP PING messages defined in the IETF draft Midcom-unaware
NAT/Firewall Traversal.
Step 1 configure
Example:
Example:
service.
Step 3 sbe
Example:
Example:
SIP_7301_1
of the service.
Step 5 no attach
Example:
host1/Admin(config-sbc-sbe-adj-sip)# no attach
Detaches the adjacency from an account on an SBE.
Step 6 nat force-off
Example:
host1/Admin(config-sbc-sbe-adj-sip)# nat
force-on
Sets the SIP adjacency to assume that the endpoints are not
behind a NAT device.
Step 7 attach
Example:
15-SBC-7
OL-13499-04
If SIP PING message support is enabled with the sip ping-support command, then on receipt of a SIP
PING message, the SBC returns a 200 OK response that contains two headers used for detecting NAT
configurations for the sending side: the Via header and the Contact header.
Both headers provide the IP address and the port that received the PING message. Below is an example
of a PING message and its corresponding 200 OK response.
PING sip:7075160418@lgdacom.net SIP/2.0
From: <sip:7075160418@lgdacom.net>;tag=db2000-647ba8c0-13c4-386d43b7-42d6ea8a-386d43b7
To: <sip:7075160418@lgdacom.net>
Call-ID: db2000-647ba8c0-13c4-386d43b7-6769ff65-386d43b7@lgdacom.net
CSeq: 1 PING
Via: SIP/2.0/UDP 192.168.123.100:5060;branch=z9hG4bK-386d43b7-6ad08603-2972814
Max-Forwards: 70
Supported: replaces, 100rel
Proxy-Require: com.nortelnetworks.firewall
Contact: <sip:7075160418@192.168.123.100>
Content-Length: 0
SIP/2.0 200 OK
Via: SIP/2.0/UDP
192.168.123.100:5060;branch=z9hG4bK-386d43b7-6ad08603-2972814;received=10.0.200.111;rport=
5060
From: <sip:7075160418@lgdacom.net>;tag=db2000-647ba8c0-13c4-386d43b7-42d6ea8a-386d43b7
To: <sip:7075160418@lgdacom.net>;tag=sbc-zfgjyuts-4935681
Call-ID: db2000-647ba8c0-13c4-386d43b7-6769ff65-386d43b7@lgdacom.net
CSeq: 1 PING
Contact: <sip:pong@10.0.200.111:5060;transport=UDP>
Content-Length: 0
Configuring Ping Message Support
When you change NAT status, the change becomes effective immediately. Configure Ping Message
Support as shown below.
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
4. sip ping-support
DETAILED STEPS
Step 1 configure
Example:
15-SBC-8
OL-13499-04
Configuration Examples
The following example implements firewall traversal and NAT:
Router/Admin(config-sbc-sbe)# adjacency sip SIP_7301_1
Router/Admin(config-sbc-sbe-adj-sip)# nat force-on
Router/Admin(config-sbc-sbe-adj-sip)# signaling-address ipv4 88.88.121.102
Router/Admin(config-sbc-sbe-adj-sip)# signaling-port 5060
Router/Admin(config-sbc-sbe-adj-sip)# remote-address ipv4 10.10.111.0/24
Router/Admin(config-sbc-sbe-adj-sip)# signaling-peer 10.10.111.41
Router/Admin(config-sbc-sbe-adj-sip)# signaling-peer-port 5060
Router/Admin(config-sbc-sbe-adj-sip)# attach
The following example changes NAT status.
Router/Admin(config-sbc-sbe)# adjacency sip SIP_7301_1
Router/Admin(config-sbc-sbe-adj-sip)# no attach
Router/Admin(config-sbc-sbe-adj-sip)# nat force-off
Router/Admin(config-sbc-sbe-adj-sip)# attach
The following example shows how to configure SIP ping support:
host1/Admin# config
host1/Admin(config-sbc-sbe)# sip ping-support
Example:
service.
Step 3 sbe
Example:
Step 4 sip ping-support
Example:
Configures SIP ping support.
C H A P T E R
16-1
OL-13499-04
16
SIP Profiles on the Session Border Controller
You can configure the Session Border Controller (SBC) with method and header profiles on Session Initiation
Protocol (SIP) messages. These profiles are used to control which SIP requests are accepted (whitelists) and
which requests are rejected (blacklists) based on the method of the request. This helps to avoid misusing the
SBE or SIP adjacency by SIP users and improves the efficiency of SIP calls.
A header-profile can conditionally match any part of a header, but can only replace the entire header. SIP
parameter profiles extend this capability to allow changes to be made to individual SIP Request Uniform
Resource Identifier (URI) parameters associated with a header.
Feature History for Method-Profiles
Contents
Information About SIP Profiles, page 16-2
Method-Profiles, page 16-3
ACE SBC Release 3.1.00 Added support for response code mapping.
Added support for SIP header manipulation.
Added support for provisional response filtering.
Added support for parameter profiles.
Added support for P-KT-UE-IP headers.
Added support for SIP header public/private IP address information
insertion.
ACE SBC Release 3.0.00 SIP Header Profile feature was introduced on the
Cisco 7600 series routers along with support for the SBC unified
model.
SIP Method-Profile feature was introduced on the
Cisco 7600 series routers along with support for the SBC unified
model.
16-2
OL-13499-04
Information About SIP Profiles
Response Code Mapping, page 16-8
Header Profiles, page 16-12
P-KT-UE-IP Header Support, page 16-19
Parameter Profiles, page 16-24
SIP Header Public/Private IP Address Information Insertion, page 16-29
Information About SIP Profiles
The SBC can manipulate the following SIP profiles:
Method-profiles
Header-Profiles
Parameter-profiles
Method-profiles allow the association of header-profiles and parameter-profiles to method elements
contained in the method-profile.
You can use actions with method-profiles to allow the whitelist to contain blacklisted headers and the
blacklist to contain whitelisted headers as well as to reject non-vital methods. This allows any profile to
contain mixed actions per-profile.
Header-profiles allow complex header manipulation to occur, over and above the existing whitelist and
blacklist functionality using actions based on conditional expressions.
Header-profiles additionally allow the association of parameter-profiles in header elements contained in
the profile.
You can use variables to store header content; you can then optionally reconstruct the headers using
previously stored variables. You can also match headers based on regular expression matching. You can
use conditional matching to match against adjacency settings, transport addresses, and a number of
boolean match criteria. You can also use header-profiles to reference and make limited modifications to
the Request-Line.
Parameter-profiles allow the removal, replacement, or addition of specific URI parameters within certain
vital headers.
You can also associate parameter-profiles with methods in method-profiles for the purpose of
request-line processing per method only.
Figure 16-1 show the hierarchical association of adjacency, method-profiles, header-profiles, and
parameter-profiles.
16-3
OL-13499-04
Method-Profiles
Figure 16-1
Method-Profiles
SIP methods can be blacklisted and whitelisted dynamically at run-time during receipt of a message
(ingress) and at transmission of a message (egress).
The existing method-profile allows two types of method-profiles for non-vital requests. These can be
blacklist (drop) or whitelist (pass). The whitelist action is considered to be the default type for a method
if blacklist is not present in the command line.
The method-profile will contain a list of methods which are either passed on (whitelist) or dropped
(blacklist). A single profile can then be associated with each of the inbound or outbound call sides.
Method-profiles can be associated with pre-defined header-profiles. In addition, pre-defined parameter
profiles can be associated with the Request-line per method.
Method-profiles are not allowed to blacklist or whitelist vital methods; however, header-profiles and
parameter-profiles can be associated with vital methods.
Status code mapping can be associated with any method type declared in a method-profile such that any
response identified with this method can be changed. For example, a 503 response to an INVITE could
potentially be changed to a 500 response if appropriate mapping is declared against the INVITE method.
This section contains the following topics:
Restrictions for Configuring Method-Profiles, page 16-4
Information About Method-Profiles, page 16-4
Configuring Method-Profiles, page 16-5
Applying Method-Profiles, page 16-7
2
5
1
3
2
5
SIP adj
Method-profiles
Method
header-profile
Request-Line
(V2.4)
header
Parameter-profile
Parameter
Store Rules
(V2.4)
16-4
OL-13499-04
Method-Profiles
Restrictions for Configuring Method-Profiles
Review the following restrictions for method-profiles:
Any given profile must be exclusively a whitelist or a blacklist.
Two profiles are applied to process any given SIP message: one inbound and, if permitted through
that, one outbound.
Profiles check only SIP methods in the Request Uniform Resource Identifier (URI).
SIP requests are rejected as a result of a method-profiles rules. SIP responses are always forwarded.
Any method unknown to the SBC which is forwarded as a result of a profiles rules does not affect
creating or deleting a SIP dialog.
Methods that are essential to the operation of an SBC cannot be blacklisted and are implicitly added
to any whitelist.
Profiles cannot be deleted while they are in active use by at least one adjacency.
In case of non-Information Management System (IMS) preset, there is a default method-profile (sip
method-profile default). If configured, it gets attached to the adjacencies for which no explicit
user-defined method-profiles are configured. The sip method-profile default is an empty white-list
by itself.
Information About Method-Profiles
After you configure a profile, you can assign it for a default application. Any SIP adjacency can apply
it to signaling for that adjacency.
You can add or remove methods from profiles at any time. Each method can optionally be assigned one
of three actions with the action command:
Either pass or reject the action.
Use the as-profile action to select the default profile blacklist or whitelist.
Profiles cannot be deleted while a least one adjacency is using them. You can see which adjacencies are
using a profile by entering the following show command:
show services sbc sbc-name sbe sip method-profile name
Table 16-1 lists the methods that are part of the essential method set.
Profiles are an optional part of the configuration; they do not have to be specified for the SBC to operate
correctly. The default behavior is that requests with one of the essential methods are processed, and all
other requests are rejected.
To modify parameters in the request-line, associate a parameter-profile with a method-profile.
Table 16-1 Essential Methods
INVITE PRACK
ACK NOTIFY
CANCEL REFER
BYE SUBSCRIBE
REGISTER
16-5
OL-13499-04
Method-Profiles
ACE SBC Release 3.1.00 introduces the following functionality:
Predefined header-profiles can be associated with outgoing method-profiles.
Predefined parameter profiles can be associated with the request-line per method.
Note Header-profiles and parameter-profiles can be associated with essential methods even though
method-profiles are not allowed to blacklist/whitelist essential methods.
Response code mapping can be associated with any method type declared in a method-profile so that
any response identified with the method can be changed. For example, a 503 response to an INVITE
could potentially be changed to a 500 response if appropriate mapping is declared against the
INVITE method.
Configuring Method-Profiles
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
4. sip method-profile profile-name
5. blacklist
6. action {add-first-header | add-header | as-profile | drop-msg | pass | replace-name |
replace-value | strip}
7. pass-body
8. method name
9. description text
10. exit
11. show services sbc sbc-name sbe sip method-profile name
12. show services sbc sbc-name sbe sip method-profiles
13. show services sbc sbc-name sbe sip essential-methods
DETAILED STEPS
Step 1 configure
Example:
Example:
Enters the submode for configuring the method-profile.
service.
16-6
OL-13499-04
Method-Profiles
Step 3 sbe
Example:
Step 4 sip method-profile profile-name
Example:
host1/Admin(config-sbc-sbe)# sip method-profile
profile1
Configures a method-profile.
If you enter the profile-name default, the default profile is
configured. This profile is used for all adjacencies that do
not have a specific profile configured.
Step 5 blacklist
Example:
host1/Admin(config-sbc-sbe-sip-mth)# blacklist
Configures a profile to be a blacklist. The no form of this
command configures the profile to be a whitelist.
Note By default, profiles are whitelists.
Step 6 action {add-first-header | add-header |
as-profile | drop-msg | pass | replace-name |
Example:
host1/Admin(config-sbc-sbe-sip-prm-ele)# action
pass
Specifies the action to be performed on the parameter.
Step 7 pass-body
Example:
host1/Admin(config-sbc-sbe-sip-mth-prf)#
pass-body
Permits message bodies to be passed through for non-vital
methods accepted by this profile.
The no form of this command strips the message body out
of any non-vital SIP messages matched by this profile.
Step 8 method name
Example:
host1/Admin(config-sbc-sbe-sip-mth-prf)# method
test
Adds a method with the specified name to the profile.
This field can be 1 to 32 characters (inclusive) in length and is
case-insensitive.
The no form of this command deletes the method with that
name from the profile.
Step 9 description text
Example:
host1/Admin(config-sbc-sbe-sip-mth-prf)#
description my SBC profile
Adds a description for the specified profile.
The no form of this command removes the description.
This description is displayed when the show command is
used for this profile and is displayed for each profile when
displaying a summary of all profiles.
Step 10 exit
Example:
host1/Admin(config-sbc-sbe-sip-mth-prf)# exit
Exits the method-profile mode to the sbe mode.
Step 11 show services sbc sbc-name sbe sip
method-profile name
Example:
host1/Admin(config-sbc-sbe)# show services sbc
mysbc sbe sip-method-profile profile1
Displays details for the method-profile with the designated
name.
Use name default to view the default profile.
16-7
OL-13499-04
Method-Profiles
Applying Method-Profiles
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
5. method-profile inbound profile-name
6. exit
DETAILED STEPS
method-profiles
Example:
mysbc sbe sip method-profiles
Displays a list of all configured method-profiles.
essential-methods
Example:
mysbc sbe sip essential-methods
Displays a list of the essential methods listed in Table 16-1
on page 16-4.
Step 1 configure
Example:
Example:
service.
Step 3 sbe
Example:
16-8
OL-13499-04
Response code mapping provides an ability to manipulate the SIP response codes when the messages
traverse through the SBC. The mapping table is applied to inbound messages received at a SIP adjacency
or to responses sent out of a SIP adjacency. The mapping is user-configureable on a per SIP method basis
so that each SIP method can be mapped differently. Configuration of the mapping is on a per adjacency
basis. Table 16-2 lists the mapping limitations on SP response code
Table 16-2 Response Code Mapping
Response code mapping allows you to:
Map a particular response code to a specific response code. For example, you can map 401 to 400,
but not to 300. You can map 102 to 101, but not 100.
Map a group of response codes (defined using a wildcard) to a specific response code. For example,
you can map 40X to 400, or map all of 4XX to 400.
Example:
host1/Admin(config-sbc-sbe)# adjacency sip test
service.
Step 5 method-profile inbound profile-name
Example:
method-profile inbound profile1
Sets profile1 to be used for inbound signaling on adjacency
test.
Step 6 exit
Example:
host1/Admin(config-sbc-sbe-sip-adj-sip)# exit
Exits the header profile mode to the sbe mode.
method-profile name
Example:
host1/Admin(config-sbc-sbe)# shows services sbc
mysbc sbe sip method-profile one
Displays the header profile information.
Response Codes Mapping
100 No mapping allowed
1xx Maps to 1yy (not 100)
2xx Maps to 2yy
3xx Maps to 3yy
4xx Maps to 4yy, 5yy, or 6yy
16-9
OL-13499-04
Specify exceptions to the wildcard. For example, mapping 2XX to 201, and mapping 200 to 200.
You can use the range value command to add one of more mappings.
Where configuration causes the response code to be mapped to one that is not defined in RFC 3261, the
SBC applies the reason phrase "Unrecognised status code."
Restrictions for Response Code Mapping, page 16-9
Applying Response Code Mapping, page 16-11
Restrictions for Response Code Mapping
The following restrictions apply to Response Code Mapping:
Response code mapping only covers mapping of SIP response codes. H.323 calls cannot have their
response codes mapped.
Certain messages are processed only by the SIP Transaction Manager; mapping of these messages
is not possible. For example, badly formatted messages that cannot be interpreted are responded to
directly by the SIP Transaction Manager.
There is no provision for the mapping of SIP reason phrases. The reason phrase will always match
the reason code as defined in RFC 3261. A generic reason phrase is applied when the requested
reason code has no corresponding definition in RFC 3261. This phrase is a compile time constant.
Changing the response code could result in an invalid message (for example, mapping the response
code could produce a message with mandatory headers missing). There is no provision to ensure that
messages contain headers required by the new response code.
A maximum of 128 mappings is permitted in each direction per adjacency (128 inbound and 128
outbound mappings).
Configuring Response Code Mapping
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
4. sip method-profile profile-name
5. method name
6. map-status-code
7. range statuscoderange value statuscodevalue
8. exit
10. show services sbc sbc-name sbe sip method-profiles
11. show services sbc sbc-name sbe sip essential-methods
16-10
OL-13499-04
DETAILED STEPS
Step 1 configure
Example:
Example:
Enters the submode for configuring the method-profile.
service.
Step 3 sbe
Example:
Step 4 sip method-profile profile-name
Example:
host1/Admin(config-sbc-sbe)# sip method-profile
profile1
Configures a method-profile.
configured. This profile is used for all adjacencies that do
Step 5 method name
Example:
host1/Admin(config-sbc-sbe-sip-mth-prf)# method
test
Adds a method with the specified name to the profile.
This field can be 1 to 32 characters (inclusive) in length and is
case-insensitive.
The no form of this command deletes the method with that
name from the profile.
Step 6 map-status-code
Example:
Router/Admi(config-sbc-sbe-sip-mth-ele)#
map-status-code
Enters the map
Step 7 range statuscoderange value statuscodevalue
Example:
Router/Admi(config-sbc-sbe-sip-mth-ele-map)#
range 503 value 500
Maps a range of response codes to a response code.
Step 8 exit
Example:
Exits the method-profile mode to the sbe mode.
method-profile name
Example:
mysbc sbe sip-method-profile profile1
Displays details for the method-profile with the designated
name.
16-11
OL-13499-04
Applying Response Code Mapping
Apply response code mapping by associating it with an adjacency.
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
5. method-profile inbound profile-name
6. exit
DETAILED STEPS
method-profiles
Example:
mysbc sbe sip method-profiles
Displays a list of all configured method-profiles.
essential-methods
Example:
mysbc sbe sip essential-methods
Displays a list of the essential methods listed in Table 16-1
on page 16-4.
Step 1 configure
Example:
Example:
service.
Step 3 sbe
Example:
16-12
OL-13499-04
Header Profiles
Header Profiles
Header-profiles processing occurs in a two-stage process. In the first stage, the following steps occur:
1. Select next header from the message.
2. Look through the header profile for rules affecting the selected header.
3. In configured order, try to apply each rule to the header.
4. If the action is to add a header, then ignore this rule and move on to the next.
5. If the match condition is FALSE then move onto the next rule, dont evaluate any parameter profile.
6. Apply the action or parameter profile described in the element. If this is to remove the header, then
move on to the next header in the message.
The second stage adds new headers to the message. Because it occurs after the first stage, there is a
well-defined group of headers in the message. The steps are:
1. Take each rule that adds a header to the message.
2. If the action is to add the first instance of the header only and there is already a header with that
name in the message, then move onto the next addition rule.
Note If another action has replaced the name of header then it is the replaced name that is used to
test whether a new header should be added. That is, any header-name replacements
performed in stage 1 are used in this stage of header-name comparisons, and not the original
header-names from the arriving message.
3. Add the header if the match condition evaluates to TRUE.
Example:
service.
Step 5 method-profile inbound profile-name
Example:
method-profile inbound profile1
test.
Step 6 exit
Example:
host1/Admin(config-sbc-sbe-sip-adj-sip)# exit
method-profile name
Example:
host1/Admin(config-sbc-sbe)# shows services sbc
mysbc sbe sip method-profile one
16-13
OL-13499-04
Header Profiles
4. Apply any rules defined for that header in user-configured order with this name. Only apply rules
that are ordered after the add header rule, if the header was added.
Restrictions for Configuring Header Profiles, page 16-13
Information About Header Profiles, page 16-13
Header Manipulation, page 16-14
Header Profile Configuration Information, page 16-15
Configuring Header Profiles, page 16-15
Applying Header Profiles, page 16-17
P-KT-UE-IP Header Support, page 16-19
Restrictions for Configuring Header Profiles
Review the following restrictions for header profiles:
Any given profile must be exclusively a whitelist or a blacklist.
Two profiles are applied to process any given SIP message: one inbound and, if permitted through
that, one outbound.
SIP headers that are essential to the operation of an SBC cannot be blacklisted and are implicitly
added to any whitelist.
Profiles can not be removed while they are in active use by an adjacency.
For provisional filtering, provisional responses may not be blocked where the sender has required
reliable provisional responses (SIP 100rel). This is to ensure that the SBC does not interfere with
the call setup (as per RFC3262) by dropping the provisional response.
Header-profile conditional matching can be performed against any part of the message. The matches
can be exact matches or even sub-strings of any given field.
The conditions may be associated with a specific header referenced by the header-profile header
definition, but can also reference other non-vital parts of the message in order to evaluate the
conditional expression; thus the condition could be associated with header P-Asserted-Identity
while checking against the contents of the Call-Info header.
Information About Header Profiles
After you configure a profile, you can assign it for a default application. Any SIP adjacency can apply
it to signaling for that adjacency.
You can add or remove headers from profiles at any time. Headers configured on a profile must contain
characters that are valid for a SIP header.
Profiles cannot be deleted while any adjacency is using them. You can see which adjacencies are using
a profile by entering the following show command:
show services sbc sbc-name sbe sip header-profile name
Table 16-3 lists the fixed set of essential SIP headers, which are not permitted to be configured on any
profile.
16-14
OL-13499-04
Header Profiles
Profiles are an optional part of the configuration. If no profile is applicable to a given SIP signal, then
the essential headers are processed and all other headers are not forwarded.
Header Manipulation
You can modify non-essential headers in SIP messages using header and parameter profiles. The
following information summarizes the supported actions:
Pass the header unchanged (whitelist functionality).
Conditionally pass the header unchanged.
Remove the header (blacklist functionality).
Conditionally remove the header.
Replace the name of the header. The replacement name cannot be that of a vital header.
Conditionally replace the header content (appearing after the ":").
Add a new instance of a header to a message regardless of whether or not the header already exists.
Add the first instance of the header to the message, if a header with this name does not already exist.
A combination of the above actions can be specified as a set or group of actions to be performed
within a profile.
The header-profiles can be used in method-profiles to allow header actions only associated with
specific requests types.
Parameter-profiles can be associated with headers in header-profiles.
Header content can be stored in variables and later expanded during replace-value actions.
Regular expression matching can be performed on headers
You can match against any part of a header but only replace the entire header. A parameter-profile
extends this capability to change individual SIP URI parameters associated with a header. Header
profiles can only modify non-vital header information. To display the vital header information, use the
show services sbc test sbe sip essential-method, show services sbc test sbe sip essential-headers, or
show services sbc test sbe sip essential-parameters commands.
Parameter-profiles can be specified to match the following parts of the message.
Request URI
To
From
Contact
Table 16-3 Essential Headers
To Content-Type Expires Route Referred-By
From Content-Length Min-Expires Record-Route Referred-To
Via Contact Authorization Proxy-Authorization
Call-ID Supported WWW-Authenticate Proxy-Require
CSeq Require Proxy-Authenticate Replaces
Max-Forwards Allow Event Subscription-State
16-15
OL-13499-04
Header Profiles
To modify parameters in the Request-line, associate a parameter-profile with a method-profile. To
modify parameters in Contact, To, or From headers, associate a parameter-profile in the header-profile.
Header Profile Configuration Information
Consideration needs to be given as to the effect of an action or set of actions in conjunction with the
default profile behavior (whitelist/blacklist).
An empty blacklist will effectively try to pass on any non-vital header.
An empty whitelist will effectively drop all non-vital headers.
The behavior becomes more complex when conditions are associated with headers.
It is important to consider what actions are defined on the in-bound side. If an empty whitelist
header-profile is associated with the in-bound side, then no non-vital headers will be visible at all to the
outbound side, and therefore, actions applied to the out-bound sides profile may appear not to work. You
may need to consider adding actions to pass a specific header on the in-bound side by adding the header
to a whitelist (with action as-profile or pass) or adding the header with action pass in a blacklist.
For example, if a header-profile is defined as a whitelist (default behavior), and a header action to modify
the header-value is inserted with a condition, then the action will be processed if the condition is TRUE
and the header modified, but will be ignored if the condition is FALSE.
Because the header is inserted into the whitelist it might well be assumed that it would be passed on
unmodified if the condition is FALSE, however, if the condition is FALSE, the action (entry) is ignored,
and therefore it is as if the header is not present in the whitelist so the header will not be passed on.
To overcome this, a second entry with action pass can be entered; thus if the headers condition is
TRUE, the content with be modified, but if the condition is false, it will be ignored and continue to
process any other entries. The second entry has an action pass and will cause the header to be passed
on.
Configuring Header Profiles
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
4. sip header-profile profile-name
5. blacklist
6. description text
7. header name
8. header name
9. entry number
11. parameter-profile name
12. exit
16-16
OL-13499-04
Header Profiles
13. show services sbc sbc-name sbe sip header-profile profile name
14. show services sbc sbc-name sbe sip header-profiles
15. show services sbc sbc name sbe sip essential-headers
DETAILED STEPS
Step 1 configure
Example:
Example:
Enters the submode for configuring the header profile.
service.
Step 3 sbe
Example:
Step 4 sip header-profile profile-name
Example:
host1/Admin(config-sbc-sbe)# sip header-profile
profile1
Configures a header profile.
configured. This profile is used for all adjacencies which do
Step 5 blacklist
Example:
host1/Admin(config-sbc-sbe-sip-hdr)# blacklist
Configures a profile to be a blacklist.
The no form of this command configures the profile to be a
whitelist.
Example:
host1/Admin(config-sbc-sbe-sip-hdr)#
description blacklist profile
Adds a description for the specified profile.
used for this profile and is displayed for each profile when
displaying a summary of all profiles.
Step 7 header name
Example:
host1/Admin(config-sbc-sbe-sip-hdr)# header
test1
Configures the profile to contain the header test1.
Step 8 header name
Example:
host1/Admin(config-sbc-sbe-sip-hdr-ele)# header
test1
Adds a header to this profile.
16-17
OL-13499-04
Header Profiles
Applying Header Profiles
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
Step 9 entry number
Example:
host1/Admin(config-sbc-sbe-sip-prm-ele)# entry
Specifies which action entry to work on.
Example:
pass
Specifies the type of action.
Step 11 parameter-profile name
Example:
host1/Admin(config-sbc-sbe-sip-hdr-ele)#
parameter-profile test1
Adds a parameter-profile associated to a header.
Step 12 exit
Example:
host1/Admin(config-sbc-sbe-sip-hdr-prf)# exit
header-profile name
Example:
mysbc sbe sip header-profile profile1
Displays details for the header profile with the designated
name.
header-profiles
Example:
mysbc sbe sip header-profiles
Displays a list of all configured header profiles.
essential-headers
Example:
mysbc sbe sip essential-headers
Displays a list of the essential headers listed in Table 16-3.
16-18
OL-13499-04
Header Profiles
5. header-profile inbound profile-name
6. exit
7. show services sbc service-name sbe sip header-profile name
DETAILED STEPS
Step 1 configure
Example:
Example:
service.
Step 3 sbe
Example:
Example:
sipGW
service.
Step 5 header-profile inbound profile-name
Example:
header-profile inbound profile1
Sets the inbound header profile.
Step 6 exit
Example:
header-profile name
Example:
host1/Admin# show services sbc sbc-name sbe sip
header-profile name
16-19
OL-13499-04
Header Profiles
P-KT-UE-IP Header Support
Release 3.1.0 provides support for P-KT-UE-IP headers.These headers are a type of P-headers used for
a variety of purposes within the networks, including charging and information about the networks a call
traverses.
When the SBC receives the SIP message with the P-KT-UE-IP header, the SBC replaces the P-KT-UE-IP
header value with the home gateway public IP address (which is the source address from IP layer
header).
To do this, the SBC will conditionally add the P-KT-UE-IP header that contains the IPv4 address of the
UE that originated the request.
P-KT-UE-IP Header Information
The following information applies:
This feature is configured through the inbound header profile that receives the requests to which the
header is to be added.
When configured, the header is added to INVITE requests and to out-of-dialog requests.
The header value contains an IPv4 address formatted as a dotted decimal text string, such as
"123.123.123.123". If the request was received over a VPN, the VPN ID is appended after the IP
address, such as "123.123.123.123 VPN-ID 0x01020304".
The IPv4 address is the source IP address from the SIP message that was received by the SBC. This
may not be the same as the IP address in the Via header. For example, the SIP message may have
been through a gateway between the UE device and SBC.
Configuring P-KT-UE-IP Header Support
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
5. header name
6. entry number
7. exit
8. entry number
12. header name
16-20
OL-13499-04
Header Profiles
DETAILED STEPS
Step 1 configure
Example:
Example:
service.
Step 3 sbe
Example:
Example:
profile1
Step 5 header name
Example:
test1
Step 6 entry number
Example:
Step 7 exit
Example:
Step 8 entry number
Example:
Example:
sipGW
service.
16-21
OL-13499-04
Provisional response filtering makes it possible to block 183 responses sent by endpoints. When
configuring provisional response filtering, keep the following in mind:
Provisional responses may not be blocked where the sender has required reliable provisional
responses (SIP 100rel).
Dropping responses where 100_rel is required is not recommended. It may prevent call setup since
RFC3262 states subsequent responses should not be sent.
Note A call attempted with the ''Required: 100Rel'' header in the INVITE will fail when the
adjacency is configured with a header profile to drop 183 messages.
Example:
Sets the inbound header profile.
Example:
profile1
Step 12 header name
Example:
test1
Example:
pass
Specifies the type of action.
Example:
sipGW
service.
Step 15 header-profile outbound profile-name
Example:
header-profile outbound profile1
Sets the outbound header profile.
16-22
OL-13499-04
Configuring Provisional Response Filtering, page 16-22
Applying Provisional Response Filtering, page 16-23
Provisional Response Filtering Information
Provisional response filtering is achieved by the use of the action drop-msg command. The action must
be associated with the wildcard header action *. A condition should be added to match on the specific
response code that must be dropped.
Note The header action * can only be used one time in a profile.
Configuring Provisional Response Filtering
1. configure
2. sbc service-name
3. sbe
5. header *
6. action drop-msg
7. condition status-code
8. exit
DETAILED STEPS
Step 1 configure
Example:
Example:
Enters the submode for configuring the header profile.
service.
Step 3 sbe
Example:
16-23
OL-13499-04
Applying Provisional Response Filtering
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
6. exit
Example:
profile1
Step 5 header *
Example:
host1/Admin(config-sbc-sbe-sip-hdr)# header *
Configures a profile to be a blacklist.
The no form of this command configures the profile to be a
whitelist.
Note In order to filter provisional responses always use
the asterisk (*) as the header name with the header
command as shown in the command example.
Step 6 action drop-msg
Example:
host1/Admin(config-sbc-sbe-sip-hdr-ele)# action
drop-msg
Configures the action to take on an element type in a header.
Step 7 condition status-code
Example:
host1/Admin(config-sbc-sbe-sip-hdr-ele-act)#
condition status-code eq 183
Specifies a condition to match before taking an action to a
SIP message profile.
Step 8 exit
Example:
host1/Admin(config-sbc-sbe-sip-hdr-ele-act)#
exit
16-24
OL-13499-04
Parameter Profiles
Parameter Profiles
Parameter profiles allow you to specify specific URI parameter names and allow the removal,
replacement, or the addition of specific non-vital URI parameters within certain headers.
The header-profile allows potential conditional matching against SIP URI parameters forming part of a
limited set of headers. It only allows complete replacement of the header and or content.
The parameter-profile will allow actions to be performed only on the SIP URI parameters and not header
parameters
Restrictions for Configuring Parameter Profiles, page 16-24
Information About Parameter Profiles, page 16-25
Configuring Parameter Profiles, page 16-25
Applying a Parameter Profile to a Header Profile, page 16-27
Restrictions for Configuring Parameter Profiles
Review the following restrictions for parameter profiles:
For release 3.1.00, it is only permitted to act on parameters associated with SIP URIs and not header
parameters.
To prevent call processing failures, actions cannot be performed against vital (essential) parameters.
Parameter profiles work only on the outbound side.
Some existing adjacency settings may impact the way parameter actions are affected.For example,
consider the adjacency setting vpssAdjRewriteToHdr set by as follows:
sbc test
sbe
adjacency sip <adj name>
passthrough [to/from]
This setting can cause the To: and or From: headers to be passed from inbound to outbound side.
The default setting on an adjacency, however, is FALSE (no passthrough [to/From] appears in the
show run against the adjacency) which means that the To: and From: headers are effectively always
re-written on the outbound side by default. The impact of this is that parameter-profiles actions
applied to the inbound sides To: and/or From: headers will be lost on the outbound side unless
passthrough [to/from] is set in the configuration. Thus the action add-not-present can look like it
always adds a parameter on the outbound side, even when the parameter is present on the in-bound
side.
If a parameter-profile adds a parameter to the request-line, and the To: header does not have setting
passthrough to set against the adjacency, then the re-writing of the To: header which is typically
based on the Request-Line, will cause the parameter to also appear in the To: header.
The content of the Request-line may affect the behavior of parameter-profiles attached to
method-profiles. If the request-line that arrives on the in-bound side of the call directly addresses
the address of the SBC, then effectively any call that originates on the out-bound side requires a new
Request-Line to be generated. This means that parameters arriving on the in-bound side are
effectively lost and can cause the action add-not-present to look like it always adds a parameter.
16-25
OL-13499-04
Parameter Profiles
If however, the Request-Line address the final destination, then the Request-Line is effectively
passed across to the outbound side and modified as needed. Parameters in this case are visible on
the out-bound side.
Information About Parameter Profiles
Parameter-profiles form a set of actions that can be performed against any one header or request-line.
Parameter-profiles can only be specified against the following parts of the message:
Request URI
To
From
Contact
To modify parameters in Contact, To, or From headers, associate a parameter-profile in the
header-profile.
To modify parameters in the request-line, associate a parameter-profile with a method-profile.
Note Parameter-profiles can be associated with essential methods even though method-profiles are not
allowed to blacklist/whitelist essential methods.
Configuring Parameter Profiles
Perform this task to configure parameter profiles.
SUMMARY STEPS
1. config
2. sbc service-name
3. sbe
4. sip parameter-profile {profile-name}
5. parameter {parameter name}
6. action {add-not-present| add-or-replace | strip}
7. exit
8. show services sbc sbc-name sbe sip-parameter-profile {profile name}
9. show services sbc sbc-name sbe sip parameter-profiles
10. show services sbc sbc name sbe sip essential-parameters
16-26
OL-13499-04
Parameter Profiles
DETAILED STEPS
Step 1 configure
Example:
Example:
service.
Step 3 sbe
Example:
Step 4 sip parameter-profile {profile-name}
Example:
parameter-profile parmprof1
Configures a parameter profile and enters SBE SIP header
configuration mode.
Step 5 parameter {parameter name}
Example:
host1/Admin(config-sbc-sbe-sip-prm)# parameter
user
Adds a parameter with a specified name to the parameter
profile.
Step 6 action {add-not-present| add-or-replace |
strip}
Example:
add-not-present value phone
Specifies the action to be performed on the parameter.
Step 7 exit
Example:
Step 8 show services sbc sbc-name sbe
sip-parameter-profile {profile name}
Example:
host1/Admin# show services sbc mysbc sbe sip
parameter-profile profile1
Displays details for the parameter profile with the
designated name.
Use the name default to view the default profile.
16-27
OL-13499-04
Parameter Profiles
Applying a Parameter Profile to a Header Profile
Perform this task to apply parameter profiles to a header profile.
SUMMARY STEPS
1. config
2. sbc service-name
3. sbe
4. sip header-profile header-profile-name
5. header header-name
6. parameter-profile parameter-profile-name
7. exit
8. exit
9. show services sbc sbc-name sbe sip header-profile {profile-name}
DETAILED STEPS
parameter-profiles
Example:
parameter-profiles
Displays a list of all configured parameter profiles.
Step 10 show services sbc sbc name sbe sip
essential-headers
Example:
essential-headers
Displays a list of the essential headers listed in Table 16-3.
Step 1 config
Example:
host1/Admin# config
Example:
Enters the configuration mode of an SBC service.
the service.
16-28
OL-13499-04
Parameter Profiles
Associating with an Adjacency
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
6. exit
Step 3 sbe
Example:
Enters the configuration mode of the signaling border
element (SBE) function of the SBC.
Step 4 sip header-profile header-profile-name
Example:
host1/Admin(config-sbc-sbe-sip)# header-profile
profile1
Enters the configuration mode for a header profile.
Step 5 header header-name
Example:
P-Asserted-Identity
Enters the header subcommand mode, where you specify
the header type to match.
Step 6 parameter-profile parameter-profile-name
Example:
parameter-profile parmprof1
Configures the parameter profile to apply when the header
type is matched.
Step 7 exit
Returns to the configuration mode for a header profile.
Step 8 exit
Returns to the configuration mode for an SBC service.
16-29
OL-13499-04
SIP Header Public/Private IP Address Information Insertion
DETAILED STEPS
Softswitches require public IP address information in SIP messages to properly charge the related
parties. You can use this feature to insert the public IP address for user equipment (UE) that is behind
the Network Address Translation (NAT) devices into the SIP contact header as a firewall parameter.
Step 1 configure
Example:
Example:
service.
Step 3 sbe
Example:
Example:
sipGW
service.
Example:
sipGW.
Step 6 exit
Example:
header-profile name
Example:
host1/Admin# show services sbc sbc-name sbe sip
header-profile name
16-30
OL-13499-04
Perform this task to configure SIP Header Public/Private IP Address Information Insertion.
SUMMARY STEPS
1. config
2. sbc service-name
3. sbe
4. sip parameter-profile profile-name
6. action {add-not-present [value] {private-ip-address | public-ip-address | access-user-data}|
add-or-replace [value] {private-ip-address | public-ip-address | access-user-data}| strip}
7. sip parameter-profile profile-name
8. exit
10. action {add-not-present [value] {private-ip-address | public-ip-address | access-user-data}|
12. exit
14. entry entry_num {action [add-header | as-profile | drop-msg | pass | replace-name |
replace-value | strip] | parameter-profile name}
18. entry entry_num {action [add-header | as-profile | drop-msg | pass | replace-name |
DETAILED STEPS
Step 1 config
Example:
host1/Admin# config
Example:
Enters the configuration mode of an SBC service.
the service.
16-31
OL-13499-04
Step 3 sbe
Example:
Enters the configuration mode of the signaling border
element (SBE) function of the SBC.
Example:
parameter-profile proxy-param
configuration mode.
Example:
firewall
profile.
Step 6 action {add-not-present [value]
{private-ip-address | public-ip-address |
access-user-data}| add-or-replace [value]
access-user-data}| strip}
Example:
host1/Admin(config-sbc-sbe-sip-prm-ele)#
action-strip
Configures the action to take on a parameter.
Example:
parameter-profile access-param
configuration mode.
Step 8 exit
Example:
Exits the .
Example:
firewall
profile.
Step 10 action {add-not-present [value]
access-user-data}| add-or-replace [value]
access-user-data}| strip}
Example:
add-or-replace value private-ip-address
Configures the action to take on a parameter.
16-32
OL-13499-04
Step 11 sip header-profile profile-name action
as-profile
Example:
proxy
Step 12 exit
Example:
Exits the .
Step 13 header name
Example:
contact
Step 14 entry entry_num {action [add-header |
replace-value | strip] | parameter-profile
name}
Example:
host1/Admin(config-sbc-sbe-sip-hdr-ele)# entry
1 action as-profile
Configures an entry in a profile.
Example:
type is matched.
Example:
access
Step 17 header name
Example:
contact
16-33
OL-13499-04
Configuration Examples for SIP Profiles
This section contains the following:
Method-Profile Examples, page 16-33
Applying Method-Profiles Example, page 16-34
Associating Predefined Header Profiles Example, page 16-35
Associating Predefined Parameter Profiles Example, page 16-35
Associating Response Code Mapping Example, page 16-36
Configuring Header Profiles Example, page 16-37
Applying Header Profiles Example, page 16-37
Header Manipulation Examples, page 16-38
Response Filtering Example, page 16-44
Parameter Profile Examples, page 16-44
SIP Header Public/Private IP Address Information Insertion, page 16-48
Method-Profile Examples
The following example shows the commands and output generated when you configure method-profiles.
host1/Admin# conf t
Router/Admi(config)# sbc umsbc-node3
Router/Admi(config-sbc)# sbe
Router/Admi(config-sbc-sbe)# sip method-profile test1
Router/Admi(config-sbc-sbe-sip-mth)# method abcd
Router/Admi(config-sbc-sbe-sip-mth)# blacklist
Router/Admi:Nov 13 17:43:11.124 : config[65761]: %MGBL-CONFIG-6-DB_COMMIT : Configuration
committed by user 'yunsun'. Use 'show configuration commit changes 1000000296' to view the
changes.
Router/Admi(config-sbc-sbe-sip-mth)# end
Step 18 entry entry_num {action [add-header |
replace-value | strip] | parameter-profile
name}
Example:
host1/Admin(config-sbc-sbe-sip-hdr-ele)# entry
1 action as-profile
Configures an entry in a profile.
Example:
parameter-profile access-param
type is matched.
16-34
OL-13499-04
Router/Admi:Nov 13 17:43:14.866 : config[65761]: %MGBL-SYS-5-CONFIG_I : Configured from
console by yunsun
This example shows the output for all method-profiles.
Router/Admin# show services sbc test sbe sip method-profiles
Method profiles for SBC service "test"
Name In use
====================================
test No
mprof1 No
default Yes
preset-acc-in-mth No
preset-std-in-mth No
preset-acc-out-mth No
preset-core-in-mth No
preset-std-out-mth No
preset-core-out-mth No
preset-ipsec-in-mth No
preset-ipsec-out-mth No
preset-ibcf-ext-in-mth No
preset-ibcf-int-in-mth No
preset-ibcf-utr-in-mth No
preset-ibcf-int-in-mth No
preset-ibcf-utr-in-mth No
preset-ibcf-ext-out-mth No
preset-ibcf-int-out-mth No
preset-ibcf-utr-out-mth No
This example shows the output for the method-profiles test.
Router/Admin# show services sbc test sbe sip method-profile test
Method profile "test"
Description:
Type: Whitelist
Methods:
INVITE
action as-profile
map-status-code
range 50X value 500
range 60X value 600
Not in use with any adjacencies
Router/Admin#
Applying Method-Profiles Example
The following example shows the commands and output generated when you are applying a
method-profile to an SBC.
Router/Admi# conf t
Router/Admi(config)# sbc umsbc-node3
Router/Admi(config-sbc-sbe)# adjacency sip sipp-10
Router/Admi(config-sbc-sbe-adj-sip)# method-profile inbound test1
Router/Admi:Nov 13 17:44:28.609 : config[65761]: %MGBL-CONFIG-6-DB_COMMIT : Configuration
committed by user 'yunsun'. Use 'show configuration commit changes 1000000297' to view the
changes.
Router/Admi(config-sbc-sbe-adj-sip)# end
Router/Admi:Nov 13 17:44:31.637 : config[65761]: %MGBL-SYS-5-CONFIG_I : Configured from
console by yunsun
Router/Admi#sh services sbc umsbc-node3 sbe sip method-profiles
16-35
OL-13499-04
Method profiles for SBC service "umsbc-node3"
Name In use
====================================
test1 Yes
testb No
Router/Admi# show services sbc umsbc-node3 sbe sip method-profile test1
Method profile "test1"
Type: Blacklist
Methods:
abcd
In use by:
Adjacency: sipp-10 (in)
Associating Predefined Header Profiles Example
This example shows how to ensure that the parameter myparm=myvalue is added to the request-line of
an INVITE:
First, configure a parameter-profile for myparm:
Router/Admi# configure
Router/Admi(config)# sbc test
Router/Admi(config-sbc-sbe)# sip parameter-profile parmprof1
Router/Admi(config-sbc-sbe-sip-prm)# parameter myparm
Router/Admi(config-sbc-sbe-sip-prm-ele)# action add-not-present value myvalue
Then configure and associate with a method-profile:
Router/Admi(config-sbc-sbe)# sip method-profile mthdprof1
Router/Admi(config-sbc-sbe-sip-mth)# method INVITE
Router/Admi(config-sbc-sbe-sip-prm-ele)# parameter-profile parmprof1
Finally, associate with an adjacency
Router/Admi(config-sbc-sbe)# adjacency sip adj1
Router/Admi(config-sbc-sbe-adj-sip)# method-profile outbound mthdprof1
At the inbound side:
INVITE sip:1234567@cisco.com;user=phone SIP/2.0
At the outbound side:
INVITE sip:1234567@cisco.com;user=phone;myparm=myvalue SIP/2.0
Associating Predefined Parameter Profiles Example
The following example shows how to ensure P-Asserted-Identity is always passed in an INVITE if it
contains user=phone.
First, configure a header profile which references a P-Asserted-Identity header:
16-36
OL-13499-04
Router/Admi(config-sbc-sbe)# sip header-profile hdrprof1
Router/Admi(config-sbc-sbe-sip-hdr)# header P-Asserted-Identity
Router/Admi(config-sbc-sbe-sip-hdr-ele)# action pass
Router/Admi(config-sbc-sbe-sip-hdr-ele-act)# condition header-value contains user=phone
Then create and associate the header profile with a method-profile:
Router/Admi(config-sbc-sbe-sip-prm-ele)# parameter-profile hdrprof1
Finally, associate with an adjacency:
Router/Admi(config-sbc-sbe-adj-sip)# method-profile outbound mthdprof1
P-Asserted-Identity: "rob" <sip:1234567@cisco.com;user=phone>
Associating Response Code Mapping Example
The following example shows how to create a status-code map so that all 5XX responses to an INVITE
are mapped to 500.
Router/Admi(config-sbc-sbe-sip-mth-ele)# map-status-code
Router/Admi(config-sbc-sbe-sip-mth-ele-map)# range 5XX value 500
Router/Admi(config-sbc-sbe-adj-sip)# method-profile outbound mthdprof
SIP/2.0 501 Not Implemented
SIP/2.0 500 Internal Server Error
16-37
OL-13499-04
Configuring Header Profiles Example
The following example shows the commands and output generated when you configure the header
profiles.
host1/Admin(config)# sbc umsbc-node3 sbe
host1/Admin(config-sbc-sbe)# sip header-profile test1
host1/Admin(config-sbc-sbe-sip-hdr)# blacklist
host1/Admin(config-sbc-sbe-sip-hdr)# header abcd
host1/Admin# show serv sbc sbc4 sbe sip header-profile EXAMPLE
Header profile EXAMPLE
Type: Whitelist
Headers:
Cisco-Guid
Entry 1:
action add-first-header
User-Agent:
Entry 1:
action as-profile
Remote-Party-ID
Entry 1:
action strip
condition header-value contains user=phone
Entry 2:
parameter-profile adduser
P-Asserted-Identity
Entry 1:
action strip
condition header-value contains user=phone
Organisation
Entry 1:
action replace-value value Cisco-Systems
condition header-value contains MCI

In use by:
Adjacency: callgen100sip (in, out)
Applying Header Profiles Example
The following example shows the commands and output generated when you are applying a header
profile to an SBC.
host1/Admin# conf t
host1/Admin(config)# sbc umsbc-node3 sbe
host1/Admin(config-sbc-sbe)# adjacency sip sipp-10
host1/Admin(config-sbc-sbe-adj-sip)# header-profile inbound test1
host1/Admin(config-sbc-sbe-adj-sip)# header-profile outbound test1
host1/Admin# show services sbc umsbc-node3 sbe sip header-profile test1
Header profile "test1"
Type: Blacklist
Headers:
abcd
In use by:
Adjacency: sipp-10 (in, out)

show running-config
sbc umsbc-node3
sbe
activate
16-38
OL-13499-04
sip header-profile test1
blacklist
header abcd
!
adjacency sip sipp-10
header-profile inbound test1
header-profile outbound test1
signaling-port 5060
account sip-customer
Header Manipulation Examples
The following example shows how to remove the header in any message if the header name test contains
user=phone.
First, access the header:
host1/Admin(config-sbc) sbe
host1/Admin(config-sbc-sbe)# sip header-profile headprof1
host1/Admin(config-sbc-sbe-hdr)# header P-Asserted-Identity
host1/Admin(config-sbc-sbe-hdr-ele)# action strip
host1/Admin(config-sbc-sbe-hdr-ele-act)# condition header-value contains user=phone
Next, associate the header with an adjacency:
host1/Admin(config-sbc-sbe)# adjacency sip adj1
host1/Admin(config-sbc-sbe-sip)# header-profile outbound headprof1
No P-Asserted-Identity header present
Add this condition in addition to a previous existing condition:
host1/Admin(config-sbc-sbe-hdr-ele)# entry 2
host1/Admin(config-sbc-sbe-hdr-ele-act)# condition header-value contains user=phone
Finally, associate the header profile with an adjacency:
16-39
OL-13499-04
INVITE sip:1234567@cisco,com;user=phone SIP/2.0
...
...
<No P-Asserted-Identity header present>
The next example shows how to remove a header based on a condition in another header in the message.
First, strip the P-Asserted-Identity header, but only if Call-Info: contains "telephone-event."
host1/Admin(config-sbc-sbe-hdr-ele-act)# condition header-name Call-Info header-value
contains telephone-event
Then associate the headerprofile with an adjacency:
...
...
Call-Info: <sip:8985@10.131.132.6>;method="NOTIFY;Event=telephone-event;Duration=1000"
The result at the outbound side:
...
<No P-Asserted-Identity header present>
The next example removes an Organisation header from all Responses:
host1/Admin(config-sbc-sbe-hdr)# header cisco.com
host1/Admin(config-sbc-sbe-hdr-ele-act)# condition status-code eq *
Associate the header-profile with an adjacency:
16-40
OL-13499-04
SIP/2.0 200 OK
...
Allow: INVITE,ACK,PRACK,SUBSCRIBE,BYE,CANCEL,NOTIFY,INFO,REFER,UPDATE
SIP/2.0 200 OK
...
<No allow header present>
This example transforms one header into another header (Diversion into Hist-Info).
host1/Admin(config-sbc-sbe-hdr)# header Diversion
host1/Admin(config-sbc-sbe-hdr-ele)# action replace-name value Hist-Info
...
Diversion: <sip:1234567@cisco.com>;reason=unconditional;counter=1;privacy=off
At hte outbound side:
...
Hist-Info: <sip:1234567@cisco.com>;reason=unconditional;counter=1;privacy=off
This example ensures all outgoing messages contain a specific header (Organization: Cisco.com).
host1/Admin(config-sbc-sbe-hdr)# header Organization
host1/Admin(config-sbc-sbe-hdr-ele)# action add-first-header value cisco.com
16-41
OL-13499-04
...
<no Organization header present>
...
Organization: cisco.com
This example blacklists a header (all instances are removed for any method/response).
Note This can only be performed against a header-profile type of blacklist
host1/Admin(config-sbc-sbe-hdr-ele)# blacklist
host1/Admin(config-sbc-sbe-sip-hdr)# header Organization
Or:
host1/Admin(config-sbc-sbe-hdr)# sip header-profile headprof1
host1/Admin(config-sbc-sbe-hdr-ele)# blacklist
host1/Admin(config-sbc-sbe-sip-hdr)# header Organization
host1/Admin(config-sbc-sbe-sip-hdr)# action as-profile
...
...
<no Organization: header present>
This example whilelists a header (pass in all methods/responses).r
Note This can only be specified against a whitelist type of profile
16-42
OL-13499-04
Or:
host1/Admin(config-sbc-sbe-hdr-ele)# action as-profile
A the inbound side:
...
...
This example passes a header (Date) conditionally in a 200 response.
host1/Admin(config-sbc-sbe-hdr)# header Date
host1/Admin(config-sbc-sbe-hdr-ele)# action pass
host1/Admin(config-sbc-sbe-hdr-ele-act)# condition status-code eq 200
Associate with an adjacency:
Ensure no other responses contain a Date: header
SIP/2.0 200 OK
...
Date: Mon, 01 Jan 2008 GMT
At the outbound side:-
SIP/2.0 200 OK
...
Date: Mon, 01 Jan 2008 GMT
Also try all responses containing a Date: header and ensure the 200 OK only contains one
:
16-43
OL-13499-04
This example strips all 'Organization' headers in an INVITE. To do this, a header-profile is created and
then associated it with a method-profile.
Note Header-profiles can be associated with vital (essential) methods.
host1/Admin(config-sbc-sbe)# sip header-profile headerprof1
host1/Admin(config-sbc-sbe-hdr)# blacklist
host1/Admin(config-sbc-sbe-hdr-ele)# header Organization
host1/Admin(config-sbc-sbe) sip method-profile methodprof1
host1/Admin(config-sbc-sbe-sip-mth) blacklist
host1/Admin(config-sbc-sbe-sip-mth) method INVITE
host1/Admin(config-sbc-sbe-sip-mth-ele) header-profile headerprof1
host1/Admin(config-sbc-sbe-sip)# method-profile outbound methodprof1
...
...
<no Organization: header present>
This example applies a parameter profile to add user=phone into the request-line of an INVITE.
host1/Admin(config-sbc-sbe)# sip parameter-profile test
host1/Admin(config-sbc-sbe-sip-prm)# parameter user
host1/Admin(config-sbc-sbe-sip-prm-ele)# action add-not-present value phone
Associate with a method-profile:
host1/Admin(config-sbc-sbe) sip method-profile test
host1/Admin(config-sbc-sbe-sip-mth) method INVITE
host1/Admin(config-sbc-sbe-sip-mth-ele) parameter-profile test
16-44
OL-13499-04
host1/Admin(config-sbc-sbe-sip)# method-profile inbound headprof1
INVITE sip:1234567@cisco.com SIP/2.0
At the utbound side:
Response Filtering Example
The following example drops SIP 183 provisional responses from a header profile based on matching
the header * associated with inbound and outbound adjacencies.
First, create a header profile headprof1 to match on header * and drop the message:
host1/Admin(config-sbc-sbe-hdr)# header *
host1/Admin(config-sbc-sbe-hdr-ele)# action drop-msg
host1/Admin(config-sbc-sbehdr-ele-act)# condiiton status-code eq 183
Asssociate the profile headprof1 to the inbound side of an adjacency:
host1/Admin(config-sbc-sbe)# adjacency sip adjacencyA
host1/Admin(config-sbc-sbe-adj-sip)# header-profile inbound headerprof1
Associate the profile headprof1 to the inbound and outbound sides of another adjacency:
host1/Admin(config-sbc-sbe)# adjacency sip adjacencyB
host1/Admin(config-sbc-sbe-adj-sip)# header-profile inbound headerprof1
host1/Admin(config-sbc-sbe)# adjacency sip adjacencyB
host1/Admin(config-sbc-sbe-adj-sip)# header-profile outbound headerprof1
Parameter Profile Examples
This example shows how to add a user=phone parameter into the To: header if one has not already been
specified in a header.
16-45
OL-13499-04
host1/Admin(config-sbc-sbe)# sip parameter-profile parmprof1
Now add to a header profile:
host1/Admin(config-sbc-sbe-sip-hdr)# header To
host1/Admin(config-sbc-sbe-sip-hdr-ele)# parameter-profile parmprof1
Now associate with an adjacency:
...
To: "rob" <sip:1234567@cisco.com>;tag=1234;
...
To: "rob" <sip:1234567@cisco.com;user=phone>;tag=1234
This example removes the 'user' parameter ('user=phone','user=fax' ) from the To: header.
host1/Admin(config-sbc-sbe-sip-prm-ele)# action strip
Add to a header profile:
...
To: "rob" <sip:1234567@cisco.com;user=phone;tag=1234;
16-46
OL-13499-04
...
To: "rob" <sip:1234567@cisco.com>;tag=1234
This example shows how to replace 'user=phone' parameter with user=fax or to add user=fax if a user
parameter is not present in the header.
host1/Admin(config-sbc-sbe-sip-prm-ele)# action add-or-replace value fax
Add to a header profile:
...
To: "rob" <sip:1234567@cisco.com;user=phone;tag=1234;
...
To: "rob" <sip:1234567@cisco.com;user=fax>;tag=1234
Or:
At the inbound side:-
...
To: "rob" <sip:1234567@cisco.com;tag=1234;
At the outbound side:-
...
To: "rob" <sip:1234567@cisco.com;user=fax>;tag=1234
The next example adds 'user=phone' parameter if one in not already present in the header.
16-47
OL-13499-04
Add parameter-profile to a header profile:
Finally, associate with an adjacency
...
To: "rob" <sip:1234567@cisco.com;user=fax;tag=1234;
No parameter added as a user parameter already exists
...
To: "rob" <sip:1234567@cisco.com>;tag=1234
Or:-
...
To: "rob" <sip:1234567@cisco.com;tag=1234;
...
To: "rob" <sip:1234567@cisco.com;user=phone>;tag=1234
P-KT-UE-IP Header Support
The following example shows how to remove any existing P-KT-UE-IP headers from all received
messages and then replace them with a single P-KT-UE-IP header for INVITE and OOD requests. In the
this example, the call is placed from adj1 to adj2.
The following shows how to configure a header profile with two entries. The first entry strips the
"P-KT-UE-IP" header and the second entry adds the "P-KT-UE-IP" with a value set to the 18-character
string ${msg.rmt_ip_addr}.
host1/Admin(config-sbc-sbe)# sip header-profile kt
host1/Admin(config-sbc-sbe-sip-hdr)# header P-KT-UE-IP
host1/Admin(config-sbc-sbe-sip-hdr-ele)# entry 1 action strip
host1/Admin(config-sbc-sbe-sip-hdr-ele-act)# exit
host1/Admin(config-sbc-sbe-sip-hdr-ele)# entry 2 action add-header value
${msg.rmt_ip_addr}
16-48
OL-13499-04
The following applies the above header profile to the incoming adjacency as an inbound header profile.
host1/Admin(config-sbc-sbe-adj-sip)# header-profile inbound kt
The following configures a header profile to allow pass-through of the "P-KT-UE-IP" header.
host1/Admin(config-sbc-sbe)# sip header-profile kt-pass
host1/Admin(config-sbc-sbe-sip-hdr)# header P-KT-UE-IP
host1/Admin(config-sbc-sbe-sip-hdr-ele)# action pass
The following applies the above header profile to the outgoing adjacency as an outbound header profile.
host1/Admin(config-sbc-sbe-adj-sip)# header-profile outbound kt-pass
The following example shows a SIP header public/private IP address information insertion.
The SIP parameter profile is added in order to remove the parameter.
host1/Admin(config-sbc-sbe)# sip parameter-profile proxy-param
host1/Admin(config-sbc-sbe-sip-prm)# parameter firewall
host1/Admin(config-sbc-sbe-sip-prm-ele)# action strip

host1/Admin(config-sbc-sbe)# sip parameter-profile access-param
host1/Admin(config-sbc-sbe-sip-prm)# parameter firewall
host1/Admin(config-sbc-sbe-sip-prm-ele)# action add-or-replace value private-ip-address

The SIP header profile is added; the parameter profile is associated with the header profile.
host1/Admin(config-sbc-sbe)# sip header-profile proxy
host1/Admin(config-sbc-sbe-sip-hdr)# header contact
host1/Admin(config-sbc-sbe-sip-hdr-ele)# entry 1 action as-profile
host1/Admin(config-sbc-sbe-sip-hdr-ele)# parameter-profile proxy-param

host1/Admin(config-sbc-sbe)# sip header-profile access
host1/Admin(config-sbc-sbe-sip-hdr)# header contact
host1/Admin(config-sbc-sbe-sip-hdr-ele)# entry 1 action as-profile
host1/Admin(config-sbc-sbe-sip-hdr-ele)# parameter-profile access-param

host1/Admin(config-sbc-sbe-sip-tmr)# tls-idle-timeout 3600000
host1/Admin(config-sbc-sbe-sip-tmr)# tcp-connect-timeout 30000
Below the SIP header is added to the SIP adjacency.
host1/Admin(config-sbc-sbe)# adjacency sip sip-41
host1/Admin(config-sbc-sbe-adj-sip)# header-profile inbound access
host1/Admin(config-sbc-sbe-adj-sip)# header-profile outbound proxy
16-49
OL-13499-04
host1/Admin(config-sbc-sbe-adj-sip)# registration rewrite-register
host1/Admin(config-sbc-sbe-adj-sip)# media-bypass

host1/Admin(config-sbc-sbe)# adjacency sip sip-proxy
host1/Admin(config-sbc-sbe-adj-sip)# header-profile inbound proxy
host1/Admin(config-sbc-sbe-adj-sip)# header-profile outbound access
host1/Admin(config-sbc-sbe-adj-sip)# registration target address 10.0.5.2

host1/Admin(config-sbc-sbe-rtgpolicy)# first-call-routing-table start-table
host1/Admin(config-sbc-sbe-rtgpolicy)# first-reg-routing-table reg-table
host1/Admin(config-sbc-sbe-rtgpolicy)# rtg-src-adjacency-table reg-table
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# dst-adjacency sip-proxy
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-adjacency sip-41
host1/Admin(config-sbc-sbe-rtgpolicy)# rtg-src-adjacency-table start-table
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# dst-adjacency sip-proxy
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-adjacency sip-41

16-50
OL-13499-04
C H A P T E R
17-1
OL-13499-04
17
Restricting Codecs
A compressor-decompressor (codec) is a device or program that performs a transformation on a data stream
or signal. The Session Border Controller (SBC) is hard-coded with a set of recognized codecs (see
Table 17-1 to Table 17-4), including all commonly used voice and video codecs. The default behavior is
to allow all recognized codecs on all calls. Any other codec present in call signaling is removed by the
SBC.
This enhancement allows you to restrict which codec(s) a particular call can use and to configure a minimum
permissible packetization period for each permitted codec.
Feature History for Restricting Codecs
Contents
Prerequisites for Restricting Codecs, page 17-2
Restrictions for Codecs, page 17-2
How to Configure Codec Restriction, page 17-5
Examples of Configuring Codecs, page 17-9
ACE SBC Release 3.1.00 Added support for codec ordering.
17-2
OL-13499-04
Prerequisites for Restricting Codecs
Prerequisites for Restricting Codecs
The following prerequisites are required before you can restrict codecs:
at
186a00806838f4.html.
Before implementing restricting codecs, the SBC must already be created. See the procedures
Transcoding must be configured before you can restrict codecs. See the procedures described in the
Implementing SBC Transcoding section.
All signaling border element (SBE) and data border element (DBE) configurations required to make
simple calls must already be configured. Transcoding configurations follow these configurations.
Restrictions for Codecs
Review the following restrictions for codecs:
The media packet forwarder on the DBE polices the bandwidth consumed by each media stream, but
it cannot police the type of codecs or the packetization periods.
Unrecognized codecs cannot be configured as members of the codec whitelist.
Active calls are not released if there is a change in the codec whitelist during the call.
If a codec whitelist is configured, SBC removes any unlisted codecs from the call setup flow and
media gate allocation.
Multiple codec whitelists can be configured on a Call Admission Control (CAC) policy basis. For
example, the list of codecs allowed for calls from SipAdj1 can be different than the list of codecs
allowed for calls from SipAdj2.
If a codec whitelist has not been configured, all recognized codecs (see Table 17-1 to Table 17-4)
are allowed for all calls.
You must use the textual value of the codec description that appears on the Session Description
Protocol (SDP) to configure the codec whitelist, for example PCMU or telephone-event.
Disallowing all codecs is not supported. However, you could set a bandwidth limit of 0 to achieve
the same result.
Codec lists are not applied to media-bypass calls (those in which the SBC does not reserve media
resources).
The format of the codec name is the same as the string used to represent it in SDP, for example
PCMU or VDVI. All recognized codec names are listed in Table 17-1 Table 17-4.
17-3
OL-13499-04
A single codec can only be added to each list once, with a single packetization period.
For each codec on a list, CAC restricts the signaled packetization period for any stream using that
codec to be greater than or equal to the packetization period configured along with the codec in the
list. If a stream uses more than one codec in the list, then the greater of all the packetization periods
configured for each codec in the list is applied to the stream.
The Codec Ordering feature implicitly orders codecs according to the order in which they are added
to the codec list using the codec command. Explicit codec ordering is not available with this feature.
Note The SBC will not order the codecs in SIP messages that are not generated by the SBC.
Note The bandwidths listed in Table 17-1 to Table 17-4 below are the bandwidths without the transport layer
overheads. Therefore, the actual bandwidths reserved by the SBC are higher than the listed values.
Table 17-1 Sample-Based Audio Codecs with Packetization Time 10 ms
Payload Type Codec Name Clock Rate (Hz) Sample Size (bits) Channels
0 PCMU 8000 8 1
5 DVI4 8000 4 1
6 DVI4 16000 4 1
8 PCMA 8000 8 1
10 L16 44100 16 2
11 L16 44100 16 1
15 G728 8000 2 1
16 DVI4 11025 4 1
17 DVI4 22050 4 1
G726-40 8000 5 1
2 G726-32 8000 4 1
G726-24 8000 3 1
G726-16 8000 2 1
L8 8000 8 1
DAT12 8000 12 2
L20 44100 10 2
L24 44100 24 2
Table 17-2 Non-Sample-Based Audio Codecs
Payload Type Codec Name Packetization Time (ms) Allocated Bandwidth (bps)
3 GSM 10 13200
7 LPC 10 5600
9 G722 10 64000
17-4
OL-13499-04
13 CN 10 400
18 G729 10 8000
18 G.729A 10 8000
18 G729A 10 8000
4 G723 30 6400
12 QCELP 13300
14 MPA N/A 131072
G729D 10 6400
G729E 10 11800
GSM-EFR 10 12400
VDVI 10 25000
AMR 10 12500
AMR-WB 10 24420
dsr-es201108 10 4800
EVRC 10 8550
EVRC0 10 8550
mpa-robust 10 327680
G7221 10 32000
MP4A-LATM 10 131072
SMV 10 8550
SMV0 10 8550
G729AB 10 8000
Table 17-3 Video Codecs
25 CelB 524228
26 JPEG 524228
28 nv 524228
31 H261 524228
32 MPV 524228
33 MP2T 524228
34 H263 524228
BMPEG 524228
BT656 170000000
DV 1500000000
Table 17-2 Non-Sample-Based Audio Codecs (continued)
17-5
OL-13499-04
How to Configure Codec Restriction
You first configure the codecs and then apply them as explained in the following sections:
Configuring Codecs, page 17-5
Configuring a CAC Policy to Use a Codec List, page 17-7
Configuring Codecs
To restrict which codec(s) a particular call can use and to configure a minimum permissible packetization
period for each permitted codec, you must configure CAC with a list of codecs, provide a description for
the list, and then add any codec(s) to the list.
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
H263-1998 524228
H263-2000 524228
MP1S 1600000
MP2P 524228
MP4V-ES 524228
raw N/A 1500000000
SMPTE292M N/A 1500000000
Table 17-4 Other Codecs
Codec Name Packetization Time (ms) Allocated Bandwidth (bps)
telephone-event 20 1600
tone 20 1600
RED 20 1
parityfec 20 1
t140 100 80
pointer 20 1600
H224 20 6560
T.38 N/A 15500
X-NSE 20 1600
Table 17-3 Video Codecs (continued)
17-6
OL-13499-04
4. codec-list list-name
5. codec
6. description text
7. codec codec-name [packetization-period packetization-period]
8. exit
9. show services sbc service-name sbe codec-list list-name
DETAILED STEPS
Step 1 configure
Example:
Example:
Enters the submode of an SBC service.
Step 3 sbe
Example:
Configures the submode of the SBE entity within a SBC
service.
Step 4 codec-list list-name
Example:
host1/Admin(config-sbc-sbe)#sbc mysbc sbe
codec-list my_codecs
Creates a codec list.
Step 5 codec codec-name
Example:
PCMU
Adds a codec to a codec list.
Example:
host1/Admin(config-sbc-sbe-codec-list)#
description Legitimate codes
Adds a description for the specified codec-list using a
readable text string format.
used for this codec-list. It is also included for each
codec-list when a summary of all codec-lists is displayed.
17-7
OL-13499-04
Configuring a CAC Policy to Use a Codec List
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
4. cac-policy-set policy-set
5. cac-table table-id
6. entry entry-id
7. codec-restrict-to-list list-name
8. exit
9. show services sbc service-name sbe cac-policy-set id table name entry entry
Step 7 codec codec-name [packetization-period
packetization-period]
Example:
PCMU packetization-period 20
Adds a codec to a codec list, and sets a minimum
packetization period (optional) for the codec.
The no form of this command (without the packetization
period) removes the named codec from the codec list.
Note If the no form of this command includes the
packetization period, only the packetization period
for the codec is removed.
Step 8 exit
Example:
host1/Admin(config-sbc-sbe-codec-list)# exit
Exits the codec-list mode to the SBE mode.
Step 9 show services sbc service-name sbe codec-list
list-name
Example:
host1/Admin# show services sbc mysbc sbe
codec-list my_codecs
Displays detailed information about the codec lists
configured on the SBE.
If the list name is omitted, for example, my_codecs, then
details are displayed for all codec lists on the SBE.
17-8
OL-13499-04
DETAILED STEPS
Step 1 configure
Example:
Example:
Enters the submode of an SBC service.
Step 3 sbe
Example:
Configures the submode of the SBE entity within a SBC
service.
Step 4 cac-policy-set policy-set
Example:
Enters the submode of CAC policy.
Step 5 cac-table table-id
Example:
cac-table MyCacTable
Identifies the CAC table.
Example:
cactable)# entry 1
Identifies the specific table entry.
Step 7 codec-restrict-to-list list-name
Example:
cactable)# codec-restrict-to-list my_codecs
Configures CAC to restrict the codecs used in signaling a call
to the set of codecs provided in the named list.
If a codec list is empty, all codecs recognized by the SBE
are allowed.
The no form of this command, or not setting this command,
allows any recognized codecs to be used without
restrictions.
Note This command replaces any codec list that was set
up by an earlier CAC entry. To clear all restrictions
from an earlier CAC entry, you must configure a
codec-restrict-to-list list-name, where list-name is
the name of a list containing no codecs.
17-9
OL-13499-04
Examples of Configuring Codecs
This section provides a sample configuration and output for configuring restrictions on codecs and
configuring a CAC policy to use a codec list.
Example of Configuring Codecs Restriction
The following example shows the commands required to configure codec restriction.
Figure 17-1 contains three adjacencies (A, B, and C). Any calls involving A need to be configured to use
only the G729 and PCMU codecs with a minimal preferred packetization period of 10 milliseconds.
However, calls between B and C can use any available codecs.
To create a codec list containing the specified codecs configured with a minimal preferred packetization
period, use the following commands:
host1/Admin(config-sbc-sbe)# codec-list allowable_codecs
host1/Admin(config-sbc-sbe-codec-list)# description The set of codecs allowed on adjacency
AdjA
host1/Admin(config-sbc-sbe-codec-list)# codec g729 packetization-period 20
host1/Admin(config-sbc-sbe-codec-list)# codec pcmu packetization-period 10
After configuring codec restriction, you must configure a CAC policy to use the codec list. See Example
of Configuring a CAC Policy to Use a Codec List section on page 17-10.
Step 8 exit
Example:
Exits the codec-list mode to the sbe mode.
Step 9 show services sbc service-name sbe
cac-policy-set id table name entry entry
Example:
mysbc sbe cac-policy-set 1 table
standard_policy_list entry 1
Displays detailed information for a specific entry in a CAC
policy table, including any restricted codecs.
17-10
OL-13499-04
Figure 17-1 Example Scenario for Configuring Codec Restriction
Example of Configuring a CAC Policy to Use a Codec List
The following example shows the commands required to configure a CAC policy to use a codec list. To
configure a codec list, see Example of Configuring Codecs Restriction section on page 17-9.
host1/Admin(config-sbc-sbe-cacpolicy)# first-cac-table table1
host1/Admin(config-sbc-sbe-cacpolicy-cactable)# match AdjA
host1/Admin(config-sbc-sbe-cacpolicy-cactable)# codec-restrict-to-list allowable_codecs
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# actionaction cac-complete
Note The codec list command line interface (CLI) commands can only be entered at the per-call level in the
CAC policy tables. If you configure a codec list at any other level the CAC policy set will not activate.
However, a log is displayed after you complete the configuration and the policy set is marked as
complete.
SBC SBC SBC
SBC
AdjA
A B C
AdjC
AdjB
2
1
0
6
1
1
17-11
OL-13499-04
Example of Codec Ordering
In the example below, codecs are added to the codec list. The show run command is then used to show
the list order.
Router/Admin# config t
Router/Admin(config)# sbc sbc
Router/Admin(config-sbc)# sbe
Router/Admin(config-sbc-sbe)# codec-list zilu
Router/Admin(config-sbc-sbe-codec-list)# codec PCMU
Router/Admin(config-sbc-sbe-codec-list)# codec AMR
Router/Admin(config-sbc-sbe-codec-list)# codec PCMA
Router/Admin(config-sbc-sbe-codec-list)# codec G729D
Router/Admin(config-sbc-sbe-codec-list)# codec EVRC
Router/Admin(config-sbc-sbe-codec-list)# codec X-NSE
Router/Admin(config-sbc-sbe-codec-list)# codec T38
Router/Admin(config-sbc-sbe-codec-list)# end
Router/Admin# show run
codec-list zilu
codec PCMU
codec AMR
codec PCMA
codec G729D
codec EVRC
codec X-NSE
codec t38
17-12
OL-13499-04
C H A P T E R
18-1
OL-13499-04
18
SIP Tel URI Support
The Session Border Controller (SBC) supports Tel Uniform Resource Identifier (tel URI) in Session
Initiation Protocol (SIP) messages, permitting SIP users to set up calls from a SIP IP-phone or SIP User
Agent Application to an endpoint in the Public Switched Telephone Network (PSTN). The addition of
tel URI to the SIP URI method of connection greatly increases the functionality of the SBC. SIP can use
the tel URI anywhere a URI is allowed, for example, as a Request-URI, along with SIP and SIP URIs.
Feature History for SIP Tel URI Support
Contents
Restrictions for SIP Tel URI Support, page 18-1
Information About SIP Tel URI Support, page 18-2
Restrictions for SIP Tel URI Support
The following is a list of restrictions for SIP tel URI support:
SBC usually rewrites the domain-name part of the SIP Request-URI header to the configured
signaling peer address and port for the outbound adjacency. For example,
sip:1234567@remote.com
becomes
sip:1234567@1.2.3.4:5060
However, in the case of tel URIs, the SBC does not rewrite the domain name (since this is only an
optional parameter, which is rarely present), but it rewrites the Carrier Identification Code (CIC)
parameter and/or the destination directory number to ensure correct onwards routing.
18-2
OL-13499-04
Information About SIP Tel URI Support
SBC rejects tel URIs exceeding 160 bytes in length.
SBC ignores any parameters on the tel URI, except for the CIC parameter. All other parameters are
treated as an opaque string and forwarded unchanged. As a result, the phone-context parameter of
the local-scope tel URIs is not inspected, and the URI is routed purely based on the initial number.
Local and Global Tel URIs
A tel URI can either be global or local. Global tel URIs are globally unique. Local tel URIs are only valid
within a specific local context. For this reason, all local tel URIs must contain the phone-context
parameter to specify the context in which they are valid.
The following are examples of a global and local tel URIs, respectively.
tel:+358-555-1234567
Note The separator characters, such as - are valid in tel URIs.
tel:1234567;phone-context=+358-555
This URI locates the endpoint with the directory number 1234567 in the context 358-555.
Note Although the combination of local tel URI and phone-context parameter forms a globally unique
identifier, attaching a local tel URIs phone-context parameter to the tel URI does not necessarily
produce a global tel URI. See section 5.1.5 of RFC 3966 for more information.
Tel URI Versus SIP URI
A SIP URI consists of a username and host domain name. A SIP URI uniquely identifies a SIP subscriber
but does not necessarily resolve to one particular endpoint on a network. For example,
sip:john@cisco.com
It is also possible to use a directory number as a SIP username and an IP address and port in place of the
host domain name. In this case, a SIP URI can uniquely identify an endpoint on a network. For example,
sip:1234567@192.167.1.1:5060
Local tel URIs may or may not contain a domain name in the phone-context parameter. For example,
tel: 1234567;phone-context=cisco.com
18-3
OL-13499-04
The Carrier Identification Code Parameter
A Carrier Identification Code (CIC) is a three- or four-digit number used to identify the carrier network
in which the destination endpoint of a call is located. It is used by network devices to determine how a
call request should be routed between carrier networks. The CIC is often used to specify which carrier
network is the current freephone service provider for a freephone number. The current carrier for a given
freephone number can be determined by looking up a freephone database.
Tel URIs can include carrier identification codes. For example,
tel: +1-800-234-5678;cic=2345
indicates that the carrier that has been assigned the CIC 2345 is currently the service provider for the
freephone number, 1-800-234-5678.
When a network device receives a call request with a tel URI containing a CIC parameter, it will try to
route the request according to the value of the CIC parameter. If it cannot route the request, it must
decide whether to reject it or continue, ignoring the CIC parameter. If the CIC parameter matches the
CIC of the carrier network, in which the network device is located, it should route the request based on
its local routing policy and strip out the CIC parameter before forwarding the request.
Note The SBC must be explicitly configured to map a CIC value to 0000 in order to strip it out of outbound
requests.
18-4
OL-13499-04
C H A P T E R
19-1
OL-13499-04
19
SIP Timer
The SIP Timer feature allows the user to configure a number of Session Initiation Protocol (SIP) timers
that were hard-coded in the previous releases of Cisco IOS software. The ability to configure SIP timers
enables users to improve the interoperability and performance of their devices and network environment.
Feature History for SIP Timer Functions
Contents
Information About SIP Timer, page 19-1
How to Configure SIP Timer, page 19-3
Information About SIP Timer
The SIP timer feature allows the user to configure some of the SIP timers that were hardcoded to default
values in the previous releases of Cisco IOS software. In the previous releases, the SBC used the default
SIP timer values recommended by RFC 3261. See Table 19-1.
Table 19-1 Default Values of the Timers
Timer Value Meaning
T1 500 ms default round-trip time (RTT) estimate
T2 4 s The maximum retransmit interval for non-INVITE
requests and INVITE responses
T4 5 s Maximum duration a message will remain in the
network
19-2
OL-13499-04
Information About SIP Timer
The SBC allows the user to modify T1, T2 and Timer D, using the udp-first-retransmit-interval,
udp-max-retransmit-interval, and udp-response-linger-period commands. You can also use the
invite-timeout command to choose how long SBC should wait for the remote SIP endpoint to respond
to the SBC's outgoing INVITE or Timer B in an outgoing transaction.
vvvConfigures the time (in seconds) that SBC waits for a final response to an outbound SIP INVITE
request
In addition to the SIP protocol-level timers, SBC also allows modification of transport-related timer
commands: tcp-connect-timeout (how long TCP SYN will wait for the reply) and tcp-idle-timeout
(how long TCP connection should stay active while idle). Although these timers are transport-level
values, IACE SBC Release 3.0.00 supports these timers in SIP only, but not in H.323, nor H.248.
Note The incorrect configuration of the SIP timer values may lead to unexpected behavior in certain cases.
Timer A initially T1 INVITE request retransmit interval, for UDP only
Timer B 64* T1 INVITE transaction timeout timer
Timer C > 3 min Proxy INVITE transaction timeout
Timer D > 32 s for UDP
0 s for TCP/Stream Control
Transmission Protocol (SCTP)
Wait time for response retransmits
Timer E initially T1 non-INVITE request retransmit interval, UDP
only
Timer F 64* T1 non-INVITE transaction timeout timer
Timer G initially T1 INVITE response retransmit interval
Timer H 64* T1 Wait time for ACK receipt
Timer I T4 for UDP
0 s for TCP/SCTP
Wait time for ACK retransmits
Timer J 64* T1 for UDP
0 s for TCP/SCTP
Wait time for non-INVITE request retransmits
Timer K T4 for UDP
0 s for TCP/SCTP
Wait time for response retransmits
Table 19-1 Default Values of the Timers (continued)
Timer Value Meaning
19-3
OL-13499-04
How to Configure SIP Timer
This section contains the steps for configuring SIP timers.
Configuring SIP Timer
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
4. sip timer
5. tcp-connect-timeout interval
6. tcp-idle-timeout interval
7. invite-timeout interval
8. udp-first-retransmit-interval interval
9. udp-max-retransmit-interval interval
10. udp-response-linger-period interval
11. exit
12. show services sbc service-name sbe sip timers
DETAILED STEPS
Step 1 configure
Example:
Example:
of the service.
Step 3 sbe
Example:
Step 4 sip timer
Example:
Enters the mode of the SIP timer function of the SBC.
19-4
OL-13499-04
Step 5 tcp-connect-timeout interval
Example:
host1/Admin(config-sbc-sbe-sip-tmr)#
tcp-connect-timeout 3000
Configures the time (in milliseconds) that SBC waits for
a SIP TCP connection to a remote peer to complete
before failing that connection. The default timeout
interval is 1000 milliseconds.
Step 6 tcp-idle-timeout interval
Example:
Minimum time (in milliseconds) a TCP socket has not
processed any traffic, before it is closed. The default is
2 minutes.
Note The value for this command might not be
precise since the idle timers are checked every
12 seconds.
Step 7 invite-timeout interval
Example:
invite-timeout 60
Configures the time (in seconds) that SBC waits for a
final response to an outbound SIP INVITE request. The
default is 180 seconds. If no response is received during
that time, an internal 408 Request Timeout response
is generated and returned to the caller.
Step 8 udp-first-retransmit-interval interval
Example:
Configures the time (in milliseconds) that SBC waits for
a UDP response or ACK before sending the first retrans-
mission of the relevant signal.
If SBC keeps getting no responses, it doubles subse-
quent retransmission intervals each time until they reach
the udp-max-retransmit-interval duration. SBC
ceases retransmitting the request and time out the signal
if 64 times this duration passes without the receipt of a
response/ACK.
The default first UDP retransmission interval is
500 milliseconds.
Step 9 udp-max-retransmit-interval interval
Example:
Configures the maximum time interval (in milliseconds)
at which SBC will retransmit (see Step 9, udp-first-re-
transmit-interval above). The default maximum UDP
retransmission interval is 4 seconds.
Step 10 udp-response-linger-period interval
Example:
Configures the time (in milliseconds) for which SBC
will retain negative UDP responses to INVITE requests.
All subsequent retransmitted responses received within
this time will be answered with a negative ACK. There-
after, any further retransmitted responses are ignored.
The default UDP response linger period is 32 seconds.
19-5
OL-13499-04
Step 11 exit
Example:
Exits the sip timer mode and returns to the SBE mode.
Step 12 show services sbc service-name sbe sip timers
Example:
host1/Admin(config-sbc)# show services sbc mysbc
sbe sip timers
Shows the currently configured SIP-related timers.
19-6
OL-13499-04
C H A P T E R
20-1
OL-13499-04
20
H.323 Support
In addition to Session Initiation Protocol (SIP), the Session Border Controller (SBC) now supports
H.323, enabling multimedia products and applications from multiple vendors to interoperate, and
allowing users to communicate without concern for compatibility.
H.323 is the international standard for multimedia communication over packet-switched networks,
including local area networks (LANs), wide area networks (WANs), and the Internet. It was first defined
by the International Communications Union (ITU) in 1996. The most recent version is H.323 version 5
(2003).
Caution In progress H.323 calls will be disconnected during an SBC switchover from one service card to a
standby card.
Feature History for H.323 Support
Contents
Prerequisites for H.323 Support, page 20-2
Restrictions for H.323 Support, page 20-2
Information About H.323 Support, page 20-2
Configuring H.323 Features, page 20-17
Configuring Separate H.245 Control Channel and RAS Tech Prefix: Example
Configuring User Protocol Timer Controls: Example
ACE SBC Release 3.1.00 Added support for H.323 performance improvement.
20-2
OL-13499-04
Prerequisites for H.323 Support
Prerequisites for H.323 Support
This feature requires basic understanding of H.323-related ITU standards, gatekeepers, and gateways.
Gateways are responsible for edge routing decisions between the Public Switched Telephone Network
(PSTN) and the H.323 network. Gatekeepers are used to group gateways into logical zones and perform
call routing between them.
Restrictions for H.323 Support
The restrictions for H.323 support are listed per feature in this chapter and other H.323-related chapters
in the guide.
Information About H.323 Support
H.323 is a suite of protocols and documents that includes the ITU-T standards H.323, H.225.0, H.245,
the H.450-series, and the H.460-series. It supports T.120 for data collaboration and file transfer. Not all
components of H.323 are mandatory as part of a standard H.323 system. For example, H.460.2, which
describes number portability, is generally not used in enterprise video conferencing systems.
H.323 is used in Voice over Internet Protocol (VoIP), and IP-based video conferencing and serves a
similar purpose to that of the Session Initiation Protocol (SIP). It was designed from the outset to operate
over IP networks, primarily, though H.323 may also operate over other packet-switched networks. H.323
was designed with multipoint voice and video conferencing capabilities, though most users do not take
advantage of the multipoint capabilities specified in the protocol.
H.323 is more mature than SIP, but lacks the flexibility of SIP. SIP is currently less defined, but has
greater scalability which could ease the Internet application integration. Like SIP, H.323 is one of the
world market leaders for transporting voice and video over networks around the world, with billions of
minutes of voice traffic every month. The SBC supports both SIP and H.323, enabling multimedia
products and applications from multiple vendors to interoperate, and allowing users to communicate
without concern for compatibility.
The following supported H.323 features are documented separately in this guide or represent part of
standard Q.931/H.225 protocols:
H.323/SIP InterworkingInterworking of a defined subset of SIP/H.323 call and media signaling.
Domain name server (DNS) configuration of signaling peerThis feature enables you to use the
domain name instead of the IP address in an adjacency-signal-peer configuration.
HuntingEnables the SBC to hunt for other routes or destination adjacencies in case of a failure.
Hunting means the route is retried.
Basic conferencing passthrough (this feature is part of Q.931/H.225 passthrough)Passthrough of
conferenceID and conferenceGoal. Conference is controlled by the third party equipment, such as
call manager. The SBC enables the conference to pass through all the conference-related
information.
H.450 passthrough (this feature is part of Q.931/H.225 passthrough)Passthrough of H.450
elements between call legs.
The following supported H.323 features are documented in this chapter:
Separate H.245 Control Channel
20-3
OL-13499-04
H.245 Passthrough
Slow Start Media Relay
Codec Mappings
DTMF Interworking
Transcoding
RAS Tech Prefix
User Protocol Timer Control
T.38 Fax Relay
Q.931/H.225 Passthrough
H.323 Privacy
Separate H.245 Control Channel
The H.323 procedures require that the SBC sets up a separate H.245 control channel over TCP. This
feature complements tunneled H.245 support, enabling the user to control whether to use tunneling or
not.
The new feature enables the SBC to carry out an H.323-H.323 call, where two call legs can negotiate
different H.245 transport mechanisms. Each call leg decides independently whether to use a separate
H.245 control channel.
The SBC sets up separate H.245 control channels only when required in one of the following cases:
The SBC has received a startH245 Facility
The SBC needs to send out an H.245 message and tunneling is not available
The SBC never requests separate H.245 control channel while tunneling is available unless the "disable
tunneling" command line interface (CLI) command is set (see Configuring Separate H.245 Control
Channel section on page 20-17). The SBC does not connect to an H.245 address simply because the
peer offered an h245Address.
The SBC does not offer an H.245 address until it needs to, performing the following:
Where possible, the SBC connects to the peer instead.
Where impossible, the SBC offers its own H.245 address in a startH245 Facility and waits for 10
seconds for the peer to connect. This timeout is not configurable.
Since H.323 v2 onwards has support for Facility reason startH245, support for this feature is assumed
in all peer devices. If the peer requires an H.245 connection and one does not exist, the partner must use
a startH245 Facility to induce the SBC to connect to it.
If there is no H.245 transport possible (tunneled or separate), and H.245 messages must be sent by the
SBC, then the call is terminated.
On receipt of provisionalRespToH245Tunnelling, the SBC waits to determine the final tunneling
outcome before attempting separate H.245. H.245 messages are queued at this point and sent as soon as
an H.245 transport becomes available.
In the event of an H.245 connection race, the SBC only disconnects if it looses. The partner must
disconnect if it loses. Races are resolved by comparing the listen address/port (not the connection
address/port).
20-4
OL-13499-04
Back-pressure is exerted at call scope, or connection scope when multiple calls share a connection. So,
if call leg B cannot forward H.245 messages for some reason, call leg A's connection may exert TCP
back pressure on the peer. If call leg A is doing H.245 tunneling, and sharing a Q.931 TCP connection
with other calls, then the peer will experience back pressure on the other calls too.
The SBC tears down separate H.245 connections at the same point as their call by closing the relevant
socket.
Restrictions for Separate H.245 Control Channel
The restrictions for the H.245 control channel are:
The SBC does not support a model, in which it induces the peers in an H.323-H.323 call to set up
the H.245 TCP connection directly between themselves or to the data border element (DBE).
No show command is provided to list the H.245 transport status on a per-adjacency or per-call basis.
The H.245 security is not supported.
H.245 Passthrough
In media bypass, H.245 content is passed unmodified between two H.323 call legs (for more information
about media bypass see section How Adjacencies Affect Media Routing in the Implementing SBC
Adjacencies chapter). Passthrough happens irrespective of whether an H.245 message is received over
tunneled H.245 transport or a separate H.245 control channel, and does not require that both H.323 call
legs use the same H.245 transport mechanism. This feature permits inserting an SBC between two H.323
devices without any change to the passing H.245 content.
This is achieved by passing through H.245 messages opaquely between the endpoints. The Fast Start
request and response is passed through in the same way as mainline H.245. The only messages inspected
by the SBC are fast start and logical channel signaling. These are used to derive the bandwidth used for
the call.
Restrictions for H.245 Passthrough
The restrictions for the H.245 passthrough are:
Configuration to block passthrough of certain messages or message elements is not included in this
feature and is covered separately.
In a media bypass call, no Session Description Protocol (SDP) appears in the billing records.
The SBC does not support rate limiting of passed-through H.245 traffic, other than generic rate
limiting of all signaling traffic.
Slow Start Media Relay
The SBC supports media relay (which is media pass through the DBE) of unidirectional H.245 channels.
H.245 codec types are converted to Session Description Protocol (SDP) for the purposes of the DBE
programming, transcoder programming, and billing. This is done using a codec mapping table (see T.38
Fax Relay section on page 20-9). When dealing with codec types, for which no SDP mapping exists,
the SBE makes a best-effort attempt, and tries to find the best possible SDP match.
20-5
OL-13499-04
Inserting an SBC between two H.323 devices does not impact H.245 function (see H.245 Passthrough
section on page 20-4). For example, the SBC does not modify the logical channel numbers of H.245
channels in a media relay call. In a distributed DBE model, H.248 signals are used to establish the
necessary media terminations on the DBE.
The SBC supports renegotiation of media, using H.245 procedures, such as:
Fax upspeed: Where endpoints switch over from a low-bit-rate audio codec to ITU-T G.711
TCS=0: Where one endpoint induces the other to temporarily close all of its channels
Switchover to T.38 fax is described below in T.38 Fax Relay section on page 20-9.
Restrictions for Slow Start Media Relay
The restrictions for slow start media relay are:
The SBC does not support bidirectional H.245 channels in fast start or Open Logical Channel Close
(OLCs).
Dual tone multifrequency (DTMF) interworking is not supported between different types of
UserInputIndication.
No user configuration is provided to control DTMF interworking, which is triggered solely by
capability negotiation.
No means are provided to block setup of a particular codec, nor to ignore an unknown codec. The
best-effort function mentioned above is always enabled.
The SBC does not support multipoint capabilities.
Codec Mappings
The following codec mappings (Table 20-1) are used by the SBC to represent H.245 codecs as SDP for
the purpose of:
Billing records (media relay only)
DBE programming (media relay only)
Bandwidth allocation (media relay and media bypass). The bandwidth here is calculated based on
the SDP, not directly from the H.245.
Table 20-1 Codec Mappings
H.245 codec appears as:
g711Alaw64k PCMA/8000
g711Ulaw64k PCMU/8000
g722_64k G722/8000
g7231 G723.1/80
g728 G728/8000
g729 G729/8000
g729AnnexA G729/8000
g729wAnnexB G729/8000
20-6
OL-13499-04
Note the following:
H.245 video and data codecs other than T.38 are not supported by the SBC either for media relay or
media bypass.
The subset of codecs supported for H.323/SIP interworking is much smaller (for more information
see the H.323-SIP Interworking chapter)
DTMF Interworking
Dual-tone multi-frequency (DTMF) tones are used to transfer user requests. Different systems may
support different forms of DTMF. The SBC enables the DTMF interworking between these systems.
For example, some nonstandard H.323 devices do not support the lowest common denominator of
alphanumeric UserInputIndication. Such devices can only signal DTMF through RFC2833 telephony
events or as in-band media data. Other devices support UserInputIndication but not the RFC2833
telephony event.
If two such devices are deployed back to back, their only option is to send DTMF tones as it is done
in-band media data. Deploying an SBC between them allows each side to send DTMF, using its
supported signaled method, UserInputIndication on one side and RFC2833 on the other, with the SBC
interworking between the two.
This function requires the SBE to program the DBE to enable interception and insertion of RFC2833
DTMF on a particular side of the callthe side facing the RFC2833-only device. The SBE and DBE
then collaborate to transfer DTMF signaling between the H.245 control channel and the RTP steam.
DTMF interworking is negotiated through TerminalCapabilitySet. Therefore, the SBC must be capable
of extending the TerminalCapabilitySet to advertise support for both alphanumeric and RFC2833
methods.
The feature described in this section replaces all previous H.323 DTMF interworking functions. H.323
calls must support DTMF interworking between alphanumeric UserInputIndication and RFC2833. In
this case, the SBE coordinates with the DBE to carry out DTMF insertion and interception in the
Real-Time Protocol (RTP).
DTMF interworking is negotiated through TerminalCapabilitySet, not manual configuration. Therefore,
the SBC must always advertise support for both alphanumeric and RFC2833 methods, if necessary by
extending the TerminalCapabilitySet on its way through. (The exception is a TCS=0.)
Restrictions for DTMF Interworking
The restrictions for DTMF internetworking are:
Only the alphanumeric UserInputIndication method is supported for DTMF interworking.
g729AnnexAwAnnexB G729/8000
gsmHalfRate GSM-HR/8000
gsmFullRate GSM/8000
All other audio codecs PCMU/8000 (the default codec)
T.38 See T.38 Fax Relay
Table 20-1 Codec Mappings
H.245 codec appears as:
20-7
OL-13499-04
The SBE assumes that a peer, advertising any form of UserInputCapability is capable of sending and
receiving alphanumeric DTMF.
No manual configuration is provided to force DTMF interworking to occur.
Detection or insertion of DTMF as in-band audio data is not supported.
Transcoding
The SBC supports transcoding of slow start calls, enabling communication between different endpoints
with different codecs, which otherwise cannot communicate with each other. Two H.323 endpoints
deployed back-to-back might fail to agree on a mutually acceptable codec.
A typical case might be where one side is insisting on a low-bandwidth codec (such as ITU-T G.729)
because of bandwidth constraints or administrative policy, and the other side only supports G.711. For
example, if the calling party uses g711alaw and the callee uses G.729 annex B, the SBC can convert
G.711alaw codec to g729 annex B codec and enable communication between the two. When the SBC
detects that codec negotiation is needed, it uses Cisco Voice Interworking Service Module (VXSM) in
the Cisco MGX 8880 switch as its media gateway to perform the transcoding. Deploying the SBC
between the endpoints, in conjunction with an MGX 8880 transcoder, allows such calls to succeed.
The previous releases supported a fast-start-only version of transcoding. This function is now replaced
with an implementation of transcoding that is triggered off TerminalCapabilitySet.
Restrictions for Transcoding
The restrictions for transcoding are:
The decision whether to use a transcoder is taken once per call, and is not modified if endpoints issue
updated TerminalCapabilitySets (including TCS=0).
When transcoding is required, the SBC enforces symmetric codecs for the call.
Transcoding is never invoked in a fast start call. If no channels are suitable, endpoints must drop to
slow start at which point transcoding may be invoked.
The only codecs supported for transcoding are G.711 and G.729, and the only transcoder tested with
them is the Cisco MGX 8880 switch.
RAS Tech Prefix
A technology prefix is an optional H.323 standard-based feature, supported by gateways and
gatekeepers, that enables more flexibility in call routing within an H.323 VoIP network. The gatekeeper
uses technology prefixes to group endpoints of the same type together. Technology prefixes can also be
used to identify a type, class, or pool of gateways. This feature provides per-adjacency configuration of
RAS Tech Prefix and registers this prefix with the gatekeeper.
An H.323 adjacency may now be optionally configured with a single tech prefix consisting of 1-32 dialed
digits. It publishes the tech prefix to the gatekeeper in the following field of the RAS registration
request (RRQ):
terminalType.gateway.protocol.voice.supportedPrefixes.
As with existing adjacency configuration, this field may not be changed while the adjacency is attached.
This feature works in conjunction with existing SBC support for adding or removing digits on dialed
numbers (see section Number Manipulation in the Implementing SBC Policies chapter).
20-8
OL-13499-04
Restrictions for RAS Tech Prefix
This feature does not support zone prefixes, for example, registration of prefix AliasAddresses with
the gatekeeper.
User Protocol Timer Control
H.323 standards recommends timers, timeout, and retry counts for various messages. Their values are
not fixed and represent a range. The ability to define these values facilitates interworking between
different devices. H.323 timers and retry counts can be now configured by the user at a global and
per-adjacency level. Timers are expressed in seconds.
The following Q.931/H.225 timers are configurable.
Q.931/H.225 Setup Timer T303
Q.931/H.225 Establishment Timer T301
Q.931/H.225 Incoming Call Proceeding Timer T310
The following RAS timeout and retry counts are configurable.
GRQ
RRQ
URQ
ARQ
BRQ
DRQ
The RAS RRQ TTL and keepalive times (governing lightweight RRQ behavior) are configurable. These
two settings are interrelated. If the user configures unsafe values for a given adjacency, the SBE reverts
to the defaults.
The adjacency retry timer is configurable, and can be used to automatically reattempt adjacency
attachment when an adjacency fails for any reason.
The following timers are hardcoded:
TCP shutdown timeoutwhen gracefully closing a TCP connection, the time allowed for remote
closure before closing it ungracefully. The hardcoded value is 1 second.
TCP connect timeouttime allowed before giving up on a TCP connection attempt to a remote peer.
The hardcoded value is 1 second.
Restrictions
User protocol timer control restrictions are:
Changing timer values or retry counts while adjacencies are attached is allowed, but does not affect
timers or gatekeepers transactions that are already in progress.
No facility is provided to configure all RAS timeouts at once.
H.245 timers are not included here since they only run in interworking scenarios.
The SBC does not support the configuration of the following Q.931/H.225 timers:
Q.931/H.225 Overlap Sending Timer T302
20-9
OL-13499-04
Q.931/H.225 Overlap Receiving Timer T304
Q.931/H.225 Status Timer T322
The SBC does not support the configuration of the following RAS timers:
IRQ
IRR
RAI
SCI
T.38 Fax Relay
This feature provides support for media relay of T.38 fax. The following features are supported:
Both fax-only and fax-plus voice calls.
Switchover from voice to T.38 fax.
T.38 relay over unnumbered datagram protocol transport layer (UDPTL) only, and unidirectional
H.245 channels only.
T.38 H.245 - SDP Mapping
The T.38 H.245SDP mapping is shown below:
DataApplicationCapability
application
t38fax
t38FaxProtocol m=image 40000 {udptl | tcp} t38
t38FaxProfile
fillBitRemoval a=T38FaxFillBitRemoval
transcodingJBIG a=T38FaxTranscodingJBIG
transcodingMMR a=T38FaxTranscodingMMR
version a=T38FaxVersion:<digits>
t38FaxRateManagement a=T38FaxRateManagement:{localTCF | transferredTCF}
t38FaxUdpOptions OPTIONAL
t38FaxMaxBuffer a=T38FaxMaxBuffer:<digits>
t38FaxMaxDatagram a=T38FaxMaxDatagram:<digits>
t38FaxUdpEC a=T38FaxUdpEC:{t38UDPFEC | t38UDPRedundancy}
t38FaxTcpOptions OPTIONAL
t38TCPBidirectionalMode [no mapping]
maxBitRate a=T38maxBitRate:<digits> (UDP only)
The only parameters needed for media relay function are the port and the peak-bit rate, which are
highlighted in the example. Therefore, the presence of a T.38 fax function causes the following SDP to
be transmitted to the DBE:
m=image <remote T.38 port> udptl t38
a=T38maxBitRate:14400
For interworking scenarios, a complete mapping needs to be carried out. However, this is not supported
as of ACE SBC Release 3.0.00.
20-10
OL-13499-04
H.245 Mode Request
Switchover from a voice to fax call is handled by a RequestMode exchange. In an H.323-H.323 call this
exchange is passed through transparently between call legs without DBE signaling. This allows
endpoints to coordinate replacement of audio with T.38 channels.
RAS Maximum Bit Rate
In accordance with H.323v5 standards, the SBC counts UDP but not TCP towards the maximum bit rate
agreed with the gatekeeper.
H.323 Annex D / T.38 Annex B Interoperability
T.38 Annex B is a fast start only (no H.245) version of H.323 Annex D. Interoperation with Annex B
nodes is not supported by the SBC.
Restrictions
The restrictions are as follows:
The SBC cannot be configured to advertise the t38FaxAnnexbOnly field of SupportedProtocols in
RAS messages, and ignores this field on receipt.
No support for TCP or Secure Real-Time Transport Protocol (SRTP) transport.
No support for bidirectional H.245 channel signaling.
Q.931/H.225 Passthrough
This feature enables message elements from Q.931/H.225 to be passed through between two H.323 call
legs. This section describes the "base passthrough profile" of the SBC, listing the parts of the
Q.931/H.225 message that may be passed through.
The following conventions are used in the base passthrough profile:
ASN.1 syntax for Q.931 / H.225 messages is reproduced in this document.
The following tags are attached to ASN.1 subtrees, specifying the passthrough behavior.
P = "passthrough". This subtree is passed opaquely between call legs.
P* = "passthrough with privacy implications". Similar to "P", but passing through this subtree
may reveal information about an endpoint or a remote telephone number.
B = "block". This subtree is unconditionally blocked by the SBC and any information contained
in it is lost.
SBC. This subtree is manipulated by the SBC. Typically, values are replaced by those local to
the SBC.
Call Proceeding Passthrough
A Call Proceeding message is never passed through. However, fields from it are extracted and put into a
Progress or Facility in the upstream call log.
A Progress is used if the Call Proceeding contains a progress indicator.
20-11
OL-13499-04
A Facility is used otherwise.
Unsupported Messages
The following ITU-T Q.931 messages are not supported by the SBC either because they are forbidden
in H.323 or because the SBC does not currently support their corresponding features.
Status, Status Enquiry
SetupAck
Information
Notify
userInformation.
Privacy
Subtrees marked as "P*" - "passthrough with privacy implications" are automatically blocked if the
outgoing call leg has privacy enabled in CAC policy. This automatic blocking cannot be overridden by
configuration, therefore, the only way to have these fields pass through is to disable privacy.
Setting of Protocol Version
When passing through messages, the SBC sets the version of outgoing messages to the lower value of
its own ASN.1 version from that received in the original protocol message.
Q.931 / H.225 Base Passthrough Profile
Q931Message
protocolDiscriminator SBC
callReferenceValue SBC
message
setup
sendingComplete P
bearerCapability P
facility P
progressIndicator P
progressIndicator31 P
notificationIndicator P
display P*
keypadFacility P
signal P
callingPartyNumber SBC
callingPartySubaddress B
calledPartyNumber SBC
calledPartySubaddress B
redirectingNumber P*
userUser
h323-uu-pdu
h323-message-body
setup
protocolIdentifier SBC
h245Address SBC
sourceAddress SBC
sourceInfo SBC
destinationAddress SBC
destCallSignalAddress SBC
20-12
OL-13499-04
destExtraCallInfo B
destExtraCRV B
activeMC P
conferenceID P
conferenceGoal P
callServices P
callType B
sourceCallSignalAddress SBC
remoteExtensionAddress B
callIdentifier P
h245SecurityCapability B
tokens B
cryptoTokens B
fastStart SBC
mediaWaitForConnect P
canOverlapSend B
endpointIdentifier P*
multipleCalls SBC
maintainConnection SBC
connectionParameters P
language P
presentationIndicator SBC
screeningIndicator SBC
serviceControl P
symmetricOperationRequired P
capacity B
circuitInfo SBC
desiredProtocols B
neededFeatures B
desiredFeatures B
supportedFeatures B
parallelH245Control B
additionalSourceAddresses B
nonStandardData P
h4501SupplementaryService P
h245Tunneling SBC
h245Control SBC
nonStandardControl P
callLinkage P
tunnelledSignallingMessage P
provisionalRespToH245Tunneling SBC
stimulusControl P
genericData P
user-data P
callProceeding
bearerCapability P
facility P
progressIndicator SBC
progressIndicator31 SBC
display P
userUser
h323-uu-pdu
h323-message-body
callProceeding
destinationInfo P*
h245Address SBC
callIdentifier P
h245SecurityMode B
tokens B
cryptoTokens B
fastStart SBC
multipleCalls SBC
20-13
OL-13499-04
fastConnectRefused SBC
featureSet B
nonStandardData P
h245Tunneling SBC
h245Control SBC
callLinkage P
stimulusControl P
genericData P
user-data P
alerting
bearerCapability P
facility P
display P*
signal P
userUser
h323-uu-pdu
h323-message-body
alerting
destinationInfo P*
h245Address SBC
callIdentifier P
h245SecurityMode B
tokens B
cryptoTokens B
fastStart SBC
multipleCalls SBC
alertingAddress P*
serviceControl P
capacity B
featureSet B
nonStandardData P
h245Tunneling SBC
h245Control SBC
callLinkage P
stimulusControl P
genericData P
user-data P
connect
bearerCapability P
facility P
display P*
dateTime P
connectedNumber P*
connectedSubaddress P*
20-14
OL-13499-04
userUser
h323-uu-pdu
h323-message-body
connect
h245Address SBC
destinationInfo P*
conferenceID P
callIdentifier P
h245SecurityMode B
tokens B
cryptoTokens B
fastStart SBC
multipleCalls SBC
language P
connectedAddress P*
serviceControl P
capacity B
featureSet B
nonStandardData P
h245Tunneling SBC
h245Control SBC
callLinkage P
stimulusControl P
genericData P
user-data P
progress
bearerCapability P
cause P
facility P
display P*
userUser
h323-uu-pdu
h323-message-body
progress
destinationInfo SBC
h245Address SBC
callIdentifier P
h245SecurityMode B
tokens B
cryptoTokens B
fastStart SBC
multipleCalls SBC
nonStandardData P
h245Tunneling SBC
h245Control SBC
callLinkage P
20-15
OL-13499-04
stimulusControl P
genericData P
user-data P
releaseComplete
cause SBC
facility P
display P*
signal P
userUser
h323-uu-pdu
h323-message-body
connect
reason SBC
callIdentifier P
tokens B
cryptoTokens B
busyAddress P*
capacity B
serviceControl P
featureSet B
nonStandardData P
h245Tunneling SBC
h245Control SBC
callLinkage P
stimulusControl P
genericData P
user-data
facility
facility P
display P*
callingPartyNumber P*
calledPartyNumber P*
userUser
h323-uu-pdu
h323-message-body
facility
alternativeAddress B
alternativeAliasAddress P
conferenceID P
reason P
callIdentifier P
destExtraCallInfo P
remoteExtensionAddress P
tokens B
cryptoTokens B
conferences P
h245Address SBC
fastStart SBC
multipleCalls SBC
serviceControl P
circuitInfo B
20-16
OL-13499-04
featureSet B
destinationInfo P*
h245SecurityMode B
empty
nonStandardData P
h245Tunneling SBC
h245Control SBC
callLinkage P
stimulusControl P
genericData P
user-data P
Restrictions
Any message elements from Q.931/H.225 that are not listed in this section cannot be passed through.
Passthrough of security tokens is not supported.
H.323 Privacy
With the H.323 privacy feature, users can invoke identity hiding on Q.931/H.225 messages. When this
feature is implemented, the SBC strips Q.931/H.225 message elements that reveal information about the
remote caller or callee before passing them to the endpoints.
Note The Q.931/H.225 message elements that impact privacy are defined in the H.323 passthrough profile.
The SBC applies the privacy service to a message if it contains a privacy request submitted by a user, or
if a Call Admission Control(CAC) policy on the SBC is configured to enable privacy on a caller or callee
basis. If, however, the privacy configuration fields are set to default values, then the SBC forwards the
message to the next call leg without applying the privacy service to the message. You can also configure
the SBC to provide the H.323 privacy service on a per-adjacency basis.
The SBC applies the following rules when providing the H.323 privacy service:
If an H.323 adjacency is configured to allow private information, then the SBC does not apply
privacy service even if an incoming message requests it or the CAC policy is configured to enable
privacy.
If an H.323 adjacency is not configured to allow private information, but a CAC policy is configured
to enable privacy, then the SBC applies the privacy service to outgoing messages.
If an incoming message requests the privacy service, but a CAC policy has not been configured to
enable privacy, then the SBC applies the service if the adjacency is configured to apply the privacy
service.
If an incoming message requests the privacy service when both the CAC policy and the adjacency
have not been configured to apply the privacy service, then the SBC does not apply the privacy
service and allows the private information to pass through.
Restrictions and Limitations
Restrictions and limitations are as follows:
20-17
OL-13499-04
Configuring H.323 Features
The SBC does not apply the H.323 privacy service to H.245 and RAS messages.
Currently, the CAC policy for callee privacy is available for the H.323 signaling stack at connect
time, and only if a connectedNumber is present. As a result, the callee privacy service is not applied
to the Q.931 protocol messages that pass through before or after a call is connected when a
connectedNumber is not present. Due to this limitation, the SBC forwards the Q.931 Alerting, Q.931
Progress, and Q.931 Release Complete messages without applying the privacy service request to
them.
In an interworking call, the SBC only applies privacy requests based on the CAC policy.
This section contains the following:
Configuring Separate H.245 Control Channel, page 20-17
Configuring RAS Tech Prefix, page 20-18
Configuring User Protocol Timer Control, page 20-19
Configuring H.323 Privacy, page 20-22
Configuring Separate H.245 Control Channel
This command disables tunneling on a per-adjacency basis, facilitating interoperability with existing
devices that are confused by tunneling. The command controls both incoming and outgoing calls.
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
5. h245 tunnel disable
6. exit
DETAILED STEPS
Step 1 configure
Example:
Enables the global configuration mode.
Example:
of the SBC.
20-18
OL-13499-04
Configuring RAS Tech Prefix
This feature provides per-adjacency configuration of RAS Tech Prefix and registers this prefix with the
gatekeeper. RAS tech prefix may consist of 1-32 dialed digits.
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
5. tech-prefix tech-prefix
6. exit
DETAILED STEPS
Step 3 sbe
Example:
Enters the mode of the SBE function of the SBC.
Example:
host1/Admin(config-sbc-sbe)# adjacency h323 2651XM-5
Use the adjacency-name argument to define the
name of the H.323 adjacency.
Step 5 h245 tunnel disable
Example:
host1/Admin(config-sbc-sbe-adj-h323)# h245 tunnel
disable
Disables tunneling on a per-adjacency basis,
facilitating interoperability with existing devices
that are confused by tunneling. The command
controls both incoming and outgoing calls.
The default is tunneling enabled.
Step 6 exit
Example:
Exits the media address mode to the DBE mode.
Step 1 configure
Example:
Example:
of the SBC.
20-19
OL-13499-04
Configuring User Protocol Timer Control
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
4. h323 | adjacency h323 adjacency-name
5. adjacency timeout value
6. h225 timeout
7. ras retry
8. ras rrq ttl value
9. ras rrq keepalive value
10. ras timeout
11. exit
12. show services sbc sbc-name sbe h323 timers
Step 3 sbe
Example:
Enters the mode of the signaling border element
(SBE) function of the SBC.
Example:
Step 5 tech-prefix tech-prefix
Example:
host1/Admin(config-sbc-sbe-adj-h323)# tech-prefix 32#
Provides per-adjacency configuration of RAS Tech
Prefix and registers this prefix with the gatekeeper.
RAS tech prefix may consist of 1-32 dialed digits
followed by a # sign.
The default is no tech prefix.
Step 6 exit
Example:
Exits the media address mode to the DBE mode.
20-20
OL-13499-04
DETAILED STEPS
Step 1 configure
Example:
Example:
of the SBC.
Step 3 sbe
Example:
Step 4 h323 | adjacency h323 adjacency-name
Example:
Enters the mode of either all H.323 adjacencies or a
specified H.323 adjacency.
Step 5 adjacency timeout value
Example:
host1/Admin(config-sbc-sbe-adj-h323)# adjacency
timeout 10000
Defines the time in milliseconds, during which in
case of failure to connect, the SBC keeps trying to
reconnect to the remote signaling peer and receive
keep-alive messages from it.
The value range is 1000030000.
Step 6 h225 timeout [establishment timeout-value |
proceeding timeout-value | setup timeout-value |
Example:
host1/Admin(config-sbc-sbe-adj-h323)# h225 timeout
establishment 250000
Defines the time for waiting to receive H.225
messages.
establishment timeout-valueh225
establishment state timeout value in
milliseconds. The default is 180000. The value
range is 30000-300000.
proceeding timeout-valueh225 proceeding
state timeout value in milliseconds. 10000. The
value range is 1000-30000.
setup timeout-valueh225 setup timeout value
in milliseconds. The default is 4000. The value
range is 1000-30000.
20-21
OL-13499-04
Step 7 ras retry [arq | brq | drq | grq | rrq | urq] retry
count
Example:
ras retry arq 2
ras retry brq 2
ras retry drq 2
ras retry rrq 2
ras retry urq 2
Defines the number of times the system trys to
re-send RAS messages in case of failure to send the
messages.
arq retry countNumber of times to retry an
ARQ transaction.
brq retry countNumber of times to retry a
BRQ transaction.
drq retry countNumber of times to retry a
DRQ transaction.
grq retry countNumber of times to retry a
GRQ transaction.
rrq retry countNumber of times to retry an
RRQ transaction.
urq retry countNumber of times to retry a
URQ transaction.
The value range is 0-30.
Step 8 ras rrq ttl value
Example:
host1/Admin(config-sbc-sbe-adj-h323)# ras rrq ttl 100
Defines the time to live messages (TTL) in seconds
for registration request (RRQ).
The default is 60. The value range is 16300.
Step 9 ras rrq keepalive value
Example:
host1/Admin(config-sbc-sbe-adj-h323)# ras rrq
keepalive 100000
Defines the time in milliseconds for registration
request (RRQ) keep-alive messages.
The default is 45000. The value range is
15000150000.
Step 10 ras timeout [arq | brq | drq | grq | rrq | urq]
timeout
Example:
ras timeout arq 1000
ras timeout brq 1000
ras timeout drq 1000
ras timeout grq 1000
ras timeout rrq 1000
ras timeout urq 1000
Defines the common timeout in milliseconds for all
RAS messages.
arq timeoutTimeout value for an ARQ
transaction.
brq timeoutTimeout value for an BRQ
transaction.
drq timeoutTimeout value for an DRQ
transaction.
grq timeoutTimeout value for an GRQ
transaction.
rrq timeoutTimeout value for an RRQ
transaction.
urq timeoutTimeout value for an URQ
transaction.
The default is 5000. The value range is
1000-45000. The default is 5000.
20-22
OL-13499-04
Configuring H.323 Privacy
This feature allows the SBC to apply the H.323 privacy service on outbound messages.
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
5. allow private info
6. privacy restrict outbound
7. exit
DETAILED STEPS
Step 11 exit
Example:
Exits the H.323 global or specified adjacency mode.
Step 12 show services sbc service-name sbe h323 timers
Example:
host1/Admin# show services sbc mysbc sbe h323 timers
Displays the values of all H.323 timers.
Step 1 configure
Example:
Example:
of the SBC.
Step 3 sbe
Example:
Example:
20-23
OL-13499-04
Configuring Separate H.245 Control Channel and RAS Tech Prefix: Example
Configuring Separate H.245 Control Channel and RAS Tech
Prefix: Example
configure
sbc mysbc
sbe
adjacency h323 h323-fxs-1b
signaling-port 1720
account h323-fxs-1b
tech-prefix 2#
h245-tunnel disable
attach
exit
configure
sbc mysbc
sbe
adjacency h323 abcd
adjacency timeout 10000
h225 timeout establishment 40000
adjacency timeout 10000?
h225 timeout ?
establishment h225 establishment state timeout value.
proceeding h225 proceeding state timeout value.
setup h225 setup timeout value.
h225 timeout proceeding 30000
Step 5 allow private info
Example:
host1/Admin(config-sbc-sbe-adj-h323)# allow private
info
Configures the H.323 adjacency to allow private
information on messages sent out by the adjacency
even if the CAC policy is configured to apply
privacy service or the user requests privacy service.
The no version of this command configures the
H.323 adjacency to stop allowing private
information from being sent out by the adjacency.
Step 6 privacy restrict outbound
Example:
host1/Admin(config-sbc-sbe-adj-h323)# privacy
restrict outbound
Configures the H.323 adjacency to apply privacy
restriction on outbound messages if the user
requests the privacy service. The no version of this
command configures the H.323 adjacency to allow
private information messages sent out by the
adjacency.
Step 7 exit
Example:
Exits an SBE H.323 global or specified adjacency
mode.
20-24
OL-13499-04
h225 timeout setup 30000
ras ?
retry RAS retry configuration.
rrq RRQ (Registration Request) configuration.
timeout RAS timeout configuration.
ras retry ?
arq Retry count for an ARQ transaction.
brq Retry count for an BRQ transaction.
drq Retry count for an DRQ transaction.
grq Retry count for an GRQ transaction.
rrq Retry count for an RRQ transaction.
urq Retry count for an URQ transaction.
ras retry arq 2
ras retry brq 2
ras retry drq 2
ras retry rrq 2
ras retry rrq 2
ras rrq ?
keepalive Rate for keepalive msgs to refresh an H323 adjacency registration.
ttl TTL (time to live) value for an RRQ request.
ras rrq keepalive ?
<15000-150000> Keepalive refresh time in milliseconds - default: 45000 ras rrq
keepalive 15000
ras rrq ttl ?
<16-300> TTL value in seconds - default: 60
ras rrq ttl 30
ras timeout ?
arq Timeout value for an ARQ transaction.
brq Timeout value for an BRQ transaction.
drq Timeout value for an DRQ transaction.
grq Timeout value for an GRQ transaction.
rrq Timeout value for an RRQ transaction.
urq Timeout value for an URQ transaction.
ras timeout arq ?
<1000-45000> Timeout value in milliseconds - default: 5000
C H A P T E R
21-1
OL-13499-04
21
H.323-SIP Interworking
The H.323-SIP interworking feature is very important in Voice over IP (VoIP) services since both
protocols are widely used in the industry. When one VoIP service provider uses Session Initiation
Protocol (SIP) and another provider uses H.323, the two protocols need to interwork to enable the
customers to contact each other. H.323 is an older protocol that is gradually supplanted by SIP. The
customers who have their VoIP network managed using H.323 may have to transition to SIP in the future.
During this transition, both protocols need to interwork on the customers VoIP network.
Feature History for H.323-SIP Interworking
Contents
Restrictions for H.323-SIP Interworking, page 21-1
Information About H.323-SIP Interworking, page 21-2
SIP/H.323 Interworking for Basic Call Hold, page 21-2
Restrictions for H.323-SIP Interworking
The following features are not supported:
Transcoding of interworking calls.
Renegotiation of the media of interworking calls, either before or after the call is connected.
Receiving an offer (apart from the initial offer in the case of a SIP-to-H.323 call) from a remote SIP
endpoint at any time during the call establishment.
Media bypass for interworking calls.
ACE SBC Release 3.1.00 Support added for SIP/H.323 interworking for basic call hold.
ACE SBC Release 3.0.00 This feature was introduced on the Cisco7600 series router along with
21-2
OL-13499-04
Information About H.323-SIP Interworking
Dual tone multifrequency (DTMF) within the Real-Time Protocol (RTP) stream of an interworking
call.
H.323 DTMF signaling using any method other than the alphanumeric method of
UserInputIndication.
Interworking of endpoint registrations (not supported by H.323).
Failover of interworking calls (because H.323 call legs cannot be preserved across a failover).
Interworking of any SIP method other than INVITE, ACK, CANCEL, BYE, INFO, or PRACK.
End-to-end authentication on an interworking call. For example, an H.323 call branch cannot
challenge a SIP call branch and vice versa. The Session Border Controller (SBC) itself can challenge
a SIP call branch, but not an H.323 call branch.
User-configurable mapping of cause codes.
User-configurable mapping of codec types.
Interworking of signaling support for Silence Suppressio /VAD. It is assumed that the majority of
endpoints interoperate correctly without explicitly signaling silence suppression.
Interworking of video or fax calls.
Information About H.323-SIP Interworking
Following the usual process, after the SBC applies the call and number policy tables, a final adjacency
and account are chosen. In this feature, the originating and terminating adjacencies are configured for
different protocols. For example, the originating adjacency can be configured for SIP, and the
terminating adjacency can be configured for H.323.
The SBC supports the following features of SIP-to-H.323 interworking:
SIP upstream, H.323 fast-start downstream, offer received on the SIP INVITE.
SIP upstream, H.323 slow-start downstream, offer received on the SIP INVITE. First, H.323
fast-start is tried downstream. The SBC drops back to slow-start procedures when it discovers the
downstream endpoint does not support fast-start.
SIP upstream, H.323 downstream (either fast-start or slow-start), no offer received on the SIP
INVITE.
H.323 fast-start upstream, SIP downstream.
H.323 slow-start upstream, SIP downstream. SIP downstream is tried with a default SDP offer,
containing a single media channel with the following offered codecs in decreasing order of
preference: G.729, G.711 U-law, G.711 A-law, G.723.
Early media.
DTMF interworking between SIP and H.323 in the signaling plane, using the alphanumeric method
of UserInputIndication.
SIP/H.323 Interworking for Basic Call Hold
The SIP/H.323 interworking for basic call hold feature enables the SBC to translate, hold, and resume
signaling in H.323 and SIP interworking calls.
21-3
OL-13499-04
Note Basic call hold does not require external configuration and is enabled by default.
SIP Requirements
In RFC-3264 SDP Offer-Answer protocol, basic call hold is signaled by a re-Offer that includes an
a=sendonly', 'a=inactive', or 'c=IN IP4 0.0.0.0' line.
a=sendonly or c=IN IP4 0.0.0.0 indicates that the offerer wants to keep transmitting. The Answer
may optionally force the offerer to cease transmitting by setting a=inactive or c=IN IP4 0.0.0.0.
a=inactive indicates that the offerer will also cease transmitting. In this case, the answerer must also
reply with a=inactive.
Resume is signaled by setting the direction to a=sendrec or, because this is the default setting, omitting
the direction line altogether.
For SIP, requirements are:
The SBC must support receipt of all of the above forms of call hold signaling. On transmit, control
should preferably be provided over the form that is used.
Translation of a re-offer that opens or closes the send direction (not just the receive direction).
Case of the offerer or answerer changing their RTP address/port on a call hold resume offer or a call
hold answer.
Sending a re-Offer on a SIP re-INVITE and processing the answer on the INVITE 200 rsp.
Processing an incoming answer on the first re-INVITE response even if that is not the final response
(In this case, a duplicate answer on the final 200 response must be ignored).
Receipt of a re-offer on a SIP INVITE request.
Sending an answer on a re-INVITE 200 response.
H.323 Requirements
In H.245, basic call hold is signaled by sending an empty terminal capability set (defined in H.323
section 8.4.6, and known as "TCS=0"or "ECS"). The receiver of the TCS=0 must close its send channel
and avoid re-opening it. Resume is signaled by sending a non-empty terminal capability set. At this
point, the send channel is re-opened. In terms of the H.245 message flows:
Terminal capabilities are transmitted using a TerminalCapabilitySet (TCS). This message is
responded to with a TerminalCapabilitySetAck (TCS Ack) or TerminalCapabilitySetReject.
A channel is opened with an H.245 OpenLogicalChannel (OLC). This is responded to with an
OpenLogicalChannelAck (OLC Ack) or OpenLogicalChannelReject.
A channel is closed with an H.245 CloseLogicalChannel (CLC). A CloseLogicalChannelAck (CLC
Ack) indicates that this message has been processed.
For H.323, requirements are:
Sending, receiving, and acting on empty and non-empty capability sets in an interworking call,
including the situation in which both sides have put the other on hold.
Translation of channel close and re-open outside the context of call hold / resume.
21-4
OL-13499-04
Address changing for a new incarnation of a channel that uses different RTP/RTCP addresses/ports
from the previous incarnation of the channel. (In line with existing behavior, SBC may continue to
assume that each side of an H.245 RTP session uses a single RTP and RTCP IP address, and that the
RTCP port = RTP port + 1.)
Receiving TCS=0 from downstream before call connection.
Ignoring a TCS=0 received from upstream before call connection (to prevent problems on the SIP
side).
Basic Call Hold Restrictions
The following restrictions apply to the Basic Call Hold feature:
As part of an interworking call, a single audio code is selected and codec renegotiation is not
supported.
MoH (Music On Hold) is not fully supported because it typically requires codec renegotiation.
Third-party rerouting (where a device separate from the SBC reroutes the call) is not fully
supported.
The SBC does not support the following SIP mechanisms for carrying out Offer-Answer exchanges:
Late SDP re-INVITE (application/sdp payload type and no attached body). The SBC responds
with a '501 Not Implemented' response.
Offer on an UPDATE request, INVITE 18x response, INVITE 200 response or PRACK request.
Answer to a renegotiation on anything other than an INVITE 200 response.
No call hold during early media. Translation of call hold/resume is allowed only after a call is
established. This restriction follows from the previous restriction that prevents the SBC from
receiving or generating Offers on INVITE 18x or UPDATE in SIP.
The SBC cannot originate or terminate H.450.4 call hold protocol.
The SBC supports receipt of an OLC Ack with port set to 0, but does not transmit an OLC Ack with
port set to 0. Instead it transmits OLC Reject.
New timers are not configurable.
Existing general interworking restrictions are still in place:
Only a single media stream is allowed.
Only a single audio codec is allowed within that stream.
Transcoding and DTMF interworking is not supported.
Media bypass is not supported.
Basic Call Hold Verification
Command Purpose
host1/Admin# show services sbc sbc-name
sbe calls
Lists all the calls on the SBEs.
21-5
OL-13499-04
21-6
OL-13499-04
C H A P T E R
22-1
OL-13499-04
22
Tracking Policy Failure Statistics
Users can track the number of calls that the Session Border Controller (SBC) rejected based on the rules
established in the number analysis policies, routing policies, or Call Admission Control (CAC) policies.
Users can also view and query the policy failure statistics associated with these rejected calls, which can
help them determine whether changes need to be made to the existing policies.
Feature History for Policy Failure Statistics
Contents
Restrictions for Tracking Call Policy Failure Statistics, page 22-1
Information About Policy Failure Statistics, page 22-2
Restrictions for Tracking Call Policy Failure Statistics
Review the following restrictions for policy failure statistics:
Only new call failures are tracked by this feature.
Only call failures associated with local policy are recorded. Calls rejected by downstream signaling
devices are not included in this statistics.
22-2
OL-13499-04
Information About Policy Failure Statistics
The section provides information on the following:
Policy Failure Statistics for a Specified Time Interval, page 22-2
Policy Set Statistics, page 22-2
Automatic Tracking of Policy Failure Statistics, page 22-3
Policy Failure Statistics and Hunting, page 22-4
Policy Failure Statistics for a Specified Time Interval
Table 22-1 lists the commands to view and clear the failure statistics on the specified signaling border
element (SBE) for a certain time interval.
Policy Set Statistics
To determine whether calls failed because of policies configured in the routing, number validation, or
CAC tables, users can view policy failure statistics. Table 22-2 lists the commands to view and clear the
statistics in a policy table.
Table 22-3 lists the commands to view the detailed information for a specific entry in a CAC policy table
and routing table.
Table 22-1 Commands for Time-Based Policy Failure Statistics
clear services sbc service-name sbe
policy-failure-stats
Clears the policy failure statistics for the
current and previous time interval.
Table 22-2 Per-Table Statistics Commands
show services sbc service-name sbe
cac-policy-set policy set-id tables
Displays a summary of the CAC policy tables
associated with the given policy set, including
the number of failed calls.
cac-rejection-stats
Clears all CAC policy failure statistics.
call-policy-set policy set-id tables
Displays a summary of routing policy tables
associated with the given policy set, including
the number of failed calls.
call-rejection-stats
Clears all routing and number analysis policy
rejection statistics.
show services sbc sbc-name sbe cac-policy-set id
table name entries
associated with the given policy set.
22-3
OL-13499-04
Automatic Tracking of Policy Failure Statistics
The SBC automatically tracks policy failure statistics for call attribute sets representing the following:
Per source adjacency statistics for all configured adjacencies
Per destination adjacency statistics for all configured adjacencies
Per source account statistics for all configured accounts
Per destination account statistics for all configured accounts
Table 22-4 lists the commands to view and clear automatically tracked policy failure statistics.
Table 22-3 Per-Entry Statistics Commands
cac-policy-set policy set-id table name entry
entry
Displays detailed statistics for the given entry
in a CAC policy table.
call-policy-set policy set-id table name entry
entry
Displays detailed statistics for the given entry
in the routing table.
show services sbc sbc-name sbe cac-policy-set id
table name entries
associated with the given policy set.
show services sbc sbc-name sbe call-policy-set id
table name entries
Displays a summary of the entries associated
with the given routing table.
22-4
OL-13499-04
Policy Failure Statistics and Hunting
If the CAC module refuses a call or if a call cannot be signaled to the chosen destination adjacency
because of a negative or no response, call hunting occurs. Call hunting is the process of selecting an
alternative adjacency from the routing tables and retrying the call using the newly selected destination
adjacency.
Hunting continues until one of the following conditions is fulfilled:
The call gets connected.
No further adjacencies are available for retry.
The call has been hunted too many times.
Global Statistics and Call Hunting
If a call gets connected after hunting, the SBC does not include it in any of the following global statistics:
Total call setup failures
Total call setups failed due to number analysis
Total call setups failed due to routing
Table 22-4 Automatically Tracked Statistics Commands
policy-failure-stats src-adjacency table-name
period
Specifies the time period to which the statistics
apply. Choose one of the following time
intervals:
current15minsDisplays statistics in 15
minute intervals starting from the current
minute.
current5minsDisplays statistics in 5
minute intervals starting from the current
minute.
currentdayDisplays statistics for the
current day starting midnight of the same
day.
currenthourDisplays statistics for the
current hour.
previous15minsDisplays statistics
from previous 15 minute intervals.
previous5minsDisplays statistics from
previous 5 minute intervals.
previousdayDisplays statistics from the
previous day.
previoushourDisplays statistics from
the previous hour.
policy-failure-stats src-adjacency table-name
Clears the policy statistics of the specified
source adjacency.
22-5
OL-13499-04
Total call setups failed due to CAC
CAC failure due to number of calls limit
CAC failure due to call rate limit
CAC failure due to media channels limit
CAC failure due to bandwidth limit
If a call fails after number analysis, hunting does not occur. The SBC includes it in the following global
statistics:
Total call setups failed due to number analysis
If a call fails the first time it is routed because no destination adjacency is found in the routing table, then
the SBC includes it in the following global statistics:
Total call setups failed due to routing
If a call fails because a CAC policy refused it permission to proceed, the SBC includes the failure in the
total call setups failed due to CAC statistics. Additionally, the call is included in one of the following
statistics depending on the nature of the CAC limit:
Per-table and Per-entry Statistics and Call Hunting
If a call undergoes N iterations of hunting, then it traverses the number analysis tables once, and the
routing and the CAC tables N times. But the CAC tables can reject the call each time it traverses the CAC
table. For each time the CAC table rejects the call, the SBC finds the table and entry that was responsible
for setting the CAC limit, and increments the following:
the number of calls refused by the CAC table
the number of calls refused by the table entry
Per-adjacency and Per-Account Statistics and Call Hunting
If a call gets connected after hunting, the SBC does not include it in the following per-account or
per-adjacency statistics:
total call setup failures
total call setups failed due to number analysis
total call setups failed due to CAC
CAC failures due to rate limit
CAC failures due to media channels limit
CAC failures due to bandwidth limit
If a call fails due to number analysis, then hunting does not occur and the SBC includes the call in the
following per-account and per-source adjacency statistics:
22-6
OL-13499-04
total call setups failed due to number analysis
If a call fails in the routing tables before hunting occurs, the SBC includes the call in the following
per-source account and per-source-adjacency statistics:
total call setups failed due to routing
A call included in the total call setup failures statistics is included in the per-source adjacency,
per-destination-adjacency, per-source-account adjacency, and per-destination account statistics.
Additionally, if the most recent hunting attempt failed because a CAC policy refused the call permission
to proceed, the SBC includes the failure in the total call setups failed due to CAC statistics in the
per-source-adjacency, per-destination-adjacency, per-source-account, and per-destination-account
statistics. The call is also included in one of the following statistics depending on the nature of the CAC
limit depending on the nature of the CAC limit:
C H A P T E R
23-1
OL-13499-04
23
SIP 3xx Redirect Responses
This section describes how the Session Border Controller (SBC) can be configured to process Session
Initiation Protocol (SIP) 3xx responses. 3xx is a class of the response code used in SIP to indicate that
further action needs to be taken in order to complete the request. The sender of the request should retry
the request, using one or more alternative Uniform Resource Identifiers (URIs), which are presented in
the 3xx response.
Feature History for SIP 3xx Redirect Responses
Contents
Information About 3xx Redirect Responses in SIP, page 23-1
How to Configure SBC to Process SIP 3xx Responses, page 23-3
Examples of Configuring SBC to Process SIP 3xx Responses, page 23-5
Information About 3xx Redirect Responses in SIP
This section contains the following subsections:
3xx Responses, page 23-2
Diversion Headers, page 23-3
23-2
OL-13499-04
Information About 3xx Redirect Responses in SIP
3xx Responses
3xx responses are usually only expected in session-initiating requests, INVITEs. However, the SIP
specification does not preclude sending 3xx responses for other request types. A number of alternative
URIs are supplied on the 3xx responses in Contact headers.
The 3xx class of responses includes any response code in the range of 300-399 and indicates a
redirection of the call. The redirection requires further action to be taken to complete the request. The
following 3xx response codes are defined in SIP.
300 Multiple Choices. The address in the request resolved to several choices, each with its own
specific location. The user or user agent (UA) can select a preferred communication end point and
redirect the request to that location.
The response may include a message body containing a list of resource characteristics and
location(s), from which the user or UA can choose the most appropriate one, if allowed by the
Accept request header field. However, no MIME types have been defined for this message body.
The choices should also be listed as Contact fields. The response may contain several Contact fields
or a list of addresses in a Contact field. UAs may use the Contact header field value for automatic
redirection or ask the user to confirm a choice.
301 Moved Permanently. The user can no longer be found at the address in the Request-URI, and
the requesting client should retry at the new address given by the Contact header field. The requestor
should update any local directories, address books, and user location caches with this new value, and
redirect future requests to the addresses listed.
302 Moved Temporarily. The requesting client should retry the request at the new address(es) given
by the Contact header field. The Request-URI of the new request uses the value of the Contact
header field in the response.
The duration of the validity of the Contact URI can be specified through an Expires header field or
an Expires parameter in the Contact header field. Both proxies and UAs may cache this URI for the
duration of the expiration time. If there is no explicit expiration time, the address is valid only once
for recursing, and must not be cached for future transactions.
If the URI cached from the Contact header field fails, the Request-URI from the redirected request
may be tried again only once.
305 Use Proxy. The requested resource must be accessed through the proxy given by the Contact
field. The Contact field gives the URI of the proxy. The recipient is expected to repeat this single
request via the proxy. 305 responses must only be generated by the user agent servers (UASs).
380 Alternative Service. The call was not successful, but alternative services are possible. The
alternative services are described in the message body of the response. There are no formats
currently defined for this information.
In each case, the request should be retried to one of the supplied alternative URIs. The request can
be retried by either the originating UA, or by an intermediate back-to-back user agent (B2BUA) or
proxy on behalf of the originating UA (and without notifying it).
SBC is a B2BUA, and, therefore, in some deployments it may be necessary for SBC to retry the
request instead of sending a negative response back to the initiator of the request.
23-3
OL-13499-04
How to Configure SBC to Process SIP 3xx Responses
Diversion Headers
The Diversion header enables the called SIP user agent to identify from whom the call was diverted and
why it was diverted. The header notifies the original caller:
That the call has been redirected to a destination that differs from the original target
The number to which the call has been redirected
The reason for the redirection
The diversion header is attached by networking elements that change the final destination of a request.
This section contains the steps for configuring SBC to process SIP 3xx responses.
Configuring SBC to Process SIP 3xx Responses
SUMMARY STEPS
1. configure
2. sbc sbc-name
3. sbe
5. redirect-mode mode
6. attach
7. exit
8. redirect-limit limit
9. exit
10. show services sbc sbc-name sbe adjacencies
11. show services sbc sbc-name sbe redirect-limit
DETAILED STEPS
Step 1 configure
Example:
Example:
service.
23-4
OL-13499-04
Step 3 sbe
Example:
Example:
SipToIsp42
Use the adjacency-name argument to define the name of
the service.
Step 5 redirect-mode mode
Example:
host1/Admin(config-sbc-sbe-adj-sip) redirect-mode
recurse
Configures the behavior of the SBC on receipt of a 3xx
response to an INVITE from the SIP adjacency.
redirect-mode pass-throughSBC passes all 3xx
responses back to the caller (the default mode).
redirect-mode recurseOn 300, 301, 302, and 305
INVITE responses (under the redirect-limit, see
Step 8), SBC resends the INVITE to the first listed
contact address. Otherwise, SBC passes 3xx
responses back.
no redirect-modeThe no version of this command
returns the adjacency to the default behavior.
Step 6 attach
Example:
Step 7 exit
Example:
Exits the adjacency-sip mode and returns to the SBE
mode.
Step 8 redirect-limit limit
Example:
Configures the maximum number of redirections that the
SBC performs on a given call.
redirect-limit limitA numeric value, the
maximum number of redirections performed before
the call is failed (the range is 0-100, the default is 2).
no redirect-limitThe no version of this command
Step 9 exit
Example:
Exits the SBE mode.
23-5
OL-13499-04
Examples of Configuring SBC to Process SIP 3xx Responses
This section provides two simple configurations for processing SIP 3xx responses on the SBC.
The following command configures the adjacency SipToIsp42 to recurse on 300, 301, 302, and 305
INVITE responses.
host1/Admin(config)# sbc mySbc sbe adjacency sip SipToIsp42
host1/Admin(config-sbc-sbe-adj-sip)# redirect-mode recurse
host1/Admin(config-sbc-sbe-adj-sip)# end
The following command configures the SBE to perform maximum 4 SIP 3xx redirections per call.
host1/Admin(config)# sbc mySBC
Step 10 show services sbc sbc-name sbe adjacencies
Example:
sbe adjacencies
Lists the adjacencies configured on SBEs.
Step 11 show services sbc sbc-name sbe redirect-limit
Example:
sbe redirect-limit
Displays the current limit on the maximum number of
redirections a call can undergo.
23-6
OL-13499-04
C H A P T E R
24-1
OL-13499-04
24
SIP Call Hold
The Session Initiation Protocol (SIP) call hold feature in the Session Border Controller (SBC) provides
a standard telephony service of putting a caller on hold. If a party in a call wants to put the other party
on hold, a party re-invites the other by sending an INVITE request with a modified Session Description
Protocol (SDP). When a SIP endpoint wishes to place a call on hold or respond to a call hold re-INVITE,
it chooses an appropriate method. SBC modifies call hold SDPs to use any available methods in order to
maximize inter-operating with SIP devices.
Feature History for SIP Call Hold
Contents
Information About SIP Call Hold, page 24-1
SDP Call Hold Interworking, page 24-3
Configuration Examples, page 24-6
Information About SIP Call Hold
SBC accepts a SIP re-INVITE with an SDP, signaling that the sender wishes to put the call on hold. SBC
modifies the SDP offer as needed and replaces remote endpoint addresses with known data border
element (DBE) media addresses. SBC then forwards the SIP message, containing the modified SDP to
the remote endpoint.
If the re-INVITE is rejected by the endpoint going on hold, then the error response is returned to the
holding endpoint (the endpoint that initiated the call hold). The media gate on the DBE continues to be
connected and media continues to flow as before.
ACE SBC Release 3.1.00 Support added for SDP call hold interworking.
24-2
OL-13499-04
Information About SIP Call Hold
Configuring SIP Call Hold
This section contains the steps for configuring the no media timeout duration for on-hold calls.
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
4. hold-media-timeout timeout
5. exit
6. show services sbc service-name sbe hold-media-timeout
7. show services sbc service-name sbe calls
DETAILED STEPS
Step 1 configure
Example:
Example:
service.
Step 3 sbe
Example:
24-3
OL-13499-04
ACE SBC Release 3.1.00 adds support for SDP call hold interworking. With SDP call hold interworking,
there are two ways of setting up call hold using SIP. Either the caller or callee can renegotiate the call
characteristics using SDP so that either:
The connection line is set to the null address, c=IN IP4 0.0.0.0.
Or the direction attribute for their endpoint so that it does not receive media from the endpoint.
If this was previously set to a=sendrecv, the endpoint putting the call on hold sets it to
a=sendonly.
If this was previously set to a=recvonly, the endpoint putting the call on hold sets it to
a=inactive.
Step 4 hold-media-timeout timeout
Example:
host1/Admin(config-sbc-sbe)# hold-media-timeout
7200
The time an SBE will wait after receiving a media
timeout notification from the DBE for an on hold call
before tearing that call down.
When the DBE detects that media has stopped on a
call, it will start a timer for the specified duration,
using the DBE media timeout command line
interface (CLI) command.
If no media flows before this timer expires, then the
DBE will send a pin-hole timeout event notification
to the SBE.
If the call is on hold, the SBE will set a timer with a
duration matching the configured value using this
command.
If the call is not taken off hold before the SBE timer
expires, then the call will be torn down.
The default value for this command is off. Unless a
specific duration is set, on hold calls never time out.
Step 5 exit
Example:
Exits the configuration session and returns to the SBC
mode.
Step 6 show services sbc sbc-name sbe hold-media-timeout
Example:
sbe hold-media-timeout
Shows the currently configured duration of the media
timeout timer for on-hold calls.
Step 7 show services sbc sbc-name sbe calls
Example:
sbe calls
Lists all the calls on the SBE.
24-4
OL-13499-04
Some SIP endpoints support setting the connection line to the null address, some support setting the
direction, and some support both approaches. Additionally, some endpoints only respect setting the
direction attribute to sendonly or inactive.
With SDP call hold interworking, the SBC supports interoperating with SIP endpoints that support a
subset of the above approaches. When the SBC detects that a call is being put on hold in the SDP, it
removes any preexisting c=IN IP4 0.0.0.0 or a=direction lines and replaces them with appropriate
settings for the endpoint.
If the endpoint putting the call on hold was sendrecv or sendonly, then the default behavior is to send
c=IN IP4 0.0.0.0
a=sendonly
If the endpoint putting the call on hold was recvonly or inactive, then the default behavior is to send
C=IN IP4 0.0.0.0
a=inactive
Restrictions for SDP Call Hold Interworking
Review the following restrictions for SDP Call Hold Interworking:
Music on Hold (MoH) is not supported.
For middle call service when a call is answered after SBC card switch over (for example, a call
hold/resume), the SBC will change the port in SDP. If the peer node does not support SDP port
change for middle call service, there will be a middle call service failure.
Configuring SDP Call Hold Interworking
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
9. entry entry-id
10. match-value key
11. caller-hold-setting {hold-c0 | hold-c0-inactive | hold-c0-sendonly | hold-sendonly | standard}
12. action [cac-complete | next-table goto-table-name ]
13. exit
14. exit
15. complete
24-5
OL-13499-04
16. active-cac-policy-set policy-set-id
DETAILED STEPS
Step 1 configure
Example:
Example:
service.
Step 3 sbe
Example:
Example:
Enters the submode of CAC policy set configuration
within an SBE entity.
Example:
first-cac-scope global
Configures the scope at which to begin defining limits
Example:
first-cac-table RootCacTable
Example:
host1/Admin(config-sbc-sbe-cacpolicy)# cac-table
RootCacTable
Example:
match-type src-account
Configures a new CAC table type that enables the
priority of the call to be used as a criterion in CAC
policy.
Example:
entry 1
24-6
OL-13499-04
The section contains configuration examples.
Example of Configuring SIP Call Hold
The following command configures the SBE to wait for two hours after receiving the last media packet
on an on-hold call before cleaning up the call resources.
Example:
host1/Admin(config-sbc-sbe-cacpolicy-cactable-ent
ry)# match-value fairchild
control table.
Step 11 caller-hold-setting {hold-c0 | hold-c0-inactive |
hold-c0-sendonly | hold-sendonly | standard}
Example:
ry)# caller-hold-setting hold-sendonly
Configures the caller hold settings that are supported.
Step 12 action [cac-complete | next-table goto-ta-
ble-name]
Example:
ry)# action cac-complete
Specifies the action to take if this routing entry is
chosen.
Step 13 exit
Example:
host1/Admin(config-sbc-sbe-cacpolicy-cactable-en-
try)# exit
mode.
Step 14 exit
Example:
exit
mode.
Step 15 complete
Example:
Completes the CAC-policy or call-policy set after com-
mitting the full set.
Step 16 active-cac-policy-set policy-set-id
Example:
host1/Admin (config-sbc-sbe)#
Sets the active CAC-policy-set within an SBE entity.
24-7
OL-13499-04
host1/Admin(config-sbc-sbe)# hold-media-timeout 7200
Example of Configuring SDP Call Hold Interworking
In the example below, Fairchild Foods has replaced all the phones in their offices. The new phones
support setting a=sendonly and c=IN IP4 0.0.0.0 to place a call on hold; they do not support setting
a=inactive. You now want to reconfigure the SBC to work with these phones without changing the
behavior for other customers. This change creates new policies at the account scope for all events, so
that calls in which Fairchild Foods phones are involved are put on hold appropriately.
The following configuration changes will make sure that Fairchild phone doesn't receive a=inactive in
SDP when Fairchild is the source account and the callee puts the call on hold:
host1/Admin(config-sbc-sbe-cacpolicy)# first-cac-table callhold-src-settings
host1/Admin(config-sbc-sbe-cacpolicy)# cac-table callhold-src-settings
host1/Admin(config-sbc-sbe-cacpolicy-cactable)# match-type src-account
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# match-value fairchild
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# caller-hold-setting hold-c0-sendonly
24-8
OL-13499-04
C H A P T E R
25-1
OL-13499-04
25
SIP Call Transfer
The Session Border Controller (SBC) supports Session Initiation Protocol (SIP) call transfer, a standard
Internet telephony service. Call transfer allows a wide variety of decentralized multiparty call
operations. These decentralized call operations form the basis for third-party call control, and are
important features for voice over IP (VoIP) and SIP. Call transfer is also critical for conference calling,
where calls can transition smoothly between multiple point-to-point links and IP level multicasting. The
SBC SIP call transfer feature includes basic in-dialog transfer and advanced call transfer for the
following network topologies:
Central SBC
Transfer intra network
Transfer out of network
Transfer to colleague
Feature History for SIP Call Transfer
Contents
Restrictions for SIP Call Transfer Support, page 25-2
Information About SIP Call Transfer, page 25-2
25-2
OL-13499-04
Restrictions for SIP Call Transfer Support
Restrictions for SIP Call Transfer Support
The following is a list of restrictions for SIP call transfer support:
The Configuration feature is expected to be always on. Therefore, no configuration is required and
it is not possible to disable it.
REFER subscription state is not maintained over failover. Therefore, after a failover, any subsequent
NOTIFYs telling the one referring about the progress of the referral are lost. They are bounced back
with a 481 SIP error response. This will not prevent calls from being transferred, but may result in
a few error logs if diagnostics are enabled.
Information About SIP Call Transfer
REFER Requests
The REFER method has three main roles:
OriginatorUser agent that initiates the transfer or REFER request.
RecipientUser agent that receives the REFER request and is transferred to the final-recipient.
Final-RecipientUser agent introduced into a call with the recipient.
The REFER method always begins within the context of an existing call and starts with the originator.
The originator sends a REFER request to the recipient (user agent receiving the REFER request) to
initiate a triggered INVITE request. The triggered INVITE request uses the SIP URL contained in the
Refer-To header as the destination of the INVITE request.
The recipient then contacts the resource in the Refer-To header (final-recipient), and returns a SIP 202
(Accepted) response to the originator. The recipient also must notify the originator of the outcome of the
REFER transactionwhether the final-recipient was successfully or unsuccessfully contacted. The
notification is accomplished using the Notify Method, SIP's event notification mechanism.
A Notify message with a message body of SIP 200 OK indicates a successful transfer, while a body of
SIP 503 Service Unavailable indicates an unsuccessful transfer. If the call was successful, a call between
the recipient and the final-recipient results.
SBC accepts and passes through in-dialog REFER requests. Standard SIP headers are manipulated as
normal. The call-transfer specific headers are treated in the following way:
The Refer-To header is passed through unchanged
The Referred-By header:
Any received Referred-By header is passed through ignored.
On the outbound REFER, the following header is written:
Referred-By: <sip:endpoint_dn@sbc_adj_sip_domain_name>
except that,
If the side of the call on which SBC received the REFER has privacy enabled (configured in
CAC), then no Referred-By header is written on the outbound REFER
The Replaces header is treated in the same way as for the INVITE requests
25-3
OL-13499-04
Out-of-dialog REFER requests are rejected. The Target-Dialog header is not explicitly supported, and
therefore is stripped or passed through, subject to header and method white/blacklisting configuration.
NOTIFY Messages
When the outcome of the REFER transaction is known, the recipient of the REFER request must notify
the originator of the outcome of the REFER transactionwhether the final-recipient was successfully
or unsuccessfully contacted. The notification is accomplished using the NOTIFY method, SIP's event
notification mechanism. The notification contains a message body with a SIP response status line and
the response class in the status line indicates the success or failure of the REFER transaction.
SBC accepts and passes through in-dialog NOTIFY requests. Standard SIP headers are manipulated as
normal.
If the NOTIFY contains a body of type message/sipfrag, and if the start of this body can be correctly
parsed as a SIP response status line, then the outbound NOTIFY is given a message/sipfrag body
containing a SIP response status line with the same response code (and nothing else).
If there is no body of type message/sipfrag on the NOTIFY, or the first line of the NOTIFY body
cannot be correctly parsed as a status line, then the onbound NOTIFY is sent without a body. This
includes the case where there is a message/sipfrag body included as part of a mime/multipart body.
Replaces Headers
The processing of Replaces headers is the key logic involved in supporting call transfer across SBC. SBC
does a lookup on the call IDs and tags in the received Replaces header. If it finds the corresponding call
branch (for example, C1), then it looks up the partner call branch (for example, C2). C1 and C2 together
make up another call through SBC. The Replaces header sent out on the request which is forwarded on
might refer to call branch C1 or C2, depending on the request type and other considerations. Any
early-only flag on the Replaces header is passed through.
25-4
OL-13499-04
C H A P T E R
26-1
OL-13499-04
26
SIP Outbound Authentication
The Session Border Controller (SBC) supports Session Initiation Protocol (SIP) outbound
authentication. When network entities communicate using SIP, one entity often needs to challenge
another one to determine if it is authorized to transmit SIP signaling into the challengers network. The
SIP authentication model is based on the HTTP digest authentication, as described in the RFC 2617.
Note The use of basic authentication, where passwords are transmitted unencrypted, is not permitted in SIP.
Feature History for SIP Outbound Authentication
Contents
Prerequisites for Implementing SIP Outbound Authentication, page 26-2
Restrictions for Implementing SIP Outbound Authentication, page 26-2
Information About SIP Outbound Authentication, page 26-2
How to Configure SIP Outbound Authentication, page 26-3
Examples of Show Commands, page 26-5
26-2
OL-13499-04
Prerequisites for Implementing SIP Outbound Authentication
Prerequisites for Implementing SIP Outbound Authentication
The following prerequisites are required to implement SIP outbound authentication:
Configure a SIP adjacency before you specify one or more authentication-realms.
Configure the SBC with a set of domains (realms) with which it can authenticate itself. Set the
username and password to provide when challenged by each of these domains. This configuration
is implemented per adjacency.
Note Multiple realms can be configured per adjacency and there is no limit on the number of these
realms aside from memory availability. Different realms may be configured with the same
username and password. Also, each realm may be configured with different username and
password on different adjacencies. However, any realm can be configured a maximum of one
time per adjacency.
Restrictions for Implementing SIP Outbound Authentication
The following restrictions apply to SIP outbound authentication:
The SBC rejects any attempt to configure an authentication-realm with the same domain name as an
existing authentication-realm. This restriction is valid per adjacency. Multiple adjacencies may have
authentication-realms configured with the same domain.
Note The current command line interface (CLI) prohibits the user from configuring two
authentication-realms with the same domain for the same adjacency. If this is attempted, the CLI
interprets the second authentication-realm configuration as an attempt to reconfigure the first
authentication-realm, and updates the users credentials accordingly.
Each authentication-realm can only be configured with a single username and password per
adjacency.
Information About SIP Outbound Authentication
Configuring Outbound Authentication in the SBC, page 26-2
Authenticating the SBC to Remote Devices, page 26-3
Configuring Outbound Authentication in the SBC
When a SIP adjacency is configured, the user may specify one or more authentication-realms. Each
authentication-realm represents a remote domain, from which the SBC receives authentication
challenges on the adjacency. When an authentication-realm is configured, the user must specify the
correct user name and password that the SBC uses to authenticate itself in that realm. The SBC stores
all valid authentication-realms for each adjacency.
26-3
OL-13499-04
How to Configure SIP Outbound Authentication
Authenticating the SBC to Remote Devices
Upon receipt of a SIP 401 or 407 response that can be correlated to a request it sent, the SBC examines
the attached authentication challenge. The SBC responds to any authentication challenge received on a
given adjacency that matches one of the configured authentication-realms for that adjacency. Any
authentication challenge that does not match the configured authentication-realm is passed through
unchanged to the SBCs signaling peer for the adjacency, on which the original request was received.
To generate a response to an authentication challenge, the SBC does the following:
1. First, it looks up the realm parameter of the challenge in its list of configured authentication-realms
for the outbound adjacency.
2. Second, it finds the password for that authentication-realm and generates an authentication response
by combining the password with the nonce parameter from the challenge, and hashing the result.
3. If the challenger has requested auth-int quality of protection, the SBC also generates a hash of the
entire message body and includes it in the response.
4. The SBC builds an Authorization (or Proxy-Authorization) header by including the following
parameter values (following RFC 2617):
Nonce from challenge.
Realm from challenge.
Digest-URI is set to the SIP URI of the challenged request.
Message-QOP is set to auth.
Response calculated as described previously.
Username as specified for the relevant authentication-realm.
If the challenge contained an opaque parameter, it is returned unchanged on the response.
If the challenge contained the qop-directive parameter, then the nonce-count parameter is set to the
number of the sent requests, using the response calculated from this nonce.
Note that the domain parameter is not expected to be included on any challenges that the SBC must
respond to. This parameter is not used on Proxy-Authenticate challenges, the type of challenge that
the SBC most often receives. If the domain parameter is included, the SBC ignores it.
5. Finally, the SBC stores its calculated response and the received nonce with the other data for the
authentication-realm. This allows the SBC to respond rapidly to the subsequent challenges from this
realm with the same nonce. If the SBC lacks the resources to store its response, it carries on anyway.
The next time an authorization challenge is received from this realm, the SBC has to recalculate its
response. When the SBC re-uses a saved response, it updates the nonce count stored along with the
nonce-response pair. This allows the SBC to correctly fill in the nonce-count field in Authorization
responses.
This section contains the steps for configuring SIP outbound authentication, allowing the user to
add/remove one or more authentication-realms to/from an adjacency.
SUMMARY STEPS
1. configure
26-4
OL-13499-04
2. sbc service-name
3. sbe
5. authentication-realm inbound domain | outbound domain username password
6. exit
7. show services sbc sbc-name sbe adjacency adjacency-name authentication-realms
8. show services sbc service-name sbe all-authentication-realms
DETAILED STEPS
Step 1 configure
Example:
Example:
of the service.
Step 3 sbe
Example:
Example:
name of the service.
Step 5 authentication-realm inbound domain outbound
domain username password
Example:
authentication-realm example.com usersbc
passwrdsbc
Configures a set of authentication credentials for the
specified domain on the specified adjacency. This
command can be issued either before or after the
adjacency has been attached.
The no version of this command deconfigures the
authentication-realm on the specified adjacency.
inboundSpecifies inbound authentication realm.
outboundSpecifies outbound authentication
realm.
domainName of the domain for which the
authentication credentials are valid.
usernameUser name that identifies the SBC in the
specified domain.
passwordPassword to authenticate the username
in the specified domain.
26-5
OL-13499-04
Examples of Show Commands
# show services sbc mySbc sbe adjacency SipToIsp42 authentication-realms
Configured authentication realms
--------------------------------
Domain Username Password
Example.com usersbc passwordsbc
# show services sbc mySbc sbe all-authentication-realms
--------------------------------
Adjacency: SipToIsp42
Domain Username Password Example.com usersbc passwordsbc
Remote.com usersbc sbcpassword
Example.com user2sbc password2sbc
Other.com sbcuser sbcsbcsbc
Step 6 exit
Example:
Exits the adj-sip mode and returns to the SBE mode.
Step 7 show services sbc sbc-name sbe adjacency
adjacency-name authentication-realms
Example:
host1/Admin# show services sbc mySbc sbe
adjacency SipToIsp42 authentication-realms
Shows all currently configured authentication-realms for
the specified SIP adjacency.
Step 8 show services sbc service-name sbe
all-authentication-realms
Example:
host1/Admin# show services sbc mySbc sbe
Shows all currently configured authentication-realms for
all SIP adjacencies.
26-6
OL-13499-04
C H A P T E R
27-1
OL-13499-04
27
SIP Inbound Authentication
The Session Border Controller (SBC) supports two modes of Session Initiation Protocol (SIP) inbound
authentication to challenge inbound SIP requests: local and remote. You must select the mode of
authentication to configure the SBC according to the level of support present in the Remote
Authentication Dial-In User Service (RADIUS) servers. If the RADIUS servers are compliant with only
draft-sterman-aaa-sip-00 to 01, then select the local mode. If the RADIUS servers are compliant with
only RFC 4590, then use the remote authentication mode.
Note This feature is optional and you can configure the SBC not to challenge the inbound requests.
Feature History for SIP Inbound Authentication
Contents
Prerequisites for Implementing SIP Inbound Authentication, page 27-1
Restrictions for Implementing SIP Inbound Authentication, page 27-2
Information About SIP Inbound Authentication, page 27-2
How to Configure SIP Inbound Authentication, page 27-5
Prerequisites for Implementing SIP Inbound Authentication
The following prerequisites are required to implement SIP inbound authentication:
27-2
OL-13499-04
Restrictions for Implementing SIP Inbound Authentication
Configure a SIP adjacency with the intended mode of authentication before you configure the SBC
to authenticate inbound calls.
Configure the RADIUS server to specify which mode of inbound authentication is selected.
Restrictions for Implementing SIP Inbound Authentication
The following restrictions and limitations apply to implement SIP inbound authentication:
The SBC supports only one inbound authentication realm per adjacency.
The SBC does not check the validity of nonces generated by a RADIUS server; the RADIUS server
must be configured to perform this check.
The SBC does not designate a particular RADIUS server group on an adjacency for inbound
authentication.
Since trust-transference of calls does not occur between inbound authentication, outbound
authentication, and Transport Layer Security (TLS) connections, a successful inbound
authentication does not ensure that the SBC marks the call as secure or implement outbound
authentication. Users can, however, configure inbound authentication, outbound authentication, and
TLS independently on the same adjacency.
Information About SIP Inbound Authentication
Local Inbound Authentication, page 27-2
Remote Inbound Authentication, page 27-2
Interaction with Outbound Authentication, page 27-3
Failure Modes for Inbound Authentication, page 27-3
Local Inbound Authentication
When configured to perform local inbound authentication, the SBC is responsible for challenging an
unauthorized request from the remote peer first. Therefore, to be able to challenge the request from the
remote peer, the adjacency must already be configured with an authentication realm. After the remote
peer has validated the request, it is forwarded to the RADIUS server, which then decides whether to
permit the call to pass through or not.
Remote Inbound Authentication
When configured to perform remote inbound authentication, the SBC relies on the RADIUS server to
challenge an authorized request from the remote peer. The SBC forwards the challenge request generated
by the RADIUS server to the remote peer, and also forwards the remote peers authentication request to
the RADIUS server.
27-3
OL-13499-04
Interaction with Outbound Authentication
If an adjacency is configured for inbound authentication, then after it successfully authenticates an
inbound request, the authorization headers matching the realm for that adjacency are stripped out and
not propagated to the outbound signal. Authorization headers for other realms, however, are passed
through to the outbound request.
Failure Modes for Inbound Authentication
When the inbound authentication is configured, the following failure modes may occur (in addition to
the standard SIP signal failure modes):
Unacceptable Parameters
If the endpoint or RADIUS server specifies a quality of protection parameter other than auth or
auth-int, then the inbound request is rejected and a 403 response is generated. Similarly, the SBC
generates a 403 response when algorithms other than MD5 and MD5-sess are used.
Access-Request Rejection
If the RADIUS server rejects the Access-Request signal with an Access-Reject response, the SBC sends
a 403 response to the endpoint.
Insufficient Memory
If the SBC does not have sufficient memory to process an inbound authentication request, it rejects the
request and sends a 503 response.
No Match on Authentication Realm
If the peer does not return any authentication headers that specify the authentication realm contained in
the adjacencys configuration, then the SBC rechallenges the request with 401 response.
No Match on Nonce
If the peers nonce does not match the one generated by the SBC, then the SBC rejects the authentication
request and sends a 403 response.
Nonce Timed Out
If the peers nonce has timed out, then the SBC challenges the nonce by sending a 401 response and a
new nonce.
27-4
OL-13499-04
No Acceptable RADIUS Servers
If there is no RADIUS server to support a mode configured on the adjacency, then the SBC rejects the
authentication request with a 501 response and creates a log to alert the user of the inconsistent
configuration.
27-5
OL-13499-04
How to Configure SIP Inbound Authentication
This section contains the steps for configuring SIP local inbound authentication a RADIUS server.
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
4. radius authentication
5. activate
6. server server-name
7. address
8. mode local
9. key password
10. exit
11. exit
13. authentication-realm inbound realm
14. authentication mode local
15. authentication nonce timeout time
16. exit
DETAILED STEPS
Step 1 configure
Example:
Example:
of the service.
Step 3 sbe
Example:
27-6
OL-13499-04
Step 4 radius authentication
Example:
host1/Admin(config-sbc-sbe)# radius authentica-
tion
Enters the mode for configuring a RADIUS client for
authentication purposes.
Step 5 activate
Example:
host1/Admin(config-sbc-sbe-auth)# activate
Activates the RADIUS client.
Step 6 server server-name
Example:
host1/Admin(config-sbc-sbe-auth)#server authserv
Enters the mode for configuring the authentication
server.
Step 7 address ipv4 ipv4-address
Example:
host1/Admin(config-sbc-sbe-auth-ser)# address
ipv4 200.200.200.122
Specifies the IPv4 address of the authentication server.
Step 8 mode local
Example:
host1/Admin(config-sbc-sbe-auth-ser)#mode local
Configures the RADIUS server for local inbound
authentication. By default, the mode is remote.
Step 9 key password
Example:
host1/Admin(config-sbc-sbe-auth-ser)# key
authpass1
Sets the authentication server key.
Step 10 exit
Example:
host1/Admin(config-sbc-sbe-auth-ser)# exit
Exits the mode for configuring the authentication server.
Step 11 exit
Example:
host1/Admin(config-sbc-sbe-auth)# exit
Exits the mode for configuring the RADIUS client and
enters the SBE mode.
Example:
Step 13 authentication-realm inbound realm
Example:
host1/Admin(config-sbc-sbe)# authentica-
tion-realm inbound cisco.com
Configures a set of authentication credentials for a
specified domain on the specified SIP adjacency.
Note This is a mandatory parameter for local mode.
27-7
OL-13499-04
host1/Admin# show services sbc mySbc sbe adjacencies SipToIsp42 detail
SBC server mySbc
Adjacency SipToIsp42
Status: Attached
Signaling address: 10.2.0.122:5060
Signaling-peer: 200.200.200.179:8888
Force next hop: No
Account: core
Group: None
In Header Profile: Default
Out Header Profile: Default
In method profile: Default
Out method profile: Default
In UA option profile: Default
Out UA option profile: Default
In proxy option profile: Default
Priority set name: Default
Local-id: None
Rewrite REGISTER: Off
Target address: None
NAT Status: Auto-Detect
Reg-min-expiry: 3000 seconds
Fast-register: Enabled
Fast-register-int: 30 seconds
Authenticated mode: Local
Authenticated realm: Cisco.com
Authenticated nonce life time: 300 seconds
IMS visited NetID: NOne
Inherit profile: Default
Force next hop: No
Home network ID: None
UnEncrypt key data: None
SIPIpassthrough: No
Rewrite from domain: Yes
Rewrite to header: Yes
Media passthrough: No
Preferred transport: UDP
Hunting Triggers: Global Triggers
Step 14 authentication mode local
Example:
authentication mode local
Configures the SIP adjacency for local inbound
authentication. To configure the SIP adjacency, for
remote inbound authentication, set the value to remote.
Step 15 authentication nonce timeout time
Example:
Configures the value of the authentication nonce timeout
in seconds. The range of acceptable values is 0 to 65535
seconds. The default value is 300 seconds.
Step 16 exit
Example:
27-8
OL-13499-04
Redirect mode: Passthrough
C H A P T E R
28-1
OL-13499-04
28
Implementing SBC QoS (Marking)
The Session Border Controller (SBC) supports quality of service (QoS) profiles that the integrator
configures for IP packet marking on the data path. IP packet marking is used in the SBC in the following
contexts:
Configuring media packet real-time transport protocol (RTP) and real-time control protocol (RTCP)
marking based on a per call scope.
Supporting Differentiated Services Code Point (DSCP) marking as well as IP precedence/Type of
Service (ToS) marking for voice service.
Providing the ability to mark media packet differently depending on which branch of the call (either
the caller or the callee) they are sent on.
Supporting signaling and media packet marking based on Session Initiation Packet (SIP) resource
priority header.
For a complete description of commands used in this chapter, refer to the Chapter 39, Cisco Session
Border Controller Commands. To locate documentation for other commands that appear in this chapter,
use the command reference master index, or search online.
Feature History for Implementing SBC QoS
Contents
Prerequisites for Implementing QoS, page 28-2
Information About Implementing QoS, page 28-2
How to Implement QoS, page 28-2
Configuration Examples of QoS Profiles, page 28-10
28-2
OL-13499-04
Prerequisites for Implementing QoS
Prerequisites for Implementing QoS
The following prerequisites are required to implement QoS on the SBC:
at
186a00806838f4.html.
Before implementing QoS, the SBC must already be created. See the procedures described in
Information About Implementing QoS
To implement QoS marking on the SBC, the user configures the SBC with a number of QoS profiles,
which are given unique names to identify them. These QoS profiles are used exclusively for marking
packets.
Each QoS profile contains the following mutually exclusive parameters.
A 6-bit DSCP value to mark packets that match the QoS.
A 3-bit IP precedence value and a 4-bit ToS value to mark packets that match the QoS.
Note A default QoS profile that cannot be modified or deleted is preconfigured on the SBC. If the user does
not define a QoS profile, the default QoS profile is used for marking packets.
How to Implement QoS
To implement QoS marking on the SBC, follow the procedures in the following sections:
Configuring QoS Profiles
Choosing a Qos Profile Using CAC
Configuring QoS Profiles
This task configures a signaling QoS profile to use an IP precedence value of 1 and a ToS value of 12 to
mark packets that match the QoS.
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
4. qos sig name
5. marking type
6. ip precedence value
28-3
OL-13499-04
7. ip tos value
DETAILED STEPS
Step 1 configure
Example:
Example:
host1/Admin(config-sbc)#
the SBC.
Step 3 sbe
Example:
Enters the mode of an signaling border element (SBE)
entity within a SBC service.
Step 4 qos sig name
Example:
host1/Admin(config-sbc-sbe)# qos sig
residential
host1/Admin(config-sbc-sbe-qos-sig)#
Enters the mode of configuring a QoS profile. The name
parameter must be the name of an existing QoS profile. The
string default is reserved.
Step 5 marking type
Example:
host1/Admin(config-sbc-sbe-qos-sig)# marking
ip-precedence
Configures whether the QoS profile marks packets with a
DSCP value or an IP precedence and ToS value. The type
must be either:
dscp
ip-precedence
The no version of this command configures the QoS profile
to not mark packets.
28-4
OL-13499-04
Analyzing the SIP Resource-Priority Header
Users can configure the SBC to map SIP packets with Resource-Priority header strings to the following
SBC priority values:
Routine
Priority
Immediate
Flash
Flash override
Critical
The Call Admission Control (CAC) uses the assigned priority value to choose the QoS profile.
The following task configures the SBC to assign priority valueflash to a SIP packet with
Resource-Priority header string dsn.flash.
Step 6 ip precedence value
Example:
ip precedence 1
Configures an IP precedence with which to mark IP packets
belonging to the given QoS profile. The range of IP
precedence values is 0 to 7.
The no version of this command sets the default IP
precedence value to 0.
Note If the QoS profile is configured to mark packets
DSCP value takes precedence.
Step 7 ip tos value
Example:
ip tos 12
Configures an IP ToS with which to mark IP packets
belonging to the given QoS profile. The value parameter is
a bit field consisting of one or more of the following bits
linked together using an arithmetic OR:
8Minimize delay
4Maximize throughput
2Maximize reliability
1Minimize monetary cost
28-5
OL-13499-04
SUMMARY STEPS
1. configure
2. sbc service name
3. sbe
4. resource-priority-set name
5. resource-priority string value
6. priority priority-value
DETAILED STEPS
Step 1 configure
Example:
Example:
of the SBC.
Step 3 sbe
Example:
Step 4 resource-priority-set name
Example:
resource-priority-set dsn
Enters the mode to map SIP Resource-Priority header
string to SBC priority values.
Step 5 resource-priority string value
Example:
host1/Admin(config-sbc-sbe-rsrc-pri-set)#
resource-priority dsn.flash
Enters the mode to configure the priority of the
Resource-Priority header string.
Step 6 priority priority-value
Example:
host1/Admin(config-sbc-sbe-rsrc-pri)# priority
flash
Sets the SBC priority value of the Resource-Priority
header string.
The SBC priority value must be one of the following:
routine
priority
immediate
flash
flash-override
critical
28-6
OL-13499-04
Configuring a Resource Priority Set on a SIP Adjacency
The following task configures the SIP adjacency SipToIsp42to use resource-priority-set dsn.
SUMMARY STEPS
1. configure
2. sbc service name
3. sbe
5. resource-priority-set name
DETAILED STEPS
Step 1 configure
Example:
Example:
the SBC.
Step 3 sbe
Example:
Example:
SipToIsp42
Configures the SIP adjacency to use with the specified
resource priority set.
Step 5 resource-priority-set name
Example:
Sets the SIP adjacency to use with the specified resource
priority set.
28-7
OL-13499-04
Choosing a Qos Profile Using CAC
This task configures calls from the account cisco to use the voice QoS profile enterprise for packets
sent from the SBC to the original caller.
Note This command can only be executed at the per-call scope. The CAC policy does not activate if this
command is configured at any other scope.
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
9. entry entry-id
10. match-value key
11. caller-voice-qos-profile profile-name
12. caller-video-qos-profile profile-name
13. caller-sig-qos-profile profile name
DETAILED STEPS
Step 1 configure
Example:
Example:
the service.
Step 3 sbe
Example:
28-8
OL-13499-04
Example:
Enters the mode of Call Admission Control (CAC) policy
set configuration within an SBE entity, creating a new
policy set, if necessary.
Example:
first-cac-scope call
The scope-name argument configures the scope at which
limits should be initially defined. Possible values are:
adj-group
call
dst-account
dst-adj-group
dst-adjacency
dst-number
global
src-account
src-adj-group
arc-adjacency
Example:
first-cac-table MyCacTable
Example:
Enters the mode for configuration of an admission control
table (creating one, if necessary) within the context of an
SBE policy set.
28-9
OL-13499-04
Example:
cactable)# match-type src-account
The type of the table. This parameter governs the syntax of
the match-value fields of the entries in the table. The entries
in the table then all correspond to different values of call
priority, which must be one of the following strings:
accountCompare the name of the account.
adj-groupCompare the name of the adjacency group.
adjacencyCompare the name of the adjacency.
allNo comparison type. All events match this type.
call-priorityCompare with call priority.
categoryCompare the number analysis assigned
category.
dst-accountCompare the name of the destination
account.
dst-adj-groupCompare the name of the destination
adjacency group.
dst-adjacencyCompare the name of the destination
adjacency.
dst-prefixCompare the beginning of the dialed digit
string.
event-typeCompare with CAC policy event types.
policy-setThe match-type is a cac-policy-table.
src-accountCompare the name of the source account.
src-adj-groupCompare the name of the source
adjacency group.
src-adjacencyCompare the name of the source
adjacency.
src-prefixCompare the beginning of the calling
number string.
sub-categoryMatch based on subscriber category.
sub-category-pfxMatch based on subscriber category
IP prefix
The match-type parameter must be supplied when
creating a table.
Example:
cactable)# entry 1
Enters the mode for configuring an entry in an admission
control table, creating the entry, if necessary.
28-10
OL-13499-04
Configuration Examples of QoS Profiles
Configuring a QoS Voice Profile Using IP Precedence Marking: Example
Configuring a QoS Voice Profile Using DSCP Marking: Example
Choosing a QoS Profile Using CAC: Example
Configuration of a SIP Adjacency Using Resource- Priority-Set: Example
Configuring a QoS Voice Profile Using IP Precedence Marking: Example
This task configures a QoS voice profile to use an IP precedence value of 1 and a ToS value of 12 to mark
packets that match the QoS.
configure
sbc mysbc
sbe
qos voice residential
marking ip-precedence
ip precedence 1
ip tos 12
Example:
cac-table-ent)# match-value cisco
Configures the match value of an entry in an admission
control table.
Step 11 caller-voice-qos-profile profile-name
Example:
cac-table-ent)# caller-voice-qos-profile
enterprise
Configures the QoS profile to use for voice media packets
sent to the original caller.
Step 12 caller-video-qos-profile profile-name
Example:
cac-table-ent)# caller-video-qos-profile
enterprise
Configures the QoS profile to use for packets sent to the
original caller.
Step 13 caller-sig-qos-profile profile-name
Example:
cac-table-ent)# caller-sig-qos-profile
enterprise
Configures the QoS profile to use for signaling packets sent
to the original caller.
28-11
OL-13499-04
Configuring a QoS Voice Profile Using DSCP Marking: Example
This task configures a QoS voice profile to use an IP precedence value of 1 and a ToS value of 12 to mark
packets that match the QoS.
configure
sbc mysbc
sbe
qos voice residential
marking dscp
dscp 10
Choosing a QoS Profile Using CAC: Example
This task configures calls from the account cisco to use the voice QoS profile enterprise for packets
sent from the SBC to the original caller.
configure
sbc mysbc
sbe
cac-policy-set 1
entry 1
match-value cisco
caller-voice-qos-profile enterprise
caller-video-qos-profile enterprise
sbc mysbc
sbe
cac-policy-set 1
entry 1
match-value cisco
caller-video-qos-profile enterprise
caller-voice-qos-profile enterprise
!
!
!
Configuration of a SIP Adjacency Using Resource- Priority-Set: Example
This section provides the following configuration example:
configure
sbc mysbc
sbe
adjacency sip SipToIsp42
28-12
OL-13499-04
C H A P T E R
29-1
OL-13499-04
29
SIP Configuration Flexibility
The Session Border Controller (SBC) offers flexibility in configuring the following features of a Session
Initiation Protocol (SIP adjacency):
OPTIONS Support
Rewriting from header on non-REGISTER requests
Rewriting To: header on non-REGISTER requests
Auto-detecting NAT
Routing on wildcard domains
Feature History for SIP Configuration Flexibility
Contents
Restrictions for Implementing SIP Configuration Flexibility, page 29-1
Information About SIP Configuration Flexibility, page 29-2
How to Implement SIP Configuration Flexibility, page 29-3
Restrictions for Implementing SIP Configuration Flexibility
The restrictions for implementing SIP configuration flexibility are listed per feature in this chapter.
29-2
OL-13499-04
Information About SIP Configuration Flexibility
Information About SIP Configuration Flexibility
This section conains the following subsections:
OPTIONS Support, page 29-2
Rewriting From Header on Non-Register Requests, page 29-2
OPTIONS Support
By default, the SBC blocks the OPTIONS method from passing through, but users can now configure
the SBC on a per-adjacency basis to pass or block the OPTIONS method. If you configure the SBC with
method whitelist profiles per adjacency, then the SBC allows the OPTIONS method to pass through. If
you configure the SBC with method blacklist profiles per adjacency, then the SBC blocks the OPTIONS
method from being passed through.
Restrictions for OPTIONS Support
The SBC strips out SDP blocks from messages when it allows the OPTIONS method to pass
through. This limits what the SIP endpoints can exchange.
The SBC-SIG does not send the Accept and Allow headers on any methods, including OPTIONS.
The SBC allows only the 100Rel and Replaces tags of the Supported header to pass through, while
the other tags of this header are controlled by whitelists and blacklists.
Rewriting From Header on Non-Register Requests
With this feature, users can configure the SBC on a per-adjacency basis to control whether it rewrites the
hostport section of the From header on Non-Register Requests to the outbound SIP adjacency address or
port. If the SBC is configured to allow the From header to pass through without it being rewritten, then
the SBC allows the entire header to pass through without changing it. The only exception occurs with
the Tag parameter; the SBC assigns a different value to this parameter before passing it through.
Restrictions for Rewriting From Header on Non-REGISTER Requests
This feature is not applicable for REGISTER requests.
This feature may only work limitedly with the Rewrite-Register feature.
If the From header contains a Tel URI, then the SBC does not rewrite the header since it does not
have a hostport.
Depending on the number of headers, options and SIP whitelist profiles, the SBC limits the size of
the From header that it allows to pass through to approximately 1000 bytes.
Rewriting To: Header on Non-REGISTER Requests
With this feature, users can configure the SBC on a per-adjacency basis to control whether a SIP To:
header in SIP requests is rewritten by the SBC or not. Current behavior (and the default) is to always
rewrite the hostport in the To: header to the outgoing adjacency local id/address/port and to strip any
parameters. New configurable behavior will be to pass through the To: header unchanged.
29-3
OL-13499-04
How to Implement SIP Configuration Flexibility
If the adjacency option is configured to rewrite To: header, any dialog-creating or out-of-dialog SIP
requests sent from this adjacency, except for REGISTER requests, will have the To: header rewritten to
match the outgoing Request-URI. If disabled, the To: header will be passed through unchanged,
including any parameters. This option has no effect on in-dialog requests, which always use the To:
header established at dialog creation.
Auto-detecting NAT
With the addition of a new configuration field to the SIP adjacency, it is now possible for users to specify
if the SBC must auto-detect whether a NAT is in use on that adjacency. If the SBC is configured to
auto-detect NAT, then for each request that it receives, the SBC determines whether a NAT is in use for
that endpoint. If the SBC determines that NAT is in use, then the SBC stores the bindings for that request
and uses them when sending a response. Additionally, the SBC stores and reuses bindings for
REGISTER requests for subsequent Dialog-forming and Out-of-dialog requests.
Restrictions for Auto-detecting NAT
The SBC can auto-detect NAT only by comparing the Sent-by stopper in the Via header with the
remote address and port of the message.
If the stopper contains a domain name, instead of an IP address, the SBC cannot auto-detect whether
NAT is in use. In this case, the SBC assumes that NAT is in use.
Auto-detecting NAT is applied only to Out-of-dialog requests or Dialog-forming requests.
Routing on Wildcard Domains
The SBC routing policy allows you to use the * character in a text domain name match string. This
character can match any number of characters in the called address. For example, *domain.com can
match both sip1.domain.com and sip2.domain.com.
Restrictions for Routing on Wildcard Domains
You can only specify one wildcard character in a given match string.
This feature applies only to text domain name match rules, and not to dialed digit match rules.
This section contains the steps for implementing SIP configuration flexibility.
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
5. passthrough from header
29-4
OL-13499-04
6. passthrough to header
7. nat force-on
8. exit
DETAILED STEPS
Step 1 configure
Example:
Example:
of the service.
Step 3 sbe
Example:
Example:
host1/Admin(config-sbc-sbe)# adjacency sip sipadj
name of the SIP adjacency.
Step 5 passthrough from header
Example:
host1/Admin(config-sbc-sbe-sip-adj)# passthrough
from header
Configures the SIP adjacency to disable From rewrite.
Step 6 passthrough to header
Example:
host1/Admin(config-sbc-sbe-sip-adj)# passthrough
to header
Configures the SIP adjacency to disable To rewrite.
Step 7 nat force-on
Example:
host1/Admin(config-sbc-sbe-sip-adj)# nat force-on
Configures the SIP adjacency to assume that all
endpoints are behind a NAT device. To configure the SIP
adjacency to assume that no endpoints are behind a NAT
device, use the nat force-off command. By default, the
SBC autodetects whether the endpoints are behind a
NAT device.
Step 8 exit
Example:
host1/Admin(config-sbc-sbe-sip-adj)# exit
C H A P T E R
30-1
OL-13499-04
30
SIP-I Transparency and Profile Support
This feature enables the Session Border Controller (SBC) to pass through the ISDN User Part (ISUP)
parameters in Session Initiation Protocol (SIP) messages that may have been added by a SIP or Public
Switched Telephone Network (PSTN) interworking gateway.
SIP is an application layer protocol for establishing, terminating, and modifying multimedia sessions.
ISUP is a level-four protocol used in SS7 networks to control telephone calls and for maintenance of the
network, such as blocking circuits or resetting circuits. The mapping between these two protocols is
carried out by Media Gateway Controller (MGC). In the SBC, the ISUP parameters may be carried in
the SIP Request-Uniform Resource Identifier (URI) or the SIP message body.
Feature History for SIP-I Transparency and Profile Support
Contents
Restrictions for SIP-I Transparency and Profile Support, page 30-1
Information about SIP-I Transparency and Profile Support, page 30-2
How to Implement SIP-I Transparency and Profile Support, page 30-2
Restrictions for SIP-I Transparency and Profile Support
The following restrictions and limitations apply to Session Initiation Protocol (SIP)-I transparency and
profile support:
The SBC allows only non-Session Description Protocol (SDP) bodies in SIP messages to pass
through or be stripped. This feature is further limited to a single per-adjacency flag.
30-2
OL-13499-04
Information about SIP-I Transparency and Profile Support
If an existing single per-adjacency flag controls the passing through of non-SDP bodies, this flag
does not control non-essential methods.
If multiple SDP content types are present in a request, the method is rejected and a 501 response
code is generated.
If dual tone multifrequency (DTMF) internetworking is enabled for a call, the INFO messages
containing a DTMF digit may not pass through.
The SBC does not support Secure Multipurpose Internet Mail Extensions (S/MIME) encryption or
decryption. While the SBC may allow encrypted bodies to pass through, it does not modify them.
In compliance with Section 8.2.1.1 of RFC 3398, the SBC does not support a From header without
a username.
The total size of the MIME bodies and associated header allowed to pass through is limited to
approximately 1000 bytes. The final size allowed depends on the structure of the headers and MIME
bodies and should not exceed 2000 bytes.
The SBC may not preserve the original order of MIME bodies and may insert the SDP as the first
body part.
This feature does not work in conjunction with H.323.
Since the SBC considers BYE requests on a hop-by-hop basis, it does not pass any information using
a BYE response it received.
The SBC allows the user=phone URI parameter on the Request-URI to pass through.
The SBC may alter the MIME boundary of a message.
Information about SIP-I Transparency and Profile Support
The SBC supports the following:
Application or SDP is processed on INVITE, UPDATE, and PRACK requests and their responses.
Application or DTMF-info is processed on INFO to allow DTMF tones to pass through.
The NOTIFY messages on message or SIP-frag is analyzed to find out whether it indicates that a
subscription or refer dialog is to be terminated.
How to Implement SIP-I Transparency and Profile Support
This section contains the steps for configuring a SIP adjacency for SIP-I passthrough.
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
5. sipi passthrough
6. exit
30-3
OL-13499-04
DETAILED STEPS
# show services sbc mySbc sbe adjacencies SipToIsp42 detail
SBC server mySbc
Adjacency SipToIsp42
Status: Attached
Signaling address: 10.2.0.122:5060
Signaling-peer: 200.200.200.179:8888
Force next hop: No
Account: core
Group: None
In Header Profile: Default
Out Header Profile: Default
In UA option profile: Default
Out UA option profile: Default
In proxy option profile: Default
Priority set name: Default
Local-id: None
Step 1 configure
Example:
Example:
of the service.
Step 3 sbe
Example:
Example:
Step 5 sipi passthrough
Example:
host1/Admin(config-sbc-sbe-adj-sip)# sipi
passthrough
Configures the SIP adjacency for SIP-I passthrough.
Step 6 exit
Example:
30-4
OL-13499-04
NAT Status: Auto-Detect
Authenticated mode: None
Authenticated realm: None
Authenticated nonce life time: 300 seconds
IMS visited NetID: NOne
Force next hop: No
Home network ID: None
SIPIpassthrough: No
Redirect mode: Passthrough
C H A P T E R
31-1
OL-13499-04
31
DoS Prevention and Dynamic Blacklisting
Denial of Service (DoS) prevention and dynamic blacklisting is used by the Session Border Controller (SBC)
to block malicious endpoints from attacking the network.
The SBC must monitor signaling traffic and dynamically detect potential attacks without disrupting the rest
of the services that it provides. The attacks can then be blocked internally or externally.
DoS attacks are generally performed on Internet services to deny these services to others. They are
usually aimed at the provider of the service, and are either purely malicious vandalism or part of an
attempt at extortion.
Blacklisting is the process of matching inbound packets based on parameters, such as source IP
addresses, and preventing the packets that match those parameters from being processed.
Dynamic blacklists put in place automatically (subject to a set of configurable constraints) by the SBC
when it detects an attempt to disrupt traffic flowing through it. Dynamic blacklisting does not require
management interference. It can occur within milliseconds of the start of an attack and can change and
adapt as the attack changes providing immediate network protection.
Feature History for Restricting Codecs
Contents
Prerequisites for DoS Prevention and Dynamic Blacklisting, page 31-2
Restrictions for DoS Prevention and Dynamic Blacklisting, page 31-2
Information About DoS Prevention and Dynamic Blacklisting, page 31-3
How to Configure Dynamic Blacklisting, page 31-4
Examples of Configuring, Removing, and Displaying Dynamic Blacklisting, page 31-7
31-2
OL-13499-04
Prerequisites for DoS Prevention and Dynamic Blacklisting
Prerequisites for DoS Prevention and Dynamic Blacklisting
The following prerequisites are required for dynamic blacklisting:
at
186a00806838f4.html.
The SBC must already be created. See the procedures described in the ACE Configuration
Prerequisites for the SBC section.
Restrictions for DoS Prevention and Dynamic Blacklisting
Review the following restrictions for dynamic blacklisting:
Only Session Initiation Protocol (SIP) traffic is analyzed in ACE SBC Release 3.0.00. Attacks over
H.323 are not protected. However, an attack over SIP may also result in H.323 traffic being blocked.
Packets are classified as either signaling or media according to the port where they are sent:
Ports below 10,000 are signaling.
Ports above 10,000 are media.
A global rate limit is applied to ensure that the overall load across all sources and destinations does
not exceed the CPU capacity (the default limiter 8000 pps/1000 Mbps).
The hard-coded initial settings for each event type on each IP address are configured to hold 4 events
for 100 milliseconds. If the configured values are exceeded, the IP address is blacklisted for 10
minutes.
If you have an explicitly configured limit for a single IP address or port, any trigger and blocking
time values defined in that configuration will override the default. Table 31-1 displays where the
parameters of the event limits at each scope for a given message can be configured. The limits are
different if the message source is on a global address space or VPN.
Blacklist enablement is defined as 'When an 'E'vent (for example, authentication-failure) that is
being monitored, occurs exceeding the 'N'umber of times configured (trigger-size <>) within the
'W'indow (trigger-period <>), then activate the dynamic access control list for a 'T'ime period
(timeout <>).
The following events can be monitored as reasons for DOS detection policies:
authentication-failureIf the SBC is locally authenticating the UAs or peers, then any
authentication failure will count as one event.
bad-addressThis event is generated when an unexpected source sends a packet that reaches
the SBC; the packet will be dropped.
routing-failureThis event is generated when traffic fails to find a match in routing policy.
endpoint-registration This event is generated when an end point is registering through the
SBC and the registration is rejected.
corrupt-messageThis event is generated when a signalling message cannot be decoded by
the application or contains a protocol exception/violation.
31-3
OL-13499-04
Information About DoS Prevention and Dynamic Blacklisting
policy-rejectionThis is a complex category as it essentially monitors for CAC policy failures
(that is, a negative result from CAC policy). This category therefore includes rate, count, and
bandwidth limits and makes no distinction between them.
Any given endpoint can have up to three blacklisted events being monitored at a given time on a
per-port, per-address, and per-VPN basis. Within the address source type, there is the following
order of precedence:
Limits configured per specific IPv4 address
Default limits of the parent VRF address space
Default limits of the global address space (if different from the parent VRF)
The hard-coded address limits.
When only a global address space blacklist is defined (no VRF specific blacklist), this will be used
to blacklist addresses in all configured VRFs.
VRF based blacklist limits will override any per source or address-default limits already set. You
cannot use per IP address scope to override behavior in VRF space.
When a blacklist created dynamic ACL is active, all sessions matching the scope are impacted,
including the ones that are active.
Dynamic ACLs remain active until the expiration of T or clearing of the blacklist configuration.
Port specific blacklist configuration is not possible.
The SBC does generate an SNMP trap when a blacklist is activated.
Information About DoS Prevention and Dynamic Blacklisting
There are two types of events that might indicate behavior that would cause blacklisting: low- and
high-level attacks.
Low-level attacks
An overwhelming volume of traffic sent at line rate to devices that perform a significant amount of
processing per packet.
Table 31-1 Priority of Event Limit Parameters
Scope of Event
Limit
Event Limit Parameter Sources (Highest Priority First)
Global Address Space VPN
Port 1. Explicit limit for this port
2. Default for this IP address
1. Explicit limit for this port
2. Default for this IP address
Address 1. Explicit limit for this address
2. Default for global IP addresses
3. Hard-coded initial settings
1. Explicit limit for this address
2. Default for addresses on this
VPN
3. Default for global IP addresses
4. Hard-coded initial settings
VPN Explicit limit for the global address space. 1. Explicit limit for this VPN
2. Limit set for the global address
space
31-4
OL-13499-04
How to Configure Dynamic Blacklisting
High-level attacks
Attacks on any bottlenecks within the signaling plane or application layers.
The SBC packet filter (SPF) is a new component designed to defend against low-level attacks. The SPF
resides with the Media Packet Forwarder (MPF) component on the network processing unit (NPU) and
provides low-level DoS prevention for standalone data border element (DBE) and unified SBC
deployment scenarios.
A new component is added to the signaling border element (SBE) to detect high-level attacks and create
dynamic blacklists based on these attacks. The dynamic blacklist is configured using the command line
interface (CLI). It receives events from other SBE components and generates alerts to start or stop the
blacklisting of certain messages. Events that might form part of a high-level attack are detected by other
SBE components and sent to the SBE Dynamic Blacklisting Component to collects statistics on their rate
of occurrence.
Dynamic blacklisting limitations:
Media packets must match a valid entry in the flow table or they are dropped.
Valid media packets must not exceed bandwidth limits established in call signaling. Non-conferment
packets are dropped.
Signaling packets are rate-limited by the source port in an attempt to halt forceful packet floods early
(the default limiter is 1000 pps/100 mpbs).
Signaling packets that are not destined to a valid local port are dropped.
Signaling packets are rate-limited by destination port (the default limiter is 4000 pps/500 Mbps).
Limits can be configured for specific events from the following source(s): a VPN ID, an IP address,
or a port at a specific IP address.
Default limits on event rates may be defined for all source IP addresses on a VPN, and for all ports
on a given IP address. The default limits on each IP address are automatically set at the start of day,
but their parameters can be reconfigured. By default, no event limits are configured for ports.
The SBC monitors events per IP address by default. You can also configure the SBC to monitor an entire
VPN or a particular port. If any limit in a VPN is then exceeded, the entire VPN is blacklisted. If a limit
for a port is exceeded, the port and its IP address are blacklisted.
The SBC applies a default event limit to each limit source, but you can change them.
You can configure dynamic blacklisting as explained in the following sections:
Configuring Blacklist Parameters for an IP Address, Port, or VPN, page 31-4
Configuring an End to Blacklisting, page 31-7
Configuring Blacklist Parameters for an IP Address, Port, or VPN
To configure the event limits for a specific source, use the following commands.
SUMMARY STEPS
1. configure
31-5
OL-13499-04
2. sbc service-name sbe blacklist source
3. description text
4. reason event
5. trigger-size number
6. trigger-period time
7. timeout timeframe
8. exit
9. exit
10. show services sbc service-name sbe blacklist configured-limits
11. show services sbc service-name sbe blacklist source
12. show services sbc service-name sbe blacklist current-blacklisting
DETAILED STEPS
Step 1 configure
Example:
Step 2 sbc service-name sbe blacklist source
Example:
host1/Admin(config)# sbc mysbc sbe blacklist
ipv4 25.25.25.5
Enters the submode for configuring the event limits for a
given source.
service.
The no form of this command returns the limits to the
default values.
Note Any event limit parameters that are not configured
in this submode are configured with the default as
follows:
port = port-default value for its address
IP address = address-default value for the VPN
VPN = value for the global address space
global address space = no limit
Example:
host1/Admin(config-sbc-sbe-blacklist)#
description NAT of XYZ Corp
Adds a description for source and its event limits using a
readable text string format.
used for this source.
31-6
OL-13499-04
Step 4 reason event
Example:
host1/Admin(config-sbc-sbe-blacklist)# reason
authentication-failure
Enters a submode for configuring a limit for a specific event
type on the source.
The no form of this command returns the event limit to its
default values.
An event includes:
authentication-failure (requests that fail to be
authenticated)
bad-address (packets from unexpected addresses)
routing-failure (requests that fail to be routed by SBC)
endpoint-registration (all endpoint registrations)
policy-rejection (requests that are rejected by
configured policy)
corrupt-message (signaling packets that are too corrupt
to be parsed by the relevant protocol)
Step 5 trigger-size number
Example:
host1/Admin(config-sbc-sbe-blacklist-reason#
trigger-size 5
Defines the number of events from the specified source that
are allowed before the blacklisting is triggered and all
packets are blocked from the source.
Range can be 0 to 65535,
Step 6 trigger-period time
Example:
host1/Admin(config-sbc-sbe-blacklist-
reason)# trigger-period 20 milliseconds
Defines the period of time that events are considered.
time is expressed as number unit where number is an integer
and unit is one of: milliseconds, seconds, minutes, hours, or
days.
Default period of time is between 10 milliseconds and 23
days.
Step 7 timeout time
Example:
reason)# timeout 180 seconds
Defines the length of time when packets from the source are
blocked if the configured limit is exceeded.
time can have the following values:
0 = the source is not blacklisted
never = the blacklisting is permanent
number unit where number is an integer and unit is
seconds, minutes, hours, or days
Default period of time is less than 23 days.
Step 8 exit
Example:
reason)# exit
Exits the reason mode to the blacklist mode.
Step 9 exit
Example:
host1/Admin(config-sbc-sbe-blacklist)# exit
Exits the blacklist mode to the SBE mode.
31-7
OL-13499-04
Examples of Configuring, Removing, and Displaying Dynamic Blacklisting
Configuring an End to Blacklisting
Use the following command to remove the source from the blacklist:
clear services sbc service-name sbe blacklist source
For the service-name parameter, enter the name of the SBC.
For the source parameter enter the name of the blacklist.
Examples of Configuring, Removing, and Displaying Dynamic
Blacklisting
This section provides a sample configuration and output for dynamic blacklisting, removing a source
from being blacklisted, and also displaying configured limits.
Example of Configuring Dynamic Blacklisting
This blacklist is configured for global address space withone authentication failure from all possible
address sources to be captured within a 100 milliseconds window. The ACL created (blacklist) should
never timeout.
host1/Admin(config-sbc-sbe-blacklist-addr-default)# reason authentication-failure
host1/Admin(config-sbc-sbe-blacklist-addr-default)# timeout never
host1/Admin(config-sbc-sbe-blacklist-addr-default)# trigger-size 1
Step 10 show services sbc service-name sbe blacklist
configured-limits
Example:
host1/Admin(config-sbc-sbe)# show sbc mysbc sbe
blacklist configured-limits
Displays detailed information about the explicitly
configured limits.
Any values not explicitly defined for each source are
displayed in brackets.
source
Example:
mysbc sbe blacklist vpn3 ipv4 172.19.12.12
List the limits that are currently in place for a specific
source (in this example, VPN). This includes any defaults or
explicitly configured limits.
It also includes any defaults of a smaller scope that are
configured at this address.
Any values that are not explicitly configured are bracketed
(these are the values that are inherited from other defaults).
current-blacklisting
Example:
mysbc sbe blacklist current-blacklisting
Lists the limits that are causing the source(s) to be
blacklisted.
31-8
OL-13499-04
host1/Admin(config-sbc-sbe-blacklist-addr-default)# trigger-period 100 milliseconds
This blacklist is configured is for global address space, five packets from unexpected source within a one
minute window. The ACL is to time out in 24 hours.
host1/Admin(config-sbc-sbe-blacklist)# ipv4 10.5.1.21
host1/Admin(config-sbc-sbe-blacklist-ipv4)# reason bad-address
host1/Admin(config-sbc-sbe-blacklist-ipv4)# timeout 1 days
host1/Admin(config-sbc-sbe-blacklist-ipv4-reason)# trigger-size 5
host1/Admin(config-sbc-sbe-blacklist-ipv4-reason)# trigger-period 1 minutes
Example of Removing a Source from the Blacklist
The following example shows the syntax for removing blacklist from the SBC:
host1/Admin# clear services sbc mysbc sbe blacklist blacklist
host1/Admin#
Example of Displaying All Configured Limits
The following example shows configured limits for various types of blacklisting:
ACE-105-UUT1-1/Admin# show services sbc uut105-1 sbe blacklist configured-limits
SBC Service ''uut105-1''
Global
========
Reason Trigger Trigger Blacklisting
Size Period Period
--------------------------------------------------------------
Authentication 30 30 secs 30 secs
Bad Address (0) (0 days) (0 days)
Routing (0) (0 days) (0 days)
Registration (0) (0 days) (0 days)
Policy (0) (0 days) (0 days)
Corrupt (0) (0 days) (0 days)
vpn1
======
Size Period Period
--------------------------------------------------------------
Authentication (30) (30 secs) (30 secs)
Registration 50 50 secs 50 secs
Default for all addresses
===========================
Size Period Period
--------------------------------------------------------------
Authentication (4) (100 ms) (10 mins)
Bad Address (4) (100 ms) (10 mins)
Routing (4) (100 ms) (10 mins)
Registration (4) (100 ms) (10 mins)
Policy (4) (100 ms) (10 mins)
31-9
OL-13499-04
Corrupt 40 40 secs 40 secs
Admin 1.1.1.1
===============
Size Period Period
--------------------------------------------------------------
Authentication (4) (100 ms) (10 mins)
Routing 10 20 secs 20 secs
Corrupt (40) (40 secs) (40 secs)
ACE-105-UUT1-1/Admin#
Examples of Using Show Commands with Blacklisting
The following example shows the command required to list the limits that are currently in place for a
specific source (in this example, VPN). This includes any defaults or explicitly configured limits. It also
includes any defaults of a smaller scope that are configured at this address. Any values that are not
explicitly configured are bracketed (these are the values that are inherited from other defaults).
host1/Admin# show sbc mysbc sbe blacklist vpn3 ipv4 172.19.12.12
SBC Service "mySbc" SBE dynamic blacklist vpn3 172.19.12.12
vpn3 172.19.12.12
=================
Size Period Period
------ ------- ------- ------------
Authentication (20) 10 ms (1 hour)
Bad address (20) 10 ms (1 hour)
Routing (20) 10 ms (1 hour)
Registration (5) 100 ms (10 hours)
Policy (20) 10 ms (1 day)
Corrupt 40 10 ms (1 hour)
Default for ports of vpn3 172.19.12.12
======================================
Size Period Period
------ ------- ------- ------------
Authentication 20 1 sec 1 hour
Bad address 20 1 sec 1 hour
Routing 20 1 sec 1 hour
Registration 5 30 sec 10 hours
Policy 20 1 sec 1 day
Corrupt 20 100 ms 1 hour
The following example shows the command required to list the limits that are causing the source(s) to
be blacklisted:
host1/Admin# show sbc mysbc sbe blacklist current-blacklisting
SBC Service "mySbc" SBE dynamic blacklist current members
Global addresses
================
Source Source Blacklist Time
Address Port Reason Remaining
31-10
OL-13499-04
------- ------ --------- ---------
125.125.111.123 All Authentication 15 mins
125.125.111.253 UDP 85 Registration 10 secs
144.12.12.4 TCP 80 Corruption Never ends
VRF: vpn3
=========
------- ------ --------- ---------
132.15.1.2 TCP 285 Registration 112 secs
172.23.22.2 All Policy 10 hours
This example shows the configured limits:
host1/Admin# show services sbc MySBC sbe blacklist configured-limits
SBC Service "MySBC"
Global
========
Size Period Period
--------------------------------------------------------------
Authentication (0) (0 days) (0 days)
Registration (0) (0 days) (0 days)
===========================
Size Period Period
--------------------------------------------------------------
Authentication 1 100 ms Forever
Corrupt (4) (100 ms) (10 mins)
Admin 10.5.1.21
=================
Size Period Period
--------------------------------------------------------------
Authentication (1) (100 ms) (Forever)
Bad Address 5 1 mins 1 days
Corrupt (4) (100 ms) (10 mins)
Note Watch out for the default configurations already in effect. Only the applied configurations are modified.
This example shows current blacklisting.
host1/Admin# show services sbc MySBC sbe blacklist current-blacklisting
SBC Service "MySBC" SBE dynamic blacklist current members
Global addresses
31-11
OL-13499-04
================
------- ------ --------- ---------
10.5.1.31All Authentication Forever
31-12
OL-13499-04
C H A P T E R
32-1
OL-13499-04
32
Early Media
The Early Media feature is supported for Session Initiation Protocol (SIP) and H.323 calls. Early Media
is the ability of two user agents to communicate before a call is actually established. Support for early
media is important both for interoperability with the Public Switched Telephone Network (PSTN) and
billing purposes.
Early Media is defined when media begins to flow before the call is officially connected. Media channels
are set up prior to the call connection. These channels are used to provide the ring tone that the caller
hears and are not generated by the callers endpoint or other queuing services, for example, hold music.
Feature History for Early Media
Contents
Restrictions for the Early Media Support, page 32-1
Information About Early Media, page 32-2
Restrictions for the Early Media Support
The restrictions for Early Media Support are:
SBC offers support for the gateway model of early media (as defined in RFC 3960).
Early media does not work with endpoints which send late SDP.
SBC does not currently support RFC 3312.
32-2
OL-13499-04
Chapter 32 Early Media
Information About Early Media
Information About Early Media
Current implementations support early media through the 183 response code. When the called party
wishes to send early media to the caller, it sends a 183 response to the caller. This response contains the
Session Description Protocol (SDP). When the caller receives the response, it suppresses any local
alerting of the user (for example, audible ring tones or a pop-up window) and begins playing out the
media that it receives. The SDP in the 183 response provides an address, to which the real-time control
protocol (RTCP) packets can be sent.
Some implementations take media from the caller, and send it to the callee as well. If the call is
ultimately rejected, the called party generates a non-2xx final response. When this response is received
by the caller, it ceases playing out, or sending media. However, if the call is accepted, the called party
generates a 2xx response (generally, with the same SDP as in the 183 response), and sends it to the caller.
The media transmission continues as before.
In addition, the SBC supports the following for early media:
Renegotiation of the media after early media is flowing (before and after the call is connected).
Media renegotiation is supported on the SBC using the PRACK and UPDATE methods.
Optional SIP UPDATE support by SIP endpoints (including early media without UPDATE support).
RFC 3312 preconditions.
Configurable SIP support of Required, Supported, and Proxy-Require headers.
A per-adjacency flag to allow interoperability with the Cisco Gateways non-standard PRACK
behavior.
C H A P T E R
33-1
OL-13499-04
33
The late-to-early media internetworking feature is supported for Session Initiation Protocol (SIP) calls.
Early Media is the ability of two user agents to communicate before a call is actually established. Early
Media can flow when the caller makes a media proposal on the initial call setup request and the callee
responds to the offer before the call is connected. The SBC provides interoperability between SIP
devices that do not provide SDP on their INVITEs and SIP devices that require SDP on INVITEs they
receive. This occurs when
An endpoint caller wants to negotiate media after the INVITE has been accepted (late media) and
does not include an SDP offer on the initial INVITE
The callee that expects an SDP offer on the initial INVITE, which it then answers with a 1XX
response (early media).
The normal negotiation for media is for the caller to include an SDP offer on the initial INVITE and for
the callee to accept with a 200 response. However,
Late media is used by some endpoints, such as call agents that want to allow the callee to select the
media used.
Early media is used by some more recent endpoints that need to support media flow before the call
is accepted, such as a pre-call announcement or in-band tones from a Call Hold server.
In order to interwork between a late media caller and an early media callee, the SBC sends an invite to
the callee that includes an SDP offer of media. The SBC then sends appropriate messages between the
caller and callee, depending on the responses from each.
The SBC supports this interworking on a per-adjacency basis. You can configure each adjacency to
require late-to-early media interworking for calls made to that adjacency and/or for calls made from that
adjacency.
Feature History for Early Media
Contents
Restrictions for Late-to-Early Media Internetworking Support, page 33-2
Configuring Late-to-Early Media Internetworking, page 33-2
33-2
OL-13499-04
Restrictions for Late-to-Early Media Internetworking Support
Configuration Example, page 33-8
Verification, page 33-11
Restrictions for Late-to-Early Media Internetworking Support
The restrictions for late-to-early media internetworking are:
This feature applies only to SIP-to-SIP calls, it does not apply to SIP-to-H.323 interworking calls.
This feature applies only to IPv4; you cannot use it with IPv6 addressing.
If the caller refines the media chosen by the callee, this is sent back to the callee in a PRACK.
However, if the callee attempts to refine the media again, the event is logged but it is not passed back
to the caller.
Because the SBC generates SDPs, any calls using this feature cannot use media bypass.
The SBC only generates SDPs offering a single audio stream. If the caller and callee want to
negotiate video, fax, or other media streams, they can renegotiate this after the call has been
established.
If the callee attempts to send early media either before or without sending a reliable 1XX INVITE,
the SBC will drop that media; it will not reach the caller.
The callee must not send unreliable 1XX INVITE responses because the caller would interpret them
as an out-of-sequence SDP offer. For late-to-early interworking calls, the SBC sets 100rel as
mandatory in order to forbid the callee from sending unreliable responses only if the caller side
supports 100rel.
Late-to-early media interworking must not be used with the Gq IMS interface. This interface does
not provide the SBC with the local media address necessary to create an SDP offer (and will likely
result in calls with incorrect media paths).
Configuring Late-to-Early Media Internetworking
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
5. nat force-off
6. preferred-transport udp
7. redirect-mode pass-through
8. authentication nonce timeout value
9. signaling-address ipv4
10. signaling-port
11. remote-address ipv4
12. signaling-peer
33-3
OL-13499-04
13. signaling-peer-port
14. dbe-location-id
15. account
16. reg-min-expiry
17. media-late-to-early-iw {incoming | outgoing}
18. attach
19. exit
20. exit
21. sip inherit profile
22. cac-policy-set
23. first-cac-table
24. first-cac-scope
25. averaging-period
26. cac-table
27. match-type
28. entry
29. match-value
30. action cac-complete
31. max-bandwidth
32. max-updates
33. max-channels
34. early-media-type
35. early-media-timeout
36. codec-restrict-to-list
37. caller-codec-list
38. callee-privacy
39. caller-privacy
40. exit
41. exit
42. complete
43. exit
44. active-cac-policy-set
33-4
OL-13499-04
DETAILED STEPS
Step 1 configure
Example:
Example:
Enters the submode for configuring the method profile.
service.
Step 3 sbe
Example:
Example:
sipGW
Configures an adjacency.
Step 5 nat force-off
Example:
Configures a SIP adjacency to assume that all endpoints are
behind a NAT device.
Step 6 preferred-transport udp
Example:
Sets the preferred transport protocol for SIP signaling on an
adjacency.
Step 7 redirect-mode pass-through
Example:
redirect-mode recurse
Configures the behavior of SBC on receipt of a 3xx
response to an invite from the SIP adjacency.
Step 8 authentication nonce timeout value
Example:
host1/Admin(config-sbe-adj-sip)# authentication
nonce timeout 10
Configures the authentication nonce timeout for a SIP
adjacency.
Step 9 signaling-address ipv4
Example:
Defines the local IPv4 signaling address of an H.323 or SIP
adjacency.
33-5
OL-13499-04
Step 10 signaling-port
Example:
signaling-port 5000
Defines the local port of signaling address of an H.323 or
SIP adjacency.
Step 11 remote-address ipv4
Example:
host1/Admin((config-sbc-sbe-adj-sip)#
Configures an H.323 or SIP adjacency to restrict the set of
remote signaling peers that can be contacted over the
adjacency to those with the given IP address prefix.
Step 12 signaling-peer
Example:
signaling-peer gk andrew
Configures an H.323 or SIP adjacency to use the given
remote signaling-peer.
Step 13 signaling-peer-port
Example:
Configures an H.323 or SIP adjacency to use the given
remote signaling-peers port.
Step 14 dbe-location-id
Example:
dbe-location-id 1
Configures an adjacency to use a given media gateway DBE
location when routing media.
Step 15 account
Example:
isp42
Defines a SIP or H.323 adjacency account on an SBE.
Step 16 reg-min-expiry
Example:
reg-min-expiry 300
Configures the minimum registration period in seconds on
the SIP adjacency.
Step 17 media-late-to-early-iw {incoming | outgoing}
Example:
host1/Admin(config-sbe-adj-sip)#
media-late-to-early-iw incoming
Configures late-to-early media interworking (iw).
Step 18 attach
Example:
Attaches an adjacency to an account on an SBE.
33-6
OL-13499-04
Step 19 exit
Example:
Step 20 exit
Example:
host1/Admin(config-sbc-sbe-adj)# exit
Step 21 sip inherit profile
Example:
host1/Admin(config-sbc-sbe)# sip inherit
profile preset-p-cscf-access
Configures a global inherit profile.
Step 22 cac-policy-set
Example:
Enters the submode of CAC policy set configuration within
an SBE entity.
Step 23 first-cac-table
Example:
Step 24 first-cac-scope
Example:
first-cac-scope src-adjacency
Step 25 averaging-period
Example:
averaging-period 5
Configures the size of the averaging period used by CAC for
its rate calculations.
Step 26 cac-table
Example:
Creatse or configures an admission control table.
Step 27 match-type
Example:
match-type call-priority
Configure the match type of an admission control table.
33-7
OL-13499-04
Step 28 entry
Example:
entry 1
Step 29 match-value
Example:
ntry)# match-value acme
control table.
Step 30 action cac-complete
Example:
ntry)# action cac-complete
Specifies that when an event matches, this CAC policy is
complete.
Step 31 max-bandwidth
Example:
ntry)# max-bandwidth 6000000
Configures the maximum bandwidth for an entry in an
Step 32 max-updates
Example:
ntry)# max-updates 500
Configures the maximum call updates for an entry in an
Step 33 max-channels
Example:
ntry)# max-channels 50
Configure the maximum number of channels for an entry in
an admission control table.
Step 34 early-media-type {backward-half-duplex |
forward-half-duplex | full-duplex}
Example:
ntry)# early-media-type full-duplex
Configures the direction of early media to allow for an entry
in a call admission control table.
Step 35 early-media-timeout
Example:
ntry)# early-media-timeout 90
Configures the amount of time for which to allow
early-media before a call is established.
Step 36 codec-restrict-to-list
Example:
ntry)# codec-restrict-to-list my_codecs
Configures the CAC to restrict the codecs used in signaling
a call to the set of codecs given in the named list.
33-8
OL-13499-04
Configuration Example
The following example shows a Late-to-Early Media Internetworking configuration.
host1/Admin(config-sbc-sbe)# adjacency sip SIPP-1
Step 37 caller-codec-list
Example:
ntry)# caller-codec-list test
Lists the codecs that the caller leg of a call is allowed to use.
Step 38 callee-privacy
Example:
ntry)# callee-privacy always
messages sent from callee to caller.
Step 39 caller-privacy
Example:
ntry)# caller-privacy always
messages sent from caller to callee.
Step 40 exit
Example:
ntry)# exit
Step 41 exit
Example:
Step 42 complete
Example:
Completes the CAC-policy or call-policy set after
committing the full set.
Step 43 exit
Example:
Step 44 active-cac-policy-set
Example:
host1/Admin (config-sbc-sbe)#
Sets the active CAC-policy-set within an SBE entity.
33-9
OL-13499-04
host1/Admin(config-sbe-adj-sip)# preferred-transport udp
host1/Admin(config-sbe-adj-sip)# redirect-mode pass-through
host1/Admin(config-sbe-adj-sip)# signaling-port 5060
host1/Admin(config-sbe-adj-sip)# remote-address ipv4 202.202.202.11 255.255.255.255
host1/Admin(config-sbe-adj-sip)# signaling-peer 202.202.202.11
host1/Admin(config-sbe-adj-sip)# signaling-peer-port 5060
host1/Admin(config-sbe-adj-sip)# dbe-location-id 4294967295
host1/Admin(config-sbe-adj-sip)# account SIPP-1
host1/Admin(config-sbe-adj-sip)# reg-min-expiry 3000
host1/Admin(config-sbe-adj-sip)# media-late-to-early-iw incoming
host1/Admin(config-sbe-adj-sip)# attach
host1/Admin(config-sbe-adj-sip)# exit
host1/Admin(config-sbe-adj)# exit
host1/Admin(config-sbc-sbe)# adjacency sip SIPP-2
host1/Admin(config-sbe-adj-sip)# preferred-transport udp
host1/Admin(config-sbe-adj-sip)# redirect-mode pass-through
host1/Admin(config-sbe-adj-sip)# signaling-port 5060
host1/Admin(config-sbe-adj-sip)# remote-address ipv4 201.201.201.11 255.255.255.255
host1/Admin(config-sbe-adj-sip)# signaling-peer 201.201.201.11
host1/Admin(config-sbe-adj-sip)# signaling-peer-port 5060
host1/Admin(config-sbe-adj-sip)# dbe-location-id 4294967295
host1/Admin(config-sbe-adj-sip)# account SIPP-2
host1/Admin(config-sbe-adj-sip)# reg-min-expiry 3000
host1/Admin(config-sbe-adj-sip)# media-late-to-early-iw outgoing
host1/Admin(config-sbe-adj-sip)# attach
host1/Admin(config-sbe-adj-sip)# exit
host1/Admin(config-sbe-adj)# exit
host1/Admin(config-sbc-sbe)# sip inherit profile preset-core
host1/Admin(config-sbc-sbe-cacpolicy)# first-cac-table table
host1/Admin(config-sbc-sbe-cacpolicy)# cac-table table
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# match-value SIPP-1
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# codec-restrict-to-list
allowed_caller
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# caller-codec-list allowed_caller
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# match-value SIPP-2
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# codec-restrict-to-list allowed
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# callee-codec-list allowed
33-10
OL-13499-04
host1/Admin/Admin(config-sbc-sbe)# retry-limit 3
host1/Admin/Admin(config-sbc-sbe)# call-policy-set 1
host1/Admin(config-sbc-sbe-rtgpolicy)# first-call-routing-table start-table
host1/Admin(config-sbc-sbe-rtgpolicy)# rtg-src-adjacency-table start-table
host1/Admin(config-sbc-sbe-rtgpolicy-entry)# entry 1
host1/Admin(config-sbc-sbe-rtgpolicy-entry)# action complete
host1/Admin(config-sbc-sbe-rtgpolicy-entry)# dst-adjacency SIPP-1
host1/Admin(config-sbc-sbe-rtgpolicy-entry)# match-adjacency SIPP-2
host1/Admin(config-sbc-sbe-rtgpolicy-entry)# exit
host1/Admin(config-sbc-sbe-rtgpolicy)# entry 2
host1/Admin(config-sbc-sbe-rtgpolicy-entry)# action complete
host1/Admin(config-sbc-sbe-rtgpolicy-entry)# dst-adjacency SIPP-2
host1/Admin(config-sbc-sbe-rtgpolicy-entry)# match-adjacency SIPP-1
host1/Admin(config-sbc-sbe-rtgpolicy)# exit
host1/Admin (config-sbc-sbe)# sip max-connections 2
host1/Admin (config-sbc-sbe)# sip timer
host1/Admin (config-sbc-sbe-tmr)# tcp-idle-timeout 120000
host1/Admin (config-sbc-sbe-tmr)# tls-idle-timeout 3600000
host1/Admin (config-sbc-sbe-tmr)# udp-response-linger-period 32000
host1/Admin (config-sbc-sbe-tmr)# udp-first-retransmit-interval 500
host1/Admin (config-sbc-sbe-tmr)# udp-max-retransmit-interval 4000
host1/Admin (config-sbc-sbe-tmr)# invite-timeout 180
host1/Admin (config-sbc-sbe-tmr)# exit
host1/Admin (config-sbc-sbe)# codec-list allowed
host1/Admin(config-sbc-sbe-codec-list)# description allowed codecs
host1/Admin(config-sbc-sbe-codec-list)# codec PCMA
host1/Admin(config-sbc-sbe)# codec-list allowed_caller
host1/Admin(config-sbc-sbe-codec-list)# description caller
host1/Admin(config-sbc-sbe-codec-list)# codec PCMA
host1/Admin(config-sbc-sbe-h323)# ras timeout brq 3000
host1/Admin(config-sbc-sbe-h323)# ras retry brq 2
host1/Admin(config-sbc-sbe-h323)# ras timeout drq 3000
host1/Admin(config-sbc-sbe-h323)# ras retry drq 2
host1/Admin(config-sbc-sbe-h323)# ras timeout grq 5000
host1/Admin(config-sbc-sbe-h323)# ras retry grq 2
host1/Admin(config-sbc-sbe-h323)# ras timeout rrq 3000
host1/Admin(config-sbc-sbe-h323)# ras retry rrq 2
host1/Admin(config-sbc-sbe-h323)# ras timeout urq 3000
host1/Admin(config-sbc-sbe-h323)# ras retry urq 1
host1/Admin(config-sbc-sbe-h323)# adjacency timeout 30000
host1/Admin(config-sbc-sbe)# deact-mode normal
33-11
OL-13499-04
Verification
host1/Admin(config-sbc-dbe)# media-address ipv4 201.201.201.20
Verification
The followning example shows adjacencies.
host1/Admin# show services sbc test sbe adjacencies 7600-1 de
SBC Service "test"
Adjacency 7600-1 (SIP)
Status: Attached
Signaling address: 22.22.22.2:5060, VRF Admin
Signaling-peer: 33.33.33.3:5060
Remote address: 33.33.33.3 255.255.255.255
Force next hop: No
Account:
Group: None
In header profile: Default
Out header profile: Default
In UA option prof: Default
Out UA option prof: Default
In proxy opt prof: Default
Out proxy opt prof: Default
Priority set name: None
Local-id: None
NAT Status: Auto Detect
Auth. nonce life time: 300 seconds
IMS visited NetID: None
Force next hop: No
Home network Id: None
SIPI passthrough: No
Command Purpose
host1/Admin# show services sbc sbc-name sbe
cac-policy-set id table name entries
Lists a summary of the CAC policy tables associated with the
given policy set.
host1/Admin# show services sbc sbc-name sbe adjacencies Lists the adjacencies configured on SBEs.
33-12
OL-13499-04
Verification
Redirect mode: Pass-through
Outbound-flood-rate: None
Ping-enabled: No
Signaling Peer Status: Not Tested
media-late-to-early-iw: incoming
host1/Admin# show services sbc test sbe adjacencies 7600-2 de
SBC Service "test"
Adjacency 7600-2 (SIP)
Status: Attached
Remote address: 44.44.44.4 255.255.255.255
Force next hop: No
Account:
Group: None
Local-id: None
Force next hop: No
Ping-enabled: No
media-late-to-early-iw: outgoing

The following commnd to lists a summary of the CAC policy tables associated with the given policy set:
host1/Admin# show services sbc test sbe cac-policy-set 1 table table entry 1
SBC Service "test"
Policy set 1 table table entry 1
Match value SIPP-1
Action CAC policy complete
Max updates Unlimited
Max bandwidth Unlimited
Max channels Unlimited
Transcoder Allowed
Caller privacy setting Never hide
Callee privacy setting Never hide
33-13
OL-13499-04
Verification
Early media Allowed
Early media direction Both
Early media timeout 0
Caller voice QoS profile default
Caller video QoS profile default
Caller sig QoS profile default
Callee voice QoS profile default
Callee video QoS profile default
Callee sig QoS profile default
Restrict codecs to list allowed_caller
Restrict caller codecs to list allowed_caller
Restrict callee codecs to list default
Media bypass Allowed
Number of calls rejected by this entry 0
host1/Admin# show services sbc test sbe cac-policy-set 1 table table entry 2
SBC Service "test"
Policy set 1 table table entry 2
Match value SIPP-2
Max updates Unlimited
Transcoder Allowed
Early media Allowed
Caller voice QoS profile default
Caller video QoS profile default
Caller sig QoS profile default
Callee voice QoS profile default
Callee video QoS profile default
Callee sig QoS profile default
Restrict codecs to list allowed
Restrict caller codecs to list default
Restrict callee codecs to list allowed
host1/Admin#
33-14
OL-13499-04
Verification
C H A P T E R
34-1
OL-13499-04
34
The SBC allows you to configure the DBE to accept secure media passthrough. By default, this feature
is disabled.
When the DBE is configured to accept secure media passthrough, such as Secure Real-Time Protocol
(SRTP), Secure RTP Control Protocol (SRTCP), or Datagram Transport Layer Security (DTLS) packets,
SBC reserves additional bandwidth to ensure that the DBE allows these packets to pass through.
The DBE allows secure RTP packets to flow through without performing RTP packet checks. This
feature enables 10 percent more bandwidth per flow to accommodate the increase in the packet size due
to encryption. However, this increase is not reflected in the media flow statistics.
Feature History for Secure Media Passthrough
Contents
PrerequisitesSecure Media Passthrough, page 34-1
Restrictions for Secure Media Passthrough, page 34-2
Configuring Secure Media Passthrough, page 34-2
Example of Configuring Secure Media Passthrough, page 34-3
PrerequisitesSecure Media Passthrough
The following prerequisites are required to implement SBC secure media passthrough:
Release 3.1.00 This feature was introduced on the Cisco 7600 series router.
34-2
OL-13499-04
Restrictions for Secure Media Passthrough
at
186a00806838f4.html
Before implementing secure media, the SBC must already be created. See the procedures described
Restrictions for Secure Media Passthrough
Review the following restrictions for secure media:
With this feature enabled, RTCP related statistics in dbe media-flow-stats will be displayed as
unknown.
Configuring Secure Media Passthrough
SUMMARY STEPS
1. configure
2. sbc service-name
3. dbe
4. secure-media
5. end
DETAILED STEPS
Step 1 configure
Example:
Example:
service.
Step 3 dbe
Example:
34-3
OL-13499-04
Example of Configuring Secure Media Passthrough
This section provides a sample configuration for the ssecure media feature.
To configure secure media passthrough, use the following commands:
host1/Admin(config-sbc-dbe)# secure-media
Step 4 secure-media
Example:
Configures the DBE to allow secure media, such as DTLS
and SRTP packets, to pass through.
Step 5 end
Example:
Exits the unexpected-source-alerting mode to DBE mode.
34-4
OL-13499-04
C H A P T E R
35-1
OL-13499-04
35
P-CSCF Support
The Proxy-Call Session Control Function (P-CSCF) is the first contact point for the users of the
Information Management System (IMS). The P-CSCF functions as a proxy server for the user
equipment; all Session Initiation Protocol (SIP) signaling traffic to and from the user equipment must go
through the P-CSCF. The P-CSCF validates and then forwards requests from the user equipment and then
processes and forwards the responses to the user equipment.
The P-CSCF can also function as a user agent in the context of the SIP operating procedures. If an
abnormal condition arises in a session, the P-CSCF can unilaterally release the session for the user
equipment. The user agent role can also be used to generate independent SIP messages required during
the registration, such as sending the users public and private identities. There may be more than one
P-CSCF in the operators network based on survivability, number of users, expected traffic, and network
topology. The P-CSCF can be also referred to as the SIP server.
To implement the P-CSCF support on the Session Border Controller (SBC), users must select an Inherit
Profile for a SIP adjacency. The three available Inherit Profiles are:
Standard Non-IMS Profile
P-CSCF Access Profile
P-CSCF Core Profile
Each of these profiles groups a set of IMS-related configuration fields, which can be applied across
multiple adjacencies.
If a valid profile is configured, then this profile is applied to an adjacency that does not have a profile
configured. If a profile is already selected for a SIP adjacency, that profile is used instead of the entitys
profile.
Feature History for P-CSCF Support
Contents
35-2
OL-13499-04
Contents
Restrictions for Implementing P-CSCF Support, page 35-3
Information About P-CSCF Support, page 35-3
35-3
OL-13499-04
Restrictions for Implementing P-CSCF Support
Implementing P-CSCF Support, page 35-4
Restrictions for Implementing P-CSCF Support
The following restrictions and limitations apply to implementing P-CSCF support:
Since the Visited Network Identifier is not part of an Inherit Profile, you need to configure it
independently on a per-adjacency basis.
This feature does not offer support for securing access links through IPSec or Network Attachment
Subsystem (NASS) bundled authentication.
This feature does not support emergency calls.
Information About P-CSCF Support
Standard Non-IMS Profile, page 35-3
P-CSCF Access Profile, page 35-3
P-CSCF Core Profile, page 35-4
Standard Non-IMS Profile
This profile provides compatibility with existing SBC functionality and is used for adjacencies that do
not operate in an IMS network. When this profile is applied to an adjacency, the SBC exhibits the
following properties:
Contact headers are rewritten to ensure that the SBC remains on the signaling path.
Unknown headers, methods, and options are, by default, not allowed to pass through.
The SBC does not attach Path headers to outbound signals.
The SBC does not attach Record-Route headers to outbound signals.
The endpoints on this adjacency do not need to be registered to receive or send Non-REGISTER
requests.
The endpoints do not need to attach a Route header to outbound signals.
The adjacencies do not generate P-Charging Vector headers for outbound signals.
P-CSCF Access Profile
This profile provides the configurations required to perform the functions of a P-CSCF Access
adjacency. When this profile is applied to an adjacency, the SBC exhibits the following properties:
Contact headers are not rewritten.
The endpoints on this adjacency need to be registered to receive or send Non-REGISTER requests.
The endpoints need to attach a Route header to outbound signals, which in turn, matches a
Service-Route set from the Registrar.
35-4
OL-13499-04
Implementing P-CSCF Support
The SBC appends Record-Route headers to outbound signals.
The SBC does not attach Path headers to outbound signals.
The adjacencies do not generate P-Charging Vector headers for outbound signals.
The SBC, by default, allows all inbound non-essential headers to pass through, except P-Asserted
Identity, Security-Client, Security-Verify, P-Charging-Function Addresses, P-Charging-Vector, and
P-Media-Authorization.
The SBC, by default, allows all outbound non-essential headers, except
P-Charging-Function-Addresses, P-Charging-Vector, and P-Media-Authorization.
The SBC allows all inbound non-essential methods to pass through.
The SBC allows all outbound non-essential methods to pass through; UEs are not permitted to act
as Registrars.
The Option tags in Supported, Require, or Proxy-Require headers are allowed to pass through in
both directions.
P-CSCF Core Profile
This profile provides the configurations required to perform the functions of a P-CSCF Core adjacency.
When this profile is applied to an adjacency, the SBC exhibits the following properties:
Contact headers are not rewritten.
The SBC, by default, allows all inbound unknown headers, except the
P-Charging-Function-Addresses and P-Media-Authorization.
The SBC appends Record-Route headers to outbound signals.
The SBC attaches Path headers to outbound REGISTER signals from P-CSCF.
The adjacencies generate P-Charging Vector headers for outbound signals.
The endpoints on this adjacency do not need to be registered to receive or send Non-REGISTER
requests.
The SBC, by default, allows all outbound non-essential headers, except
P-Charging-Function-Addresses and P-Media-Authorization.
The SBC allows all unknown methods to pass through.
The Option tags in Supported, Require, or Proxy-Require headers are allowed to pass through in
both directions.
This section explains how to configure profile inheritance.
Configuring Profiles Inheritance
SUMMARY STEPS
1. configure
2. sbc service-name
35-5
OL-13499-04
3. sbe
4. sip inherit profile {preset-ibcf-ext-untrusted | preset-ibcf-external | preset-ibcf-internal |
6. inherit profile preset p-cscf-access
7. visited network identifier network-name
8. exit
DETAILED STEPS
Step 1 configure
Example:
Example:
of the service.
Step 3 sbe
Example:
Enters the mode of a SBE entity within an SBC service.
Step 4 sip inherit profile {preset-ibcf-ext-untrusted |
preset-ibcf-external | preset-ibcf-internal |
Example:
host1/Admin(config-sbc-sbe)# sip inherit profile
preset p-cscf-access
Configures the P-CSCF Access Inherit Profile as the global
profile.
Example:
Step 6 inherit profile preset p-cscf-access
Example:
host1/Admin(config-sbc-sbe-adj-sip)# inherit
profile preset-p-cscf-access
Configures the SIP adjacency to use the P-CSCF-Access
profile.
35-6
OL-13499-04
Step 7 visited network identifier network-name
Example:
host1/Admin(config-sbc-sbe-adj-sip)# visited
network identifier mynetwork.com
Configures the specified visited network identifier on
the SIP adjacency.
Step 8 exit
Example:
Exits the SIP adjacency mode to the SBE mode.
C H A P T E R
36-1
OL-13499-04
36
Integration of Resource Management and SIP
As per IETF RFC 3312, call endpoints can determine whether resources are fully reserved for a media
stream before using it. This feature is useful when separate quality of service (QoS) signaling, such as
Resource ReSerVation Protocol (RSVP), is used. To accomplish this, RFC 3312 defines three new
a=lines at media stream granularity. Endpoints use these lines to signal reservation information and their
preconditions for adopting the new Session Description Protocol (SDP).
Feature History for Integration of Resource Management and SIP Support
Contents
Restrictions for Integration of Resource Management, page 36-1
Information about Integration of Resource Management, page 36-2
Restrictions for Integration of Resource Management
The restrictions for integration of resource management are:
When this feature is implemented, the SBC does not report the media state or generate
preconditions. It only detects whether preconditions are present, and whether all the mandatory
preconditions have been met if preconditions exist.
This feature is a SIP-only feature and is not supported by H.323 or SIP-H.323 interworking.
With RFC 3312 signaling procedures, media renegotiation is completed only when the mandatory
preconditions have been met.
36-2
OL-13499-04
Chapter 36 Integration of Resource Management and SIP
Information about Integration of Resource Management
Information about Integration of Resource Management
When the precondition tag appears in the Require or Supported header fields of SIP messages, the SBC
allows them to pass through. The SBC also allows the unmodified SDP to pass through, which represents
the state and the preconditions.
When processing an offer results in failure, the underlying SIP message is either rejected or the call is
torn down. When processing an answer results in failure, the call is torn down, regardless of the reason
for the failure.
C H A P T E R
37-1
OL-13499-04
37
IBCF Processing Support
Users can configure the Session Border Controller (SBC) to perform the role of an Interconnection
Border Control Function (IBCF) Session Initiation Protocol (SIP) border gateway, both managing
requests across a network border between IP Multimedia Subsystem (IMS) core networks and
interworking with non-IMS core networks, such as H.323 networks.
When functioning as an IBCF, the SBC supports the following IBCF functions:
Adding to Path header on REGISTER
Modifying Service Route header
Routing based on SIP Route headers
Topology hiding
Screening of SIP signaling
Passthrough of From, To, and Contact headers
Passthrough of request Uniform Resource Identifier (URI) on REGISTER
Interworking with Proxy Call Session Control Function (P-CSCF), Interrogating Call Session
Control Function (I-CSCF, and Serving Call Session Control Function (S- CSCF)
Handling messages from untrusted domains
Note ACE SBC Release 3.0.00, this feature is supported in the unified model only.
Feature History for IBCF Support
Contents
Restrictions for Implementing IBCF Support, page 37-2
Information About IBCF Support, page 37-2
Implementing IBCF Support, page 37-4
37-2
OL-13499-04
Restrictions for Implementing IBCF Support
Restrictions for Implementing IBCF Support
The following features are not included in the SBC IBCF support:
Blacklist or whitelist header-values-content-type, content-disposition, and content-language
headers
Blacklist or whitelist MIME bodies
Session timer
Co-location with I-CSCF
SBC does not reject long message bodies.
SBC does not check the length of SIP bodies.
SBC does not hide network devices that are identified by IP addresses.
SBC does not support the full IBCF handling of failed REGISTERs.
SBC does not provide interoperability between IMS and other SIP domains.
The IBCF selection of a new entry point for forwarding REGISTER requests is limited to SIP Server
Location procedures (as per IETF RFC 3263) and is applicable only if the initial server selected does
not respond.
Information About IBCF Support
Adding to Path Header on REGISTER, page 37-2
Modifying Service-Route Header on REGISTER, page 37-3
Routing Based on SIP Route Headers, page 37-3
Topology Hiding, page 37-3
Screening of SIP Signaling, page 37-3
Passthrough of From, To, and Contact Headers, page 37-3
Passthrough of Request URI on REGISTER, page 37-3
Interworking with P-CSCF, I-CSCF, and S-CSCF, page 37-3
Handling Messages from Untrusted Domains, page 37-3
Adding to Path Header on REGISTER
When the SBC is configured to perform the role of an IBCF gateway, the IBCF adds itself to the Path
header to ensure that all INVITE requests to the subscriber are routed via the IBCF.
37-3
OL-13499-04
Information About IBCF Support
Modifying Service-Route Header on REGISTER
The Service-Route header is analogous to the Path header, but it is used to specify the list of devices a
call should traverse for calls originating from a subscriber. By default, the IBCF does not modify the
Service-Route header sent on REGISTER responses. However, if topology hiding is required, then the
IBCF encrypts the header elements that match its configured HomeNetworkId.
Routing Based on SIP Route Headers
You can configure the SBC to route Dialog-creating requests, such as INVITE, to the next hop-IP address
based on the Route header, which ensures that the SIP messages go through the specified border
gateways between networks and the S-CSCF that handled the User Agent (UA) REGISTER.
Topology Hiding
The SBC hides those parts of the routing-related headers that reveal the internal topology of the SBC
network. But this feature also ensures that the headers are usable for INVITE requests and other
methods.
Screening of SIP Signaling
When configured to perform the role of an IBCF gateway, the SBC does not screen certain SIP headers
using profile whitelists and blacklists.
Passthrough of From, To, and Contact Headers
For Dialog-creating and Out-of-dialog requests, the SBC allows the From, To, and Contact header URIs
to pass through without modifying them. For dialog headers, the SBC uses the values corresponding to
those on the Out-of-dialog requests.
Passthrough of Request URI on REGISTER
The SBC allows the Request URI on a REGISTER message to pass through without modifying it.
Interworking with P-CSCF, I-CSCF, and S-CSCF
When performing the role of an IBCF gateway, the SBC allows the CSCF-specific headers on SIP
messages to pass through.
Handling Messages from Untrusted Domains
When the SBC is acting as an IBCF entry point, it handles out-of-dialog requests from untrusted domains
as follows:
37-4
OL-13499-04
Implementing IBCF Support
The SBC rejects all REGISTER requests with a 403 response.
The SBC removes all P-Asserted-Identity headers, P-Access-Network-Info headers,
P-Charging-Vector headers, and P-Charging-Function-Address headers from other requests.
The SBC rejects requests if the router contains the Orig parameter.
Configuring the Domain Names to Use for IBCF Adjacencies
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
4. sip home network identifier domain-name
5. sip encryption key string
7. inherit profile preset-ibcf-internal
8. home network identifier domain-name
9. encryption key string
10. exit
DETAILED STEPS
Step 1 configure
Example:
Example:
of the service.
Step 3 sbe
Example:
Enters the mode of a SBE entity within an SBC service.
37-5
OL-13499-04
Step 4 sip home network identifier domain-name
Example:
host1/Admin(config-sbc-sbe)# sip home network
identifier mydomain.com
Configures the specified domain name as the global home
network identifier for use in all SIP IBCF adjacencies.
Use the domain-name argument to specify the domain
Step 5 sip encryption key string
Example:
host1/Admin(config-sbc-sbe)# encryption key code1
Configures a global encryption key for all SIP IBCF
adjacencies.
Use the string value to specify the encryption key to
use for all SIP IBCF adjacencies.
Example:
Step 7 inherit profile preset-ibcf-internal
Example:
host1/Admin(config-sbe-adj-sip)# inherit profile
preset-p-cscf-internal
Configures a global inherit profile and s.pecifies a
presetIBCF internal profile
Step 8 home network identifier network-name
Example:
host1/Admin(config-sbc-sbe-adj-sip)# home network
identifier Cisco.com
Configures a home network identifier on an IBCF
adjacency.
Use the network-name argument to specify the name of
the home network identifier.
Step 9 encryption key string
Example:
host1/Admin(config-sbc-sbe-adj-sip)# encryption
key code2
Configures an encryption key on the SIP IBCF
adjacency.
Use the string argument to specify the encryption
key for the SIP IBCF adjacency.
Step 10 exit
Example:
Exits the SIP adjacency mode to the SBE mode.
37-6
OL-13499-04
C H A P T E R
38-1
OL-13499-04
38
Configuring SIP SDP Attribute Passthrough
Before ACE SBC release 3.1.00, the SBC handled SDP attribute passthrough by passing through all
attribute lines (a=) on an Offer (sometimes changing or adding certain kinds of attribute lines).
For attribute lines on an Answer, the SBC passed through certain select lines (while ignoring the rest)
and reflecting back the offerers lines instead.
For ACE SBC release 3.1.00, the Session Border Controller (SBC) by default passes through all a= lines
in SIP messages containing SDP offers and answers that it forwards. You can also configure the SBC to
block certain a= lines, either by specifying a whitelist (a finite set of a=lines that are passed through,
with all others blocked), or alternatively a blacklist (a finite set of a=lines that are blocked, with all others
passed through).
Feature History for SIP Attribute Passthrough
Restrictions for Configuring SIP SDP Attribute Passthrough
Review the following restrictions forSIP SDP Attribute Passthrough:
The existing reflect behavior is not supported.
Wildcard or prefix matching of attribute lines is not supported.
Distinguishing media-level from session-level a-lines for the purposes of matching is not supported.
Sophisticated matching conditions (for example, apply only to video streams or apply only to offers)
are not supported.
Attribute blocking in media bypass calls is not supported.
Blocking function is restricted to unknown attributes.
The following attributes are ignored by unknown attribute policy because this may interfere with the
correct operation of the SBC.
a=rtpmap
a=fmtp
a=sendonly
a=recvonly
ACE SBC Release 3.1.00 SDP Attribute Passthrough was introduced on the Cisco7600 series router .
38-2
OL-13499-04
Information about SIP SDP Attribute Passthrough
a=inactive
a=sendrecv
a=ptime
a=mid
a=group
a=curr
a=des
a=conf
a=crypto.
At the point where the policy is applied, a (rate-limited) warning log is issued if the policy attempts
to delete one of these lines.
Information about SIP SDP Attribute Passthrough
Additional per-call storage is needed to store the SDP policy that is being applied. This is expected to
be ~160 bytes per call.
This section contains the steps for implementing SIP SDP attribute passthrough.
SUMMARY STEPS
1. configure
2. sbc service-name
3. sbe
4. sdp-match-table table-name
5. action whitelist/blacklist
6. match-string name
8. exit
9. sdp-match-table table-name
10. action whitelist/blacklist
13. exit
14. sdp-policy-table table-name
15. match-table table-name
16. exit
38-3
OL-13499-04
17. sdp-policy-table table-name
18. match-table table-name
19. exit
20. cac-policy-set number
22. first-cac-scope scope
24. match-type type
25. entry number
26. match-value value
27. action action-name
28. caller-inbound-policy policytab-name
29. caller-outbound-policy policytab-name
30. callee-inbound-policy policytab-name
31. callee-outbound-policy policytab-name
32. exit
33. exit
34. complete
35. exit
36. active-cac-policy-set number
37. show services sbc service-name sbe cac-policy-set number table number entry number
DETAILED STEPS
Step 1 configure
Example:
Example:
of the service.
Step 3 sbe
Example:
38-4
OL-13499-04
Step 4 sdp-match-table table-name
Example:
host1/Admin(config-sbc-sbe)# sdp-match-table 1
Adds an existing sdp-match-table into policy.
Step 5 action whitelist/blacklist
Example:
host1/Admin(config-sbc-sbe-sdp-match-tbl)# ac-
tion blacklist
Specifies an SDP policy table action.
Step 6 match-string name
Example:
host1/Admin(config-sbc-sbe-sdp-match-tbl)#
match-string attribute-name1
Configures an SDP attribute matching string.
Example:
Step 8 exit
Example:
host1/Admin(config-sbc-sbe-sdp-match-tbl)# exit
Step 9 sdp-match-table table-name
Example:
host1/Admin(config-sbc-sbe)# sdp-match-table-name
2
Adds an existing sdp-match-table into policy.
Step 10 action whitelist/blacklist
Example:
host1/Admin(config-sbc-sbe-sdp-match-tbl)# ac-
tion blacklist
Adds an action allowing a defined set of attributes and
blocking the remaining attributes.
Example:
Example:
38-5
OL-13499-04
Step 13 exit
Example:
Step 14 sdp-policy-table table-name
Example:
host1/Admin(config-sbc-sbe)# sdp-policy-table ta-
ble-name1
Configures an SDP policy table.
Step 15 match-table table-name
Example:
host1/Admin(config-sbc-sbe-sdp-policy-tbl)#
match-table table-name1
Configure an SDP match table used in a policy.
Step 16 exit
Example:
Step 17 sdp-policy-table table-name
Example:
host1/Admin(config-sbc-sbe)# sdp-policy-table ta-
ble-name2
Configures an SDP policy table.
Step 18 match-table table-name
Example:
host1/Admin(config-sbc-sbe-sdp-policy-tbl)#
match-table table-name2
Configure an SDP match table used in a policy.
Step 19 exit
Example:
Step 20 cac-policy-set number
Example:
Enters the submode of CAC policy set configuration.
Example:
Step 22 first-cac-scope scope
Example:
first-cac-scope src-adjacency
Configures the scope at which to begin defining limits
38-6
OL-13499-04
Example:
host1/Admin(config-sbc-sbe-cacpolicy)# cac-table
RootCacTable
Step 24 match-type type
Example:
match-type call-priority
Configures a new CAC table type that enables the
priority of the call to be used as a criterion in CAC
policy.
Step 25 entry number
Example:
entry 1
Step 26 match-value value
Example:
try)# match-value sipp1
Configures the match type of an admission control table.
Step 27 action action-name
Example:
try)# action cac-complete
Specifies the action to take if this entry is chosen.
Step 28 caller-inbound-policy policytab-name
Example:
try)# caller-inbound-policy foo
Configures a caller inbound SDP policy table.
Step 29 caller-outbound-policy policytab-name
Example:
try)# caller-outbound-policy foo
Configures a caller outbound SDP policy table.
Step 30 callee-inbound-policy policytab-name
Example:
try)# callee-inbound-policy foo2
Configures a callee inbound SDP policy table.
Step 31 callee-outbound-policy policytab-name
Example:
try)# callee-outbound-policy foo2
Configures a callee outbound SDP policy table.
38-7
OL-13499-04
Example of SIP SDP Attribute Passthrough
This section provides a sample configuration and output for SIP SDP Attribute Passthrough.
host1/Admin# config t
host1/Admin(config)# sbc interwork
host1/Admin(config-sbc-sbe)# sdp-match-table matchtab1
host1/Admin(config-sbc-sbe-sdp-match-tbl)# action blacklist
host1/Admin(config-sbc-sbe-sdp-match-tbl)# match-string X-sqn
host1/Admin(config-sbc-sbe-sdp-match-tbl)# match-string X-cap
host1/Admin(config-sbc-sbe)# sdp-match-table matchtab2
host1/Admin(config-sbc-sbe-sdp-match-tbl)# match-string X-pc-csuites-rtp
host1/Admin(config-sbc-sbe)# sdp-policy-table policytab1
Step 32 exit
Example:
try)# exit
Step 33 exit
Example:
exit
Step 34 complete
Example:
Performs a consistency check on the CAC policy set.
Step 35 exit
Example:
Step 36 active-cac-policy-set number
Example:
host1/Admin(config-sbc-sbe)# active-cac-poli-
cy-set 1
Enters the active CAC policy set.
Step 37 show services sbc service-name sbe cac-poli-
cy-set number table number entry number
Example:
mysbc sbe cac-policy-set 1 table RootCacTable en-
try 1
Displays detailed information for a given entry in a CAC
policy table.
38-8
OL-13499-04
host1/Admin(config-sbc-sbe-sdp-policy-tbl)# match-table matchtab1
host1/Admin(config-sbc-sbe-sdp-policy-tbl)# exit
host1/Admin(config-sbc-sbe-sdp-policy-tbl)# exit
host1/Admin(config-sbc-sbe-cacpolicy)# first-cac-table 1
host1/Admin(config-sbc-sbe-cacpolicy)# cac-table 1
host1/Admin(config-sbc-sbe-cacpolicy-cactable)# match-type src-adjacency
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# match-value sipp1
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# caller-inbound-policy policytab1
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# caller-outbound-policy policytab1
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# callee-inbound-policy policytab2
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# callee-outbound-policy policytab2
This section provides a sample configuration and output for SIP SDP Attribute Passthrough.
host1/Admin(config-sbc-sbe)# do show services sbc interwork sbe cac-policy-set 1 table 1
entry 1
SBC Service "interwork"
Policy set 1 table 1 entry 1
Match value sipp1
Max calls Unlimited
Max call rate Unlimited
Max in-call rate Unlimited
Max out-call rate Unlimited
Max registrations Unlimited
Max reg. rate Unlimited
Transcoder Allowed
Early media Allowed
Restrict codecs to list default
Restrict caller codecs to list default
Restrict callee codecs to list default
SRTP Transport Not Set
Callee hold setting Standard
Caller hold setting Standard
Caller inbound SDP policy policytab1
Caller outbound SDP policy policytab1
Callee inbound SDP policy policytab2
Callee outbound SDP policy policytab2
C H A P T E R
39-1
OL-13499-04
39
Cisco Session Border Controller Commands
Command Reference
This section describes the following session border controller (SBC) and data border element (DBE)
commands:
account, page 39-12
action (CAC), page 39-13
action drop-msg, page 39-14
action (NA), page 39-15
action (RTG), page 39-16
action (SDP), page 39-18
action (SIP), page 39-19
action (parameter), page 39-21
activate (dbe, sbe), page 39-23
activate (billing), page 39-24
activate (radius), page 39-26
active-cac-policy-set, page 39-27
active-call-policy-set, page 39-28
address-default, page 39-29
address ipv4, page 39-31
adjacency, page 39-32
adjacency timeout, page 39-33
alias, page 39-34
allow private info, page 39-35
attach (adjacency), page 39-36
attach (billing), page 39-37
attach-controllers, page 39-39
authentication, page 39-40
authentication endpoint, page 39-41
39-2
OL-13499-04
Command Reference
authentication-key, page 39-42
authentication mode, page 39-43
authentication nonce timeout, page 39-44
authentication-realm, page 39-45
averaging-period, page 39-46
batch-size, page 39-47
batch-time, page 39-49
billing, page 39-51
blacklist (sbe), page 39-53
blacklist (sip-opt), page 39-56
cache-lifetime, page 39-57
cache-limit, page 39-58
cac-policy-set, page 39-59
cac-table, page 39-60
callee-codec-list, page 39-61
callee-hold-setting, page 39-62
callee-inbound-policy, page 39-64
callee-outbound-policy, page 39-65
callee-privacy, page 39-66
callee-sig-qos-profile, page 39-67
callee-video-qos-profile, page 39-68
callee-voice-qos-profile, page 39-70
caller-codec-list, page 39-72
caller-hold-setting, page 39-73
caller-inbound-policy, page 39-75
caller-outbound-policy, page 39-76
caller-privacy, page 39-77
caller-sig-qos-profile, page 39-79
caller-video-qos-profile, page 39-81
caller-voice-qos-profile, page 39-83
call-policy-set, page 39-85
category, page 39-86
clear services sbc, page 39-87
clear services sbc sbe blacklist, page 39-88
clear services sbc blacklist all, page 39-89
clear services sbc sbe blacklist all, page 39-90
clear services sbc sbe blacklist ipv4, page 39-91
clear services sbc dbe media-stats, page 39-92
39-3
OL-13499-04
Command Reference
clear services sbc sbe cac-rejection-stats, page 39-93
clear services sbc sbe call, page 39-94
clear services sbc sbe call-rejection-stats, page 39-96
clear services sbc sbe call-stats, page 39-97
clear services sbc sbe policy-failure-stats, page 39-98
clear services sbc sbe policy-rejection-stats, page 39-99
clear services sbc sbe radius-client, page 39-100
clear services sbc sbe radius-client-stats, page 39-101
clear services sbc sbe statistics, page 39-102
codec, page 39-103
codec-list, page 39-104
codec-list description, page 39-105
codec packetization-period, page 39-106
codec-restrict-to-list, page 39-108
codecs, page 39-110
complete, page 39-111
concurrent-requests, page 39-112
condition, page 39-113
congestion-cleared, page 39-114
congestion-threshold, page 39-115
control address aaa, page 39-116
control address h248 index, page 39-117
control-address h248 ipv4, page 39-118
control address h248 port, page 39-119
control address h248 transport, page 39-120
controller h248, page 39-121
copy logs, page 39-122
cost, page 39-123
dbe, page 39-124
dbe-location-id, page 39-125
deact-mode abort, page 39-126
deact-mode (billing), page 39-127
deact-mode normal, page 39-129
deact-mode quiesce, page 39-130
deact-mode (dbe, sbe), page 39-131
debug services sbc errors, page 39-133
debug services sbc events, page 39-135
debug services sbc ha, page 39-137
39-4
OL-13499-04
Command Reference
debug services sbc info, page 39-139
debug services sbc ips, page 39-141
debug services sbc logging, page 39-143
debug services sbc mem-trace dump, page 39-145
debug services sbc off, page 39-147
debug services sbc pd filter component, page 39-148
debug services sbc pd filter context, page 39-150
debug services sbc pd filter product, page 39-152
debug services sbc pd log-level, page 39-154
debug services sbc rsrcmon, page 39-156
default-port-limit, page 39-158
description, page 39-160
description (sip-opt), page 39-163
dscp, page 39-164
dst-adjacency, page 39-166
dtmf-duration, page 39-167
early-media-deny, page 39-168
early-media-timeout, page 39-169
early-media-type, page 39-170
edit, page 39-171
edit-cic, page 39-173
edit-src, page 39-175
entry (profile), page 39-177
entry (table), page 39-179
fast-register disable, page 39-181
fast-register-interval, page 39-182
first-cac-prefix-len, page 39-184
first-cac-scope, page 39-185
first-cac-table, page 39-187
first-call-routing-table, page 39-188
first-number-analysis-table, page 39-189
first-reg-routing-table, page 39-190
force-signaling-peer, page 39-191
global, page 39-192
group, page 39-193
h225 timeout, page 39-194
h245-address-pass, page 39-196
h245-tunnel disable, page 39-197
39-5
OL-13499-04
Command Reference
h248 allow-all-mg, page 39-198
h248-profile, page 39-199
h248-profile-version, page 39-201
h248-version, page 39-203
h323, page 39-204
header, page 39-205
header-profile, page 39-206
hold-media-timeout, page 39-207
hunting-trigger, page 39-208
inherit profile, page 39-210
invite-timeout, page 39-212
ip host, page 39-213
ip precedence, page 39-214
ip TOS, page 39-215
ipv4 (blacklist), page 39-217
ipv4 (SBE H.248), page 39-219
key, page 39-220
ldr-check, page 39-221
local-address ipv4 (packet-cable), page 39-223
local-address ipv4, page 39-225
local-id host, page 39-227
local-port, page 39-228
location-id, page 39-229
mandatory-transport, page 39-230
map-status-code, page 39-231
marking, page 39-232
match-account, page 39-233
match-address, page 39-234
match-adjacency, page 39-235
match-category, page 39-236
match-cic, page 39-237
match-domain, page 39-239
match-number, page 39-241
match-prefix, page 39-242
match-prefix len, page 39-244
match-type, page 39-245
match-string, page 39-247
match-table, page 39-248
39-6
OL-13499-04
Command Reference
match-time, page 39-249
match-value, page 39-251
max-bandwidth, page 39-254
max-call-rate, page 39-256
max-channels, page 39-258
max-in-call-rate, page 39-260
max-num-calls, page 39-262
max-out-call-rate, page 39-264
max-regs, page 39-266
max-regs-rate, page 39-268
max-updates, page 39-270
media-address ipv4, page 39-272
media-address ipv4 port-range, page 39-274
media-address ipv4 vrf port-range, page 39-276
media-address pool ipv4, page 39-278
media-address pool ipv4 port-range, page 39-279
media-address pool ipv4 vrf, page 39-281
media-address pool ipv4 vrf port-range, page 39-282
media-bypass, page 39-285
media-bypass-forbid, page 39-286
media-gateway, page 39-287
media-late-to-early-iw, page 39-288
media-timeout, page 39-289
method, page 39-290
method packetcable-em, page 39-291
na-dst-number-table, page 39-292
na-dst-number-attr-table, page 39-294
na-dst-prefix-table, page 39-296
na-src-account-table, page 39-297
na-src-adjacency-table, page 39-298
nat, page 39-300
network-id, page 39-301
option, page 39-302
option-profile, page 39-303
outbound-flood-rate, page 39-304
overload-time-threshold, page 39-305
packetcable-em transport radius, page 39-306
parameter, page 39-308
39-7
OL-13499-04
Command Reference
parameter-profile, page 39-309
pass-body, page 39-310
passthrough, page 39-311
ping-enable, page 39-312
ping-fail-count, page 39-313
ping-interval, page 39-315
ping-lifetime, page 39-316
port (server), page 39-317
port (SBE H.248), page 39-318
preferred-transport, page 39-319
precedence, page 39-320
prefix, page 39-321
priority, page 39-322
priority (rsrc-pri), page 39-323
privacy restrict outbound, page 39-324
qos sig, page 39-325
qos video, page 39-326
qos voice, page 39-327
radius, page 39-328
range value, page 39-330
ras retry, page 39-332
ras rrq, page 39-334
ras timeout, page 39-336
reason, page 39-338
record-media-create-info, page 39-340
redirect-limit, page 39-342
redirect-mode, page 39-343
registration rewrite-register, page 39-344
registration target address, page 39-345
registration target port, page 39-346
reg-min-expiry, page 39-347
remote-address ipv4, page 39-348
remote-port, page 39-350
resource-priority, page 39-351
resource-priority-set, page 39-352
retry-interval, page 39-353
retry-limit (radius), page 39-354
retry-limit (routing table), page 39-355
39-8
OL-13499-04
Command Reference
rtg-carrier-id-table, page 39-356
rtg-category-table, page 39-358
rtg-dst-address-table, page 39-360
rtg-dst-domain-table, page 39-362
rtg-least-cost-table, page 39-364
rtg-round-robin-table, page 39-366
rtg-src-account-table, page 39-368
rtg-src-address-table, page 39-370
rtg-src-adjacency-table, page 39-372
rtg-src-domain-table, page 39-373
rtg-time-table, page 39-375
sbc, page 39-377
sbe, page 39-378
sdp-attribute-table, page 39-379
sdp-match-table, page 39-380
sdp origin-user-name, page 39-381
sdp-policy-table, page 39-382
secure-media, page 39-383
server, page 39-384
server, page 39-384
server mode, page 39-385
server-retry disable, page 39-386
service sbc sbe call-destroy, page 39-387
service sbc sbe radius accounting, page 39-388
show services sbc dbe addresses, page 39-389
show services sbc dbe controllers, page 39-390
show services sbc dbe h248-profile, page 39-392
show services sbc dbe media-flow-stats, page 39-393
show services sbc dbe media-flow-stats vrf, page 39-395
show services sbc dbe media-flow-stats vrf ipv4, page 39-397
show services sbc dbe media-flow-stats vrf ipv4 port, page 39-399
show services sbc dbe media-stats, page 39-401
show services sbc dbe signaling-flow-stats, page 39-403
show services sbc rsrcmon, page 39-405
show services sbc sbe aaa, page 39-407
show services sbc sbe addresses, page 39-408
show services sbc sbe adjacencies, page 39-409
show services sbc sbe adjacencies detail, page 39-410
39-9
OL-13499-04
Command Reference
show services sbc sbe adjacencies authentication-realms, page 39-412
show services sbc sbe all-authentication-realms, page 39-413
services sbc sbe billing instance, page 39-414
services sbc sbe billing instances, page 39-415
show services sbc sbe billing remote, page 39-416
show services sbc sbe blacklist configured-limits, page 39-417
show services sbc sbe blacklist current-blacklisting, page 39-419
show services sbc sbe blacklist ipv4, page 39-421
show services sbc sbe cac-policy-set, page 39-423
show services sbc sbe cac-policy-sets, page 39-425
show services sbc sbe cac-policy-set tables, page 39-426
show services sbc sbe cac-policy-set table entries, page 39-427
show services sbc sbe cac-policy-set table entry, page 39-428
show services sbc sbe call branches, page 39-430
show services sbc sbe call-policy-set, page 39-431
show services sbc sbe call-policy-set table entry, page 39-441
show services sbc sbe call-rate-stats, page 39-442
show services sbc sbe calls, page 39-443
show services sbc sbe call-stats, page 39-444
show services sbc sbe codec-list, page 39-447
show services sbc sbe gates, page 39-448
show services sbc sbe h323 timers, page 39-449
show services sbc sbe hold-media-timeout, page 39-451
show services sbc sbe hunting-trigger, page 39-452
show services sbc sbe media-gateway-associations, page 39-453
show services sbc sbe media-gateways, page 39-454
show services sbc sbe policy-failure-stats dst-account, page 39-457
show services sbc sbe policy-failure-stats dst-adjacency, page 39-459
show services sbc sbe policy-failure-stats src-account, page 39-461
show services sbc sbe policy-failure-stats src-adjacency, page 39-463
show services sbc sbe qos-profiles, page 39-465
show services sbc sbe radius-client-accounting acounting, page 39-467
show services sbc sbe radius-client-accounting authentication, page 39-468
show services sbc sbe radius-client-stats, page 39-469
show services sbc sbe radius-server-stats, page 39-470
show services sbc sbe redirect-limit, page 39-472
show services sbc sbe resource-priority-sets, page 39-473
show services sbc sbe sdp-h245-mapping, page 39-474
39-10
OL-13499-04
Command Reference
show services sbc sbe sdp-match-table, page 39-476
show services sbc sbe sdp-policy-table, page 39-477
show services sbc sbe sip essential-headers, page 39-478
show services sbc sbe sip essential-methods, page 39-479
show services sbc sbe sip essential-options, page 39-480
show services sbc sbe sip fast-register-stats, page 39-481
show services sbc sbe sip header-profile, page 39-482
show services sbc sbe sip header-profiles, page 39-483
show services sbc sbe sip method-profile, page 39-484
show services sbc sbe sip method-profiles, page 39-485
show services sbc sbe sip option-profile, page 39-486
show services sbc sbe sip-method-stats, page 39-487
show services sbc sbe sip option-profiles, page 39-489
show services sbc sbe sip parameter-profile access-param
show services sbc sbc sbe sip parameter-profile, page 39-490
show services sbc sbe sip timers, page 39-493
show services sbc services, page 39-494
signaling-address ipv4, page 39-495
signaling-peer, page 39-497
signaling-peer-port, page 39-499
signaling-port, page 39-500
sip, page 39-501
sip dns, page 39-502
sip encryption key, page 39-503
sip header-profile, page 39-504
sip home network identifier, page 39-505
sip hunting-trigger, page 39-506
sipi, page 39-507
sip inherit profile, page 39-508
sip max-connections, page 39-510
sip method-profile, page 39-511
sip option-profile, page 39-512
sip parameter-profile, page 39-514
sip ping-support, page 39-515
sip visited network identifier, page 39-517
snmp-server enable traps sbc, page 39-518
statistics-setting, page 39-519
tcp (blacklist), page 39-520
39-11
OL-13499-04
Command Reference
tcp-connect-timeout, page 39-521
tcp-idle-timeout, page 39-522
tech-prefix, page 39-523
time-offset, page 39-524
timeout, page 39-525
transcode-deny, page 39-527
transcoder, page 39-528
transport (SBE H.248), page 39-529
transport tcp, page 39-530
transport udp, page 39-531
trigger-period, page 39-532
trigger-size, page 39-534
udp (blacklist), page 39-536
udp-first-retransmit-interval, page 39-537
udp-max-retransmit-interval, page 39-538
udp-response-linger-period, page 39-539
unexpected-source-alerting, page 39-540
use-any-local-port, page 39-541
use-time-offset, page 39-542
vdbe, page 39-543
vpn, page 39-544
vrf, page 39-546
weight, page 39-547
39-12
OL-13499-04
account
account
To define a SIP or H.323 adjacency account on an SBE, use the account command in the appropriate
configuration mode. To remove this definition, use the no form of this command.
account account-name
no account account-name
Syntax Description
Command Default No account name is associated with the adjacency.
Command Modes Adjacency SIP configuration (config-sbc-sbe-adj-sip)
Adjacency H.323 configuration (config-sbc-sbe-adj-h323)
Command History
Usage Guidelines To use this command, you must be in the correct configuration mode and submode. The "Examples"
section shows the hierarchy of modes and submodes required to run the command.
Examples The following example shows how to configure the H.323 adjacency h323ToIsp42 to account isp42:
host1/Admin(config-sbc-sbe)# adjacency h323 SipToIsp42
host1/Admin(config-sbc-sbe-adj-h323)# account isp42
The following example shows how to configure the SIP adjacency SipToIsp42 to account isp42:
host1/Admin(config-sbc-sbe)# adjacency sip SipToIsp42
host1/Admin(config-sbc-sbe-adj-sip)# account isp42
Related Commands
account-name Specifies the SBE account name.
Release 3.0.00 This command was introduced on the Cisco 7600 series routers.
Command Description
adjacency Configures an adjacency for an SBC.
39-13
OL-13499-04
action (CAC)
action (CAC)
To specify the action to take if this routing entry is chosen, use the action command in the CAC table
entry configuration mode.
action [cac-complete | next-table goto-table-name ]
no action [cac-complete | next-table goto-table-name ]
Syntax Description
Command Default No default behavior or values
Command Modes CAC table entry configuration (config-sbc-sbe-cacpolicy-cactable-entry)
Command History
Examples The following example shows how to configure the next table to process for the entry in the new
admission control table MyCacTable:
host1/Admin(config-sbc-sbe)# first-cac-scope call
host1/Admin(config-sbc-sbe-cacpolicy)# first-cac-table MyCacTable
host1/Admin(config-sbc-sbe-cacpolicy)# cac-table MyCacTable match-type src-account
host1/Admin(config-sbc-sbe-cacpolicy)# cac-table MyCacTable
Related Commands
cac-complete When an event matches, this CAC policy is complete.
next-table Specifies the name of the next CAC table. The maximum number of characters is
80.
goto-table-name Specifies the table name identifying the next CAC table to process (or
cac-complete, if processing should stop).
Command Description
action (NA-) Configures the action to perform after an entry in an admission control table.
action (RTG-SRC) Configures the action to take if a routing entry is chosen.
39-14
OL-13499-04
action drop-msg
action drop-msg
To add an action of dropping the message to a SIP message profile, use the action drop-msg command
in SIP header-profile configuration mode. To remove the method from the profile, use the no form of
this command.
action drop-msg
no action drop-msg
Syntax Description This command has no arguments or keywords.
Command Modes SIP header configuration (config-sbc-sbe-sip-hdr)
Command History
Usage Guidelines To use this command, you must be in the correct configuration mode and submode. The Examples
Examples The following example shows action of dropping the message to a SIP message profile to the header
profile MyProfile:
host1/Admin(config-sbc-sbe)# sip header-profile MyProfile
host1/Admin(config-sbc-sbe-sip-hdr)# action drop-msg
Related Commands
Command Description
sip header-profile Configures a header profile.
39-15
OL-13499-04
action (NA)
action (NA)
To configure the action of an entry in the number analysis table with entries of the table matching a
dialed number (prefix or whole number) or the source adjacency or account, use the action (NA-)
command in the number analysis table configuration mode. To deconfigure the action, use the no form
of this command.
action [next-table goto-table-name | accept | reject]
no action [next-table goto-table-name | accept | reject]
Syntax Description
Command Modes Number analysis table configuration (config-sbc-sbe-rtgpolicy-natable-entry)
Command History
Examples The following example shows how to configure the call to be accepted if it matches the source adjacency
entry in the new number analysis table MyNaTable:
host1/Admin(config-sbc-sbe-rtgpolicy)# na-src-adjacency-table MyNaTable
Related Commands
next-table
goto-table-name
Specifies the next number analysis table to process, if the event matches this
entry.
accept Configures the call to be accepted if it matches the entry in the table.
reject Configures the call to be rejected if it matches the entry in the table.
Command Description
action (NA-) Configures the action of an entry in the number analysis table with entries of the
table matching a dialed number (prefix or whole number) or the source
adjacency or account.
action (CAC) Configures the action to perform after an entry in an admission control table.
39-16
OL-13499-04
action (RTG)
action (RTG)
To specify the action to take if this routing entry is chosen, use the action command in the RTG routing
table configuration mode.
action [next-table goto-table-name | complete | reject ]
no action [next-table goto-table-name | complete | reject ]
Syntax Description
Command Modes RTG routing table configuration (config-sbc-sbe-rtgpolicy-rtgtable-entry)
Command History
Examples The following example shows how to configure the match-value of an entry in the new routing table
MyRtgTable so that if any calls match this criterion, they are rejected.
host1/Admin(config-sbc-sbe-rtgpolicy)# rtg-src-account-table MyRtgTable
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-account 1471
The following example shows how to configure the match-value of an entry in the new routing table
host1/Admin(config-sbc-sbe-rtgpolicy)# rtg-round-robin-table MyRtgTable
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-address 1471
next-table
goto-table-name
Specifies the next number analysis table to process, if the event matches this
entry.
complete Routing is complete when an entry matches this policy.
reject Configures the call to be rejected if it matches the entry in the table.
39-17
OL-13499-04
action (RTG)
The following example shows how to configure the match-value of an entry in the new routing table
host1/Admin(config-sbc-sbe-rtgpolicy)# rtg-dst-address-table MyRtgTable
Related Commands Command Description
action (NA) Configures the action of an entry in the number analysis table with entries of the
table matching a dialed number (prefix or whole number) or the source
action (CAC) Configures the action to perform after an entry in an admission control table.
39-18
OL-13499-04
action (SDP)
action (SDP)
To configure an SDP policy table action, use the action command in the SDP attribute table
configuration mode. To remove the method from the profile, use the no form of this command.
action {whitelist | blacklist)
no action {whitelist | blacklist}
Syntax Description
Command Modes SDP attribute table configuration (config-sbc-sbe- sdpmatchtable-sdpattributetable)
Command History
Examples The following example shows the action of dropping the message to a SIP message profile to the header
profile MyProfile:
Related Commands
whitelist Allows the defined set of attributes and blocks the rest.
blacklist Blocks the defined set of attributes and allows the rest.
Command Description
match-string Configures an SDP attribute matching string.
sdp-attribute-table Configures an SDP attribute table that lists the attributes to add or remove.
sdp-match-table Creates an SDP match table.
sdp-policy-table Configures an SDP policy table.
39-19
OL-13499-04
action (SIP)
action (SIP)
To configure the action to take on an element type in a header or parameter profile, use the action
command in the appropriate configuration mode. To remove an action from the element type, use the no
form of this command.
action {add-first-header| add-header | as-profile | drop-msg | pass | replace-name |
no action {add-first-header| add-header | as-profile | drop-msg | pass | replace-name |
Syntax Description
Command Default The default body action is strip.
The default parameter action is strip.
The default header action is strip.
Command Modes SBE header profile header configuration
SBE parameter profile parameter configuration
Command History
If a configuration is loaded on top of an active configuration, warnings are generated to notify that the
configuration cannot be modified. If you must modify the entire configuration by loading a new one,
please remove the existing configuration first.
add-first-header Adds the first occurrence of a header (no action if a header exists).
add-header Adds a header whether on not one already exists.
as-profile Selects default profile action (whilelist/blacklist).
drop-msg Drops the message.
pass Passes on the header.
replace-name Replaces the header name.
replace-value Replaces the header content (value).
strip Unconditionally strips the matched body, header, or parameter element.
39-20
OL-13499-04
action (SIP)
Examples The following example shows how to set the action for parameter element type user in parameter profile
paramprof1 to add-not-present:
host1/Admin# config
host1/Admin(config-sbc-sbe)# sip parameter-profile paramprof1
The following example shows how to set the action for header element type To in parameter profile
headerprof1 to as-profile:
host1/Admin# config
host1/Admin(config-sbc-sbe-sip-hdr-ele)# action as-profile
header Configures a header element in a header profile.
parameter-profile Configures aparameter element in a parameter profile.
39-21
OL-13499-04
action (parameter)
action (parameter)
To configure the action to take on a parameter, use the action command in the appropriate configuration
mode. To remove an action from the element type, use the no form of this command.
action {add-not-present [value] {private-ip-address | public-ip-address | access-user-data}|
no action {add-not-present [value] {private-ip-address | public-ip-address | access-user-data}|
Syntax Description
Command Default The default parameter action is strip.
The default header action is strip.
Command Modes SBE header profile header configuration
SBE parameter profile parameter configuration(config-sbc-sbe-sip-prm-ele)
Command History
Examples The following example shows how to set the action for parameter element type user in parameter profile
paramprof1 to add-not-present:
host1/Admin# config
add-not-present Adds the parameter if it is not present.
value The value of the parameter to be added or replaced.
add-or-replace Adds the parameter if it is not present or replace the paramter if it is present.
private-ip-address Update parameter as private IP address.
public-ip-address Update parameter as public IP address.
access-user-data Update parameter as access user data.
strip Strips out the parameter if it is present.
39-22
OL-13499-04
action (parameter)
The following example shows how to set the action for header element type To in parameter profile
headerprof1 to as-profile:
host1/Admin# config
host1/Admin(config-sbc-sbe-sip-hdr-ele)# action as-profile
header Configures a header element in a header profile.
parameter Configures aparameter element in a parameter profile.
39-23
OL-13499-04
activate (dbe, sbe)
activate (dbe, sbe)
To initiate the Session Border Controller (SBC) service when all SBE or data border element (DBE)
address configuration have been successfully committed, use the activate command in the appropriate
configuration mode. To deactivate the SBE service of the SBC, use the no form of this command.
activate
no activate
Command Default Default is the no form of the command.
Command Modes DBE configuration (config-sbc-dbe)
SBE configuration (config-sbc-sbe)
Command History
The command is not completed even when the CLI returns; there is an asynchronous process (activation
or deactivation) going on and the new instruction is not actioned until the last one completes.
Examples The following example shows how to activate the DBE on the service mySbc:
host1/Admin# configur
host1/Admin (config-sbc-dbe)# activate
The following example shows how to activate the SBE on the service mySbc:
host1/Admin (config-sbc-sbe)# activate
Related Commands
Release 3.0.00 SBE support added.
Command Description
deact-mode Indicates how to implement the deactivation of an SBE.
39-24
OL-13499-04
activate (billing)
activate (billing)
To activate billing when it is configured, use the activate command in SBE billing configuration mode.
activate
Command Default By default, billing is not activated.
Command Modes SBE billing configuration (config-sbc-sbe-billing)
Command History
You can activate billing only after the RADIUS configuration has been activated.
Examples The following example shows how to activate the billing functionality after configuration is committed:
host1/Admin/Admin# configure
host1/Admin/Admin(config)# sbc mySbc
host1/Admin/Admin(config-sbc)# sbe
host1/Admin/Admin(config-sbc-sbe)# billing
host1/Admin/Admin(config-sbc-sbe-billing)# activate
Related Commands
Command Description
billing Configures billing.
ldr-check Configures the time of day (local time) to run the Long Duration Check
(LDR).
local-address ipv4 Configures the local IPv4 address that appears in the CDR.
method
packetcable-em
39-25
OL-13499-04
activate (billing)
packetcable-em
transport radius
show services sbc sbe
billing remote
Displays the local and billing configurations.
Command Description
39-26
OL-13499-04
activate (radius)
activate (radius)
To activate the RADIUS client, use the activate command in the appropriate configuration mode. To
disable this command, use the no form of this command.
activate
no activate
Command Modes Server accounting (config-sbc-sbe-acc)
Server authentication (config-sbc-sbe-auth)
Command History
Examples The following example shows how to activate the RADIUS client.
host1/Admin(config)# sbc uut105-1
host1/Admin/Admin(config-sbc-sbe)# radius accounting SBC1-account-1
Related Commands
retry-interval Sets the retry interval to connect to the RADIUS server.
retry-limit Sets the retry interval to the RADIUS server.
concurrent-requests Sets the maximum number of concurrent requests to the RADIUS server.
39-27
OL-13499-04
active-cac-policy-set
active-cac-policy-set
To set the active CAC-policy-set within an SBE entity, use the active-cac-policy-set command in SBE
configuration mode. To deconfigure the active policy set, leaving the SBE with no active policy set, use
the no form of this command.
active-cac-policy-set policy-set-id
no active-cac-policy-set policy-set-id
Syntax Description
Command Modes SBE configuration (config-sbc-sbe)
Command History
Examples The following example shows how to activate policy set 1 on mySbc:
Related Commands
policy-set-id Integer identifying the policy set that should be made active. Range is 1 to
2147483647.
Command Description
active-call-policy Sets the active routing policy set within an SBE
entity.
39-28
OL-13499-04
active-call-policy-set
To set the active routing policy set within an SBE entity, use the active-call-policy-set command in SBE
configuration mode. To deconfigure the active routing policy set, leaving the SBE with no active routing
policy set, use the no form of this command.
active-call-policy-set policy-set-id
no active-call-policy-set
Syntax Description
Command History
Usage Guidelines If another policy set was previously active, it is made inactive by executing this command. The SBE is
created with no active routing policy set; an active routing policy set must be explicitly configured using
this command.
To use this command, you must be in the correct configuration mode and submode. The "Examples"
Examples The following example shows how to activate policy set 1 on mySbc:
Related Commands
policy-set-id Integer that identifies the policy set that should be made active.
Range is 1 to 2147483647.
Command Description
active-cac-policy-set Sets the active CAC-policy-set within an SBE
entity.
39-29
OL-13499-04
address-default
address-default
To enter the mode for configuring the default event limits for the source addresses in a given VPN, use
the blacklist command in the SBE blacklist configuration mode. To set the values for the VPN to the
same as global addresses, use the no form of this command.
address-default
no address-default
Command Default Event limits are set to the same value for all VPNs.
Command Modes SBE blacklist configuration (config-sbc-sbe-blacklist)
Command History
Examples The following example shows how the address-default command is used to enter the mode for
configuring the default event limits for all addresses:
VRF-name is optional for the blacklist. However, if a VRF-name is entered, a vpn token is required as
shown in the following example:
host1/Admin(config-sbc-sbe-blacklist)# address-default ?
<cr> Carriage return.
host1/Admin(config-sbc-sbe-blacklist-addr-default)# exit
host1/Admin(config-sbc-sbe-blacklist)# vpn vpnname
host1/Admin(config-sbc-sbe-blacklist-vpn)# address-default ?
host1/Admin(config-sbc-sbe-blacklist-vpn)# address-default
host1/Admin(config-sbc-sbe-blacklist-vpn-addr-default)#
39-30
OL-13499-04
address-default
reason Enters a submode for configuring a limit to a specific event type on the
source.
timeout Defines the length of time that packets from the source are blocked, should
the limit be exceeded.
trigger-period Defines the period over which events are considered.
trigger-size Defines the number of the specified events from the specified source that are
allowed before the blacklisting is triggered, and blocks all packets from the
source.
39-31
OL-13499-04
address ipv4
address ipv4
To configure the address of the RADIUS server, use the address command in command in SBE
configuration mode. To deconfigure the active accounting server address, use the no form of this
command.
address ipv4 A.B.C.D.
no address ipv4 A.B.C.D.
Syntax Description
Command Modes Server accounting (config-sbc-sbe-acc-ser)
Command History
Usage Guidelines Any number of accounting servers can be specified. Call Detail Reports are sent to the accounting server
with the highest priority upon call termination.
Examples The following command configures accounting servers castor and pollux on mySbc for Remote
Authentication Dial-In User Service (RADIUS) client instance radius1:
host1/Admin (config-sbc-sbe)# radius accounting radius1
(config-sbc-sbe-acc)# server castor
(config-sbc-sbe-acc-ser)# address ipv4 10.0.0.1
(config-sbc-sbe-acc-ser)# exit
(config-sbc-sbe-acc)# server pollux
(config-sbc-sbe-acc-ser)# address pollux
(config-sbc-sbe-acc-ser)# exit
Related Commands
A.B.C.D. IP address of the RADIUS server.
Command Description
radius Configures a RADIUS client for accounting or
39-32
OL-13499-04
adjacency
adjacency
To configure an adjacency for a Session Border Controller (SBC) service, use the adjacency command
in SBE configuration mode. To deconfigure the adjacency, use the no form of this command.
adjacency {sip | h323} adjacency-name
no adjacency {sip | h323} adjacency-name
Syntax Description
Command History
section below shows the hierarchy of modes and submodes required to run the command.
Examples The following example shows how the adjacency command configures a SIP adjacency named sipGW.
host1/Admin(config-sbc-sbe)# adjacency sip sipGW
The following example shows how the adjacency command configures an H.323 adjacency named
H323ToIsp42.
host1/Admin(config-sbc-sbe)# adjacency h323 H323ToIsp42
Related Commands
sip Enters the mode of an SBE SIP adjacency.
h323 Enters the mode of an SBE H.323 adjacency.
adjacency-name Specifies the name of the SBE SIP or H.323 adjacency.
Command Description
show services sbc sbe adjacencies Displays all adjacencies.
39-33
OL-13499-04
adjacency timeout
adjacency timeout
To configure the adjacency retry timeout interval, use the adjacency timeout command in the
appropriate configuration mode. To return to the default value, use the no form of this command.
adjacency timeout value
no adjacency timeout value
Syntax Description
Command Default The default value is 30 seconds.
Command Modes Adjacency H.323 configuration (config-sbc-sbe-adj-h323)
H.323 configuration (config-sbc-sbe-h323)
Command History
Examples The following example shows how the adjacency timeout command configures adjacency retry timeout
in adjacency H.323 configuration mode:
host1/Admin(config-sbc-sbe)# adjacency h323 h323ToIsp42
host1/Admin(config-sbc-sbe-adj-h323)# adjacency timeout 10000
The following example shows how the adjacency timeout command configures adjacency retry timeout
in H.323 configuration mode.
host1/Admin(config-sbc-sbe-h323)# adjacency timeout 10000
Related Commands
value Specifies the timeout period in milliseconds. Valid values are from 10000
to 30000. The default value is 30 seconds.
Command Description
39-34
OL-13499-04
alias
alias
To configure the endpoint alias of an H.323 adjacency, use the alias command in adjacency H.323
configuration mode. To remove this configuration, use the no form of this command.
alias alias-name
no alias
Syntax Description
Command History
Examples The following example shows how to configure the H.323 adjacency h323ToIsp42 endpoint alias to
end1:
host1/Admin(config-sbc-sbe-adj-h323)# alias end1
Related Commands
alias-name Specifies the alias of the H.323 adjacency endpoint.
Command Description
attach-controller Configures a DBE to attach to a controller.
39-35
OL-13499-04
allow private info
allow private info
To configure an H.323 adjacency to allow private information on messages sent out by the adjacency,
use the allow private info command in the adjacencyH.323 configuration mode. To disallow private
information on messages sent out by the adjacency, use the no form of this command.
allow private info
no allow private info
Command History
Please note that if you configure the H.323 adjacency to allow private information, then it will allow
private information on messages even if the CAC policy is configured to apply privacy service or the user
requests privacy service.
Examples The following example shows how the allow private info command is used to configure an H.323
adjacency to allow private information on messages sent by the adjacency.
host1/Admin(config-sbc-sbe)# adjacency h323ToIsp422
host1/Admin(config-sbc-sbe-adj-h323)# allow private info
Related Commands
Command Description
privacy restrict
outbound
Configures an H.323 adjacency to apply privacy restriction on outbound
messages if the user requests it.
39-36
OL-13499-04
attach (adjacency)
attach (adjacency)
To attach an adjacency to an account on an SBE, use the attach command in the appropriate
configuration mode. To detach the adjacency from an account on an SBE, use the no form of this
command.
attach force [abort | normal]
no attach force [abort | normal]
Syntax Description
Adjacency SIP configuration (config-sbc-sbe-adj-sip)
Command History
Use the force argument to tear all SBE calls down.
Examples The following example shows how to attach the H.323 adjacency to h323ToIsp42:
Related Commands
force Executes a forced detach.
abort Tears down calls without signaling an end.
normal Tears down calls gracefully.
Command Description
39-37
OL-13499-04
attach (billing)
attach (billing)
To activate the billing for a RADIUS client, use the attach command in packetcable-em configuration
mode. To disable the billing for a RADIUS client, use the no form of this command.
attach
no attach
Command Default No default behavior or values.
Command Modes Packet-cable em configuration (config-sbc-sbe-billing-packetcable-em)
Command History
Examples The following example shows how to activate the billingfunctionality for a RADIUS client:
(config-sbc-sbe-billing)# method packetcable-em
(config-sbc-sbe-billing)# packetcable-em 4 transport radius test
(config-sbc-sbe-billing-packetcable-em)# batch-size 256
(config-sbc-sbe-billing-packetcable-em)# batch-time 22
(config-sbc-sbe-billing-packetcable-em)# attach
Related Commands
Command Description
activate (radius) Activates the billing functionality after configuration is committed.
attach Activates the billing for a RADIUS client.
batch-size Configures the batching or grouping of RADIUS messages sent to a
RADIUS server.
batch-time Configures the maximum number of milliseconds for which any record is
held in the batch before the batch is sent.
deact-mode Configures the deactivate mode for the billing method.
39-38
OL-13499-04
attach (billing)
(LDR).
local-address ipv4
(packet-cable)
Configures the local address of the packet-cable billing instance.
method
packetcable-em
packetcable-em
transport radius
billing remote
Command Description
39-39
OL-13499-04
attach-controllers
attach-controllers
To configure a DBE to attach to an H.248 controller, use the attach-controllers command in VDBE
configuration mode. To detach the DBE from its controller, use the no form of this command.
attach-controllers
no attach-controllers
Command Default The default is that no controllers are attached.
Command Modes VDBE configuration mode (config-sbc-dbe-vdbe)
Command History
Usage Guidelines The attachment and detachment of the DBE from its controller does not always complete immediately.
To view the current attachment status, use the show sbc dbe controllers command.
Examples In a configuration where the DBE has been created and controllers have been configured, the following
example shows how to attach the DBE to a controller in VDBE configuration mode:
host1/Admin(config-sbc-dbe-vdbe)# attach-controllers
Related Commands
Command Description
vdbe Configures a virtual data border element (vDBE)
and enters the VDBE configuration mode.
show sbc dbe controllers Lists the media gateway controllers configured
on each vDBE and its controller address.
39-40
OL-13499-04
authentication
authentication
To configure the H.323 adjacency authentication, use the authentication command in the adjacency
H.323 configuration mode. To deconfigure the H.323 adjacency authentication mode, use the no form
of this command.
authentication auth-type
no authentication
Syntax Description
Command History
Usage Guidelines This command causes the SBC to authenticate itself with a Gatekeeper. The gatekeeper is responsible
for performing the endpoint authentication.
Examples The following command sets H.323 adjacency "h323ToIsp42" to use endpoint authentication.
host1/Admin(config-sbc-sbe)# isp42 adjacency h323 h323ToIsp42
host1/Admin(config-sbc-sbe-adj-h323)# authentication endpoint
Related Commands
auth-type The authentication type; currently this can only be endpoint.
Command Description
39-41
OL-13499-04
authentication endpoint
To configure the H.323 adjacency to use endpoint authentication, use the authentication endpoint
command in Adjacency H.323 configuration mode. To remove this configuration, use the no form of this
command.
no authentication endpoint
Command Default By default, no authentication procedures are performed.
Command History
Examples The following example shows how to configure the H.323 adjacency h323ToIsp42 to use endpoint
authentication:
host1/Admin(config-sbc-sbe-adj-h323)# authentication endpoint
Related Commands
Command Description
sipi Configures the H.323 adjacency authentication key.
39-42
OL-13499-04
authentication-key
authentication-key
To configure the H.323 adjacency authentication key, use the authentication-key command in
adjacency H.323 configuration mode. To deconfigure the H.323 adjacency authentication key, use the
no form of this command.
authentication-key key
no authentication-key
Syntax Description
Command History
Examples The following example shows how to configure H.323 adjacency h323ToIsp42 to use authentication key
FG56KJ:
host1/Admin(config-sbc-sbe-adj-h323)# authentication-key FG56KJ
Related Commands
key Specifies the authentication key. (This is valid only when authentication is turned
on.)
Command Description
authentication endpoint Configures an H.323 adjacency to use endpoint authentication.
39-43
OL-13499-04
authentication mode
authentication mode
To configure the authentication mode for a SIP adjacency, use the authentication mode command in the
adjacency SIP configurationmode. To deconfigure the authentication mode, use the no form of this
command.
authentication mode {local | remote}
no authentication mode {local | remote}
Syntax Description
Command History
Examples The following example shows how the authentication mode command is used to configure the SIP
adjacency for local authentication:
host1/Admin(config-sbe-adj-sip)# authentication mode local
Related Commands
local Configures the SIP adjacency for local authentication.
remote Configures the SIP adjacency for remote authentication.
Command Description
authentication nonce
timeout
Configures the authentication nonce timeout for a SIP adjacency.
39-44
OL-13499-04
authentication nonce timeout
authentication nonce timeout
To configure the authentication nonce timeout for a SIP adjacency, use the authentication nonce
timeout command in the adjacency SIP configuration mode. To deconfigure the authentication nonce
timeout, use the no form of this command.
authentication nonce timeout value
no authentication nonce timeout
Syntax Description
Command Default The default timeout value is 300 seconds.
Command History
Examples The following example shows how the authentication nonce timeout command is used to configure the
authentication nonce timeout in seconds for a SIP adjacency:
Related Commands
value Specifies the timeout value in seconds. The range of values is 0 to 65535.
Command Description
authentication mode Configures the authentication mode for a SIP adjacency.
39-45
OL-13499-04
authentication-realm
authentication-realm
To configure a set of authentication credentials for a specified domain on the specified SIP adjacency,
use the authentication-realm command in SIP adjacency configuration mode. To deconfigure the
authentication realm on the specified adjacency, use the no form of this command.
authentication-realm {inbound domain | outbound domain username password}
no authentication-realm {inbound domain | outbound domain}
Syntax Description
Command History
Examples The following example shows how the authentication-realm command configures an authentication
realm for the domain example.com on SIP adjacency SipToISP42:
host1/Admin(config-sbc-sbe)# adjacency sip SiptoISP42
host1/Admin(config-sbc-sbe-adj-sip)# authentication-realm outbound example.com usersbc
passwordsbc
Related Commands
inbound Specifies inbound authentication-realm.
outbound Specifies outbound authentication-realm.
domain Name of the domain for which the authentication credentials are valid.
username Username that identifies the SBC in the specified domain.
password Password to authenticate the username in the specified domain.
Command Description
39-46
OL-13499-04
averaging-period
averaging-period
To configure the size of the averaging period used by CAC for its rate calculations, use the averaging
period command in the CAC-policy-set configuration mode. To return the averaging period to its
default, use the no form of this command.
averaging-period duration
no averaging-period
Syntax Description
Command Default The default is 60 seconds.
Command Modes CAC-policy-set configuration (config-sbc-sbe-cacpolicy)
Command History
Examples The following command sets the averaging period to 5 seconds in configuration set 1 on "mySbc".
Related Commands
duration The size of the averaging window to use, in seconds. Default is 60 seconds.
Command Description
cac-policy-set Enters the submode of CAC policy set
configuration.
39-47
OL-13499-04
batch-size
batch-size
To configure the batching or grouping of RADIUS messages sent to a RADIUS server, use the batch
command in the packetcable-em configuration mode. To disable the batch, use the no form of this
command.
batch-size number
no batch-size
Syntax Description
Command Default The default is 0.
Command History
A value of 0 indicates no batching. A platform may choose to set a nonzero default value (this may
increase performance.)
Examples The following example shows how to configure the maximum size of a batch of CDRs:
Related Commands
number Specifies the batch size in bytes. The range is 0 through 4096.
Command Description
RADIUS server.
39-48
OL-13499-04
batch-size
(LDR).
local-address ipv4
(packet-cable)
method
packetcable-em
packetcable-em
transport radius
billing remote
Command Description
39-49
OL-13499-04
batch-time
batch-time
To configure the maximum number of milliseconds for which any record is held before the batch is sent,
use the batch-time command in the packetcable-em configuration mode. To disable the waiting period,
use the no form of this command.
batch-time number
no batch-time
Syntax Description
Command Default The default is 1000 milliseconds.
Command Modes Packetcable em configuration (config-sbc-sbe-billing-packetcable-em)
Command History
Examples The following example shows how to configure the maximum number of milliseconds for which any
record is held before the batch is sent:
Related Commands
number Specifies the batch time in milliseconds. The range is 1 through 3600000.
Command Description
RADIUS server.
39-50
OL-13499-04
batch-time
(LDR).
local-address ipv4
(packet-cable)
method
packetcable-em
packetcable-em
transport radius
billing remote
Command Description
39-51
OL-13499-04
billing
billing
To configure billing, use the billing command in SBE configuration mode. Use the no form of this
command to remove all of the billing configuration.
billing
no billing
Command History
There is only one billing per SBC.
Examples The following example shows how to enter the billing mode for mySbc:
host1/Admin(config-sbc-sbe-billng)#
Related Commands
Release 3.1.00 The remote keyword was removed.
Command Description
(LDR).
method
packetcable-em
39-52
OL-13499-04
billing
packetcable-em
transport radius
billing remote
Command Description
39-53
OL-13499-04
blacklist (sbe)
blacklist (sbe)
To enter the mode for configuring the event limits of a given source, use the blacklist command in the
SBE configuration mode. To return the event limits to the default values, use the no form of this
command.
blacklist
no blacklist
Command History
Examples The following example shows how to enter the mode for configuring the default event limits for all
addresses:
VRF-name is optional for the blacklist. However, if a VRF-name is entered, a vpn token is required as
shown in the following example:
host1/Admin(config-sbc-sbe-blacklist)# address-default ?
host1/Admin(config-sbc-sbe-blacklist-addr-default)# exit
host1/Admin(config-sbc-sbe-blacklist)# vpn vpnname
host1/Admin(config-sbc-sbe-blacklist-vpn)# address-default ?
host1/Admin(config-sbc-sbe-blacklist-vpn)# address-default
host1/Admin(config-sbc-sbe-blacklist-vpn-addr-default)#
39-54
OL-13499-04
blacklist (sbe)
The following example shows how the vpn command is used to enter the mode for configuring the event
limits for a given VPN:
host1/Admin(config-sbc-sbe-blacklist)# vpn test
host1/Admin(config-sbc-sbe-blacklist-vpn)#
The following example shows how to enter the mode for configuring blacklisting to apply to all
addresses:
The following example shows how to enter the mode for applying blacklisting options to a single IP
address:
host1/Admin(config-sbc-sbe-blacklist-ipv4)#
address-default Enters the mode for configuring the default event limits for the source
addresses in a given VPN.
clear services sbc sbe
blacklist
Clears the blacklist for the specified SBC service.
global Enters the mode for configuring blacklisting to apply to all addresse.
ipv4 (blacklist) Enters the mode for applying blacklisting options to a single IP address.
vpn Enters the mode for configuring the event limits for a given VPN.
source.
blacklist
configured-limits
Lists the explicitly configured limits, showing only the sources configured.
blacklist
Lists the limits causing sources to be blacklisted.
tcp Enters the mode for configuring blacklisting for TCP protocol only.
default-port-limit Enters a submode for configuring the default even limits for the ports of a
given address.
39-55
OL-13499-04
blacklist (sbe)
source.
udp Enters the mode for configuring blacklisting for UDP protocol only.
vpn Enters the mode for configuring the event limits for a given VPN.
Command Description
39-56
OL-13499-04
blacklist (sip-opt)
blacklist (sip-opt)
To set profile to be blacklisted, use the blacklist command in SIP option mode. Use the no form of this
command to remove blacklist from this profile.
blacklist
no blacklist
Command Default The global default is used.
Command Modes SIP option (sip-opt)
Command History
section shows the hierarchy of modes and submodes required to run the command:
Examples The following example shows how to add an option to the profile.
host1/Admin(config)# sbc sanity
host1/Admin(config-sbc-sbe)# sip option-profile optpr1
host1/Admin(config-sbc-sbe-sip-opt)# blacklist
Related Commands
Command Description
sip-option-profile Configures an option profile in the mode of an
SBE entity for a SIP option whitelist or blacklist
profile.
39-57
OL-13499-04
cache-lifetime
cache-lifetime
To configure the lifetime of any DNS entry, use the cache-lifetime command in the DNS configuration
mode. To disable the lifetime, use the no form of this command.
cache-lifetime 0-1879048
no cache-lifetime
Syntax Description
Command Modes DNS configuration (config-sbc-sbe-dns)
Command History
Examples The following example shows how to configure the lifetime of any DNS entry:
host1/Admin(config-sbe-dns)# cache-lifetime 444
Related Commands
0-1879048 Lfetime of any DNS entry, in seconds.
Command Description
cache-limit Configures the maximum number of entries that are permitted in the DNS
cache.
sip dns Enters the SIP DNS configuration mode.
39-58
OL-13499-04
cache-limit
cache-limit
To configure the maximum number of entries that are permitted in the DNS cache, use the cache-limit
command in the DNS configuration mode. To set the limit to 100, use the no form of this command.
cache-limit 0-4294967295
no cache-lifetime
Syntax Description
Command Modes DNS configuration (config-sbc-sbe-dns)
Command History
Examples The following example shows how to configure limits on DNS entries:
host1/Admin(config-sbe-dns)# cache-limit 14
Related Commands
0-4294967295 Maximum number of DNS entries.
Command Description
cache-lifetime Configures the lifetime of any DNS entry.
sip dns Enters the SIP DNS configuration mode.
39-59
OL-13499-04
cac-policy-set
cac-policy-set
Use the cac-policy-set command in the SBE configuration mode to enter the submode of CAC policy
set configuration within an SBE entity. If necessary, a new policy set is created. Changes are not be
permitted to the configuration of the active policy set.
Use the no form of the command to destroy the policy set. A policy set may not be destroyed if it is the
active policy set.
cac-policy-set policy-set-id
no cac-policy-set policy-set-id
Syntax Description
Command History
Examples The following command creates an empty policy set, identified by number 1, on mySbc.
Related Commands
policy-set-id An integer chosen by the user to identify the policy set. The range is 1 -
2147483647.
Command Description
active-cac-policy-set Sets the active CAC-policy-set within an SBE entity.
39-60
OL-13499-04
cac-table
cac-table
To create or configure an admission control table, use the cac-table command in CAC-policy-set
configuration mode. To delete the admission control table, use the no form of this command.
cac-table table-name
no cac-table table-name
Syntax Description
Command History
Examples The following example shows how to create the admission control table MyCacTable:
Related Commands
table-name Specifies the admission control table.
Command Description
first-cac-table Configures the name of the first policy table to process when performing
the admission control stage of policy.
first-cac-scope Configures the scope at which to begin defining limits when performing
the admission control stage of policy.
39-61
OL-13499-04
callee-codec-list
callee-codec-list
To list the codecs that the callee leg of a call is allowed to use, use the callee-codec-list command in the
CAC table entry configuration mode. To delete a codec list, use the no form of this command.
callee-codec-list list-name
no callee-codec-list list-name
Syntax Description
Command History
Examples The following example shows how to enter a submode to create a codec list using the name my_codecs:
host1/Admin(config-sbc-sbe-cacpolicy)# first-cac-table callhold-dst-settings
host1/Admin(config-sbc-sbe-cacpolicy)# cac-table callhold-dst-settings
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# callee-codec-list test
Related Commands
list-name Name of the codec list. The maximum size is 30 characters.
Command Description
codec Adds a codec to a codec list.
caller-codec-list Lists the codecs that the caller of a call can use.
39-62
OL-13499-04
callee-hold-setting
callee-hold-setting
To configure the callee hold settings that are supported, use the callee-hold-setting command in CAC
table entry configuration mode. To disable the settings, use the no form of this command.
callee-hold-setting {hold-c0 | hold-c0-inactive | hold-c0-sendonly | hold-sendonly | standard}
no callee-hold-setting {hold-c0 | hold-c0-inactive | hold-c0-sendonly | hold-sendonly |
standard}
Syntax Description
Command History
Examples The following example shows how to configure the callee hold settings:
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# callee-hold-setting hold-sendonly
hold-c0 Callee supports or requires c=I 0.0.0.0.
hold-c0-inactive Callee supports or requires c=I 0.0.0.0 or a=inactive.
hold-c0-sendonly Callee supports or requires c= 0.0.0.0 or a=sendonly
hold-sendonly Callee supports or requires a=sendonly.
standard Callee supports or requires c= 0.0.0.0 and either a=forward-direction
capability.
39-63
OL-13499-04
callee-hold-setting
callee-inbound-policy Configures a callee inbound SDP policy table.
callee-outbound-policy Configures a callee outbound SDP policy table.
39-64
OL-13499-04
callee-inbound-policy
callee-inbound-policy
To configure a callee inbound SDP policy table, use the callee-inbound-policy command in CAC table
entry configuration mode. To disable a callee inbound SDP policy table, use the no form of this
command.
callee-inbound-policy WORD
no callee-inbound-policy WORD
Syntax Description
Command History
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# callee-inbound-policy test
Related Commands
WORD Name of the SDP policy table. The maximum size is 30 characters.
Command Description
callee-hold-setting Configures the callee hold settings that are supported.
callee-outbound-policy Configures a callee outbound SDP policy table.
39-65
OL-13499-04
callee-outbound-policy
callee-outbound-policy
To configure a callee outbound SDP policy table, use the callee-outbound-policy command in CAC
table entry configuration mode. To disable the settings, use the no form of this command.
callee-outbound-policy WORD
no callee-outbound-policy WORD
Syntax Description
Command History
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# callee-inbound-policy test
Related Commands
Command Description
callee-hold-setting Configures the callee hold settings that are supported.
callee-inbound-policy Configures a callee inbound SDP policy table.
39-66
OL-13499-04
callee-privacy
callee-privacy
To configure the level of privacy processing to perform on messages sent from callee to caller, use the
callee-privacy command in CAC table configuration mode. To delete the maximum number of channels
in the given entry in the admission control table, use the no form of this command.
callee-privacy [callee_priv_setting]
no callee-privacy
Syntax Description
Command Default The default for callee_priv_setting=never.
Command History
Examples The following example shows how to configure the entry to always hide callee identity in the new
host1/Admin(config-sbc-sbe-cacpolicy-cactable)# match-type dst-prefix
host1/Admin(config-sbc-sbe-cacpolicy-cactable)# cac-table MyCacTable
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# callee-privacy always
Related Commands
callee_priv_setting Indicates specific callee privacy setting. Values are:
never: Never hides the identity.
account-boundary: Hides the identity if caller is different account from
callee.
always: Always hides the identity.
Command Description
cac-table Configures an admission control table.
39-67
OL-13499-04
callee-sig-qos-profile
callee-sig-qos-profile
To configure the QoS profile to be used for signaling packets sent to the original callee, use the
callee-sig-qos-profile command in the CAC table entry configuration mode. To deconfigure the QoS
profile, use the no form of this command.
callee-sig-qos-profile profile-name
no callee-sig-qos-profile profile-name
Syntax Description
Command History
Examples The following example shows how the callee-sig-qos-profile command is used to configure the QoS
profile named enterprise to be used for signaling packets sent to the original callee:
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# callee-sig-qos-profile enterprise
Related Commands
profile-name Specifies the name of the QoS profile. The string default is reserved.
Command Description
callee-video-qos-profile Configures the QoS profile to use for video media
packets sent to the original callee.
callee-voice-qos-profile Configures the QoS profile to use for voice media
39-68
OL-13499-04
callee-video-qos-profile
To configure the QoS profile to use for media packets sent to the original callee, use the
callee-video-qos-profile command in CAC table entry configuration mode. To return to the default
behavior, use the no form of this command.
callee-video-qos-profile profile-name
no callee-video-qos-profile
Syntax Description
Command History
Note The callee-video-qos-profile can be executed only at the per-call scope. CAC policy does not activate
if configured at any other scope.
Examples The following example shows how to configure calls from the acme account to use the video QoS profile
enterprise for packets sent from the SBC to the original callee:
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# match-value acme
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# callee-video-qos-profile enterprise
profile-name Specifies the QoS profile.
39-69
OL-13499-04
Related Commands
Command Description
callee-sig-qos-profile Configures the QoS profile to be used for
signaling packets sent to the original callee.
39-70
OL-13499-04
callee-voice-qos-profile
To configure the QoS profile to use for media packets sent to the original callee, use the
callee-voice-qos-profile command in CAC table entry configuration mode. To return to the default
callee-voice-qos-profile profile-name
no callee-voice-qos-profile
Syntax Description
Command History
Note This command can be executed only at the per-call scope. CAC policy does not activate if this command
is configured at any other scope.
Examples The following example shows how to configure calls from the acme account to use the voice QoS profile
enterprise for packets sent from the SBC to the original callee.
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# callee-voice-qos-profile enterprise
39-71
OL-13499-04
Related Commands
Command Description
callee-sig-qos-profile Configures the QoS profile to be used for
signaling packets sent to the original callee.
39-72
OL-13499-04
caller-codec-list
caller-codec-list
To list the codecs that the caller leg of a call is allowed to use, use the caller-codec-list command in the
CAC table entry configuration mode. To delete a codec list, use the no form of this command.
caller-codec-list list-name
no caller-codec-list list-name
Syntax Description
Command History
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# caller-codec-list test
Related Commands
list-name Name of the codec list. The maximum size is 30 characters.
Command Description
callee-codec-list Lists the codecs that the callee leg of a call can use.
39-73
OL-13499-04
caller-hold-setting
caller-hold-setting
To configure the caller hold settings that are supported, use the caller-hold-setting command in CAC
table entry configuration mode. To delete caller hold setting, use the no form of this command.
caller-hold-setting {hold-c0 | hold-c0-inactive | hold-c0-sendonly | hold-sendonly | standard}
no caller-hold-setting {hold-c0 | hold-c0-inactive | hold-c0-sendonly | hold-sendonly | standard}
Syntax Description
Command Default The default is standard.
Command Modes CAC table entry configuration (config-sbc-sbe-cacpolicy-cactable-entry)#
Command History
Examples The following example shows how to configure the caller hold settings:
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# caller-hold-setting hold-sendonly
hold-c0 Callee supports or requires c=I 0.0.0.0.
hold-c0-inactive Callee supports or requires c=I 0.0.0.0 or a=inactive.
hold-c0-sendonly Callee supports or requires c= 0.0.0.0 or a=sendonly.
hold-sendonly Callee supports or requires a=sendonly.
standard Callee supports or requires c= 0.0.0.0 and either a=forward-direction capability.
39-74
OL-13499-04
caller-hold-setting
caller-outbound-policy Configures a caller outbound SDP policy table.
caller-inbound-policy Configures a caller inbound SDP policy table.
39-75
OL-13499-04
caller-inbound-policy
caller-inbound-policy
To configure a caller inbound SDP policy table, use the caller-inbound-policy command in CAC table
entry configuration mode. To delete a caller inbound SDP policy table, use the no form of this command.
caller-inbound-policy WORD
no caller-inbound-policy WORD
Syntax Description
Command Default No default behavior or value
Command History
Examples The following example shows how to configure a caller inbound SDP policy table:
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# caller-inbound-policy test
Related Commands
Command Description
caller-hold-setting Configures the caller hold settings.
caller-outbound-policy Configure a caller outbound SDP policy table.
39-76
OL-13499-04
caller-outbound-policy
caller-outbound-policy
To configure a caller outbound SDP policy table, use the caller-outbound-policy command in CAC
table entry configuration mode. To delete , use the no form of this command.
caller-outbound-policy table_name
no caller-outbound-policy table_name
Syntax Description
Command History
Examples The following example shows how to configure a caller outbound SDP policy table:
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# caller-outbound-policy test
Related Commands
WORD Specifies the name of the SDP policy table. The maximum size is 30 characters.
Command Description
caller-hold-setting Configures the caller hold settings.
caller-inbound-policy Configures a caller inbound SDP policy table.
39-77
OL-13499-04
caller-privacy
caller-privacy
To configure the level of privacy processing to perform on messages sent from caller to callee, use the
caller-privacy command in CAC table configuration mode. To delete the maximum number of channels
caller-privacy [privacy-setting]
no caller-privacy
Syntax Description
Command Default The privacy_setting value is set to never.
Command Modes CAC table configuration (config-sbc-sbe-cacpolicy-cactable)
Command History
Examples The following example shows how to configure the entry to always hide caller identity in the new
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# caller-privacy always
privacy_setting Indicates specific caller privacy setting. Possible values include:
never: Never hides the identity.
account-boundary: Hides the identity if caller is on a different account from
callee.
always: Always hides the identity.
39-78
OL-13499-04
caller-privacy
Related Commands
Command Description
39-79
OL-13499-04
caller-sig-qos-profile
To configure the QoS profile to use for signaling packets sent to the original caller, use the
caller-sig-qos-profile command in the CAC table entry configuration mode. To deconfigure the QoS
profile, use the no form of this command.
caller-sig-qos-profile profile-name
no caller-sig-qos-profile profile-name
Syntax Description
Command History
Usage Guidelines This command can only be executed at the per-call scope. CAC policy will not activate if this command
Packet marking will not be applied until the CAC decision process is run. This means that some initial
signaling packets sent to the caller (for example, the SIP 100 provisional response) will not receive any
particular DSCP marking.
Examples The following command configures calls from the acme account to use the voice QoS profile enterprise
for signaling packets sent from the SBC to the original caller:
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# caller-sig-qos-profile enterprise
profile-name Specifies the name of the QoS profile. The string default is reserved.
39-80
OL-13499-04
Related Commands
Command Description
caller-video-cos-profile Configures the QoS profile to use for video media
packets sent to the original caller.
caller-voice-cos-profile Configures the QoS profile to use for voice media
39-81
OL-13499-04
caller-video-qos-profile
To configure the QoS profile to use for media packets sent to the original caller, use the
caller-video-qos-profile command in CAC table configuration mode. To remove this configuration, use
caller-video-qos-profile profile-name
no caller-video-qos-profile profile-name
Syntax Description
Command History
Note The caller-video-qos-profile command can be executed only at the per-call scope. CAC policy does not
activate if this command is configured at any other scope.
Examples The following example shows how to configure calls from the acme account to use the video QoS profile
enterprise for packets sent from the SBC to the original caller:
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# caller-video-qos-profile enterprise
profile-name Specifies the Qos profile.
39-82
OL-13499-04
Related Commands
Command Description
caller-sig-cos-profile Configures the QoS profile to use for signaling
caller-voice-cos-profile Configures the QoS profile to use for voice media
39-83
OL-13499-04
caller-voice-qos-profile
To configure the QoS profile to use for media packets sent to the original caller, use the
caller-voice-qos-profile command in CAC table configuration mode. To remove this configuration, use
caller-voice-qos-profile profile-name
no caller-voice-qos-profile
Syntax Description
Command History
Note This command can be executed only at the per-call scope. CAC policy does not activate if this command
Examples The following example shows how to configure calls from the acme account to use the voice QoS profile
enterprise for packets sent from the SBC to the original caller:
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# caller-voice-qos-profile enterprise
39-84
OL-13499-04
Related Commands
Command Description
caller-sig-cos-profile Configures the QoS profile to use for signaling
caller-video-cos-profile Configures the QoS profile to use for video media
39-85
OL-13499-04
call-policy-set
call-policy-set
To create a new policy set, use the call-policy-set command in SBE configuration mode. To delete the
policy set, use the no form of this command.
call-policy-set policy-set-id
no call-policy-set policy-set-id
Syntax Description
Command History
Examples The following example shows how to create an empty policy set, identified by number 1, on mySbc:
Related Commands
policy-set-id Specifies the integer that identifies the policy set.
Command Description
first-call-routing-table Configures the name of the first policy table to process when
performing the routing stage of policy for new-call events.
first-number-analysis-table Configures the name of the first policy table to process when
performing the routing stage of policy for subscriber-registration
events.
39-86
OL-13499-04
category
category
To configure the entry category in the number analysis table with entries of the table matching a part of
or the whole dialed number, use the category command in the NA routing table configuration mode. To
deconfigure the category of an entry, use the no form of this command.
category category-name
no category category-name
Syntax Description
Command Modes NA routing table configuration (config-sbc-sbe-rtgpolicy-natable-entry)
Command History
Examples The following example shows how to configure the category of entry 1 in the new number analysis table
MyNaTable matching the whole number:
host1/Admin(config-sbc-sbe-rtgpolicy)# na-dst-number-table MyNaTable
host1/Admin(config-sbc-sbe-rtgpolicy-natable-entry)# category external
Related Commands
category-name Specifies a category to assign to the event.
Command Description
na-dst-number-table Enters the submode of configuration of a number
analysis table within the context of an SBE policy
set.
39-87
OL-13499-04
clear services sbc
clear services sbc
To clear the DBE or SBE configurations, use the clear services sbc command in EXEC mode.
clear services sbc sbc-name {dbe | sbe}
Syntax Description
Command Modes EXEC (#)
Command History
Examples The following example shows how to clear the DBE configuration.
host1/Admin# clear services sbc mySbc dbe
Related Commands
sbc-name Specifies the name of the Session Border Controller (SBC)
service.
dbe Clears DBE configuration.
sbe Clears SBE configuration.
Command Description
dbe Creates the DBE service on an SBC and enters
into the SBC-DBE configuration mode.
sbe Creates the SBE service on an SBC and enters
into the SBC-SBE configuration mode.
39-88
OL-13499-04
clear services sbc sbe blacklist
clear services sbc sbe blacklist
To clear the blacklist for the specified Session Border Controller (SBC) service, use the clear services
sbc sbe blacklist command in EXEC mode.
clear services sbc sbc-name sbe blacklist [vrfname] [ipv4 addr [{udp | tcp} A.B.C.D]]
Syntax Description
Command History
Examples The following example clears all the blacklists for the TCP port 1 for VRF test for the ipv4 address of
2.2.2.2:
host1/Admin# clear services sbc aa sbe blacklist test ipv4 2.2.2.2 tcp 1
Related Commands
sbc-name Name of the Session Border Controller (SBC) service.
vrfname VRF for which to clear blacklisted entries.
ipv4 address IPv4 address.
tcp Clears blacklisting for TCP protocol only.
udp Clears blacklisting for UDP protocol only.
A.B.C.D IPv4 subnet mask.
Command Description
blacklist Enters the mode for configuring the event limits
of a given source.
39-89
OL-13499-04
clear services sbc blacklist all
clear services sbc blacklist all
To clear all the currently blacklisted entries for the specified Session Border Controller (SBC) service,
use the clear services sbc sbe blacklist all command in EXEC mode.
clear services sbc sbc-name sbe blacklist all
Syntax Description
Command History
Examples The following example clears all the blacklist entries for the SBC test:
host1/Admin# clear services sbc test sbe blacklist all
Command Accepted
host1/Admin#
Related Commands
Command Description
of a given source.
39-90
OL-13499-04
clear services sbc sbe blacklist all
clear services sbc sbe blacklist all
To clear all the currently blacklisted entries of a given VPN, use the clear services sbc sbe blacklist all
command in EXEC mode.
clear services sbc sbc-name sbe blacklist [vrfname] [ipv4 addr [{udp | tcp} port]]
Syntax Description
Command History
Examples The following example clears all the blacklists for the TCP port 1 for VRF test for the ipv4 address of
2.2.2.2:
Related Commands
vrfname Specifies the VRF for which to clear blacklisted entries.
ipv4 address Specifies the IPv4 address.
tcp Clear blacklisting for TCP protocol only.
udp Clear blacklisting for UDP protocol only.
port Port number to clear blacklisting for. Range is 0-65535.
Command Description
of a given source.
39-91
OL-13499-04
clear services sbc sbe blacklist ipv4
clear services sbc sbe blacklist ipv4
To clear all the currently blacklisted entries of a given subset, use the clear services sbc sbe blacklist
ipv4 command in EXEC mode.
clear services sbc sbc-name sbe blacklist [vrfname] [ipv4 addr [{udp | tcp} port]]
Syntax Description
Command History
Examples The following example clears all the blacklists for the TCP port 1 for VRF test for the IPv4 address of
2.2.2.2:
Related Commands
vrfname Specifies the VRF for which to clear blacklisted entries.
ipv4 address Specifies the IPv4 address.
tcp Clear blacklisting for TCP protocol only.
udp Clear blacklisting for UDP protocol only.
port Port number to clear blacklisting for. Range is 0-65535.
Command Description
of a given source.
39-92
OL-13499-04
clear services sbc dbe media-stats
clear services sbc dbe media-stats
To clears all the statistics collected by the media gateway manager of the DBE, use the clear services
sbc dbe media-stats command in EXEC mode.
clear services sbc sbc-name dbe media-stats
Syntax Description
Command History
Usage Guidelines This command clears the statistics displayed by the show services sbc dbe media-stats command.
Examples The following example clears all the statistics collected by the media gateway manager of a DBE on
an SBC called mySbc:
host1/Admin(config)# clear services sbc mySbc dbe media-stats
Related Commands
sbc-name Name of the SBC service.
Command Description
show services sbc dbe media-stats Lists the statistics of one or more media flows
collected on the DBE.
39-93
OL-13499-04
clear services sbc sbe cac-rejection-stats
clear services sbc sbe cac-rejection-stats
To clear all the call admission control policy rejection statistics, use the clear services
cac-rejection-stats command in EXEC mode.
clear services sbc sbc-name sbe cac-rejection-stats
Syntax Description
Command History
Examples The following example clears all the call admission control policy rejection statistics for the SBE mysbc:
host1/Admin# clear services sbc mySbc sbe cac-rejection-stats
Related Commands
Command Description
show services sbc sbe call-stats Lists the statistics for all the calls on the specified
SBE.
39-94
OL-13499-04
clear services sbc sbe call
clear services sbc sbe call
To clear the currently active call, use the clear services sbc sbe call command in EXEC mode.
clear services sbc sbc-name sbe call no
Syntax Description
Command History
Examples The following example clears all the call rate statistics for the SBE mysbc:
host1/Admin# clear services sbc mySbc sbe call
Related Commands
no Specifies the call number.
Command Description
show services sbc sbe call-rate-stats Lists all of the current rate of attempted call
setups per second over a short period of time.
39-95
OL-13499-04
clear services sbc sbe call-rate-stats
clear services sbc sbe call-rate-stats
To clear all the call rate statistics, use the clear services call-rate-stats command in EXEC mode.
clear services sbc sbc-name sbe call-rate-stats
Syntax Description
Command History
Examples The following example clears all the call rate statistics for the SBE mysbc:
host1/Admin# clear services sbc mySbc sbe call-rate-stats
Related Commands
Command Description
show services sbc sbe call-rate-stats Lists all of the current rate of attempted call
setups per second over a short period of time.
39-96
OL-13499-04
clear services sbc sbe call-rejection-stats
clear services sbc sbe call-rejection-stats
To clear all the call admission control policy rejection statistics, use the clear services
call-rejection-stats command in EXEC mode.
clear services sbc sbc-name sbe call-rejection-stats
Syntax Description
Command History
Examples The following example clears all the call admission control policy rejection statisticss for the SBE
mysbc:
host1/Admin# clear services sbc mySbc sbe call-rejection-stats
Related Commands
Command Description
SBE.
39-97
OL-13499-04
clear services sbc sbe call-stats
clear services sbc sbe call-stats
To clear all the call statistics by the SBE, use the clear services sbc sbe call-stats command in EXEC
mode.
clear services sbc sbc-name sbe call-stats
Syntax Description
Command History
Examples The following example clears all the call statistics for the SBE mysbc:
host1/Admin# clear services sbc mysbc sbe call-stats
Related Commands
Command Description
SBE.
39-98
OL-13499-04
clear services sbc sbe policy-failure-stats
clear services sbc sbe policy-failure-stats
To clear all of the call setup failure statistics for a specified source adjacency, use the clear services sbc
sbe policy-failure-stats command in EXEC mode.
clear services sbc sbc-name sbe policy-failure-stats {src-adjacency | src-account | dst-adjacency
| dst-sccount} name [cr]
Syntax Description
Command History
Examples The following example shows how to clear all of the policy failure statistics for an adjacency named YY:
host1/Admin# clear services sbc mysbc sbe policy-failure-stats src-adjacency YY
Related Commands
sbc-name Specifies the name of the Session Border Controller (SBC) service.
src-adjacency Clears statistic for a source adjacency.
src-account Clears statistic for a source account.
dst-adjacency Clears statistic for a destination adjacency.
dst-account Clears statistic for a destination account.
name Adjacency name or the account name.
cr Clears all statistics.
Command Description
show services sbc sbe policy-failure-stats Lists the statistics for all the policy failures on a
specific SBE.
39-99
OL-13499-04
clear services sbc sbe policy-rejection-stats
clear services sbc sbe policy-rejection-stats
To clear all the policy rejection statistics by the SBE, use the clear services sbc sbe
policy-rejection-stats command in EXEC mode.
clear services sbc sbc-name sbe policy-rejection-stats
Syntax Description
Command History
Usage Guidelines This clears all recorded policy rejection stats including the current and previous intervals.
Examples The following example clears all the policy rejection statistics by the SBE.
host1/Admin# clear services sbc mySbc sbe policy-rejection-stats
Related Commands
service.
Command Description
show services sbc sbe policy-failure-stats Lists the statistics for all the policy failures on a
specific SBE.
39-100
OL-13499-04
clear services sbc sbe radius-client
clear services sbc sbe radius-client
To clear all the statistics for the specified RADIUS server, use the clear services sbc sbe radius-client
clear services sbc sbc-name sbe radius-client {accounting word | authentication}
radius-server-stats word}
Syntax Description
Command History
Examples The following example clears all the authentication statistics for the RADIUS server svr:
host1/Admin# clear services sbc mySbc sbe radius-client authentication radius-server-stats
svr
The following example clears all the accounting client statistics for the local RADIUS client, acc for the
RADIUS server svr:
host1/Admin# clear services sbc mySbc sbe radius-client accounting acc radius-server-stats
svr
Related Commands
service.
accounting Clears accounting client statistics.
authentication Clears authentication client statistics.
radius-server-stats Identifies the RADIUS server name.
word For accounting, the RADIUS client name. The maximum size is
80 characters.
For radius-server-stats, the RADIUS server name. The
maximum size is 80 characters.
Command Description
show services sbc sbe radius-client-stats Lists the RADIUS accounting client statistics for
all accounting clients.
39-101
OL-13499-04
clear services sbc sbe radius-client-stats
clear services sbc sbe radius-client-stats
To clear all the statistics for the local RADIUS clients, use the clear services sbc sbe radius-client-stats
clear services sbc sbc-name sbe radius-client-stats {accounting word | authentication}
Syntax Description
Command History
Examples The following example clears all the authentication statistics:
host1/Admin# clear services sbc mySbc sbe radius-client-stats authentication
The following example clears all the accounting statistics for the local RADIUS client, radius1:
host1/Admin# clear services sbc mySbc sbe radius-client-stats accounting radius1
Related Commands
service.
word The RADIUS client name. The maximum size is 80 characters.
accounting Clears accounting client statistics.
authentication Clears authentication client statistics.
Command Description
39-102
OL-13499-04
clear services sbc sbe statistics
clear services sbc sbe statistics
To clear the summary statistics and the detailed response code statistics, use the clear services sbc sbe
statistics command in EXEC mode.
clear services sbc sbc-name sbe adj-name statistics
Syntax Description
Command History
Examples The following example shows how to clear all summary statistics and the detailed response code
statistics:
host1/Admin# clear services sbc tet sbe ttt statistics
Related Commands
adj-name RADIUS client name. The maximum size is 80 characters.
Command Description
SBE.
39-103
OL-13499-04
codec
codec
To add a codec to a codec list, use the codec command in the Codec list mode. To remove a named codec
from a codec list, use the no form of this command.
codec codec-name
no codec codec-name
Syntax Description
Command Modes Codec list (sbe-codec-list)
Command History
Examples The following example shows how to assign the PCMU codec to the my_codecs codec list:
host1/Admin(config-sbc-sbe)# codec-list my_codecs
Related Commands
codec-name Specifies the name of a codec. This value must be one of the list of codecs
that the SBE is hard-coded to recognize. Otherwise, when you execute this
command, the SBE displays an error.
The format of the codec name is the same as the string used to represent it
in Session Description Protocol (SDP). For example, PCMU or VDVI. A
codec can only be added to each list one time.
Command Description
codec-list Creates a codec list.
codec-list codec packetization-period Specifies a packetization period for a codec.
codec-list description Provides a description of a codec list.
show services sbc sbe codec-list Displays information about codec lists.
39-104
OL-13499-04
codec-list
codec-list
To create a codec list, use the codec-list command in the SBE configuration mode. To delete a codec list,
codec-list list-name
no codec-list list-name
Syntax Description
Command History
Related Commands
list-name Specifies the name of the codec list.
Command Description
39-105
OL-13499-04
codec-list description
codec-list description
To provide a description of a codec list, use the codec-list description command in codec list mode. To
delete the description for the codec list, use the no form of this command.
codec-list description text
no description
Syntax Description
Command History
Examples The following example shows how to provide the my_codecs codec list with a description (Legitimate
codecs):
host1/Admin(config-sbc-sbe-codec-list)# codec-list description Legitimate codecs
Related Commands
text An arbitrary text string that describes the codec list.
Command Description
39-106
OL-13499-04
codec packetization-period
To set a minimum packetization period for a codec, use the codec packetization-period command in
the codec list mode. To remove a packetization-period from a codec, use the no form of this command.
codec codec-name packetization-period packet-period
no codec codec-name packetization-period packet-period
Syntax Description
Note For each minimum packetization period, only one codec is allowed to be added to each list, one time
only.
Command History
Examples The following example shows how to set a minimum packetization period for the PCMU and G729
codecs that are in the my_codecs codec list:
codec-name Specifies the name of a codec. This value must be one from the list of
codecs that the SBE is hard-coded to recognize. Otherwise, when you
execute this command, the SBE displays an error.
The format of the codec name is the same as the string used to represent it
in SDP (for example, PCMU or VDVI).
packet-period The codec can optionally be followed by a minimum acceptable
packetization period in milliseconds as indicated by packetization-period.
For example, codec PCMU packetization-period 20 adds the codec
PCMU to the list with a minimum acceptable packetization period of 20 ms.
The range of packetization period is 0 to 1000.
39-107
OL-13499-04
host1/Admin(config-sbc-sbe-codec-list)# codec PCMU packetization-period 20
host1/Admin(config-sbc-sbe-codec-list)# codec G729 packetization-period 10
39-108
OL-13499-04
codec-restrict-to-list
To configure the CAC to restrict the codecs used in signaling a call to the set of codecs given in the
named list, use the codec-restrict-to-list command in CAC table entry configuration mode. To impose
no restrictions on the codecs that can be used with the CAC entry, use the no form of this command.
codec-restrict-to-list list-name
no codec-restrict-to-list list-name
Syntax Description
Command Default Not setting this command, or issuing the no form of the command, means that the CAC entry does not
impose any restriction on the codecs that can be used (but also it does not lift any restrictions set by
entries encountered earlier).
Command History
Usage Guidelines For each codec on this list, CAC restricts the packetization period for any stream using that codec to be
greater than or equal to the packetization period configured along with that codec in the list. If a stream
uses more than one codec in the list, then the greater of all the packetization periods configured for each
codec in the list is applied to the stream.
If the codec list is empty, then all codecs recognized by the SBE will be allowed.
To clear all restrictions set by an earlier CAC entry, you must configure a codec-restrict-to-list
list-name, where list-name is the name of a list containing no codecs.
You are not allowed to use this command if the table is part of the active policy set. You can only
configure the codec-restrict-to-list command at per-call scope. If it is configured at any other scope,
then an error will be flagged when you type "complete" in the CAC policy set configuration.
Examples The following command configures the entry to restrict codecs to those named on the list my_codecs:.
host1/Admin# sbc mySbc
host1/Admin(config-sbc-sbe-cacpolicy)# cac-table Mycactable
39-109
OL-13499-04
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# codec-restrict-to-list my_codecs
39-110
OL-13499-04
codecs
codecs
To configure the codecs supported by the media gateway, use the codecs command in media gateway
configuration mode. To set the codec support to nothing, use the no form of this command.
codecs codec-list
no codecs
Syntax Description
Command Modes Media gateway configuration (config-sbc-sbe-mg)
Command History
Examples The following example shows how to set media gateway 10.0.0.1s supported codecs to m=audio 6000
RTP/AVP 4 and a=rtpmap:0 PCMU/8000 (as defined in RFC 1890):
host1/Admin(config-sbc-sbe-mg)# odecs m=audio 1234 RTP/AVP 0 18,a=rtpmap:=rtpmap:18
G729/80000 PCMU/8000,a=rtpmap:18 G729/8000
Related Commands
codec-list Specifies the supported codecs.
Command Description
39-111
OL-13499-04
complete
complete
To complete the CAC-policy or call-policy set after committing the full set, use the complete command
in the appropriate configuration mode. To change entries, use the no form of this command.
complete
no complete
Routing policy table (config-sbc-sbe-rtgpolicy)
Command History
The SBC checks that the routing-policy is self-consistent and can be set as the active policy set. When
this command is issued, you cannot alter the CAC-policy-set.
Examples The following example shows how to complete a cac-policy set, identified by number 1, on mySbc:
Related Commands
Command Description
configuration.
39-112
OL-13499-04
concurrent-requests
concurrent-requests
To set the maximum number of concurrent requests to the RADIUS server, use the concurrent-request
command in the appropriate configuration mode. To set the default, use the no form of this command.
concurrent-requests 0-4294967295
no concurrent-requests 0-4294967295
Syntax Description
Command Default Default is 25.
Command History
Examples The following example shows how to set the maximum number of concurrent requests to the RADIUS
server.
host1/Admin/Admin(config-sbc-sbe-acc)# concurrent-requests 34
Related Commands
0-4294967295 Maximum number of concurrent requests to the RADIUS server.
activate Activates the RADIUS client.
39-113
OL-13499-04
condition
condition
To specify a condition to match before taking an action to a SIP message profile, use the condition
command in SIP header configuration mode. To remove the condition from the profile, use the no form
of this command.
condition [and | header-name | header-value | or | status-code]
no condition [and | header-name | header-value | or | status-code]
Syntax Description
Command Modes SIP header configuration (config-sbc-sbe-sip-hdr-ele-act)
Command History
Examples The following example shows how the header command adds the header test to the header profile
MyProfile:
host1/Admin(config-sbc-sbe-sip-hdr)# header test
host1/Admin(config-sbc-sbe-sip-hdr-ele)# action drop-msg
host1/Admin(config-sbc-sbe-sip-hdr-ele-act)# condition
Related Commands
and Logical AND to add another condition to an existing condition.
header-name Compares the content of a different header name.
header-value Compares the content of this header.
or Logical OR to add another condition to an existing condition.
status-code Specifies a SIP response code.
Command Description
action drop-msg Adds an action of dropping the message to a SIP message profile.
39-114
OL-13499-04
congestion-cleared
congestion-cleared
To configure that the congestion has cleared when the level of system resources reaches the congestion
cleared threshold, use the congestion-cleared command inVDBE configuration mode. To disable this
configuration, use the no form of this command.
congestion-cleared [percentage]
no congestion-cleared [percentage]
Syntax Description
Command Default The system default percentage is 60 percent if you do not configure the congestion-cleared command
or if you configure no congestion-cleared.
Command Modes VDBE configuration (config-sbc-dbe-vdbe)
Command History
Usage Guidelines When the DBE has previously signaled a congestion event to the SBE, the DBE will signal that the
congestion has cleared when the level of system resources used reaches the congestion cleared threshold.
Congestion cleared must be less than or equal to the threshold, however, equal to the threshold is not
recommended because it may cause excessive messaging between the MG and media gateway controller
(MGC).
Examples The following example creates a DBE service on an SBC called mySbc, enters into SBC-DBE
configuration and VDBE configuration modes, and configures the DBE to signal to the SBE that
congestion has cleared at 90% percent of system resources consumed:
host1/Admin(config-sbc-dbe-vdbe)# congestion-cleared 90
Related Commands
percentage (Optional) This is the percentage value of system resources to signal congestion to
the SBE. The range is 1100.
Command Description
congestion-threshold Configures the DBE to signal a congestion event
to the SBE when a maximum percentage has been
reached.
39-115
OL-13499-04
congestion-threshold
congestion-threshold
To configure the DBE to signal a congestion event to the SBE when a maximum percentage has been
reached, use the congestion-threshold command in VDBE configuration mode. To disable this
congestion-threshold [percentage]
no congestion-threshold [percentage]
Syntax Description
Command Default The system default percentage is 80% if you do not configure the congestion-threshold, or if you issue
the default congestion-threshold command, or if you configure no congestion-threshold.
Command History
Usage Guidelines When the DBE reaches the maximum configured congestion-threshold percentage for either number of
calls or media bandwidth, it sends a congestion message to the SBE.
configuration and VDBE configuration modes, and shows how to configure the DBE to signal a
congestion event to the SBE when 95% percent of capacity is reached.
host1/Admin(config-sbc-dbe-vdbe)# congestion-threshold 95
Related Commands
percentage (Optional) This is the percentage value of system resources to signal congestion to
the SBE. The range is 100.
Command Description
congestion-cleared Configures that the congestion has cleared when
the level of system resources reaches the
congestion cleared threshold.
39-116
OL-13499-04
control address aaa
control address aaa
To configure an SBE to use a given IPv4 AAA control address when contacting an authentication or
billing server, use the control address aaa ipv4 command in SBE configuration mode. To deconfigure
the IPv4 AAA control address, use the no form of this command.
control address aaa ipv4 ip_address [vrf vrf-name]
no control address aaa ipv4 ip_address
Syntax Description
Command History
Examples The following example shows how to configure the SBE to use address 10.1.0.1 as its AAA control
address:
host1/Admin(config-sbc-sbe)# control address aaa ipv4 10.1.0.1 vrf myvrf
Related Commands
ipv4 ip_address Specifies the IPv4 AAA control address.
vrf vrf-name (Optional) Specifies the VRF name.
Command Description
control address h248
index
Configures IPv4 H.248 control addresses.
39-117
OL-13499-04
control address h248 index
control address h248 index
To configure an SBE to use a given IPv4 H.248 control address, port, or transport for H.248
communications when acting as a media gateway controller, use the control address h248 index
command in SBE configuration mode. To deconfigure the given IPv4 H.248 control address when acting
as a media gateway controller, use the no form of this command.
control address h248 index index-number
no control address h248 index index-number
Syntax Description
Command History
Usage Guidelines To use this command, you must be in the correct configuration mode and submode. The Examples
Examples The following example shows how to configure the SBE to use address 10.1.0.1 as its H.248 control
address:
host1/Admin(config-sbc-sbe-ctrl-h248)# exit
Related Commands
index-number Specifies the unique identifier of the H.248 control address to set.
Command Description
ipv4 (SBE H.248) Configures an SBE to use a given IPv4 H.248 control address.
port (SBE H.248) Configures an SBE to use a given IPv4 H.248 port.
transport (SBE H.248) Configures an SBE to use a certain transport for H.248 communications.
39-118
OL-13499-04
control-address h248 ipv4
control-address h248 ipv4
To configure a DBE to use a specific IPv4 H.248 control address, use the control-address h248 ipv4
command in SBE configuration mode. To deconfigure a DBE from using an IPv4 H.248 control address,
control-address h248 ipv4 {A.B.C.D}
no control-address h248 ipv4 {A.B.C.D}
Syntax Description
Command History
Usage Guidelines Neither the control-address nor the local-port can be changed when the controller exists. The controller
must be deleted to change these parameters. To delete the controller, use the no control-address h248
ipv4 command.
Examples The following command configures the DBE to use address 10.0.0.1 as its control address.
host1/Admin(config-sbc-dbe-vdbe)# control address h248 ipv4 10.0.0.1
host1/Admin(config-sbc-sbe-vdbe)# controller h248 1
Related Commands
A.B.C.D This is the IP address for the IPv4 H.248 control address of the DBE, which is the
local IP address used to connect to the SBE.
Command Description
attach-controllers Configures a DBE to attach to an H.248
controller.
39-119
OL-13499-04
control address h248 port
control address h248 port
To configure an SBE to use a given port for H.248 communications when acting as a media gateway
controller, use the control-address h248 port command in SBE configuration mode. To deconfigure a
h248 controller, use the no form of this command.
control address h248 port port-number
no control address h248 port port-number
Syntax Description
Command History
Usage Guidelines To change or remove this configuration, deconfigure the h248 controller by issuing the no control
address h248 command, then configure a new h248 control address.
If the port is not configured, or is configured with the value zero, then the H.248 default port number,
2944, is used.
Examples The following command configures the SBE to use port 123 as its H.248 port:
host1/Admin(config-sbc-sbe)# control address h248 port 123
Related Commands
port-number Port number assigned.
Command Description
control-address h248 transport Configures an SBE to use a given transport for
H.248 communications.
39-120
OL-13499-04
control address h248 transport
control address h248 transport
To configure an SBE to use a given transport for H.248 communications when acting as a media gateway
controller, use the control-address h248 transport command in SBE configuration mode. To
deconfigure a h248 controller, use the no form of this command.
control address h248 transport [udp | tcp]
no control address h248 transport [udp | tcp]
Syntax Description
Command History
Usage Guidelines To change or remove this configuration, deconfigure the h248 controller by issuing the no control
address h248 command, then configure a new h248 control address.
Examples The following command configures the SBE to use TCP as its H.248 transport:
host1/Admin(config-sbc-sbe)# control address h248 transport tcp
Related Commands
udp Selects UDP as the underlying transport.
tcp Selects TCP as the underlying transport.
Command Description
control-address h248 port Configures an SBE to use a given port for H.248
communications.
39-121
OL-13499-04
controller h248
controller h248
To configure the H.248 controller for a DBE or enter into controller H.248 configuration mode, use the
controller h248 command in VDBE configuration mode. To delete the H.248 controller, use the no form
of this command.
controller h248 controller-index
no controller h248 controller-index
Syntax Description
Command History
Usage Guidelines Once a controller is configured and attached, it must be detached with the no attach-controllers
command before you can modify any controller information.
Note This command is invalid for the unified model, where both the SBE and DBE logical entities co-exist on
the same network element. Release 2.0.00 does not support the unified model.
configuration and VDBE configuration modes, and configures an H.248 controller with index 1.
host1/Admin(config-sbc-dbe-vdbe)# controller h248 1
host1/Admin(config-sbc-dbe-vdbe-h248)#
Related Commands
controller-index This is the number that identifies the H.248 controller for the DBE, in case you
want to configure more than one controller.
Command Description
dbe Creates the DBE service on an SBCSBCand
enters into the DBE-SBE configuration mode.
vdbe Configures a virtual data border element (VDBE)
39-122
OL-13499-04
copy logs
copy logs
To to transfer debug and system logs off of the ACE for analysis, use the copy logs uri command in
EXEC mode.
copy logs uri
Syntax Description
Command History
Usage Guidelines You can specify the filename but it must end in .tar.
Examples The following example copies the log files to the ku040708.tar file:
host1/Admin# copy logs image:/ku040708.tar
Copying logs to tar file image:/ku040708.tar...
Related Commands
uri Specifies either image:/filename.tar or disk0:/filename.tar.
Command Description
debug services sbc logging Debugs SBC logging information.
39-123
OL-13499-04
cost
cost
To assign a cost to this route, use the cost command in the RTG routing table entry configuration mode.
To destroy the cost given to the route, use the no form of this command.
cost cost
no cost cost
Syntax Description
Command Default The default is na.
Command Modes RTG routing table entry configuration (config-sbc-sbe-rtgpolicy-rtgtable-entry)
Command History
Examples The following example shows how to create an entry in the new admission control table, MyCacTable:
host1/Admin(config-sbc-sbe-rtgpolicy)# rtg-least-cost-table MyRtgTable
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# cost
Related Commands
cost Assigns a cost to the route.
Range: [1-0xFFFFFFFF]
The value of "0" is not accepted. Instead the user must input "na" to mean
this entry will never be matched.
Command Description
rtg-least-cost-table Configures the least-cost routing table.
39-124
OL-13499-04
dbe
dbe
To create the DBE service on an SBC and enter into the SBC-DBE configuration mode, use the dbe
command in SBC configuration mode. To remove the DBE entity, use the no form of this command.
dbe
no dbe
Command Modes SBC configuration (config-sbc)
Command History
Examples The following command creates a DBE and enters the SBC-DBE configuration mode.
host1/Admin(config-sbc-dbe)#
Related Commands
Command Description
sbe Creates the SBC interface.
39-125
OL-13499-04
dbe-location-id
dbe-location-id
To configure an adjacency to use a given media gateway DBE location when routing media, use the
dbe-location-id command in the appropriate configuration mode. To remove this configuration, use the
dbe-location-id dbe-location-id
no dbe-location-id
Syntax Description
Command History
Examples The following example shows how to configure H.323 adjacency h323ToIsp42 to use DBE location ID 1:
host1/Admin(config-sbc-sbe-adj-h323)# dbe-location-id 1
Related Commands
dbe-location-id Specifies the DBE location ID of the DBE. A value of 0 denotes that the
adjacency is within the local network.
Command Description
39-126
OL-13499-04
deact-mode abort
deact-mode abort
To specify that the DBE of an SBC drop all calls without any signaling, use the deact-mode abort
command inSBC-DBE configuration mode. To revert deactivation behavior to the default of normal
deact-mode abort
no deact-mode abort
Command Default If the deact-mode is not configured, or the default deact-mode command or no deact-mode commands
are used, the state of the DBE service becomes normal.
Command Modes SBC-DBE configuration (config-sbc-dbe)
Command History
Usage Guidelines Use the no activate command to deactivate the DBE service.
Use the dbe command to enter into SBC-DBE configuration mode first.
Examples The following example enters into SBC-DBE configuration mode, and sets the DBE to deactivate in
abort mode to prepare the device for hardware maintenance.
host1/Admin(config-sbc-dbe)# deact-mode abort
Related Commands
Command Description
dbe Creates the DBE service on an SBCand enters
into the DBE-SBE configuration mode.
activate Initiates the DBE service of the session border
controller (SBC).
39-127
OL-13499-04
deact-mode (billing)
To configure the deactivate mode for the billing method, use the deact-mode command in the
packetcable-em configuration mode. To disable the deactivate mode, use the no form of this command.
deact-mode {normal | abort | quiesce}
no deact-mode
Syntax Description
Command Default The default is normal.
Command History
Examples The following example shows how configure a normal deactivate mode for the billing method:
(config-sbc-sbe-billing-packetcable-em)# attach
(config-sbc-sbe-billing-packetcable-em)# activate
(config-sbc-sbe-billing-packetcable-em)# deact-mode normal
Related Commands
normal Specifies that CDRs are sent.
abort Specifies that CDRs are dropped.
quiesce Specifies that CDRs are allowed to be sent.
Command Description
RADIUS server.
39-128
OL-13499-04
(LDR).
local-address ipv4
(packet-cable)
method
packetcable-em
packetcable-em
transport radius
billing remote
Command Description
39-129
OL-13499-04
deact-mode normal
deact-mode normal
To specify that the DBE of anSBC signals a service change and terminates all calls upon deactivation of
the DBE service, use the deact-mode normal command inSBC-DBE configuration mode. To revert
deactivation behavior to the default of normal behavior, use the no form of this command.
deact-mode normal
no deact-mode normal
Command History
Usage Guidelines Use the no activate command to deactivate the DBE service.
Examples The following example enters into SBC-DBE configuration mode, and sets the DBE to deactivate in
normal mode to prepare the device for hardware maintenance.
Related Commands
Command Description
controller (SBC).
39-130
OL-13499-04
deact-mode quiesce
deact-mode quiesce
To specify that the DBE of an SBC accepts no new calls and deactivates after all existing calls terminate,
use the deact-mode quiesce command inSBC-DBE configuration mode. To revert deactivation behavior
to the default of normal behavior, use the no form of this command.
deact-mode quiesce
no deact-mode quiesce
Command History
Usage Guidelines Use the no activate command to deactivate the DBE service. The deact-mode command tells the DBE
how to behave or what action to take after the DBE is deactivated.
configuration mode, and sets the DBE to deactivate in quiesce mode to prepare the device for hardware
maintenance.
host1/Admin(config-sbc-sbe)# dbe
host1/Admin(config-sbc-dbe)# deact-mode quiesce
Related Commands
Command Description
controller (SBC).
39-131
OL-13499-04
deact-mode (dbe, sbe)
To specify the action to take upon DBE or SBE deactivation, use the deact-mode command in the
appropriate configuration mode. To revert to the default value, use the no form of this command.
deact-mode deact-type
no deact-mode
Syntax Description
Command Default By default, this command assumes the normal parameter.
SBE configuration (config-sbc-sbe)
Command History
Examples The following example shows how to set the DBE to deactivate in quiesce mode to prepare the device
for hardware maintenance:
host1/Admin(config-sbc-dbe)# deact-mode quiesce
deact-type Specifies the action to take upon DBE deactivation:
abort: All calls dropped with no signaling.
normal: Service change signaled to SBE, and all calls immediately
terminated.
quiesce: No new calls accepted. Deactivation occurs only after existing
calls have terminated naturally.
Specifies the action to take upon SBE deactivation:
abort: All calls dropped with no signaling.
normal: Existing calls are torn down gracefully.
quiesce: No new calls accepted. Existing calls are allowed to terminate.
39-132
OL-13499-04
Related Commands
Command Description
controller (SBC).
39-133
OL-13499-04
debug services sbc errors
To debug SBC service errors, use the debug services sbc errors command in EXEC mode. To disable
this form of debugging, use the no form of this command.
no debug services sbc errors
Command History
Usage Guidelines Use the show debug command to see debug information.
Examples The following command turns on sbc error debugging:
host1/Admin# debug services sbc errors
host1/Admin# 2007 May 13 04:24:50.902717 sbc:
(ctx:0)hmstub_proc_recv_hb_message:test_rcv_hb_failed = 1110000
2007 May 13 04:29:50.960623 sbc: (ctx:0)hmstub_proc_recv_hb_message:test_rcv_hb_failed =
1112000
2007 May 13 04:34:50.960631 sbc: (ctx:0)hmstub_proc_recv_hb_message:test_rcv_hb_failed =
1114000
Related Commands
Command Description
debug services sbc errors Debugs SBC service errors.
debug services sbc events Debugs SBC service events.
debug services sbc ha Debugs SBC high availability (HA) services.
debug services sbc info Debugs SBC services information.
debug services sbc ips Turns on IPS tracing.
debug services sbc mem-trace dump Dumps current memory usage statistics to file.
debug services sbc pd filter component Turns on problem determination (PD) filter
components.
39-134
OL-13499-04
debug services sbc pd filter context Turns on different logs from the problem
determination (PD) filters.
debug services sbc pd filter product Turns on problem determination (PD) filter
product group logs.
debug services sbc pd log-level Sets the file logging level.
debug services sbc rsrcmon Debugs SBC services congestion states and
statistics during switchover.
Command Description
39-135
OL-13499-04
debug services sbc events
To debug SBC service events, use the debug services sbc events command in EXEC mode. To disable
this form of debugging, use the no form of this command.
no debug services sbc events
Command History
Examples The following command turns on debugging for sbc events:
host1/Admin# debug services sbc events
Related Commands
Command Description
components.
product group logs.
39-136
OL-13499-04
Command Description
39-137
OL-13499-04
debug services sbc ha
To debug SBC high availability (HA) services, use the debug services sbc ha command in EXEC mode.
To disable this form of debugging, use the no form of this command.
no debug services sbc ha
Command History
Examples The following command turns on debugging for sbc high availability:
host1/Admin# debug services sbc ha
host1/Admin#
host1/Admin# 2007 May 13 06:04:51.504671 sbc: (ctx:0)hmstub_send_hb: test_send_hb OK
1150000
Related Commands
Command Description
components.
39-138
OL-13499-04
product group logs.
Command Description
39-139
OL-13499-04
debug services sbc info
To debug SBC services information, use the debug services sbc info command in EXEC mode. To
disable this form of debugging, use the no form of this command.
no debug services sbc info
Command History
Examples The following command turns on debugging for sbc information:
host1/Admin# debug services sbc info
2007 May 13 06:07:42.071738 sbc: (ctx:0)Received debug msg
2007 May 13 06:07:42.071961 sbc: (ctx:0)Exit mts or debug msg recv
Related Commands
Command Description
components.
39-140
OL-13499-04
product group logs.
Command Description
39-141
OL-13499-04
debug services sbc ips
To turn on IPS tracing (giving details of inter-component signals flowing between the internal
components of the Session Border Controller (SBC) process), use the debug services sbc ips command
in EXEC mode. To disable this form of debugging, use the no form of this command.
debug services sbc sbc-name ips {file | in-memory}
no debug services sbc sbc-name ips {file | in-memory}
Syntax Description
Command History
Usage Guidelines This command provides details of intercomponent signals flowing between the internal components of
the SBC process. Events should be logged on an IPS trace file for further debugging.
Use the show debug command to see debug information.
Examples The following command turns on IPS tracing:
host1/Admin# debug services sbc mySbc ips
Related Commands
file Configures file IPS tracing.
in-memory Configures in-memory IPS tracing.
Release 3.1.0 The file and in-memory keywords were added.
Command Description
39-142
OL-13499-04
components.
product group logs.
Command Description
39-143
OL-13499-04
debug services sbc logging
To debug SBC logging information, use the debug services sbc logging command in EXEC mode. To
no debug services sbc logging
Command History
host1/Admin# debug services sbc logging
Related Commands
Command Description
components.
product group logs.
39-144
OL-13499-04
Command Description
39-145
OL-13499-04
debug services sbc mem-trace dump
To dump current memory usage statistics to file, use the debug services sbc mem-trace dump command
in EXEC mode. To disable printing to the terminal, use the no form of this command.
debug services sbc sbc-name mem-trace dump
no debug services sbc sbc-name mem-trace dump
Syntax Description
Command History
Examples The following example dumps current memory usage statistics to flle:
host1/Admin# debug services sbc mysbc mem-trace dump.
Related Commands
Command Description
components.
product group logs.
39-146
OL-13499-04
Command Description
39-147
OL-13499-04
debug services sbc off
debug services sbc off
To turn off all sbc filters and set the log-level back to default (63), use the debug services sbc off
command in EXEC mode. To disable this form of debugging, use the no form of this command.
debug services sbc sbc-name off
no debug services sbc sbc-name off
Syntax Description
Command Default Log-levels are set to 63.
Command History
host1/Admin# debug services sbc test-sbc off
host1/Admin# 2008 May 20 14:55:51.410879 sbc: (ctx:0)This option will disable all SBC
debugs
2008 May 20 14:55:51.410978 sbc: (ctx:0) SBC: Log filter removed.
2008 May 20 14:55:51.411014 sbc: (ctx:0) SBC: Log filter removed.
The following command shows debugging information:
host1/Admin# show debug
SBC Daemon:

SBC inter-process logging is off
SBC log filter 0:
Related Commands
Command Description
product group logs.
39-148
OL-13499-04
debug services sbc pd filter component
To turn on problem determination (PD) filter components, use the debug services sbc pd command in
EXEC mode. To disable this form of debugging, use the no form of this command.
debug services sbc sbc-name pd filter component [bm | cac | control | h323 | hm | icc | mgm |
radius | routing | sip]
no debug services sbc sbc-namee pd filter component [bm | cac | control | h323 | hm | icc | mgm
| radius | routing | sip]
Syntax Description
Command History
the SBC process. Events should be logged on IPS trace file for further debugging.
Examples The following command turns on IPS tracing:
host1/Admin# debug services sbc mySbc ips
bm Logs from the bm components.
cac Logs from the cac components.
control Logs from the H.248 controller components.
h323 Logs from the H.323 components.
hm Logs from the bm components.
icc Logs from the icc components.
mgm Logs from the mgm components.
radius Logs from the radius components.
routing Logs from the routing components.
sip Logs from the sip components.
39-149
OL-13499-04
Related Commands
Command Description
components.
product group logs.
39-150
OL-13499-04
debug services sbc pd filter context
To turn on different logs from the problem determination (PD) filters, use the debug services sbc pd
filter context command in EXEC mode. To disable this form of debugging, use the no form of this
command.
debug services sbc sbc-name pd filter context [adjacency name name| billing_id name | ipv4
name | number name]
no debug services sbc sbc-name pd filter context [adjacency name name| billing_id name | ipv4
name | number name]
Syntax Description
Command History
Examples The following command turns on the adjacency log filter:
host1/Admin# debug services sbc pd filter context adjacency test
Related Commands
adjacency Logs from the adjacency filter.
billing_id Logs from the billing_id filter.
ipv4 Logs from the ipv4 filter.
number Logs from the number filter.
name Name for the specific filter context.
Command Description
39-151
OL-13499-04
components.
product group logs.
Command Description
39-152
OL-13499-04
debug services sbc pd filter product
To turn on problem determination (PD) filter product group logs, use the debug services sbc pd filter
product command in EXEC mode. To disable this form of debugging, use the no form of this command.
debug services sbc sbc-name pd filter context [billing | call | media | overview | protocol]
no debug services sbc sbc-name pd filter context [adjacency | billing_id | ipv4 | number]
Syntax Description
Command History
Examples The following command turns on the logs from the protocol product group:
host1/Admin# debug services sbc pd filter product protocol
Related Commands
billing Logs from the billing product group.
call Logs from the call product group.
media Logs from the media product group.
overview Logs from the overview product group.
protocol Logs from the protocol product group.
Command Description
39-153
OL-13499-04
components.
product group logs.
Command Description
39-154
OL-13499-04
debug services sbc pd log-level
To set the file logging level, use the debug services sbc pd log-level command in EXEC mode. To
debug services sbc sbc-name pd log-level {console level | file level | filter level}
no debug services sbc sbc-name pd log-level {console level | file level | filter level}
Syntax Description
Command History
Usage Guidelines This command logs the most serious logs directly to file.
Examples The following command sets the log level to send to file to 60:
host1/Admin# debug services sbc mySbc pd log-level file 60
level Level to set. 0 gives all problem determination (pd) logging and 100 gives none.
The log levels are defined as follows:
90+ Fatal errors
80+ Errors
70+ Unexpected conditions
60+ Operational events
50+ Auditable events
40+ Statistics
30+ Verbose operational events
20+ Verbose statistics
10+ Internal diagnostic logs
The following values are used for specific types of logs.
55 Call logs
63 Configuration errors
39-155
OL-13499-04
Related Commands
Command Description
components.
product group logs.
39-156
OL-13499-04
debug services sbc rsrcmon
To debug SBC services congestion states and statistics during switchover, use the debug services sbc
rsrcmon command in EXEC mode. To disable this form of debugging, use the no form of this command.
no debug services sbc rsrcmon
Command History
Examples The following command turns on debugging for SBC information:
host1/Admin# debug services sbc rsrcmon
Related Commands
Command Description
components.
product group logs.
39-157
OL-13499-04
Command Description
39-158
OL-13499-04
default-port-limit
default-port-limit
To enter the mode for configuring the default event limits for the ports of a given address, use the
default-port-limit command in the SBE blacklist IPv4 configuration mode. To remove the event limits
set, use the no form of this command.
default-port-limit
no default-port-limit
Command Default No event limits are defined for ports.
Command Modes SBE blacklist IPv4 configuration (config-sbc-sbe-blacklist-ipv4)
Command History
Examples The following example shows how the blacklist default-port-limit command is used to enter the mode
for configuring the default event limits for the ports of the source address 123.123.2.2:
host1/Admin(config-sbc-sbe-blacklist-ipv4)# default-port-limit
host1/Admin(config-sbc-sbe-blacklist-ipv4-port-lmt)#
Related Commands
Command Description
blacklist Enters the mode for configuring the default event limits for the source
source.
39-159
OL-13499-04
default-port-limit
source.
Command Description
39-160
OL-13499-04
description
description
To configure descriptive text for a policy set, an adjacency, a source and its event limits, or a number
analysis table, use the description command in the appropriate configuration mode. To remove this
description description
no description description
Syntax Description
Routing policy table (config-sbc-sbe-rtgpolicy)
CAC-policy-set configuration (config-sbc-sbe-cacpolicy)
CAC table configuration (config-sbc-sbe-cacpolicy-cactable)
NA routing table configuration (config-sbc-sbe-rtgpolicy-natable)
RTG routing table configuration (config-sbc-sbe-rtgpolicy-rtgtable)
SBE blacklist configuration (config-sbc-sbe-blacklist)
SIP header configuration (config-sbc-sbe-sip-hdr)
SIP method-profile configuration (config-sbc-sbe-sip-mth)
Command History
Examples The following example shows how to configure the H.323 adjacency h323ToIsp42 to use the description
test adjacency:
host1/Admin(config-sbc-sbe-adj-h323)# description test adjacency
description Specifies the object you are describing.
39-161
OL-13499-04
description
The following example shows how to set the SIP adjacency SipToIsp42 to use the description test
adjacency:
host1/Admin(config-sbc-sbe-adj-sip)# description test adjacency
The following example shows how to create a description for number analysis table MyNaTable with
entries that match the whole dialed number:
host1/Admin(config-sbc-sbe-rtgpolicy-natable)# description My first number analysis
table
The following example shows how to create an empty policy set, identified by number 1, on mySbc:
host1/Admin(config-sbc-sbe-cacpolicy)# description empty set
The following example shows how to set the description of an admission control table, MyCacTable:
host1/Admin(config-sbc-sbe-cacpolicy-cactable)# description My first CAC table
The following example shows how to create a description for number analysis table MyNaTable with
entries that match the start of the dialed number:
host1/Admin(config-sbc-sbe-rtgpolicy)# na-dst-prefix-table MyNaTable
host1/Admin(config-sbc-sbe-rtgpolicy-natable)# description My first number analysis
table
The following example shows how to add a description for a specific source IP address:
host1/Admin(config-sbc-sbe-blacklist)# ipv4
host1/Admin(config-sbc-sbe-blacklist-ipv4)# description test
The following example shows how to create an empty policy set, identified by number 1, on mySbc:
host1/Admin(config-sbc-sbe-rtgpolicy)# description empty set
39-162
OL-13499-04
description
Related Commands
Command Description
cac-policy-set Enters the submode of CAC policy set configuration.
call-policy-set Enters the submode of call policy set configuration.
39-163
OL-13499-04
description (sip-opt)
description (sip-opt)
To set the description for the profile, use the description command in SIP option mode. Use the no form
of this command to remove description from this profile.
description line
no description line
Syntax Description
Command History
Examples The following example shows how to set the description for the profile.
host1/Admin(config-sbc-sbe-sip-opt)# description test
Related Commands
line The description of the profile. The maximum number of characters is 80.
Command Description
show services sbc sbe sip option-profile Show the details for a specified option profile.
39-164
OL-13499-04
dscp
dscp
To configure a DSCP with which to mark IP packets belonging to a given QoS profile, use the dscp
command in the appropriate configuration mode. To return to the default, use the no form of this
command.
dscp value
no dscp
Syntax Description
Command Default The default DSCP value is 0.
Command Modes QoS sig configuration (config-sbc-sbe-qos-sig)
QoS video configuration (config-sbc-sbe-qos-video)
QoS voice configuration (config-sbc-sbe-qos-voice)
Command History
Examples The following example shows how to configure the QoS profile for sig to mark IP packets with a DSCP
of 10:
host1/Admin(config-sbc-sbe)# qos sig residential
host1/Admin(config-sbc-sbe-qos-fax)# dscp 10
The following example shows how to configure the QoS profile for video to mark IP packets with a
DSCP of 10:
host1/Admin(config-sbc-sbe)# qos video residential
host1/Admin(config-sbc-sbe-qos-video)# dscp 10
The following example shows how to configure the QoS profile for voice to mark IP packets with a
DSCP of 10:
value Specifies the DSCP value with which to mark packets. Range is 0 to 63.
39-165
OL-13499-04
dscp
host1/Admin(config-sbc-sbe)# qos voice residential
host1/Admin(config-sbc-sbe-qos-voice)# dscp 10
Related Commands
Command Description
qos sig Configures a signaling QoS profile.
qos video Configures a video QoS profile.
qos voice Configures a voice QoS profile.
39-166
OL-13499-04
dst-adjacency
dst-adjacency
To configure the destination adjacency of an entry in a routing table, use the dst-adjacency command
in RTG routing table entry configuration mode. To delete the destination adjacency, use the no form of
this command.
dst-adjacency dst_adj
no dst-adjacency dst_adj
Syntax Description
Command History
The target-adjacency argument is mandatory for routing tables entries with match-type round-robin.
You cannot use the dst-adjacency command if the table is part of the active policy set.
Examples The following example shows how to configure the destination adjacency of an entry in the new routing
table MyRtgTable to softswitch1:
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# dst-adjacency softswitch1
Related Commands
dst_adj Specifies the destination adjacency name. The maximum size is 80 characters.
Command Description
entry Creates or modifies an entry in a table.
39-167
OL-13499-04
dtmf-duration
dtmf-duration
To configure the default duration of a dual tone multifrequency (DTMF) event in milliseconds, use the
dtmf-duration command in VDBE configuration mode. To reconfigure the default duration of a DTMF
event in milliseconds, use the no form of this command.
dtmf-duration duration
no dtmf-duration duration
Syntax Description
Command Default The default is 200 ms if this command is not configured, or the no dtmf-duration command is issued.
Command History
Usage Guidelines Not applicable
Examples The following example configures the duration of a DTMF event to be 250 milliseconds:
host1/Admin(config-sbc-dbe-vdbe)# dtmf-duration 250
Related Commands
duration This is the default duration of a DTMF event in milliseconds. The range is 0-1000.
The default is 200.
Command Description
vdbe Enter into VDBE configuration submode.
39-168
OL-13499-04
early-media-deny
early-media-deny
To configure whether to disallow early-media for an entry in an admission control table, use the
early-media-deny command in CAC table configuration mode. To return to the default value, use the
early-media-deny
no early-media-deny
Command Default By default, early-media is allowed.
Command History
Examples The following example shows how to disallow early-media for an existing entry in the admission control
table MyCacTable:
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# early-media-deny
Related Commands
Command Description
early-media-timeout Configures the time to allow early media before a call is established.
39-169
OL-13499-04
early-media-timeout
early-media-timeout
To configure the amount of time for which to allow early-media before a call is established, use the
early-media-timeout command in CAC table configuration mode. To return to the default value, use the
early-media-timeout value
no early-media-timeout
Syntax Description
Command Default value: 0
Command History
Examples The following example shows how to configure the early-media-timeout for an existing entry in the
host1/Admin(config-sbc-sbe-cacpolicy)# cac-table MyCacTable match-type dst-prefix
Related Commands
value Specifies the timeout period (in seconds). A value of 0 means that calls are not
timed out.
Command Description
early-media-deny Configures whether to disallow early-media for
an entry in an admission control table.
39-170
OL-13499-04
early-media-type
early-media-type
To configure the direction of early media to allow for an entry in a call admission control table, use the
early-media-type command in CAC table configuration mode. To return to the default value, use the no
early-media-type {backward-half-duplex | forward-half-duplex | full-duplex}
no early-media-tye
Syntax Description

Command Default The default direction is full-duplex.
Command History
Examples The following example shows how to disallow early media for an existing entry in the admission control
table MyCacTable:
Related Commands
backward-half-duplex Allows early media in the backwards direction only.
forward-half-duplex Allows early media in the forwards direction only.
full-duplex Allows early media in both directions.
Command Description
ealry-media-timeout Configures the time to allow early media before a call is established.
39-171
OL-13499-04
edit
edit
To configure a dial-string manipulation action for a number analysis table with entries of the table
matching the whole dialed number, use the edit command in NA routing table entry configuration mode.
To return to the default value, use the no form of this command.
edit [del-prefix pd] | [del-suffix sd] | [add-prefix pa] | [replace ds]
no edit
Syntax Description
Command Modes NA routing table entry configuration (config-sbc-sbe-rtgpolicy-natable-ent)
Command History
Examples The following example shows how to configure entry 1 to delete one digit from the beginning of the
dialed string in the new number analysis table MyNaTable:
host1/Admin(config-sbc-sbe-rtgpolicy-natable-ent)# edit del-prefix 1
host1/Admin(config-sbc-sbe-cacpolicy-natable-ent)# exit
del-prefix Specifies digits to delete from the prefix.
pd A positive integer specifying the number of digits to delete from the front of the
carrier ID string.
del-suffix Specifies digits to delete from the suffix.
sd A positive integer specifying the number of digits to delete from the end of the carrier
ID string.
add-prefix Specifies digits to add to the start of the dialed string.
pa A string of digits to add to the front of the carrier ID string.
replace Replaces the dialed string with the configured digits.
ds A string of digits with which to replace the carrier ID string.
39-172
OL-13499-04
edit
host1/Admin(config-sbc-sbe-cacpolicy-natable)# exit
match-number Configures the match value of an entry in a number analysis table.
39-173
OL-13499-04
edit-cic
edit-cic
To manipulate a carrier identification code in any number analysis table, use the edit-cic command in
the NA-DST-number-table configuration mode. The no form of the command removes the configured
string.
edit-cic {del-prefix pd | del-suffix sd | add-prefix pa | replace ds}
Syntax Description
Command Modes NA-DST-number-table configuration (config-sbc-sbe-rtgpolicy-natable-entry)
Command History
Usage Guidelines If you want to remove the carrier ID entirely from outgoing messages, specify a replacement string of 0
or a prefix deletion string of 4. For example:
edit-cic del-prefix 4
or
edit-cic replace 0
Note Only the replace action works. The other actions are ignored.
Examples The following command sets entry 1 to delete the first digit of the carrier ID in NA table MyNaTable:
pd A positive integer specifying the number of digits to delete from the front
of the carrier ID string.
sd A positive integer specifying the number of digits to delete from the end of
39-174
OL-13499-04
edit-cic
host1/Admin(config-sbc-sbe-rtgpolicy)# na-src-account-table mytable
host1/Admin(config-sbc-sbe-rtgpolicy-natable-entry)# edit-cic del-prefix 1
host1/Admin(config-sbc-sbe-rtgpolicy-natable-entry)#
entry Enters the mode for configuring an entry in a number analysis table,
creating the table, if necessary.
na-src-account-table Enters the mode for configuring a number analysis table within an
SBE policy set, with entries that match the source account.
sbc Creates a new SBC service and enters a new SBC configuration mode.
Alternatively, it enters the configuration mode of an existing service.
sbe Enters the mode of an SBE entity within an SBC service.
39-175
OL-13499-04
edit-src
edit-src
To configure a source number manipulation action in the routing table, use the edit-src command in the
routing table entry configuration mode. The no form of the command removes the configured string.
edit-src [del-prefix pd] | [del-suffix sd] | [add-prefix pa] | [replace ds]
Syntax Description
Command Modes Routing table entry (config-sbc-sbe-rtgpolicy-rtgtable-entry)
Command History
Usage Guidelines You cannot use this command if the table is part of the active policy set.
Examples The following command sets entry 1 to delete the first digit of the carrier ID in NA table MyNaTable:
host1/Admin(config-sbc-sbe-rtgpolicy)# rtg-st-address-table mytable
host1/Admin(config-sbc-sbe-rtgpolicy-rttable)# entry 1
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# edit-src del-prefix 1
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)#
pd A positive integer specifying the number of digits to delete from the front
of the carrier ID string.
sd A positive integer specifying the number of digits to delete from the end of
39-176
OL-13499-04
edit-src
39-177
OL-13499-04
entry (profile)
entry (profile)
To create or modify an entry in a profile, use the entry command in the SIP header configuration element
configuration mode. To destroy the given entry in the profile, use the no form of this command.
entry entry_num {action [add-header | as-profile | drop-msg | pass | replace-name |
no entry entry_num {action [add-header | as-profile | drop-msg | pass | replace-name |
Syntax Description
Command Modes SIP header configuration element (config-sbc-sbe-sip-hdr-ele)
Command History
Examples The following example shows how to create create the default profile action:
host1/Admin# config
host1/Admin(config-sbc-sbe-sip-hdr-ele)# 1 action as-profile
entry_num The entry number. Range is 0 to 2147483647.
action Specifies the type of action.
parameter-profile Adds a parameter-profile associated to header (outbound only).
add-header Adds a header regardless if one already exists.
as-profile Default profile action (whitelist/blacklist).
drop-msg Drop the message.
pass Pass on the header.
replace-name Replace the header name.
replace-value Replace the header content (value).
name Specifies the name of the parameter-profile. The maximum size is 30 characters.
39-178
OL-13499-04
entry (profile)
Related Commands
Command Description
show services sbc sbe sip header-profile Displays a list of all configured SIP header
profiles.
39-179
OL-13499-04
entry (table)
entry (table)
To create or modify an entry in a table, use the entry command in the appropriate configuration mode.
To destroy the given entry in the admission control table, use the no form of this command.
entry entry_num
no entry entry_num
Syntax Description
NA routing table configuration (config-sbc-sbe-rtgpolicy-natable)
RTG routing table configuration (config-sbc-sbe-rtgpolicy-rtgtable)
Command History
Note You cannot change the configuration of tables in the context of the active policy set. An entry may not
be destroyed if the table is a part of the active policy set.
Examples The following example shows how to create an entry in the new admission control table, MyCacTable:
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)#
entry_num Number of the table entry.
For a CAC table, the index for the CAC policy entry. Range is 0 to 2000000.
For an RTG routing table, the routing table entry number. Range is 0 to
2147483647.
For an NA routing table, the number analysis table entry number. Range is 0
to 2147483647.
39-180
OL-13499-04
entry (table)
Related Commands
Command Description
match-time Configures the match time of an entry.
39-181
OL-13499-04
To disable fast-path register support on the SIP adjacency, use the fast-register disable command in
adjacency SIP configuration mode. To enable fast-path register support, use the no form of this
command.
no fast-register disable
Command Default By default, the fast-path register feature is enabled.
Command History
Fast-path register is used to prevent the SBC from forwarding all SIP register messages to the softswitch,
thus reducing the load on the softswitch. This is enabled by default and can be disabled using this
command. When active, a SIP register message received from the same host and port as an existing
registration, and with a nonzero expires interval, is immediately responded to without further parsing or
other processing performed.
Examples The following example shows how to disable fast-path register support on the SIP adjacency SipToIsp42:
host1/Admin(config-sbc-sbe-adj-sip)# fast-register disable
Related Commands
Command Description
fast-register-interval Configures the fast-path register interval.
39-182
OL-13499-04
fast-register-interval
To configure the fast-path register interval (in seconds), use the fast-register-interval command in
adjacency SIP configuration mode. To deconfigure the fast-path register interval, use the no form of this
command.
fast-register-interval interval
no fast-register-interval
Syntax Description
Command History
If fast-path register support is enabled on this adjacency, this is the minimum expiry period accepted on
a subscriber registration. The interval at which registrations are forwarded on to the softswitch is
governed by the reg-min-expiry value.
Note The interval must be less than the min-expiry value.
For fast-path registration to work properly, the recommended value for the Expires header in a SIP
REGISTER message should be greater than three times the configured fast-register-interval on the
adjacency. For example, if Expires = 600 and SBC fast-register-interval is configured to return 60, the
Trident processor will keep the entry for 600-180 seconds, and the entry is marked dormant after
600-180 seconds in the application.
Examples The following example shows how to enable the fast-register interval on the SIP adjacency SipToIsp42
to 10 seconds:
host1/Admin(config-sbc-sbe-adj-sip)# fast-register-interval 10
interval Specifies the interval value in seconds. Range is 1 to 2000000.
39-183
OL-13499-04
fast-register disable Disables fast-path register support on the SIP adjacency.
39-184
OL-13499-04
first-cac-prefix-len
first-cac-prefix-len
To configure the prefix length to match on, use the first-cac-prefix-len command in CAC-policy-set
first-cac-prefix-len range
no first-cac-prefix-len range
Syntax Description
Command History
Examples The following example shows how to match on the first 16 bits of the subscriber category:
host1/Admin(config-sbc-sbe-cacpolicy)# first-cac-prefix-len 16
Related Commands
range Prefix length to match on. The range is 0 to 32.
Command Description
configuration.
39-185
OL-13499-04
first-cac-scope
first-cac-scope
To configure the scope at which to begin defining limits when performing the admission control stage
of policy, use the first-cac-scope command in CAC-policy-set configuration mode. To delete the scope
at which to begin defining limits when performing the admission control stage of policy, use the no form
of this command.
first-cac-scope scope-name
no first-cac-scope scope-name
Syntax Description
Command History
scope-name Scope at which limits should be initially defined when performing the admission
control stage of policy. Possible values are:
adj-groupLimits for events from members of the same adjacency group.
arc-adjacencyLimits for events from the same adjacency.
callLimits are per single call.
dst-accountLimits for events sent to the same account.
dst-adj-groupLimits for events sent to the same adjacency group.
dst-adjacencyLimits for events sent to the same adjacency.
dst-numberLimits for events that have the same adjacency number.
globalLimits are global (May not be combined with any other option).
src-accountLimits for events from the same account.
src-adj-groupLimits for events from the same adjacency group.
src-numberLimits for events that have the same source number.
sub-categoryCategorizes subscribers based on the source IP address in
the registration requests.
sub-category-pfxCategorizes subscribers based on first few bits
(specified with the first-cac-prefix-len command) of the subcriber category.
subscriberCategorizes subscribers based on the AOR specified in the
registration requests
Release 3.1.00 The sub-category, sub-category-pfx, and subscriber keywords were
added.
39-186
OL-13499-04
first-cac-scope
Examples The following example shows how to set the scope category as the first scope at which to define an
admission control policy in configuration set 1 on mySbc:
host1/Admin(config-sbc-sbe-cacpolicy)# first-cac-scope src-adjacency
Related Commands
Command Description
configuration.
39-187
OL-13499-04
first-cac-table
first-cac-table
To configure the name of the first policy table to process when performing the admission control stage
of policy, use the first-cac-table command in CAC-policy-set configuration mode. To remove this
first-cac-table table-name
no first-cac-table table-name
Syntax Description
Command History
Examples The following example shows how to set the table RootCacTable as the first admission control table in
configuration set 1 on mySbc:
host1/Admin(config-sbc-sbe-cacpolicy)# first-cac-table RootCacTable
Related Commands
table-name Specifies the admission control table that should be processed first.
Command Description
configuration.
39-188
OL-13499-04
To configure the name of the first policy table to process when performing the routing stage of policy
for new-call events, use the first-call-routing-table command in routing policy table mode. To
deconfigure the name of the first policy table, use the no form of this command.
first-call-routing-table table-name
no first-call-routing-table
Syntax Description
Command Modes Routing policy table (config-sbc-sbe-rtgpolicy)
Command History
Examples The following example shows how to configure the table RootCallRtgTable as the first routing table for
new-call events in configuration set 1 on mySbc:
host1/Admin(config-sbc-sbe-rtgpolicy)# first-call-routing-table RootCallRtgTable
Related Commands
table-name Specifies the routing table that should be processed first.
Command Description
first-reg-routing-table Configures the name of the first policy table to
process when performing the routing stage of
policy for subscriber-registration events.
first-number-analysis-table Configures the name of the first policy table to
process when performing the number analysis
stage of policy.
39-189
OL-13499-04
first-number-analysis-table
first-number-analysis-table
To configure the name of the first policy table to process when performing the number analysis stage of
policy, use the first-number-analysis-table command in routing policy table mode. To deconfigure the
name of the first policy table, use the no form of this command.
first-number-analysis-table table-name
no first-number-analysis-table
Syntax Description
Command History
Examples The following example shows how to configure the table RootNaTable as the first number analysis table
in configuration set 1 on mySbc:
host1/Admin(config-sbc-sbe-rtgpolicy)# first-number-analysis-table RootNaTable
Related Commands
table-name Specifies the number analysis table that should be processed first.
Command Description
first-reg-routing-table Configures the name of the first policy table to
policy for subscriber-registration events.
first-call-routing-table Configures the name of the first policy table to
policy for new-call events.
39-190
OL-13499-04
first-reg-routing-table
first-reg-routing-table
To configure the name of the first policy table to process when performing the routing stage of policy
for subscriber-registration events, use the first-reg-routing-table command in routing policy table
mode. To deconfigure the name of the first policy table, use the no form of this command.
first-reg-routing-table table-name
no first-reg-routing-table
Syntax Description
Command History
Examples The following example shows how to configure the table RootRegRtgTable as the first routing table for
subscriber-registration events in configuration set 1 on mySbc:
host1/Admin(config-sbc-sbe-rtgpolicy)# first-reg-routing-table RootRegRtgTable
Related Commands
table-name Specifies the routing table that should be processed first.
Command Description
first-number-analysis-table Configures the name of the first policy table to
process when performing the number analysis
stage of policy.
first-call-routing-table Configures the name of the first policy table to
policy for new-call events.
39-191
OL-13499-04
To force SIP messages to go to the configured signaling peer, use the force-signaling-peer command in
adjacency SIP configuration mode. To disable this feature, use the no form of this command.
no force-signaling-peer
Command History
Examples The following example shows how to force SIP messages to go to the configured signaling peer:
host1/Admin(config-sbc-sbe-adj-sip)# force-signaling-peer
Related Commands
Command Description
39-192
OL-13499-04
global
global
To enter the mode for configuring blacklisting to apply to all addresses, use the global command in the
SBE blacklist configuration mode.
global
Command History
Examples The following example shows how to enter the mode for configuring blacklisting to apply to all
addresses:
host1/Admin(config-sbc-sbe-blacklist-global)#
Related Commands
Command Description
source.
source.
39-193
OL-13499-04
group
group
To configure an adjacency to an adjacency group, use the group command in the appropriate adjacency
mode. To remove the adjacency from the specified group, use the no form of this command.
group word
no group word
Syntax Description
Command History
Examples The following example shows how the group command assigns a SIP adjacency named sipGW to
adjacency group named InternetEth0:
host1/Admin(config-sbc-sbe-adj-sip)# group InternetEth0
The following example shows how the group command assigns an H.323 adjacency named
H323ToIsp42 to an adjacency group named Isp42.
host1/Admin(config-sbc-sbe-adj-h323)# group Isp42
Related Commands
word Indicates the group name for the adjacency. The maximum size is 32
characters.
Command Description
39-194
OL-13499-04
h225 timeout
h225 timeout
To configure the H.225 timeout interval, use the h225 timeout command in the appropriate configuration
mode. To return to the default value, use the no form of this command.
h225 timeout {setup | proceeding | establishment} value
no h225 timeout {setup | proceeding | establishment} value
Syntax Description
Command History
Examples The following example shows how the h225 timeout command configures an H.225 timeout interval in
adjacency H.323 configuration mode:
host1/Admin(config-sbc-sbe-adj-h323)# h225 timeout setup 30
host1/Admin(config-sbc-sbe-adj-h323)# h225 timeout proceeding 30
host1/Admin(config-sbc-sbe-adj-h323)# h225 timeout establishment 30
The following example shows how the h225 timeout command configures an H.225 timeout interval in
H.323 configuration mode:
setup Specifies the setup state. Default value for this state is 4 seconds.
proceeding Specifies the proceeding state. Default value for this state is 10 seconds.
establishment Specifies the establishment state. Default value for this state is 180 seconds.
value Specifies the timeout period in seconds. For setup and proceeding timeout
periods, valid values are from 1 to 30. For establishment timeout, valid
values are from 30 to 300.
39-195
OL-13499-04
h225 timeout
Related Commands
Command Description
39-196
OL-13499-04
h245-address-pass
h245-address-pass
To specify when an H.245 address is passed to the caller when the caller does not support tunneling, use
the h245-address-pass command in the vDBE configuration mode. To return to the default value, use
h245-address-pass {immediate | wait-connect}
no h245-address-pass {immediate | wait-connect}
Syntax Description
Command Default Default value is immediate.
Command Modes vDBE configuration (config-sbc-dbe-vdbe)
Command History
Examples The following example shows how to configure the vDBE H.248 Ia profile to interoperate with the media
gateway controller (SBE):
host1/Admin(config-sbc-sbe)# adjacency h323 adj1
host1/Admin(config-sbc-sbe-adj-h323)# signaling-address ipv4 10.140.90.20
host1/Admin(config-sbc-sbe-adj-h323)# signaling-port 1720
host1/Admin(config-sbc-sbe-adj-h323)# remote-address ipv4 172.16.100.107 255.255.255.255
host1/Admin(config-sbc-sbe-adj-h323)# signaling-peer 172.16.100.107
host1/Admin(config-sbc-sbe-adj-h323)# signaling-peer-port 1720
host1/Admin(config-sbc-sbe-adj-h323)# dbe-location-id 4294967295
host1/Admin(config-sbc-sbe-adj-h323)# h245-address-pass wait-connect
Related Commands
immediate Pass H.245 address immediately to caller.
wait-connect Pass H.245 address to caller until call is connected.
Command Description
h245-tunnel disable Disables H.245 tunneling on a per-adjacency
basis.
39-197
OL-13499-04
h245-tunnel disable
h245-tunnel disable
To disable H.245 tunneling on a per-adjacency basis, use the h245-tunnel disable command in
adjacency H.323 configuration mode. To enable tunneling, use the no form of this command.
h245-tunnel disable
no h245-tunnel disable
Command History
Examples The following example shows how the h245-tunnel disable command disables H.245 tunneling on an
H.323 adjacency named H323ToIsp42:
host1/Admin(config-sbc-sbe-adj-h323)# h245-tunnel disable
Related Commands
Command Description
h245-address-pass Specifies when an H.245 address is passed to the
caller when the caller does not support tunneling.
39-198
OL-13499-04
h248 allow-all-mg
h248 allow-all-mg
To configure the H.248 signaling stack to allow connections from all Media Gateways, use the h248
allow-all-mg command in the SBE configuration mode. Use the no form of this command to deconfigure
the H.248 signaling stack from allowing connections from all media gateways,
h248 allow-all-mg
no h-248 allow-all-mg
Command Default Default is the no form of this command
Command History
Examples The following command configures the H.248 signaling stack to allow any Media Gateway to connect
to the SBE:
host1/Admin(config-sbc-sbe)# h248 allow-all-mg
Related Commands
Command Description
h248-profile Configures the vDBE H.248 profile name to
interoperate with the media gateway controller
(SBE).
h248-profile-version Configures the vDBE H.248 profile version to
interoperate with media gateway controller
(SBE).
h248 version configure the version of an H.248 protocol for a
VDBE when forming associations with an H.248
controller.
39-199
OL-13499-04
h248-profile
h248-profile
To configure the vDBE H.248 profile name to interoperate with the media gateway controller (SBE), use
the h248-profile command in the vDBE configuration mode. To return to the default value, use the no
h248-profile {etsi-bgf | gatecontrol}
no h248-profile
Syntax Description
Command Default Default value is gatecontrol.
Command Modes vDBE configuration (config-sbc-dbe-vdbe)
Command History
Usage Guidelines To use this command, you must be in a user group associated with a task group that includes the proper
task IDs. To use this command, you must be in the correct configuration mode and submode. The
Examples section shows the hierarchy of modes and submodes required to run the command.
Use the h248-profile command to enter vDBE H.248 profile configuration mode.
After the DBE is configured to use the H.248 profile name, the applicable profile name is advertised with
the Service Change messages.
Examples The following example shows how to configure the vDBE H.248 Ia profile to interoperate with the media
gateway controller (SBE):
host1/Admin# sbc mysbc
host1/Admin(config-sbc-dbe-vdbe)# h248-profile etsi-bgf
host1/Admin(config-sbc-dbe-vdbe-h248-profile)#
etsi-bgf Configures the Ia profile for ESSI_BGF.
gatecontrol Configures the Cisco profile for the SBC_GateControl.
39-200
OL-13499-04
h248-profile
h248-profile-version Configures the vDBE H.248 profile version to interoperate with
the media gateway controller (SBE).
show services sbc dbe
h248-profile
Displays the information on the specified profile, including
transport, H.248 version, and active packages.
vdbe Enters Virtual Data Border Element (vDBE) configuration mode.
39-201
OL-13499-04
h248-profile-version
To configure the vDBE H.248 profile version to interoperate with media gateway controller (SBE), use
the h248-profile-version command in the vDBE H.248 profile configuration mode.To return to the
default value, use the no form of this command.
h248-profile-version {profile-version}
no h248-profile-version
Syntax Description
Command Default Default value is 3.
Command Modes vDBE H.248 profile configuration (config-sbc-dbe-vdbe-h248-profile)
Command History
Use the h248-profile-version command after you have defined the name of the profile using the
h248-profile command.
Examples The following example shows how to configure the vDBE H.248 profile version to interoperate with the
media gateway controller (SBE):
host1/Admin# sbc mysbc
host1/Admin(config-sbc-dbe-vdbe)# h248-profile etsi-bgf
host1/Admin(config-sbc-dbe-vdbe-h248-profile)# h248-profile-version 1
Related Commands
profile-version Version number of the H.248 profile. The values are from 1 to 3. The value
of 3 stands for gatecontrol. The value of 1 stands for etsi-bgf.
Command Description
h248-profile Configures the vDBE H.248 profile name to interoperate with the media
gateway controller (SBE).
39-202
OL-13499-04
show services sbc dbe
h248-profile
Displays the information on the specified profile, including transport,
H.248 version, and active packages.
vdbe Enters Virtual Data Border Element (vDBE) configuration mode.
Command Description
39-203
OL-13499-04
h248-version
h248-version
To configure the version of an H.248 protocol for a VDBE when forming associations with an H.248
controller, use the h248-version command in VDBE mode. To leave the default as version 2 of the H.248
protocol, use the no form of this command.
h248-version version-number
no h248-version version-number
Syntax Description
Command Default h248 version 2 is used.
Command Modes sbc-dbe-vdbe mode (config-sbc-sbe-dbe-vdbe)
Command History
Examples The following example shows how the h248-version command configures the vDBE to use version 3 of
the H.248 protocol:
host1/Admin:router(config-sbc-dbe)# vdbe
host1/Admin:router(config-sbc-sbe-dbe-vdbe)# h248-version 3
Related Commands
version-number Specifies the version number. The default version is 2.
Command Description
h248 allow-all-mg Configures the H.248 signaling stack to allow
connections from all Media Gateways.
h248-profile Configures the vDBE H.248 profile name to
interoperate with the media gateway controller
(SBE).
h248-profile-version Configures the vDBE H.248 profile version to
interoperate with media gateway controller
(SBE).
39-204
OL-13499-04
h323
h323
To enter the H.323 configuration mode, use the h323 command in SBE configuration mode.
h323
Command History
Examples The following example shows how to enter the H.323 configuration mode:
host1/Admin(config-sbc-sbe-h323)#
Related Commands
Command Description
hunting-trigger Configures failure return codes to trigger hunting.
ras retry Configures an H.323 Registration, Admission, and Status (RAS) retry count
for an RAS transaction type.
ras rrq Configures the registration request (RRQ).
ras timeout Configures an H.323 RAS timeout interval.
adjacency timout Configures the adjacency retry timeout interval.
39-205
OL-13499-04
header
header
To add a header with a specified name to a SIP message profile, use the header command in SIP
header-profile configuration mode. To remove the method from the profile, use the no form of this
command.
header header-name
no header header-name
Syntax Description
Command Modes SIP header configuration (config-sbc-sbe-sip-hdr)
Command History
Examples The following example shows how the header command adds the header test to the header profile
MyProfile:
host1/Admin(config-sbc-sbe-sip-hdr)# header test
Related Commands
header-name Specifies the name of the header added to the header profile. Valid names
are 1 to 32 characters in length (inclusive) and are case-sensitive.
Command Description
blacklist Configures SIP header or method blacklist profiles on a SIP message.
description Configures descriptive text for a SIP header.
39-206
OL-13499-04
header-profile
header-profile
To set a specified header profile for inbound and outbound signaling on a specified SBE SIP adjacency,
use the header-profile command in adjacency H.323 configuration mode. To disable the specified
header profile, use the no form of this command.
header-profile {inbound | outbound} profile-name
no header-profile {inbound | outbound} profile-name
Syntax Description
Command History
Examples The following example shows how the header-profile command sets header profiles for inbound and
outbound signaling on an SBE SIP adjacency test:
host1/Admin(config-sbc-sbe-adj-sip)# header-profile inbound Profile1
host1/Admin(config-sbc-sbe-adj-sip)# header-profile outbound Profile2
Related Commands
inbound | outbound Sets the inbound and outbound SIP header profiles.
profile-name Specifies the name of the header profile to be set for inbound or outbound
signaling on a specified adjacency. If you enter the name default, the
default header profile is set for inbound or outbound signaling.
Command Description
show services sbc sbe sip header-profile Displays a list of all configured SIP header
profiles.
39-207
OL-13499-04
hold-media-timeout
hold-media-timeout
To configure the time an SBE will wait after receiving a media timeout notification from the DBE for an
on-hold call before tearing that call down, use the hold-media-timeout command in SBE configuration
mode. To set the number to its default, use the no form of this command.
hold-media-timeout timeout
no hold-media-timeout timeout
Syntax Description
Command Default The default value is 0.
Command History
Examples The following command configures the SBE to wait two hours after receiving the last media packet on
an on-hold call before cleaning up the call resources:
host1/Admin(config-sbc-sbe)# hold-media-timeout 7200
Related Commands
timeout Specifies the time an SBE will wait after receiving a media timeout notification
from the DBE for an on-hold call before tearing that call down.
Command Description
sbe Configures the submode of the SBE entity within
an SBC service.
39-208
OL-13499-04
hunting-trigger
hunting-trigger
To configure failure return codes to trigger hunting, use the hunting-trigger command in one of its
supported modes: H.323 (global H.323 scope), adjacency SIP (destination SIP adjacency), and
adjacency h323 (destination H.323 adjacency).
The no form of the command clears all error codes.
If you enter no hunting-trigger x y, then just codes x and y are removed from the configured list.
hunting-trigger {error-codes | disable} error-codes
no hunting-trigger {error-codes | disable} error-codes
Syntax Description
Command Modes H.323 configuration (config-sbc-sbe-h323)
Command History
Usage Guidelines If you enter hunting-trigger x followed by hunting-trigger y, the value of x is replaced with y.
To set both x and y to be hunting triggers, you must enter hunting-trigger x y.
error-codes
(SIP and adjacency
modes)
Signifies a space-separated list of SIP numeric error codes.
error-codes
(h323 and adjacency
h323 modes)
Specifies one of the following values:
noBandwidthH.225 no bandwidth response.
unreachableDestinationH.225 unreachable destination response.
destinationRejectionH.225 destination rejection response.
noPermissionH.225 no permission response.
gatewayResourcesH.225 gateway Resources response.
badFormatAddressH.225 bad format address response.
securityDenied H.225 security denied response.
connectFailedInternal response.
noRetrySpecifies that routing should never be retried for this
adjacency no matter what failure return code is received.
39-209
OL-13499-04
hunting-trigger
To use this command, you must be in the correct configuration mode and submode.
The "Examples" section shows the hierarchy of modes and submodes required to run the command.
In the adjacency SIP or H.323 adjacency modes, if you specify the special hunting-trigger value of
disable, routes are never retried to this adjacency, even if the error code is on the global retry list.
Examples H.323 mode
The following example shows how to configure H.323 to retry routing if it receives a noBandwidth or
securityDenied error:YES
host1/Admin (config-sbc-sbe)# h323
host1/Admin (config-sbc-sbe-h323)# hunting-trigger noBandwidth securityDenied
SIP adjacency mode
The following example shows how to configure SIP to retry routing to the SIP adjacency SipAdj1 if it
receives a 415 (media unsupported) or 480 (temporarily unavailable) error: YES
host1/Admin(config-sbc-sbe)# adjacency sip SipAdj1
host1/Admin(config-sbc-sbe-adj-sip)# hunting-trigger 415 480
Related Commands
Command Description
show services sbc sbe hunting-trigger Shows the the H.323 or SIP hunting triggers at the
global level.
39-210
OL-13499-04
inherit profile
inherit profile
To configure a global inherit profile for the SIP adjacency, use the inherit profile command in adjacency
SIP configuration mode. To deconfigure the global inherit profile, use the no form of this command.
inherit profile {preset-access | preset-core | preset-ibcf-ext-untrusted | preset-ibcf-external |
preset-ibcf-internal | preset-p-cscf-access | preset-p-cscf-core | preset-peering |
no inherit profile
Syntax Description
SBE configuration(config-sbc-sbe)
Command History
Examples The following example shows how the sip inherit profile command is used to configure a
P-CSCF-access inherit profile on a SIP adjacency:
host1/Admin(config-sbe-adj-sip)# inherit profile preset-p-cscf-access
preset-access Specifies a preset access profiles.
preset-core Specifies a preset core profile.
preset-ibcf-ext-untrusted Specifies a preset IBCF external untrusted profile.
preset-ibcf-external Specifies a preset IBCF external profile.
preset-ibcf-internal Specifies a preset IBCF internal profile.
preset-p-cscf-access Specifies a preset P-CSCF-access profile.
preset-p-cscf-core Specifies a preset P-CSCF-core profile.
preset-peering Sepcifies a preset peering profile.
preset-standard-non-ims Specified a preset standard-non-IMS profile.
39-211
OL-13499-04
inherit profile
Related Commands
Command Description
39-212
OL-13499-04
invite-timeout
invite-timeout
To configure the time that SBC waits for a final response to an outbound SIP invite request, use the
invite-timeout command in IP timer configuration mode. To return to the default value, use the no form
of this command.
invite-timeout {interval-value}
no invite-timeout
Syntax Description
Command Default The default wait interval is 180 seconds. If no response is received during that time, an internal 408
request timeout response is generated and is sent to the caller.
Command Modes SIP timer (config-sbc-sbe-sip-tmr)
Command History
Examples The following example shows how to configure the SBC to time out invite transactions after 60 seconds:
host1/Admin(config-sbc-sbe-sip-tmr)# exit
Related Commands
interval-value Time, in seconds, SBC waits before timing out an outbound invite request.
Command Description
udp-response-linger-period Configures the time period that SBC retains negative UDP responses
to invite requests.
39-213
OL-13499-04
ip host
ip host
To resolve hostnames to IP addresses in evaluation cases where a DNS server is not available, use the ip
host command in Global configuration mode. To return to the default value, use the no form of this
command.
ip host hostname ip_address
no ip host hostname ip_address
Syntax Description
Command Default The default wait interval is 180 seconds. If no response is received during that time, an internal 408
request timeout response is generated and is sent to the caller.
Command Modes Global configuration (config)
Command History
Caution The ip host command provides a mechanism to resolve hostnames to IP addresses in evaluation cases
where a DNS server is not available. Properly designed networks rely on DNS infrastructure to manage
the mapping of hostnames to IP addresses in a scalable and consistent network-wide manner. Use of the
ip host command in conjunction with a DNS server may result in an undesireable result when the local
configuration conflicts with the global DNS mapping.
Examples The following example shows how to configure the SBC to time out invite transactions after 60 seconds:
host1/Admin(config)# ip host host_1 172.18.51.20
hostname Specifies the hostname.
ip_address Specifies the IP address.
39-214
OL-13499-04
ip precedence
ip precedence
To configure an IP precedence with which to mark IP packets belonging to the given QoS profile, use
the ip precedence command in the appropriate configuration mode. To return to the default behavior,
ip precedence value
no ip precedence
Syntax Description
Command Default value: 0
Command Modes Qos sig configuration (config-sbc-sbe-qos-sig)
Command History
Examples The following example shows how to configure the QoS profile to mark IP packets with a precedence of
1:
host1/Admin(config)# mySbc
host1/Admin(config-sbc-sbe-qos-sig)# ip precedence 1
Related Commands
value Specifies the IP precedence with which to mark packets. Range is 0 to 7.
Command Description
39-215
OL-13499-04
ip TOS
ip TOS
To configure an IP ToS (type of service) with which to mark IP packets belonging to the QoS profile,
use the ip TOS command in the appropriate configuration mode. To return the QoS profile to setting the
default IP ToS, use the no form of this command.
ip TOS value
no ip TOS
Syntax Description
Command Default The default IP ToS is 0 (normal service).
Command History
Examples The following example shows how to configure an IP TOS:
host1/Admin(config-sbc-sbe-qos-sig)# ip tos 12
value Specifies the IP ToS with which to mark packets. This may be a value of 0 (normal
service) or a bitfield consisting of one or more of the following bits ORed together:
8: Minimize delay.
4: Maximize throughput.
2: Maximize reliability.
1: Minimize monetary cost.
39-216
OL-13499-04
ip TOS
Related Commands
Command Description
39-217
OL-13499-04
ipv4 (blacklist)
ipv4 (blacklist)
To enter the mode for applying blacklisting options to a single IP address or for configuring the default
event limits for the source addresses in a given VPN (where the IP address is under the VPN), use the
ipv4 command in the SBE blacklist configuration mode. Use the no form of the command to remove the
blacklist entry for an address.
ipv4 ip address
Syntax Description
Command History
Examples The following example shows how to enter the mode for applying blacklisting options to a single IP
address:
host1/Admin(config-sbc-sbe-blacklist-ipv4)#
Related Commands
IP address Specifies the IPv4 H.248 control address.
Command Description
source.
39-218
OL-13499-04
ipv4 (blacklist)
source.
Command Description
39-219
OL-13499-04
ipv4 (SBE H.248)
ipv4 (SBE H.248)
To configure an SBE to use a given IPv4 H.248 control address, use the ipv4 command in H.248 control
address configuration mode. To delete a given IPv4 H.248 control address, use the no form of this
command.
ipv4 IP address
no ipv4 IP address
Syntax Description
Command Modes H.248 control address (config-sbc-sbe-ctrl-h248)
Command History
Examples The following example shows how to configure an SBE to use a given IPv4 H.248 control address:
host1/Admin(config-sbc-sbe-ctrl-h248)#
Related Commands
IP address Specifies the IPv4 H.248 control address.
Command Description
index
Selects index value and enters H.248 control address mode.
39-220
OL-13499-04
key
key
To configure the authentication key of the accounting and authentication servers, use the key command
in the appropriate server configuration mode. To disable any previously set authentication key, use the
key key
no key
Syntax Description
Command History
Examples The following example shows how to configure the acctsvr accounting server with the authentication key
HJ5689 and acctsvr2 accounting server with the authentication key cisco on mySbc for RADIUS client
instance radius1:
host1/Admin(config-sbc-sbe)# radius accounting radius1
host1/Admin(config-sbc-sbe-acc)# server acctsvr
host1/Admin(config-sbc-sbe-acc-ser)# key HJ5689
host1/Admin(config-sbc-sbe-acc)# server acctsvr2
host1/Admin(config-sbc-sbe-acc-ser)# key cisco
Related Commands
key Specifies the authentication key. This is only valid if authentication is turned on.
Command Description
radius Configures a RADIUS client for accounting or
39-221
OL-13499-04
ldr-check
ldr-check
To configure the time of day (local time) to run the Long Duration Check (LDR), use the ldr-check
command in SBE billing configuration mode. To return to 00:00, use the no form of this command.
ldr-check {HH MM}
no ldr-check
Syntax Description
Command Default HH MM: 00 00
Command History
Examples The following example shows how to configure the remote long-duration-call check to occur at
10.30 p.m., to specify the time each day when SBC should check for any call whose duration is over 24
hours:
host1/Admin(config-sbc-sbe-billing)# ldr-check 22 30
Related Commands
HH:MM Time in hours and minutes using a 24-hour clock. The range of the HH argument is 0 to
23. The range of the MM argument is 0 to 59.
Command Description
method
packetcable-em
39-222
OL-13499-04
ldr-check
packetcable-em
transport radius
billing remote
Command Description
39-223
OL-13499-04
local-address ipv4 (packet-cable)
To configure the local address of the packet-cable billing instance, use the local-address ipv4 command
in the packetcable-em configuration mode. To disable the local address, use the no form of this
command.
local-address ipv4 A.B.C.D.
no local-address ipv4
Syntax Description
Command Default The default is 0.0.0.0.
Command History
If no address is configured, the SBC uses any local address.
Examples The following example shows how to enter the billing mode for mySbc:
(config-sbc-sbe-billing-packetcable-em)# local-address ipv4 10.10.10.10
Related Commands
A.B.C.D. Local IPv4 address to be configured.
Release 3.1.00 This command was modified.
Command Description
attach activate the billing for a RADIUS client
RADIUS server.
39-224
OL-13499-04
(LDR).
local-address ipv4
(packet-cable)
method
packetcable-em
packetcable-em
transport radius
billing remote
Command Description
39-225
OL-13499-04
local-address ipv4
local-address ipv4
To configure the local IPv4 address that appears in the CDR, use the local-address ipv4 command in
SBE billing configuration mode. To deconfigure the local IPV4 address, use the no form of this
command.
local-address ipv4 {A.B.C.D.}
no local-address ipv4
Syntax Description
Command Modes SBE billing configuration
Command History
Note This field cannot be reconfigured when billing is active.
Examples The following example shows how to configure the local-address to 10.20.1.1 for the billing:
host1/Admin(config-sbc-sbe)# billing remote
host1/Admin(config-sbc-sbe-billing)# local-address ipv4 10.20.1.1
Related Commands
A.B.C.D. Local IPv4 address to be configured.
Command Description
(LDR).
39-226
OL-13499-04
local-address ipv4
method
packetcable-em
packetcable-em
transport radius
billing remote
Command Description
39-227
OL-13499-04
local-id host
local-id host
To configure the local identify name on a SIP adjacency, use the local-id command in adjacency SIP
local-id host name
no local-id host
Syntax Description
Command Default When the name field is not set, the local signaling address is used in SIP messages.
Command History
Examples The following example shows how to set the SIP local identity of SIP adjacency SipToIsp42 to mcarthur:
host1/Admin(config-sbc-sbe-adj-sip)# local-id host mcarthur
Related Commands
name Specifies the local identity name to present on outbound SIP messages. This may be a DNS
name. This must not contain the port. The maximum size is 255 characters.
Command Description
adjacency Configures an adjacency for an SBC service.
39-228
OL-13499-04
local-port
local-port
To configure a DBE to use a specific local port when connecting to the default MGC, use the local-port
command in the VDBE configuration mode. To disable this configuration, use the no form of this
command.
local-port {abcd}
no local-port {abcd}
Syntax Description
Command Default Default is to use local port 2944. Note that use-any-local-port should not be used when there is a
redundant Session Border Controller (SBC). If it is, the connection to the MGC may be lost with an SBC
switch over.
Command History
The local port cannot be modified after any controller has been configured on the vDBE. You must delete
the controller before you can modify or configure the local port.
configuration and VDBE configuration modes, and configures the DBE to use the local port number
5090:
host1/Admin(config-sbc-dbe-vdbe)# local-port 5090
Related Commands
abcd This is the number of the local port the DBE uses.
Command Description
use-any-local-port Configures a DBE to use any available local port
when connecting to the default MGC.
39-229
OL-13499-04
location-id
location-id
To configure the location ID for a DBE service of the session border controller (SBC), use the
location-id command in SBC-DBE configuration mode. To set the location ID to the default, use the no
location-id location-id
no location-id location-id
Syntax Description
Command Default The default location-id is -1
Command History
The no form of the command does not take an argument and sets the location-id to the default, which is
0xFFFFFFFF (-1).
A location ID is configured on each DBE. The SBE may associate endpoints with a particular location
ID and then use the location IDs to route calls between different DBEs.
Use the dbe command to enter into SBC-DBE configuration mode prior to entering the location-id
command.
configuration mode, and sets the location ID for a DBE to be 1:
Related Commands
location-id The location ID of the DBE. The location ID range is from -1 to 65535.
Command Description
into DBE-SBE configuration mode.
39-230
OL-13499-04
mandatory-transport
mandatory-transport
To set the mandatory transport for an adjacency, use the mandatory-transport command in adjacency
SIP configuration mode. To enable fast-path register support, use the no form of this command.
mandatory-transport {tcp | udp}
no mandatory-transport {tcp | udp}
Syntax Description
Command Default Adjacencies use UDP by default.
Command History
Fast-path register is used to prevent the SBC from forwarding all SIP register messages to the softswitch,
thus reducing the load on the softswitch. This is enabled by default and can be disabled using this
command. When active, a SIP register message received from the same host and port as an existing
registration, and with a nonzero expires interval, is immediately responded to without further parsing or
other processing performed.
Examples The following example shows how to configure TCP as the mandatory transport on the SIP adjacency
SipToIsp42:
host1/Admin(config-sbc-sbe-adj-sip)# mandatory-transport tcp
Related Commands
tcp Sets the mandatory transport to TCP.
udp Sets the mandatory transport to UDP.
Command Description
preferred-transport Configures the preferred transport protocol for SIP signaling on an
adjacency.
39-231
OL-13499-04
map-status-code
map-status-code
To enter the map status code mapping submode, use the map-status-code command in the SIP
method-profile element configuration mode.
map-status-code
Syntax Description
Command Modes SIP method-profile element configuration (config-sbc-sbe-sip-mth-ele)
Command History
Examples The following example shows how the map-status-code command enters the map status code mapping
submode:
Router/Admi(config-sbc-sbe-sip-mth-ele-map)#
Related Commandsh
method name Specifies the name of the method added to the method profile. Valid names
Command Description
description Configures descriptive text for a method profile.
pass-body Permits SIP message bodies to pass through for nonvital SIP methods
accepted by a method profile.
39-232
OL-13499-04
marking
marking
To configure whether the QoS profile will mark packets with a DSCP value or an IP precedence and ToS
value, use the marking command in the appropriate configuration mode. To return to the default
marking type
no marking
Syntax Description
Command History
Examples The following example shows how to configure the QoS profile to mark IP packets with DSCPs:
host1/Admin(config-sbc-sbe-qos-sig)# marking dscp
Related Commands
type Specifies the type of marking. Possible values are:
dscp: Marks packets with a DSCP value.
ip-precedence: Marks packets with an IP precedence and TOS value.
passthrough: No packet marking.
Command Description
39-233
OL-13499-04
match-account
match-account
To configure the match account of an entry in the number analysis or routing table whose entries match
against the source account, use the match-account command in routing table entry configuration mode.
To delete the match value, use the no form of this command.
match-account key
no match-account key
Syntax Description
Command History
Examples The following example shows how to create an entry in the new number analysis table MyNaTable and
sets the source account it matches against:
Admin/Router(config)# sbc mySbc sbe
Admin/Router(config-sbc-sbe)# call-policy-set 1
Admin/Router(config-sbc-sbe-rtgpolicy)# na-src-account-table MyNaTable
Admin/Router(config-sbc-sbe-rtgpolicy-natable)# entry 1
Admin/Router(config-sbc-sbe-rtgpolicy-natable-entry)# match-account router_eastern
Related Commands
key Specifies the account to match.
Command Description
39-234
OL-13499-04
match-address
match-address
To configure the match value of an entry in a routing table whose entries match against the destination
or source dialed number, use the match-address command in routing table entry configuration mode.
match-address key [regex]
no match-address key [regex]
Syntax Description
Command History
Examples The following example shows how to create an entry in the new routing table MyRtgTable and sets the
dialed number (destination address) it matches against:
Related Commands
key Specifies the string used to match the address. Maximum size is 255
characters.
regex Optional. Specifies that the address string is a regular expression.
Release 3.1.0 Added the optional regex keyword.
Command Description
39-235
OL-13499-04
match-adjacency
match-adjacency
To configure the match value of an entry in a number analysis or routing table whose entries match
against the source adjacency, use the match-adjacency command in routing table configuration mode.
To delete the match value of the given entry in the routing table, use the no form of this command.
match-adjacency key
no match-adjacency key
Syntax Description
Command History
Examples The following example shows how to create an entry in the new routing table MyRtgTable and sets the
source adjacency it matches against:
host1/Admin(config-sbc-sbe-rtgpolicy)# rtg-src-adjacency-table MyRtgTable
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-adjacency ADJ1
Related Commands
key Specifies the match adjacency. Use an asterisk to match all adjacencies.
Command Description
39-236
OL-13499-04
match-category
match-category
To configure the match value of an entry in a routing table matching on the category, use the
match-category command in routing table configuration mode. To delete the match value of the given
entry in the routing table, use the no form of this command.
match-category WORD
no match-category WORD
Syntax Description
Command History
You cannot use this command if the table is part of the active policy set.
Examples The following example configures the match-value of an entry in the new routing table MyRtgTable:
host1/Admin(config-sbc-sbe-rtgpolicy)# rtg-category-table MyRtgTable
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-category emergency
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable)# end
Related Commands
WORD Specifies the name of the category match. The maximum size is 30 characters.
Command Description
39-237
OL-13499-04
match-cic
match-cic
To match on the carrier ID code in a routing table, use the match-cic command in routing table entry
mode. The no form of the command deletes the precedence of the given entry in the routing table.
match-cic word [any | none]
no match-cic word [any | none]
Syntax Description
Command Default The default precedence of an entry is any.
Command History
Examples The following is an example of using the match-cic command match on any carrier ID present.
host1/Admin(config-sbc-sbe-rtgpolicy)# rtg-carrier-id-table MyRtgTable
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-cic any
Related Commands
word Match value key; the maximum size is 30 characters.
any Match any carrier ID (match on any carrier ID present).
none Match null carrier ID (match if no carrier ID is present).
Command Description
39-238
OL-13499-04
match-cic
rtg-carrier-id-table Enters the configuration mode for creation or configuration of a routing
table, whose entries match the carrier ID of an SBE call policy set.
entry Enters the configuration submode for creation or configuration of a routing
table, whose entries match the source domain name of an SBE call policy
set.
Command Description
39-239
OL-13499-04
match-domain
match-domain
To create or modify the match domain of an entry in a routing table matching on the source domain, use
the match-domain command in call policy routing table mode. To delete the match value of the given
entry in the routing table, use the no form of this command.
match-domain key [regex]
no match-domain key [regex]
Syntax Description
Command Modes Call policy routing table (config-sbc-sbe-rtgpolicy-rtgtable)
Command History
Usage Guidelines You cannot create or modify the match domain of an entry in a routing table matching on the source
domain if the table is part of the active policy set.
Examples The following command configures the match-domain of an entry in the new routing table MyRtgTable
to be cisco.com:
host1/Admin(config-sbc-sbe-rtgpolicy)# rtg-src-domain-table MyRtgTable
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-domain cisco.com
key Specifies the string used to match the dialed number.
regex Optional. Specifies that the address string is a regular expression.
Release 3.1.0 Added the optional regex keyword.
39-240
OL-13499-04
match-domain
rst-dst-domain-table Enters the configuration mode for creation of a routing table, with entries
that match the destination domain name of an SBE call policy set.
39-241
OL-13499-04
match-number
match-number
To configure the match value of an entry in the number analysis table whose entries match against the
whole dialed number, use the match-number command in NA-DST-number-table configuration mode.
match-number key
no match-number key
Syntax Description
Command Modes NA-DST-number-table configuration (config-sbc-sbe-rtgpolicy-natable-entry)
Command History
Examples The following example shows how to create an entry in the new NA table MyNaTable and sets the dialed
number it matches against:
host1/Admin(config-sbc-sbe-rtgpolicy-natable-entry)# match-number 9XXX
Related Commands
key Specifies the string used to match the dialed number.
Command Description
caller-video-qos-profile Configures the action of an entry in a number analysis table.
39-242
OL-13499-04
match-prefix
match-prefix
To configure the match value of an entry in the number analysis table whose entries match against the
start of the dialed number, use the match-prefix command in SBE routing policy number analysis table
entry configuration mode. To delete the match value, use the no form of this command.
match-prefix word
no match-prefix word
Syntax Description
Command Modes Number analysis table configuration (config-sbc-sbe-rtgpolicy-natable-entry)
Command History
Use the match-prefix command to configure number analysis destination prefix tables.
Examples The following example shows how to create an entry in the new NA table MyNaTable and sets the dialed
number prefix it matches against:
host1/Admin(config)# sbc mySbc sbe
host1/Admin(config-sbc-sbe-rtgpolicy-natable-entry)# match-prefix *X*
Related Commands
word Value of prefix string used to match the start of the dialed number.
Maximum size is 32 characters.
Command Description
action (NA-) Configures the action of an entry in the number analysis table with entries of
the table matching a dialed number (prefix or whole number) or the source
39-243
OL-13499-04
match-prefix
entry Creates or modifies an entry in a number analysis or routing table
na-dst-prefix-table Configures a number analysis table with numbers that match the prefix of the
dialed number within an SBE policy set.
Command Description
39-244
OL-13499-04
match-prefix len
match-prefix len
To configure the match value of an entry in a routing table matching on the prefix length (netmask), use
the match-prefix len command in CAC table entry configuration mode. To delete the match value of the
given entry in the routing table, use the no form of this command.
match-prefix-len length
no match-prefix-len length
Syntax Description
Command History
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-prefix-len 24
Related Commands
length Range: 0-32
Command Description
39-245
OL-13499-04
match-type
match-type
To configure the match type of anadmission control table, use the match-type command in CAC table
configuration mode. To delete the match-type of the admission control table, use the no form of this
command.
match-type table-type
no match-type table-type
Syntax Description
table-type The type of the table. This parameter governs the syntax of the match-value
fields of the entries in the table. The entries in the table then all correspond to
different values of call priority, which must be one of the following strings:
accountCompare the name of the account.
adj-groupCompare the name of the adjacency group.
adjacencyCompare the name of the adjacency.
allNo comparison type. All events match this type.
call-priorityCompare with call priority.
categoryCompare the number analysis assigned category.
dst-accountCompare the name of the destination account.
dst-adj-groupCompare the name of the destination adjacency group.
dst-adjacencyCompare the name of the destination adjacency.
dst-prefixCompare the beginning of the dialed digit string.
event-typeCompare with CAC policy event types.
policy-setThe match-type is a cac-policy-table.
src-accountCompare the name of the source account.
src-adj-groupCompare the name of the source adjacency group.
src-adjacencyCompare the name of the source adjacency.
src-prefixCompare the beginning of the calling number string.
sub-categoryMatch based on subscriber category.
sub-category-pfxMatch based on subscriber category IP prefix
The match-type parameter must be supplied when creating a table.
39-246
OL-13499-04
match-type
Command History
Examples The following example shows how to configure the match-type of the admission control table
MyCacTable:
host1/Admin(config-sbc-sbe-cacpolicy-cactable)# match-type call-priority
Related Commands
Release 3.1.00 This command was modified with the addition of sub-category and
sub-category-pfx table types.
Command Description
match-value Configures the match-value of an entry in an admission control table.
39-247
OL-13499-04
match-string
match-string
To configure an SDP attribute matching string, use the match-string command in the SDP attribute table
configuration mode. To delete the match value of the given entry in the routing table, use the no form of
this command.
match-string word
no match-string word
Syntax Description
Command Modes SDP attribute table configuration (config-sbc-sbe- sdpmatchtable-sdpattributetable)
Command History
Related Commands
word Specifies the SDP attribute string. The maximum size is 30 characters.
Command Description
sdp-attribute-table Configures an SDP attribute table that lists the attributes to add or remove.
action (sdp) Configures an SDP policy table action.
sdp-policy-table Configure an SDP policy table.
39-248
OL-13499-04
match-table
match-table
To configure an SDP match table used in a policy, use the match-table command in SDP policy table
this command.
match-table word
no match-table word
Syntax Description
Command Modes SDP policy table (config-sbc-sbe-sdp-policy-tbl)#
Command History
Related Commands
word Specifies the SDP match table. The maximum size is 30 characters.
Command Description
39-249
OL-13499-04
match-time
match-time
To configure the match time of an entry, use the match-time command in routing table entry
this command.
match-time {[date yr year_low year_high mon month_low month_high day date_low date_high]
[dow DoW_low DoW_high] [tod hr hour_low hour_high min minute_low minute_high]}
no match-time {[date yr year_low year_high mon month_low month_high day date_low
date_high] [dow DoW_low DoW_high] [tod hr hour_low hour_high min minute_low
minute_high]}
Syntax Description
Command History
key Key: A string used to match the time and can include one or more of the following
specifiers:
date_low - date_highthe inclusive range of dates (1-31).
datedate
daydate
DoW_low - DoW_highthe inclusive range of days (Sun-Mon).
dowday of the week
hrhour
hour_low - hour_highthe inclusive range of hours (0-23).
minute_low - minute_highthe inclusive range of minutes (0-59).
minminute
monmonth
month_low - month_highthe inclusive range of months (1-12).
todtime of day
yryear
year_low - year_highthe inclusive range of years.
Note The high values are optional and if unspecified are set equal to the low
values.
39-250
OL-13499-04
match-time
Usage Guidelines You are not allowed to use this command if the table is part of the active policy set.
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-time y:2006-2020
Related Commands
Command Description
39-251
OL-13499-04
match-value
match-value
To configure the match-value of an entry in an admission control table, use the match-value command
in CAC table configuration mode. To delete the match value in the given entry in the admission control
table, use the no form of this command.
match-value key
no match-value key
39-252
OL-13499-04
match-value
Syntax Description
key Specifies the string used to match events. The format of the key is determined by the
match-type of the enclosing table. Strings are:
WORDOther than policy-set, call-priority and event-type (Max Size is 255).
adj-groupEvents that are from members of the same adjacency group.
callScope limits are per single call.
call-updateCompare the beginning of the calling number string.
categoryEvents that have same category.
criticalMatch calls with resource priority 'critical'.
dst-accountEvents that are sent to the same account.
dst-adj-groupEvents that are sent to the same adjacency group.
dst-adjacencyEvents that are sent to the same adjacency.
dst-numberEvents that have same destination.
endpoint-regCompare the name of the destination adjacency.
flashMatch calls with resource priority 'flash'.
flash-overrideMatch calls with resource priority 'flash-override'.
globalScope limits are global
immediateMatch calls with resource priority 'immediate'.
new-callCompare the beginning of the dialled digit string.
priorityMatch calls with resource priority 'priority'.
routineMatch calls with resource priority 'routine'.
src-accountEvents that are from the same account.
src-adj-groupEvents that are from the same adjacency group.
src-adjacencyEvents that are from the same adjacency.
src-numberEvents that have same source number
sub-category.Categorizes based on the source IP address in the registration
requests.
sub-category-pfx.Categorizes based on the first few bits (specified with the
match-prefix-len command) of the subscriber category.
subscriberCategorizes based on the AOR specified in the registration requests
vrfVRF to use when match-type is sub-category or sub-category-pfx.In these
instances, the match-value string is an IP address corresponding to a registered
subscriber. If the registered subscriber is placed in a non-Admin VRF context, then
vrf specifies the VRF name to which the registered subscriber belongs.
39-253
OL-13499-04
match-value
Command History
Examples The following example shows how to configure the match-value for an entry in the new admission
control table MyCacTable:
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# match-value 0208366
The following example shows how to configure a match-value that places a registered subscriber with
an IP address of 1.1.1.1 into VRF1:
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# match-value 1.1.1.1 vrf VRF1
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)#
Related Commands
Release 3.1.00 This command was modified with additional keys.
Command Description
39-254
OL-13499-04
max-bandwidth
max-bandwidth
To configure the maximum bandwidth for an entry in an admission control table, use the
max-bandwidth command in CAC table configuration mode. To delete the maximum bandwidth in the
given entry in the admission control table, use the no form of this command.
max-bandwidth mbw
no max-bandwidth mbw
Syntax Description
Command History
Examples The following example shows how to configure the maximum bandwidth for an entry in the new
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# max-bandwidth 6000000
Related Commands
mbw Positive integer specifying the maximum rate at which call media should be
admitted (in bytes per second) at the relevant scope.
Command Description
max-call-rate Configures the maximum call rate for an entry in an admission control table.
max-channels Configures the maximum number of channels for an entry in an admission
control table.
39-255
OL-13499-04
max-bandwidth
max-connections Configures the maximum number of SIP connections that will be made to
each remote address.
max-num-calls Configures the maximum number of calls of an entry in an admission control
table.
max-regs Configures the maximum number of subscriber registrations of an entry in
max-regs-rate Configures the maximum call number of subscriber registrations for an entry
in an admission control table.
max-updates Configures the maximum call updates for an entry in an admission control
table.
Command Description
39-256
OL-13499-04
max-call-rate
max-call-rate
To configure the maximum call rate for an entry in an admission control table, use the max-call-rate
command in CAC table configuration mode. To delete the maximum call rate in the given entry in the
admission control table, use the no form of this command.
max-call-rate mcr
no max-call-rate mcr
Syntax Description
Command History
Examples The following example shows how to configure the maximum call rate for an entry in the new admission
Related Commands
mcr Positive integer specifying the maximum number of calls per minute to permit at
the given scope.
Command Description
max-bandwidth Configures the maximum bandwidth for an entry in an admission control
table.
control table.
39-257
OL-13499-04
max-call-rate
table.
table.
Command Description
39-258
OL-13499-04
max-channels
max-channels
To configure the maximum number of channels for an entry in an admission control table, use the
max-channels command in CAC table configuration mode. To delete the maximum number of channels
max-channels mc
no max-channels mc
Syntax Description
Command History
Examples The following example shows how to configure the maximum number of channels for an entry in the
new admission control table MyCacTable:
Related Commands
mc Positive integer specifying the maximum number of media channels to permit at
the relevant scope.
Command Description
table.
39-259
OL-13499-04
max-channels
table.
table.
Command Description
39-260
OL-13499-04
max-in-call-rate
max-in-call-rate
To configure the maximum in call rate, use the max-in-call-rate command in CAC table entry
configuration mode. To disable the call rate, use the no form of this command.
max-in-call-rate rate
no max-in-call-rate rate
Syntax Description
Command Default No limit.
Command History
Examples The following command configures the maximum number of connections to each remote address to 1:
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# max-in-call-rate 33
Related Commands
rate The maximum number of in-call messages per minute. The range is
0-4294967295.
Command Description
max-out-call-rate Configures the maximum out call rate.
table.
control table.
39-261
OL-13499-04
max-in-call-rate
table.
table.
Command Description
39-262
OL-13499-04
max-num-calls
max-num-calls
To configure the maximum number of calls of an entry in an admission control table, use the
max-num-calls command in CAC table entry configuration mode. To delete the maximum number of
calls in the given entry in the admission control table, use the no form of this command.
max-num-calls mnc
no max-num-calls mnc
Syntax Description
Command Modes CAC table entry configuration (config-sbc-sbe-cacpolicy-cactable)
Command History
Examples The following example shows how to configure the maximum number of calls for an entry in the new
Related Commands
mnc Positive integer specifying the maximum number of calls to permit at the relevant scope.
Command Description
table.
control table.
39-263
OL-13499-04
max-num-calls
table.
Command Description
39-264
OL-13499-04
max-out-call-rate
max-out-call-rate
To configure the maximum out call rate, use the max-out-call-rate command in CAC table entry
configuration mode. To disable the maximum out call rate, use the no form of this command.
max-out-call-rate rate
no max-out-call-rate rate
Syntax Description
Command Default No limit.
Command History
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# max-out-call-rate 33
Related Commands
rate The maximum number of call-out messages per minute. The range is
0-4294967295.
Command Description
max-in-call-rate
table.
control table.
39-265
OL-13499-04
max-out-call-rate
table.
table.
Command Description
39-266
OL-13499-04
max-regs
max-regs
To configure the maximum number of subscriber registrations of an entry in an admission control table,
use the max-regs command in CAC table configuration mode. To delete the maximum number of
subscriber registrations in the given entry in the admission control table, use the no form of this
command.
max-regs mr
no max-regs mr
Syntax Description
Command History
Examples The following example shows how to configure the maximum number of subscriber registrations for an
entry in the new admission control table MyCacTable:
Related Commands
mrr Positive integer specifying the maximum number of subscriber registrations to permit at
the relevant scope.
Command Description
table.
39-267
OL-13499-04
max-regs
control table.
table.
table.
Command Description
39-268
OL-13499-04
max-regs-rate
max-regs-rate
To configure the maximum call number of subscriber registrations for an entry in an admission control
table, use the max-regs-rate command in CAC table configuration mode. To delete the maximum
number of subscriber registrations in the given entry in the admission control table, use the no form of
this command.
max-regs mrr
no max-regs mrr
Syntax Description
Command History
Usage Guidelines Only one parameter may be supplied for each command.
Examples The following example shows how to configure the maximum registration rate for an entry in the new
admission control table MyCacTable::
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# max-reg-rates 150
Related Commands
mrr A positive integer specifying the maximum number of subscriber registrations per minute
to permit at the relevant scope. Only one parameter may be supplied for each command.
Command Description
table.
39-269
OL-13499-04
max-regs-rate
control table.
table.
table.
Command Description
39-270
OL-13499-04
max-updates
max-updates
To configure the maximum call updates for an entry in an admission control table, use the max-updates
command in CAC table configuration mode. To delete the maximum call updates in the given entry in
the admission control table, use the no form of this command.
max-updates mu
no max-updates mu
Syntax Description
Command History
Examples The following example shows how to configure the maximum number of call updates for an entry in the
new admission control table MyCacTable:
Related Commands
mu Positive integer specifying the maximum number of updates to call media to permit
at the relevant scope.
Command Description
table.
control table.
39-271
OL-13499-04
max-updates
table.
Command Description
39-272
OL-13499-04
media-address ipv4
media-address ipv4
To add an IPv4 address to the set of addresses that can be used by the DBE as a local media address, use
the media-address ipv4 command in SBC-DBE configuration mode. To remove an IPv4 from the set of
local media addresses, use the no form of this command.
media-address ipv4 {A.B.C.D} {E.F.G.H}
no media-address ipv4 {A.B.C.D} {E.F.G.H}
Syntax Description
Command History
Usage Guidelines After you have configured a local media address, the media address cannot be modified while the DBE
service is active. Deactivate the DBE with the no activate command first.
The media address is a pool of IP addresses on the DBE for media relay functionality. A pool of
addresses is defined for the Global VPN that the DBE is attached to. All vDBEs within the DBE draw
media addresses from this pool.
Examples The following commands add addresses from 10.10.10.1 through 10.10.10.20 to the address pool:
A.B.C.D This is the starting IPv4 media address on an SBC interface, which can be used for
media arriving on the DBE.
E.F.G.H This is the ending IPv4 media address on an SBC interface, which can be used for
39-273
OL-13499-04
media-address ipv4
media-address pool
ipv4
Creates a pool of sequential IPv4 media addresses that can be used by the
DBE as local media addresses,
dbe Creates the DBE service on an SBC and enters into DBE-SBE configuration
mode.
activate Initiates the DBE service of the session border controller (SBC).
39-274
OL-13499-04
media-address ipv4 port-range
To create a port range associated with an IPv4 address within a media address or a pool of media
addresses where the class of service for the port range is any, video, or voice class of service, use the
media-address ipv4 port-range command in SBC-DBE configuration mode. To delete such a port
range, use the no form of this command.
media-address ipv4 ipaddr port-range min-port max-port { any | video | voice }
no media-address ipv4 ipaddr port-range min-port max-port { any | video | voice }
Syntax Description
Command Default min-port = 16,384
max-port = 32,767
Command History
Usage Guidelines Command is only valid in the media address or address range submodes.
Examples The following example creates a port range of 10000 to 20000 associated with IPv4 address 10.10.10.1
within a media address or a pool of media addresses for the port range for any class of service:
The following example creates a port range of 10000 to 20000 associated with IPv4 address 10.10.10.1
within a media address or a pool of media addresses where the class of service for the port range is video:
ipaddr The IP address.
min-port The starting port number of the range. The possible values are 1 to 65535, but the
min-port value specified must be less than or equal to the max-port value specified.
If a min-port value is not configured, the default value is 16384.
max-port The ending port number of the range. The possible values are 1 to 65535, but the
max-port value specified must be greater than or equal to the min-port value
specified. If a max-port value is not configured, the default value is 32767.
any Configures the port range applies to any class of service.
video Configures the port range applies to video class of service.
voice Configures the port range applies to voice class of service.
39-275
OL-13499-04
within a media address or a pool of media addresses where the class of service for the port range is voice:
host1/Admin(config-sbc-dbe)# media-address ipv4 10.10.10.1 port-range 10000 20000 voice
Related Commands
Command Description
media-address ipv4 port-range video Create a port range associated with an IPv4
address within a media address or a pool of media
range is video.
media-address ipv4 port-range voice Create a port range associated with an IPv4
address within a media address or a pool of media
range is voice.
39-276
OL-13499-04
media-address ipv4 vrf port-range
To create a port range associated with an IPv4 address that is associated with a specific VPN routing and
forwarding (VRF) instance within a media address or a pool of media addresses where the class of
service for the port range is any,video, or voice, use the media-address ipv4 vrf port-range any
command in SBC-DBE configuration mode. To delete such a port range, use the no form of this
command.
media-address ipv4 ipaddr vrf vrf-name port-range start-port end-port { any | video | voice }
media-address ipv4 ipaddr vrf vrf-name port-range start-port end-port { any | video | voice }
Syntax Description
Command Default start-port = 16,384
end-port = 32,767
Command History
Usage Guidelines Command is only valid in the media address or address range submodes.
ipaddr The IP address of the VRF.
start-port The starting port number of the range. The possible values are 1 to 65535, but the
end-port The ending port number of the range. The possible values are 1 to 65535, but the
vrf-name (Optional) Name of the VRF instance associated with the IP addresses. If the vrf
keyword is specified, the vrfname argument must be specified.
39-277
OL-13499-04
Examples The following example creates a port range of 10000 to 20000 associated with IPv4 address 10.10.10.1
associated with vrf test within a media address for any class of service:
host1/Admin(config-sbc-dbe)# media-address ipv4 10.10.10.1 vrf test port-range 10000 20000
any
associated with vrf test within a media address where the class of service for the port range is video:
video
associated with vrf test within a media address where the class of service for the port range is voice:
voice
Related Commands
Command Description
activate Initiates the DBE service of the SBC.
media address ipv4 Adds an individual IPv4 address to the set of
addresses that can be used by the DBE as a local
media address.
39-278
OL-13499-04
media-address pool ipv4
media-address pool ipv4
To create a pool of sequential IPv4 media addresses that can be used by the DBE as local media
addresses, use the media-address pool ipv4 command in the SBC-DBE configuration mode. This pool
of addresses is added to the set of local media addresses that can be used by the DBE. To remove this
pool of IPv4 addresses from the set of local media addresses, use the no form of this command.
media-address pool ipv4 A.B.C.D E.F.G.H
media-address pool ipv4 A.B.C.D E.F.G.H
Syntax Description
Command History
Usage Guidelines Any valid IPv4 addresses. Ending address must be numerically higher than the starting address.
Examples The following commands add addresses from 10.10.10.1 through 10.10.10.20 to the address pool:
Related Commands
A.B.C.D Starting IPv4 media address in a range of addresses. An IPv4 media address is a
local IP address on a session border controller (SBE) interface that can be used for
E.F.G.H Ending IPv4 media address in a range of addresses. The ending IPv4 address must
be numerically greater than the starting address.
Command Description
activate Initiates the DBE service of the SBC.
media address ipv4 Adds an individual IPv4 address to the set of
addresses that can be used by the DBE as a local
media address.
39-279
OL-13499-04
media-address pool ipv4 port-range
To create a pool of sequential IPv4 media addresses that can be used by the DBE as local media addresses
where the class of service for the port range is any class of service, use the media-address pool ipv4
port range any command in SBC-DBE configuration mode. This pool of addresses is added to the set
of local media addresses that can be used by DBE. To remove this pool of IPv4 addresses from the set
of local media addresses, use the no form of this command.
media-address pool ipv4 A.B.C.D E.F.G.H port range min-port max-port {any | video | voice }
no media-address pool ipv4 A.B.C.D E.F.G.H port range min-port max-port {any | video | voice }
Syntax Description
max-port = 32,767
Command History
Examples The following example creates a port range of 10000 to 20000 associated with a pool of sequential IPv4
media addresses from 10.10.10.1 through 10.10.10.20 for any class of service:
A.B.C.D Starting IPv4 media address in a range of addresses. An IPv4 media address is a
local IP address on a session border controller (SBE) interface that can be used for
E.F.G.H Ending IPv4 media address in a range of addresses. The ending IPv4 address must
be numerically greater than the starting address.
min-port The starting port number of the range. The possible values are 1 to 65535, but the
max-port The ending port number of the range. The possible values are 1 to 65535, but the
39-280
OL-13499-04
host1/Admin(config-sbc-dbe)# media-address ipv4 10.10.10.1 10.10.10.20 port-range 10000
20000 any
The following example creates a port range of 10000 to 20000 associated with a pool of sequential IPv4
media addresses from 10.10.10.1 through 10.10.10.20 where the class of service for the port range is
video:
20000 video
media addresses from 10.10.10.1 through 10.10.10.20 where the class of service for the port range is
voice:
20000 voice
Related Commands
Command Description
media-address pool ipv4 Creates a pool of sequential IPv4 media addresses
addresses.
39-281
OL-13499-04
media-address pool ipv4 vrf
media-address pool ipv4 vrf
To create a pool of sequential IPv4 media addresses for an IPv4 address associated with a specific VPN
routing and forwarding (VRF) instance that can be used by the DBE as local media addresses, use the
media-address pool ipv4 vrf command in SBC-DBE configuration mode. To remove such a pool of
addresses from the set of local media addresses, use the no form of this command.
media-address pool ipv4 A.B.C.D E.F.G.H vrf vrfname
no media-address pool ipv4 A.B.C.D E.F.G.H vrf vrfname
Syntax Description
Command History
Usage Guidelines This pool of addresses is added to the set of local media addresses that can be used by DBE. Ending
address must be numerically higher than the starting address.
Examples The following commands add addresses from 10.10.10.1 through 10.10.10.20 to the address pool for the
vrf named vpn1:
host1/Admin(config-sbc-dbe)# media-address pool ipv4 10.10.10.1 10.10.10.20 vrf vpn1
Related Commands
A.B.C.D Starting IPv4 media address in a range of addresses. An IPv4 media address
is a local IP address on a session border controller (SBE) interface that can
be used for media arriving on the DBE.
E.F.G.H Ending IPv4 media address in a range of addresses. The ending IPv4 address
must be numerically greater than the starting address.
vrfname (Optional) Name of the VRF instance associated with the IP addresses. If the
vrf keyword is specified, the vrfname argument must be specified.
Command Description
39-282
OL-13499-04
media-address pool ipv4 vrf port-range
To configure a media address pool for a signaling pinhole that can be used by the DBE as local media
addresses, use the media-address pool ipv4 vrf port-range signaling command in SBC-DBE
configuration mode. To remove such a pool of addresses from the set of local media addresses, use the
media-address pool ipv4 A.B.C.D E.F.G.H vrf vrf-name port-range{min-port max-port { any |
signaling | video | voice }
no media-address pool ipv4 A.B.C.D E.F.G.H vrf vrf-name port-range{min-port max-port { any
| signaling | video | voice }
Syntax Description
max-port = 32,767
Command History
A.B.C.D Starting IPv4 media address in a range of addresses. An IPv4 media address
is a local IP address on a session border controller (SBE) interface that can
be used for media arriving on the DBE.
E.F.G.H Ending IPv4 media address in a range of addresses. The ending IPv4 address
must be numerically greater than the starting address.
vrf vrf-name (Optional) Name of the VRF instance associated with the IP addresses. If the
vrf keyword is specified, the vrf-name argument must be specified.
port-range min-port The starting port number of the port-range. The possible values are 1 to
65535, but the min-port value specified must be less than or equal to the
max-port value specified. If a min-port value is not configured, the default
value is 16384.
port-range max-port The ending port number of the port-range. The possible values are 1 to
65535, but the max-port value specified must be greater than or equal to the
min-port value specified. If a max-port value is not configured, the default
value is 32767.
signaling Configures the port range applies to signaling class of service.
Release 3.1.00 Added signaling keyword.
39-283
OL-13499-04
Usage Guidelines This pool of addresses is added to the set of local media addresses that can be used by DBE. .
Endingaddress must be numerically higher than the starting address.
If a local address or port is not specified by the MGC for a signaling pinhole, then the DBE will select
an address or port from a port range identified by this class of service. If the MGC does provide an
address or port, then it must fall within a port range identified by this class of service.
Examples The following example creates a port range of 10000 to 20000 associated with a pool of sequential IPv4
media addresses from 10.10.10.1 through 10.10.10.20 associated with vrf test for any class of service:
host1/Admin(config-sbc-dbe)# media-address ipv4 10.10.10.1 10.10.10.20 vrf test
port-range 10000 20000 any
media addresses from 10.10.10.1 through 10.10.10.20 associated with vrf test where the class of service
for the port range is voice:
port-range 10000 20000 voice
media addresses from 10.10.10.1 through 10.10.10.20 associated with vrf test where the class of service
for the port range is video:
port-range 10000 20000 video
The following example creates a port range of 5000 to 6000as a signaling pinhole:
host1/Admin(config-sbc-dbe)# media-address ipv4 10.10.10.10 port-range 5000 6000 signaling
5000 6000 signaling
host1/Admin(config-sbc-dbe)# media-address pool ipv4 10.10.10.10. 10.10.10.20 vrf vrf1
port-range 5000 6000 signaling
39-284
OL-13499-04
media-address pool ipv4 vrf port-range any Create a pool of sequential IPv4 media addresses
for an IPv4 address associated with a specific
VRF instance that can be used by the DBE as
local media addresses where the class of service
for the port range is any class of service.
media-address pool ipv4 vrf port-range video Create a pool of sequential IPv4 media addresses
for an IPv4 address associated with a specific
VRF instance that can be used by the DBE as
local media addresses where the class of service
for the port range is video.
39-285
OL-13499-04
media-bypass
media-bypass
To configure the H.323 or SIP adjacency to allow media traffic to bypass the DBE, use the media-bypass
command in the appropriate configuration mode. To return to the default behavior, use the no form of
this command.
media-bypass
no media-bypass
Command History
When configured, media traffic for calls originating and terminating on this adjacency flows directly
between the endpoints and does not pass through the DBE. When deconfigured, media traffic must
always pass through a gateway.
Examples The following example shows how to allow media traffic for the SIP adjacency SipToIsp42 to bypass a
gateway:
Related Commands
Command Description
39-286
OL-13499-04
media-bypass-forbid
media-bypass-forbid
To configure the H.323 or SIP adjacency to forbid media traffic to bypass the DBE, use the
media-bypass-forbid command in the appropriate configuration mode. To return to the default state, use
media-bypass-forbid
no media-bypass-forbid
Command History
Examples The following example shows how to set media traffic for the SIP adjacency SipToIsp42 to bypass a
gateway:
host1/Admin(config-sbc-sbe-adj-sip)# media-bypass-forbid
Related Commands
Command Description
adjacency Configures an adjacency for an SBC service
39-287
OL-13499-04
media-gateway
media-gateway
To configure a media gateway, use the media-gateway command in SBE configuration mode. To remove
a media gateway configuration, use the no form of this command.
media-gateway ipv4 A.B.C.D
no media-gateway ipv4 A.B.C.D
Syntax Description
Command History
Examples The following example shows how to access media gateway submode from where you configure a media
gateway.
host1/Admin(config-sbc-sbe-mg)#
Examples
ipv4 A.B.C.D Specifies the IPv4 media gateway address.
Command Description
codecs Configures the codecs supported by the media gateway.
media-gateway-associations
Displays a list of known media gateways with an active
association.
transcoder Configures the media gateway as a transcoder.
39-288
OL-13499-04
media-late-to-early-iw
media-late-to-early-iw
To configure late-to-early media interworking (iw), use the media-late-to-early-iw command in
Adjacency SIP configuration mode. To disable the configuration, use the no form of this command.
media-late-to-early-iw {incoming | outgoing}
no media-late-to-early-iw {incoming | outgoing}
Syntax Description
Command History
Examples The following example shows how to configure late-to-early media iw for calls from caller on this
adjacency.
host1/Admin(config-sbe-adj-sip)# media-late-to-early-iw incoming
Examples
incoming Enable late-to-early media iw for calls from caller on this adjacency.
outgoing Enable late-to-early media iw for calls to callee on this adjacency.
Command Description
39-289
OL-13499-04
media-timeout
media-timeout
To configure the time that the DBE should wait since the last media packet has been received on a call,
before determining that the call has ceased and clearing up the call resources and signaling the SBE to
do the same, use the media-timeout command in DBE configuration mode. To disable this feature, use
media-timeout {timeout}
no media-timeout {timeout}
Syntax Description
Command Default Timeout: 30 seconds
Command History
Usage Guidelines If a configuration is loaded on top of an active configuration, warnings are generated to notify that the
Examples The following example shows how to configure the DBE to wait 10 seconds after receiving the last media
packet before cleaning up the call resources:
Related Commands
timeout Maximum time, in seconds, a DBE should wait since the last media packet has been
received on a call, before determining that the call has ceased and before clearing
up the call resources and signaling the SBE to do the same. The range is from 0 to
4294967295.
Command Description
media-address Configures a DBE IPv4 or IPv6 media address or media address pool.
39-290
OL-13499-04
method
method
To add a method with a specified name to a SIP message profile, use the method command in the SIP
method-profile mode. To remove the method from the profile, use the no form of this command.
method method-name
no method method-name
Syntax Description
Command Modes SIP method-profile configuration (config-sbc-sbe-sip-mth)
Command History
Examples The following example shows how the method command adds a method test to the method profile
MyProfile:
host1/Admin(config-sbc-sbe)# sip method-profile MyProfile
host1/Admin(config-sbc-sbe-sip-mth)# method test
Related Commandsh
method name Specifies the name of the method added to the method profile. Valid names
Command Description
39-291
OL-13499-04
method packetcable-em
To enable the packet-cable billing method, use the method packetcable-em in the SBE billing
configuration mode. To disable the packet-cable billing method, use the no form of this command.
no method packetcable-em
Command History
Examples The following example shows how to enable the packet-cable billing method:
(config-sbc-sbe)# billing
(config-sbc-sbe-billing)# method packetcable-em
Related Commands
Command Description
(LDR).
packetcable-em
transport radius
billing remote
39-292
OL-13499-04
na-dst-number-table
na-dst-number-table
To enter the submode of configuration of a number analysis table within the context of an SBE policy
set, use the na-dst-number-table command in SBE rtgpolicy mode. Use the no form of this command
to destroy the number analysis table.
na-dst-number-table table-name
no na-dst-number-table table-name
Syntax Description
Command Modes SBE rtgpolicy (config-sbc-sbe-rtgpolicy)
Command History
Usage Guidelines The entries of this table match against the whole dialed number. If necessary, a new number analysis
table is created. You may not change the configuration of tables in the context of the active policy set.
A number analysis table may not be destroyed if it is in the context of the active policy set.
Examples The following command creates the NA table MyNaTable with entries matching against the whole dialed
number:
(config-sbc-sbe)# call-policy-set 1
(config-sbc-sbe-rtgpolicy)# na-dst-number-table MyNaTable
(config-sbc-sbe-rtgpolicy-natable)# exit
(config-sbc-sbe-rtgpolicy)# exit
Related Commands
table-name Name of the number analysis table you are creating or of an existing table
you are configuring.
Command Description
39-293
OL-13499-04
na-dst-number-table
no
Deconfigures the active routing policy set.
Command Description
39-294
OL-13499-04
na-dst-number-attr-table
set, use the na-dst-number-attr-table command in NA-DST-number-table configuration mode. Use the
no form of this command to destroy the number analysis table.
na-dst-number-attr-table table-name
no na-dst-number-attr-table table-name
Syntax Description
Command Modes SBE routing policy (config-sbc-sbe-rtgpolicy)
Command History
Usage Guidelines The entries of this table match against the carrier ID. If necessary, a new number analysis table is
created.You may not change the configuration of tables in the context of the active policy set.
A number analysis table may not be destroyed if it is in the context of the active policy set.
Examples The following command enters the submode of configuration of a number analysis table na-table within
the context of an SBE policy set.
host1/Admin# mySbc sbe
host1/Admin#(config-sbc-sbe)# call-policy-set 1
host1/Admin(config-sbc-sbe-rtgpolicy)# na-dst-number-attr-table na-table
host1/Admin(config-sbc-sbe-rtgpolicy-natable)#
Related Commands
Command Description
39-295
OL-13499-04
Command Description
39-296
OL-13499-04
na-dst-prefix-table
na-dst-prefix-table
To enter the mode in which to configure a number analysis table, with numbers that match the prefix of
the dialed number within an SBE policy set, use the na-dst-prefix-table command in SBE rtgpolicy
mode. Use the no form of this command to destroy the number analysis table.
na-dst-prefix-table table-name
no na-dst-prefix-table table-name
Syntax Description
Command History
Examples The following example illustrates the use of the na-dst-prefix-table command to create a number
analysis table called MyNaTable.
host1/Admin(config-sbc-sbe-rtgpolicy-natable)#
Related Commands
Command Description
39-297
OL-13499-04
na-src-account-table
na-src-account-table
To enter the mode for configuring a number analysis table within an SBE policy set, with entries that
match the source account, use the na-src-account-table command in the SBE routing policy mode. Use
the no form of this command to destroy the table.
na-src-account-table table-name
no na-src-account-table table-name
Syntax Description
Command History
Examples The following commands enter the submode for the NA table MyNaTable, or if it does not already exist,
it creates it.
host1/Admin(config-sbc-sbe-rtgpolicy)# na-src-account-table MyNaTable
Related Commands
table-name Name of the number analysis table within an SBE policy set, with entries
matching the source account.
Command Description
39-298
OL-13499-04
set, use the na-src-adjacency-table command in SBE routing policy mode. The no form of this
command destroys the number analysis table.
na-src-adjacency-table table-name
no na-src-adjacency-table table-name
Syntax Description
Command History
Usage Guidelines The entries of this table match against the source adjacency. If necessary, a new number analysis table
is created. You may not change the configuration of tables in the context of the active policy set. A
number analysis table may not be destroyed if it is in the context of the active policy set.
Examples The following commands enter the submode for the NA table MyNaTable with entries matching against
the whole dialed number:
host1/Admin(config-sbc-sbe-rtgpolicy)# na-src-adjacency-table MyNaTable
Related Commands
Command Description
39-299
OL-13499-04
Command Description
39-300
OL-13499-04
nat
nat
To configure a SIP adjacency to assume that all endpoints are behind a NAT device, use the nat command
in the SIP adjacency mode. To deconfigure this feature on the SIP adjacency, use the no form of this
command.
nat {force-on | force-off}
no nat {force-on | force-off}
Syntax Description
Command Default The SBC autodetects whether all the endpoints are behind a NAT device.
Command History
Examples The following example shows how the nat force-on command is used to configure the SIP adjacency to
assumes that all endpoints are behind a NAT device:
host1/Admin(config-sbe-adj-sip)# nat force-on
Related Commands
force-on Sets the SIP adjacency to assume that all endpoints are behind a NAT device.
force-off Sets the SIP adjacency to assume that the endpoints are not behind a NAT device.
Command Description
39-301
OL-13499-04
network-id
network-id
To configure the network ID, use the network-id command in SBE configuration mode. To deconfigure
the network ID, use the no form of this command.
network-id id
no network-id
Syntax Description
Command History
Examples The following example shows how to set the network ID to 88888:
host1/Admin(config-sbc-sbe)# network-id 88888
Related Commands
id Specifies the eight-digit network ID. Range is 0 to 99999.
Command Description
sbe Enters the mode of an SBE entity within an SBC
service.
39-302
OL-13499-04
option
option
To add an option to a profile, use the option command in SIP option mode. Use the no form of this
command to remove an existing option from this profile.
option opt-name
no option opt-name
Syntax Description
Command History
Examples The following example shows how to add an option to the profile.
host1/Admin(config-sbc-sbe-sip-opt)# option opt1
Related Commands
opt-name Name of option.
Command Description
option-profile Sets the adjacency to use the specified profile for
white/blacklisting options.
39-303
OL-13499-04
option-profile
option-profile
To set the adjacency to use the specified profile for white/blacklisting options, use the option-profile
command. Use the no form of the command to select the default global configuration.
option-profile [ua | proxy] [inbound | outbound] [ prof-name | default]
no option-profile [ua | proxy] [inbound | outbound] [ prof-name | default]
Syntax Description
Command History
Usage Guidelines User agent (UA) profiles are applied to Supported and Require headers. Proxy profiles are applied to
Proxy-Require headers.
Examples The following example shows how to set the adjacency to use the specified profile for white/blacklisting
options:
host1/Admin(config)# sbc test sbe adjacency sip Adj1
host1/Admin(config-sbc-sbe-adj-sip)# option-profile ua inbound OP1
Related Commands
ua Sets the SIP ua header profiles.
proxy Sets the SIP proxy header profiles.
inbound Sets the inbound SIP header profiles.
outbound Sets the outbound SIP header profiles.
prof-name Name of profile to use.
Command Description
39-304
OL-13499-04
outbound-flood-rate
outbound-flood-rate
To configure the maximum desired rate of outbound request signals on this adjacency (excluding
ACK/PRACK requests) in signals per second, use the outbound-flood-rate command in adjacency SIP
configuration mode. Use the no form of this command to disable flood protection.
outbound-flood-rate rate
no outbound-flood-rate
Syntax Description
Command Default No flood protection.
Command History
Examples The following example shows how to configure the maximum desired rate of outbound request signals
on this adjacency to 1,000 signals per second:
host1/Admin(config-sbc-sbe-adj-sip)# outbound-flood-rate 1000
Related Commands
rate Desired rate of outbound request signals in signals per second.
Command Description
39-305
OL-13499-04
overload-time-threshold
overload-time-threshold
To configure the threshold for media gateway (MG) overload control detection, use the
overload-time-threshold command in SBC-DBE configuration mode. This threshold defines the
maximum delay allowed by an SBC that has subscribed to overload control events for the DBE to add a
new flow. If the threshold is exceeded, the DBE generates an overload event notification. To reset the
threshold value to its default value of 100 milliseconds, use the no form of this command.
overload-time-threshold time
no overload-time-threshold
Syntax Description
Command Default If a time threshold value is not configured, the default value is 100 milliseconds.
Command History
Usage Guidelines If an SBC has subscribed for overload control events, the DBE outputs an overload event notification for
every request to add a new flow whose execution takes longer than this threshold.
Examples The following example configures the threshold for media gateway (MG) overload control detections
with a value of 400 milliseconds:
host1/Admin(config-sbc-dbe)# dbe
host1/Admin(config-sbc-dbe)# overload-time-threshold 400
Related Commands
time The time threshold in milliseconds. The possible values are 0 to 0-2000000000.
Command Description
dbe Enters into DBE-SBE configuration mode.
39-306
OL-13499-04
packetcable-em transport radius
To configure a packet-cable billing instance, use the packetcable-em transport radius command in the
SBE billing configuration mode. To disable the packet-cable billing instance, use the no form of this
command.
packetcable-em method-index transport radius RADIUS-client-name
no packetcable-em method-index transport radius RADIUS-client-name
Syntax Description
Command History
Examples The following command creates the NA table MyNaTable with entries matching against the whole dialed
number:
(config-sbc-sbe)# billing
(config-sbc-sbe-billing-packetcable-em)#
Related Commands
method-index Specifies the packetcable billing instance. The range is 0 to 7.
RADIUS-client-name The RADIUS client name. The maximum size is 80 characters.
Command Description
(LDR).
39-307
OL-13499-04
method
packetcable-em
Enable the packet-cable billing method.
billing remote
Command Description
39-308
OL-13499-04
parameter
parameter
To add a parameter with a specified name to a SIP message profile, use the parameter command in SBE
SIP parameter-profile configuration mode. To remove the method from the profile, use the no form of
this command.
parameter {parameter name}
no parameter {parameter name}
Syntax Description
Command Modes SIP parameter-profile configuration
Command History
Examples The following example shows how the parameter command adds a parameter named user to the
parameter profile MyProfile:
host1/Admin(config-sbc-sbe)# sip parameter-profile MyProfile
host1/Admin#(config-sbc-sbe-sip-prm-ele)# action add-not-present value phone
Related Commands
parameter name Name of the parameter added to the parameter profile. Valid names are 1 to
32 characters in length (inclusive) and are case-sensitive.
Command Description
action Configures the action to take in a profile.
parameter-profile Configures a parameter profile.
39-309
OL-13499-04
parameter-profile
parameter-profile
To add a parameter profile associated with a header, use the parameter-profile command in SBE
configuration mode. To remove the parameter profile, use the no form of this command.
parameter-profile profile-name
no parameter-profile profile-name
Syntax Description
Command Modes SIP header configuration element (config-sbc-sbe-sip-hdr-ele)
Command History
Examples The following example shows how to add a parameter profile to the header element fo a header profile:
host1/Admin# config
Related Commands
profile name Name of the parameter profile.
Command Description
sip method-profile Configures a method-profile.
sip header-profile Configures a header profile.
39-310
OL-13499-04
pass-body
pass-body
To permit SIP message bodies to pass through [for non-vital SIP methods accepted by a method profile]
in the SIP method profile mode of an SBE entity, use the pass-body command in SIP method
configuration mode. To remove the message bodies out of non-vital SIP messages accepted by the
method profile, use the no form of this command.
pass-body
no pass-body
Command Default By default, the message bodies are removed out of non-vital SIP messages.
Command Modes SIP method-profile configuration (config-sbc-sbe-sip-mth)
Command History
Examples The following example shows how the pass-body command permits SIP message bodies to pass through
for non-vital SIP methods accepted by method profile test1:
host1/Admin(config-sbc-sbe)# sip method-profile test1
host1/Admin(config-sbc-sbe-sip-mth)# pass-body
Related Commands
Command Description
sip method-profile Configures a method-profile.
39-311
OL-13499-04
passthrough
passthrough
To configure the passthrough header in non-REGISTER requests, use the passthrough command in the
adjacency SIP configuration mode. To deconfigure the passthrough header in non-REGISTER requests,
passthrough {from | to} header
no passthrough {from | to} header
Syntax Description
Command History
Examples The following example shows how the passthrough command is used to configure the passthrough
header for non-REGISTER requests:
host1/Admin(config-sbe-adj-sip)# passthrough from header
host1/Admin(config-sbe-adj-sip)# passthrough to header
Related Commands
from Configures the from header.
to Configures the to header.
Command Description
39-312
OL-13499-04
ping-enable
ping-enable
To configure the adjacency to poll its remote peer by sending SIP OPTIONS pings to it and to enter the
ping option submode, use the ping-enable command in adjacency SIP configuration mode. Use the no
form of this command to disable polling the remote peer for the adjacency.
ping-enable
no ping-enable
Syntax Description
Command Default Options pings are disabled by default.
Command History
Examples The following example shows how to configure the adjacency to poll its remote peer by sending SIP
OPTIONS pings:
host1/Admin(config-sbc-sbe-adj-sip)# ping-enable
host1/Admin(config-sbc-sbe-adj-sip-ping)# exit
Related Commands
This command has no arguments or keywords.
Command Description
39-313
OL-13499-04
ping-fail-count
ping-fail-count
To configure the number of consecutive pings that must fail before the adjacencies peer is deemed to be
unavailable, use the ping-fail-count command in ping option mode. Use the no form of this command
to set the fail count to default.
ping-fail-count fail-count
no ping-fail-count
Syntax Description
Command Default fail-count = 3
Command Modes Ping option (config-sbc-sbe-adj-sip-ping)
Command History
Examples The following example shows how to configure the number of consecutive pings that must fail before
the adjacencies peer is deemed to be unavailable:
host1/Admin(config-sbc-sbe-adj-sip-ping)# ping-fail-count 10
fail-count The number of consecutive failures before the peer is deemed to be
unavailable. The possible values are 1 to 4294967295.
Note that this does not apply to the converse, that is, if an endpoint has been
marked as unavailable, it only takes a single successful ping to mark it as
available again.
This field may be changed while active, though this will not take effect until
the the next ping transaction completes, and will not retroactively cause a
peer marked as unavailable to become available again without a subsequent
successful ping response.
39-314
OL-13499-04
ping-fail-count
Related Commands
Command Description
39-315
OL-13499-04
ping-interval
ping-interval
To configure the interval between SIP OPTIONS pings which are sent to the remote peer, use the
ping-interval command in ping option mode. Use the no form of this command to set the interval to
default.
ping-interval interval
no ping-interval
Syntax Description
Command History
Examples The following example shows how to configure the interval between SIP OPTIONS pings that are sent
to the remote peer to 100 seconds:
host1/Admin(config-sbc-sbe-adj-sip-ping)# ping-interval 100
Related Commands
interval The number of seconds. The possible values are 1 to 2147483.
Command Description
39-316
OL-13499-04
ping-lifetime
ping-lifetime
To configure the duration for which SBC waits for a response to an options ping for the adjacency, use
the ping-lifetime command in ping option mode. Use the no form of this command to set the duration
to default.
ping-lifetime duration
no ping-lifetime
Syntax Description
Command History
Usage Guidelines If no response is received in the duration time, then the ping is deemed to have failed.
Examples The following example shows how to configure the duration for which SBC waits for a response to an
options ping for the adjacency to 100 seconds:
host1/Admin(config-sbc-sbe-adj-sip-ping)# ping-lifetime 100
Related Commands
duration The number of seconds.The possible values are 1 to 2147483.
Command Description
39-317
OL-13499-04
port (server)
port (server)
To configure the port that the RADIUS server will use to receive Access-Request or Accounting-Request
packets, use the port command in the appropriate configuration mode. Use the no form of the command
to disregard the configuration.
port port-num
no port
Syntax Description
Command Default Access-Request packets use default port 1812.
Accounting-Request packets use default port 1813.
Command Modes RADIUS accounting configuration (config-sbc-sbe-acc-ser)
RADIUS authentication configuration (config-sbc-sbe-auth-ser)
Command History
Examples The following example shows how to configure authentication server acctsvr to use port 1009 on mySbc
for the authentication RADIUS client instance:
host1/Admin(config-sbc-sbe-auth)# server acctsvr
host1/Admin(config-sbc-sbe-auth-ser)# port 1009
Related Commands
port-num Specifies the port where the RADIUS server receives access-request
packets. Range is 1 to 65535.
Command Description
server Enters a submode for configuring ordered lists of
RADIUS accounting servers.
39-318
OL-13499-04
port (SBE H.248)
port (SBE H.248)
To configure an SBE to use a given IPv4 H.248 port for H.248 communications when acting as a media
gateway controller, use the port command in H.248 control address mode. To delete a given IPv4 H.248
port, use the no form of this command.
port port-number
no port port-number
Syntax Description
Command History
Examples The following example shows how to configure an SBE to use port 2000:
host1/Admin(config-sbc-sbe-ctrl-h248)# port 2000
Related Commands
port-number Specifies the listening port number. The range is from 1 to 9999.
Command Description
index
39-319
OL-13499-04
preferred-transport
preferred-transport
To set the preferred transport protocol for SIP signaling on an adjacency, use the preferred-transport
command in adjacency SIP configuration mode.
preferred-transport {tcp | udp}
no preferred-transport
Syntax Description
Command Default Adjacencies use UDP by default.
Command History
Examples The following command sets the preferred transport of the SipAdj1 adjacency to TCP:
host1/Admin(config-sbc-sbe-adj-sip)# preferred-transport tcp
Related Commands
tcp Sets the preferred transport to TCP.
udp Sets the preferred transport to UDP.
Command Description
39-320
OL-13499-04
precedence
precedence
To configure the precedence of the routing entry, use the precedence command in RTG routing table
entry configuration mode. To t, use the no form of this command.
precedence precedence
no precedence precedence
Syntax Description
Command History
Usage Guidelines If more than one entry matches the current time, selection is based on precedence.
Examples The following example shows how to configure an SBE to use port 2000:
Related Commands
precedence Range: [0-0xFFFFFFFF]. A value of 0 means the entry will never be matched.
Command Description
39-321
OL-13499-04
prefix
prefix
To configure whether the match-address of this entry matches the start of the source or destination
address, use the prefix command in the routing table configuration mode. To delete the match-type in
the routing table, use the no form of this command.
prefix
no prefix
Command Default By default, the match-address is not be denoted as a prefix.
Command Modes Routing table entry (config-sbc-sbe-rtgpolicy-rtgtable-entry
Command History
Examples The following example shows how to configure an entry to match dialed numbers starting with 9:
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# prefix
Related Commands
Command Description
39-322
OL-13499-04
priority
priority
To configure the priority of the accounting or authentication server, use the priority command in the
appropriate configuration mode. To disable any previously set priority, use the no form of this command.
priority pri
no priority
Syntax Description
Command Default By default, this command assumes that pri is 1.
Command History
The priority determines which of the configured servers is selected as the default server and where all
requests are sent. A RADIUS client contacts the RADIUS servers sequentially, in order of priority, to
establish an active RADIUS session. Each RADIUS client sends call detail records to the currently active
RADIUS server.
Examples The following example shows how to configure accounting servers acctsvr as priority 1 and acctsvr2 as
priority 2 on mySbc for RADIUS client instance radius1:
host1/Admin(config-sbc-sbe-acc)# server acctsvr
host1/Admin(config-sbc-sbe-acc)# server acctsvr2
Related Commands
pri Specifies the priority. Range is 1 to 10.
Command Description
radius Creates and configures a RADIUS client for
accounting or authentication purposes.
39-323
OL-13499-04
priority (rsrc-pri)
priority (rsrc-pri)
To configure the priority to associate with the Resource-Priority SIP header, use the priority command
in the Resource-Priority SIP header configuration mode. To disable any previously set priority, use the
priority {critical | flash | flash-override | immediate | priority | routine}
no priority {critical | flash | flash-override | immediate | priority | routine}
Syntax Description
Command Default By default, this command assumes that the priority is routine.
Command Modes Resource-Priority SIP header (config-sbc-sbe-rsrc-pri-set-rsrc-pri)
Command History
Examples The following example shows how to configure a critical priority to associate with the Resource-Priority
SIP header:
host1/Admin(config-sbc-sbe)# resource-priority-set dsn
host1/Admin(config-sbc-sbe-rsrc-pri-set)# resource-priority dsn.flash
host1/Admin(config-sbc-sbe-rsrc-pri-set-rsrc-pri)# priority critical
host1/Admin(config-sbc-sbe-rsrc-pri-set-rsrc-pri)#
Related Commands
critical Applies critical priority label (highest level).
flash Applies flash priority label.
flash-override Applies flash-override priority label.
immediate Applies immediate priority label.
priority Applies priority priority label.
routine Applies routine priority label (lowest level).
Command Description
resource-priority-set Establishes the resource priority set to be used
with the specified SIP adjacency in the mode of
an SBE entity.
39-324
OL-13499-04
privacy restrict outbound
To configure an H.323 adjacency to apply privacy restriction on outbound messages if the user requests
it, use the privacy restrict outbound command in the adjacency H.323 configuration mode. To disallow
privacy restriction on outbound messages sent out by the adjacency, use the no form of this command.
no privacy restrict outbound
Command History
Examples The following example shows how the privacy restrict outbound command is used to configure an
H.323 adjacency to apply privacy restriction on outbound messages if a user requests it:
host1/Admin(config-sbe-adj-h323)# privacy restrict outbound
Related Commands
Command Description
allow private info Configures an H.323 adjacency to allow private information on messages
sent out by the H.323 adjacency.
39-325
OL-13499-04
qos sig
qos sig
To configure a signaling QoS profile, use the qos sig command in SBE configuration mode. To destroy
the given profile, use the no form of this command.
qos sig qos-name
no qos sig qos-name
Syntax Description
Command History
Examples The following example shows how qos sig command enters the submode for configuring a signaling QoS
profile residential:
host1/Admin(config-sbc-sbe-sig)# exit
Related Commands
qos-name Specifies the name of an existing QoS profile. The string default is reserved.
Command Description
39-326
OL-13499-04
qos video
qos video
To configure a video QoS profile, use the qos video command in the SBE configuration mode. To destroy
the given profile, use the no form of this command
qos video qos-name
no qos video qos-name
Syntax Description
Command History
Examples The following example shows how to enter the submode for configuring a video QoS profile named
residential:
host1/Admin(config-sbc-sbe)# qos video residential
host1/Admin(config-sbc-sbe-video)# exit
Related Commands
qos-name Specifies the QoS profile. The string default is reserved.
Command Description
39-327
OL-13499-04
qos voice
qos voice
To configure a voice QoS profile, use the qos voice command in SBE configuration mode. To destroy
the given profile, use the no form of this command.
qos voice qos-name
no qos voice qos-name
Syntax Description
Command History
Examples The following example shows how to enter the submode for configuring a voice QoS profile named
residential:
host1/Admin(config-sbc-sbe)# qos voice residential
host1/Admin(config-sbc-sbe-voice)# exit
Related Commands
qos-name Specifies the QoS profile. The string default is reserved.
Command Description
39-328
OL-13499-04
radius
radius
To create and configuring a RADIUS client for accounting or authentication purposes, use the radius
command in SBE configuration mode. To delete the RADIUS client, use the no form of this command.
radius [accounting client-name | authentication]
no radius [accounting client-name | authentication]
Syntax Description
Command History
Each named client maintains a list of servers consisting of one active server and a set of standby servers.
The list is traversed by the client in order of configured priority. An SBC instance can be configured with
multiple clients (each with its own ordered set of servers) if call detail reports (CDRs) must be sent to
multiple RADIUS servers simultaneously. CDRs are sent by the client to the currently active server. If
the active server cannot be contacted, a standby server is used.
Examples The following example shows how to create a RADIUS client instance called radius1 and enables client
authentication:
host1/Admin(config-sbc-sbe-auth)# exit
accounting Enables client accounting.
client-name The name to assign to the accounting RADIUS client.
authentication Enables client authentication.
39-329
OL-13499-04
radius
Related Commands
Command Description
39-330
OL-13499-04
range value
range value
To map a range of response codes to a response code, use the range command in the SIP method-profile
map-status-coding configuration mode. To destroy the mapping, use the no form of this command.
range statuscoderange value statuscodevalue
no range statuscoderange value statuscodevalue
Syntax Description
Command Modes SIP method-profile map-status-coding configuration (config-sbc-sbe-sip-mth-ele-map)
Command History
Examples The following example shows how the method command adds a method test to the method profile
MyProfile:
Router/Admi(config-sbc-sbe-sip-mth-ele-map)# range 333 value 500
Related Commandsh
statuscoderange The range of response codes specified by a three-digit number where the
first digit has the range 0-6, the second digit has the range 0-9/X, and the
third digit has the range 0-9/X. X is a wild card.
value
statuscodevalue The response code the range is mapped to specified by a three-digit number
where the first digit has the range 0-6, the second digit has the range 0-9 and
the third digit has the range 0-9.
Command Description
39-331
OL-13499-04
range value
Command Description
39-332
OL-13499-04
ras retry
ras retry
To configure an H.323 Registration, Admission, and Status (RAS) retry count for an RAS transaction
type, use the ras retry command in the appropriate configuration mode. To return to the default value
for the specified RAS transaction type, use the no form of this command.
ras retry {arq | brq | drq | grq | rrq | urq} value
no ras retry {arq | brq | drq | grq | rrq | urq} value
Syntax Description
Command Default The default values are 2 for all except URQ which is 1.
Command History
Examples The following example shows how the ras retry command configures an H.323 RAS retry count in
Adjacency H.323 configuration mode:
host1/Admin(config-sbc-sbe-adj-h323)# ras retry arq 5
The following example shows how the ras retry command configures an H.323 RAS retry count in
arq Specifies an admission request (ARQ) transaction.
brq Specifies a bandwidth request (BRQ) transaction.
drq Specifies a disengage request (DRQ) transaction.
grq Specifies a gatekeeper request (GRQ) transaction.
rrq Specifies anregistration request (RRQ) transaction.
urq Specifies a unregistration request (URQ) transaction.
value Specifies the retry count value. Valid values are 0 to 30.
39-333
OL-13499-04
ras retry
ras rrq Configures the registration request (RRQ).
39-334
OL-13499-04
ras rrq
ras rrq
To configure the registration request (RRQ), use the ras rrq command in the appropriate configuration
mode. To return to the default value, use the no form of this command.
ras rrq {keepalive | ttl} value
no ras rrq {keepalive | ttl} value
Syntax Description
Command Default The default keepalive value is 45000 milliseconds.
The default ttl value is 2 seconds.
Command History
Examples The following example shows how the ras rrq command configures H.323 RAS RRQ in adjacency
host1/Admin#configure
host1/Admin(config-sbc-sbe-adj-h323)# ras rrq ttl 100
host1/Admin(config-sbc-sbe-adj-h323)# ras rrq keepalive 60
The following example shows how the ras rrq command configures RAS RRQ in H.323 configuration
mode:
host1/Admin#configure
keepalive Specifies keepalive messages used to refresh an H.323 adjacency.
ttl Specifies time to live (TTL) for an RRQ request.
value Specifies the keepalive or ttl value. Valid values for keepalive are from
15000 to 150000 milliseconds. Valid values for ttl are from 16 to 300
seconds.
The ttl value must be higher than the keepalive value.
39-335
OL-13499-04
ras rrq
host1/Admin(config-sbc-sbe-h323)# ras rrq keepalive 60
ras retry Configures an H.323 RAS retry count for an RAS transaction
type.
39-336
OL-13499-04
ras timeout
ras timeout
To configure an H.323 RAS timeout interval, use the ras timeout command in the appropriate
configuration mode. To return to the default value, use the no form of this command.
ras timeout {arq | brq | drq | grq | rrq | urq} value
no ras timeout {arq | brq | drq | grq | rrq | urq} value
Syntax Description
Command Default The default values vary depending on the transaction type.
Command History
Examples The following example shows how the ras timeout command configures an H.323 RAS timeout interval
in adjacency H.323 configuration mode.
host1/Admin(config-sbc-sbe-adj-h323)# ras timeout arq 1
The following example shows how the ras timeout command configures an H.323 RAS timeout interval
in H.323 configuration mode.
arq Specifies ARQ transaction.
brq Specifies BRQ transaction.
drq Specifies DRQ transaction.
grq Specifies GRQ transaction.
rrq Specifies RRQ transaction.
urq Specifies URQ transaction.
value Specifies timeout value (seconds). Valid values are from 1000 to 45000
milliseconds.
39-337
OL-13499-04
ras timeout
ras retry Configures an RAS retry count for an RAS transaction type.
ras rrq Configures the registration request (RRQ)
39-338
OL-13499-04
reason
reason
To enter a submode for configuring a limit to a specific event type on the source (a port, IP address, VPN,
global address space), use the reason command in SBE blacklist mode. The no form of this command,
returns the event to its previous values.
reason {event | description}
no reason
Syntax Description
Command Modes SBE blacklist (config-sbc-sbe-blacklist)
Command History
Usage Guidelines This field can only take the explicit strings described in the Syntax Description.
Examples The following example shows the use of the reason command in context:
host1/Admin(config-sbc-sbe-blacklist-ipv4)# reason authentication-failure
event The event type that should trigger the limit can be defined as any of the
following:
authentication-failureRequests that fail to be authenticated.
bad-addressPackets from unexpected addresses.
corrupt-messageSignaling packets that are corrupt and cannot be
decoded.
endpoint-registrationEndpoint registrations.
policy-rejectionRequests that are rejected by the configured policy.
routing-failureRequests that fail to be routed onward by SBC.
description Helpful description of an event that should trigger blacklisting.
39-339
OL-13499-04
reason
source.
trigger-period Defines the period over which events are considered. For details, see the
description of the trigger-size command.
blacklist
configured-limits
Any values not explicitly defined for each source are in brackets.
blacklist source
Lists the limits in force for a particular source (whether they are from
defaults or explicitly configured) in a form in which they can be entered into
the CLI. Also listed are any defaults for a smaller scope configured at this
address. Values not explicitly configured (and therefore inherited from
other defaults) are bracketed.
blacklist
39-340
OL-13499-04
record-media-create-info
To activate support for media information support in billing, use the record-media-create-info
command in SBE billing configuration mode. To disable support, use the no form of this command.
no record-media-create-info
Command Default By default, this is disabled.
Command History
Examples The following example shows how to activate the billing functionality after configuration is committed:
host1/Admin/Admin# configure
host1/Admin/Admin(config)# sbc mySbc
host1/Admin/Admin(config-sbc-sbe)# billing
host1/Admin/Admin(config-sbc-sbe-billing)# record-media-create-info
Related Commands
Command Description
(LDR).
method
packetcable-em
packetcable-em
transport radius
billing instance
Displays whether media creation information is enabled in the billing
message for a specific billing instance.
39-341
OL-13499-04
billing instances
Displays whether media creation information is enabled in the billing
message for all billing instances.
billing remote
Command Description
39-342
OL-13499-04
redirect-limit
redirect-limit
To configure the maximum number of redirections that SBC performs on a call, use the redirect-limit
command in SBE configuration mode. The no form of this command returns the adjacency to the default
behavior.
redirect-limit limit
no redirect-limit limit
Syntax Description
Command Default The default number of redirections is 2.
Command History
Examples The following example shows how to configure the maximum number of SIP 3xx retries as 4:
Related Commands
limit Specifies the maximum number of SIP 3xx retry attempts. The range is 0 to
200.
Command Description
an SBC service.
39-343
OL-13499-04
redirect-mode
redirect-mode
To configure the behavior of SBC on receipt of a 3xx response to an invite from the SIP adjacency, use
the redirect-mode command in adjacency SIP configuration mode. The no form of this command
redirect-mode {pass-through | recurse}
no redirect-mode {pass-through | recurse}
Syntax Description
Command Default pass-through
Command History
Examples The following example shows how to resend an invite to the first listed contact address or else pass the
3xx responses back to the sender:
host1/Admin(config-sbc-sbe)# adjacency sip test1
host1/Admin(config-sbc-sbe-adj-sip)# redirect-mode recurse
Related Commands
pass-through Passes all 3xx responses back to the caller.
recurse On 300, 301, 302, and 305 invite responses, the SBC resends the invite to
the first listed contact address, or else passes the 3xx responses back.
Command Description
redirect-limit Configures the maximum number of redirections SBC performs on a call.
39-344
OL-13499-04
To configure the SIP register request rewriting, use the registration rewrite-register command in
Adjacency SIP configuration mode. To deconfigure the register request rewriting, use the no form of this
command.
no registration rewrite-register
Command History
Examples The following example shows how the registration rewrite-register command configures the SIP
register request rewriting on SIP adjacency SipToIsp42.
Related Commands
Command Description
39-345
OL-13499-04
registration target address
registration target address
To set the address to be used when an outbound SIP register request rewriting occurs, use the
registration target address command in Adjacency SIP configuration mode. To remove the address,
registration target address host address
no registration target address host address
Syntax Description
Command History
Examples The following example shows how the registration target address command sets the target address for
SIP adjacency SipToIsp42 as example.com:
host1/Admin(config-sbc-sbe-adj-sip)# registration target address example.com
Related Commands
host address Specifies the host address to use when an outbound SIP register request
rewriting occurs. This parameter can be a DNS name or an IPv4 address in
dotted decimal format. Valid strings are from 1 to 255 characters in length.
Command Description
39-346
OL-13499-04
registration target port
registration target port
To set the port to be used when an outbound SIP REGISTER request rewriting occurs, use the
registration target port command in Adjacency SIP configuration mode. To enter the default value, use
registration target port port-number
no registration target port port-number
Syntax Description
Command Default Default value is 0. This cannot be directly entered.
Command History
Examples The following example shows how the registration target port command sets the port number for SIP
adjacency SipToIsp42 as 5070:
host1/Admin(config-sbc-sbe-adj-sip)# registration target port 5070
Related Commands
port-number Specifies the port number to use when an outbound SIP REGISTER request
rewriting occurs. Valid values can be from 1 to 65535. If you enter the
default value of 0, no port address is set.
Command Description
39-347
OL-13499-04
reg-min-expiry
reg-min-expiry
To configure the minimum registration period in seconds on the SIP adjacency, use the reg-min-expiry
command in the adjacency SIP configuration mode. To enter the default value, use the no form of this
command.
reg-min-expiry period
no reg-min-expiry period
Syntax Description
Command History
Usage Guidelines This is the minimum expiry period accepted on a subscriber registration if not fast-pathing, or the
minimum-expiry period passed onward if fast-pathing is in use.
The minimum registration period cannot be changed after an adjacency has been configured. To change
the minimum registration period, remove the adjacency by running no sbc sbc-name sbe adjacency sip
adjacency-name command and then reconfigure the adjacency.
Examples The following example shows how to enable the register minimum expiry on the SIP adjacency
SipToIsp42 to 300 seconds:
Related Commands
period The minimum expiry period in seconds. The range is 1 to 2000000.
Command Description
39-348
OL-13499-04
remote-address ipv4
remote-address ipv4
To configure an H.323 or SIP adjacency to restrict the set of remote signaling peers that can be contacted
over the adjacency to those with the given IP address prefix, use the remote-address ipv4 command in
the appropriate configuration mode. To remove this configuration, use the no form of this command.
To configure the remote address for vDBE H.248 controller, use the remote-address ipv4 command in
the vDBE h248 mode. To return to the default value, use the no form of this command.
remote-address ipv4 ip-address ip-mask
no remote-address ipv4 ip-address ip-mask
Syntax Description
Adjacency H323 configuration (config-sbc-sbe-adj-h323)
VDBE H248(config-sbc-dbe-vdbe-h248)
Command History
Usage Guidelines The remote-address cannot be deleted by itself; the entire controller must be removed using the no
controller h248 command.
configuration and VDBE configuration modes, creates an H.248 controller with index 1, enters into
H248 configuration mode, and configures the remote address as 1.1.1.1 on the H.248 controller:
host1/Admin(config-sbc-dbe-vdbe-h248)# remote-address ipv4 1.1.1.1
host1/Admin(config-sbc-dbe-vdbe-h248)# exit
The following example shows how to configure the SIP adjacency SipToIsp42 to match calls from
36.36.36.20 to this adjacency:
ip-address ip-mask Specifies the IPv4 address and IP mask.
ip-address Specifies the IPv4 address.
39-349
OL-13499-04
remote-address ipv4
host1/Admin((config-sbc-sbe)# adjacency sip SipToIsp42
host1/Admin((config-sbc-sbe-adj-sip)# remote-address ipv4 36.36.36.20 255.255.255.0
Related Commands
Command Description
vdbe Configures a VDBE and enters the VDBE
configuration mode.
controller h248 Creates an H.248 controller for a DBE.
39-350
OL-13499-04
remote-port
remote-port
To define the port to connect to on the SBE for an H.248 controller, use the remote-port command in
VDBE h248 mode.
remote-port port-num
Syntax Description
Command Default The port number is 2944.
Command Modes VDBE h248 (config-sbc-dbe-h248)
Command History
Usage Guidelines The local-port and control-address are not applied until the controller is added and the remote address
is configured. Also, the controller should be deleted to delete the remote ddress.
If the port is not configured, or is configured with the value zero, then the H.248 default port number,
2944, is used.
Examples The following example configures the port to 2944 on the H.248 controller with index 1:
host1/Admin(config-sbc-dbe-vdbe-h248)# remote-port 2944
Related Commands
port-num This is the port number to be configured.
If the port is not configured or is configured with the value zero, then the H.248
default port number, 2944, is used.
Command Description
39-351
OL-13499-04
resource-priority
resource-priority
To configure the priority of a resource-priority header string, use the resource-priority command in
resource priority mode. To deconfigure the priority, use the no form of this command.
resource-priority value
no resource-priority value
Syntax Description
Command Modes Resource priority (config-sbc-sbe-rsrc-pri-set)
Command History
Examples The following example shows how the resource-priority command configures the priority for
resource-priority header string dsn.
host1/Admin(config)#sbc mysbc
host1/Admin(config-sbc-sbe)# resource-priority-set dsn
host1/Admin(config-sbc-sbe-rsrc-pri-set)# resource-priority dsn.flash
Related Commands
value Specifies the string value to be assigned the priority. The value must be
followed by the priority as shown: value.priority.
Command Description
resource-priority-set Establishes the resource priority set to be used
with the specified SIP adjacency.
39-352
OL-13499-04
resource-priority-set
resource-priority-set
To establish the resource priority set to be used with the specified SIP adjacency in the mode of an SBE
entity, use the resource-priority-set command in adjacencySIP configuration mode. To remove the
priority set, use the no form of this command.
resource-priority-set resource-priority-set-name
no resource-priority-set resource-priority-set-name
Syntax Description
Command History
Examples The following example shows how the resource-priority-set command sets the SIP adjacency
SipToIsp42 with the resource-priority-set named dsn:
host1/Admin(config-sbc-sbe-adj-sip)# resource-priority-set dsn
Related Commands
resource-priority-set-name Specifies the name of the resource priority set.
Command Description
resource-priority Configures the priority of a resource-priority
header string.
39-353
OL-13499-04
retry-interval
retry-interval
To set the interval for resending an accounting request to the Radius server, use the retry-interval
command in SBE accouting mode. To set the interval to its default, use the no form of this command.
retry-interval range
no retry-interval range
Syntax Description
Command Default The default is 1200 ms.
Command History
Examples The following example shows how to set the retry-interval to 1000 ms.
host1/Admin(config-sbc-sbe)# radius accounting SBC1-account-1
host1/Admin(config-sbc-sbe-acc)# retry-interval 1000
Related Commands
range Range is 10-10000 ms.
39-354
OL-13499-04
retry-limit (radius)
retry-limit (radius)
To set the number of times for resending an accounting request to the Radius server, use the retry-limit
command in SBE accounting mode. To set the number to its default, use the no form of this command.
retry-limit range
no retry-limit range
Syntax Description
Command Default The default is 5 retries.
Command History
Examples The following example shows how to set the retry-limit to 4 attempts.
host1/Admin/Admin(config-sbc-sbe-acc)# retry-limit 4
Related Commands
range Range for the maximun number of retries is 0-9.
39-355
OL-13499-04
retry-limit (routing table)
retry-limit (routing table)
To set the maximum number of routing table lookup retry attempts, use the retry-limit command in SBE
configuration mode. To set the number to its default, use the no form of this command.
retry-limit 0-200
Syntax Description
Command Default The default is 3 retries.
Command History
Examples The following example shows how to set the retry-limit to 4 attempts.
host1/Admin/Admin(config-sbc-sbe)# retry-limit 4
Related Commands
0-200 Range for the maximun number of retries is 0-200.
Command Description
an SBC service.
39-356
OL-13499-04
rtg-carrier-id-table
To enter the configuration mode of a routing table or to create a new routing table, whose events match
the carrier ID of an SBE policy set, use the rtg-carrier-id-table command in SBE rtgpolicy mode.
The no form of the command destroys the routing table. However, a routing table may not be destroyed
if it is in the context of the active policy set.
rtg-carrier-id-table table-name
no rtg-carrier-id-table table-name
Syntax Description
Command History
Examples The following example shows how to add the carrier ID table MyCarrierIDTable:
host1/Admin(config-sbc-sbe-rtgpolicy)# rtg-carrier-id-table MyCarrierIDTable
Related Commands
table-name Name of the routing table to be configured.
Command Description
call-policy-set Enters the mode of a routing policy configuration within an
SBE entity.
rtg-round-robin-table Enters the configuration mode of a policy table, with events that have
no match-value parameters or next-table actions.
rtg-src-account-table Enters the configuration mode of an existing routing table or creates a
new one, with entries that match the source account.
rtg-src-adjacency-table Enters the configuration mode of an existing routing table or creates a
new one, with entries that match the source adjacency.
39-357
OL-13499-04
Command Description
39-358
OL-13499-04
rtg-category-table
rtg-category-table
To enter the submode of configuration of a routing table whose entries match on the category within the
context of an SBE policy set, use the rtg-category-table command in SBE routing call policy mode.
rtg-category-table WORD
no rtg-category-table WORD
Syntax Description
Command History
Usage Guidelines If necessary, a new routing table is created. The user is not allowed to enter the submode of routing table
Examples The following example creates the routing policy table MyRtgTable:
Related Commands
WORD Name of the routing table to be configured.
Command Description
SBE entity.
39-359
OL-13499-04
rtg-category-table
Command Description
39-360
OL-13499-04
rtg-dst-address-table
To enters the configuration mode of a routing table whose entries match on the dialed number (after
number analysis) within the context of an SBE policy set, use the rtg-dst-address-table command in the
SBE routing policy mode. To remove the routing table, use the no form of this command.
rtg-dst-address-table table-id
no rtg-dst-adress-table table-id
Syntax Description
Command History
A routing table may not be destroyed if it is in the context of the active policy set.
Examples The following command creates the routing policy table MyRtgTable:
Related Commands
table-id Specifies the name of the table.
Command Description
table, with entries that match the carrier ID of an SBE call policy set.
rtg-src-domain-table Enters the configuration submode for creation or configuration of a routing
table, with entries that match the source domain name of an SBE call policy
set.
39-361
OL-13499-04
Command Description
39-362
OL-13499-04
rtg-dst-domain-table
To enter the configuration submode of a routing table with entries that match the destination domain
name of an SBE policy set, use the rtg-dst-domain-table command in SBE routing policy mode. If no
table exists, the command creates a new routing table.
The no form of the command deletes the routing table.
rtg-dst-domain-table table-name
no rtg-dst-domain-table table-name
Syntax Description
Command History
You cannot delete a routing table if it is in the active policy set. You cannot enter the submode of a
routing table configuration in the active policy set.
Examples The following command creates the routing policy table MyRtgTable.
host1/Admin(config-sbc-sbe-rtgpolicy)# rtg-dst-domain-table MyRtgTable
(host1/Adminconfig-sbc-sbe-rtgpolicy-rtgtable)#
Related Commands
Command Description
rtg-src-domain-table Enters the configuration submode for creation or configuration of a routing
table, with entries that match the source domain name of an SBE call policy
set.
39-363
OL-13499-04
Command Description
39-364
OL-13499-04
rtg-least-cost-table
To configure the least-cost routing table and enter the submode of configuration of a routing table, use
the rtg-least-cost-table command in SBE routing policy mode.
rtg-least-cost-table table_name
no rtg-least-cost-table table_name
Syntax Description
Command History
Related Commands
table-name Name of the routing table to be configured. The maximum character size is 80.
Command Description
SBE entity.
39-365
OL-13499-04
Command Description
39-366
OL-13499-04
rtg-round-robin-table
To enter the configuration mode of a round robin policy table, use the rtg-round-robin-table command
SBE routing policy mode. Use the no form of this command to delete the table.
rtg-round-robin-table table-name
no rtg-round-robin-table table-name
Syntax Description
Command History
Usage Guidelines The actions of this command are restricted to setting destination adjacency. A group of adjacencies is
chosen for an event if an entry in a routing table matches that event and points to a round-robin adjacency
table in the next table action.
Examples The following example show how to add the round robin routing table MyRoundRobinTable:
host1/Admin(config-sbc-sbe-rtgpolicy)# rtg-round-robin-table MyRoundRobinTable
Related Commands
Command Description
sbc Creates a new SBC service and enters a new SBC configuration
mode. Alternatively, it enters the configuration mode of an existing
service.
rtg-src-adjacency-table Enters the configuration mode of an existing routing table or creates
a new one, with entries that match the source adjacency.
39-367
OL-13499-04
rtg-carrier-id-table Enters the configuration mode of an existing routing table or creates
a new one, with entries that match the carrier ID of an SBE policy set.
rtg-src-account-table Enters the configuration mode of an existing routing table or creates
a new one, with entries that match the source account.
Command Description
39-368
OL-13499-04
rtg-src-account-table
To enter the configuration mode of an existing routing table or to create a new one, with entries that
match the source account, use the rtg-src-account-table command SBE routing policy mode.
Note You cannot issue this command if the table is part of the active policy set.
The no form of the command deletes the match value of the given entry in the routing table.
rtg-src-account-table table-id
no rtg-src-account-table table-id
Syntax Description
Command History
Examples The following command enters the configuration mode of an existing routing table MyRtgTable:
host1/Admin(config-sbc-sbe-rtgpolicy)# rtg-src-account-table MyRtgTable
Related Commands
table-id ID of the routing table to be configured.
Command Description
39-369
OL-13499-04
rtg-carrier-id-table Enters the configuration mode of an existing routing table or creates a
new one, with entries that match the carrier ID of an SBE policy set.
Command Description
39-370
OL-13499-04
rtg-src-address-table
To enter the configuration mode of a routing table whose entries match on the dialer's number within the
context of an SBE policy set, use the rtg-src-address-table command in SBE routing policy mode. To
remove the table entry, use the no form of this command.
rtg-src-address-table table-id
no rtg-src-adress-table table-id
Syntax Description
Command History
host1/Admin(config-sbc-sbe-rtgpolicy)# rtg-src-address-table MyRtgTable
Related Commands
table-id Specifies the name of the table.
Command Description
Alternatively, enters the configuration mode of an existing service.
39-371
OL-13499-04
rtg-src-account-table Enters the configuration mode of an existing routing table or creates a new
table whose entries match the source account
rtg-round-robin-table Enters the configuration mode of a policy table whose events have no
match-value parameters or next-table actions.
Command Description
39-372
OL-13499-04
rtg-src-adjacency-table
rtg-src-adjacency-table
To enter the configuration mode of an existing routing table or to create a new table whose entries match
the source adjacency, use the rtg-src-adjacency-table command in SBE routing policy mode. Use the
no form of this command to delete the routing table.
rtg-src-adjacency-table table-id
no rtg-src-adjacency-table table-id
Syntax Description
Command History
Examples The following command creates a new table, MyRtgTable, whose entries match the source adjacency.
host1/Admin(config-sbc-sbe-rtgpolicy)# rtg-src-adjacency-table MyRtgTable
Related Commands
table-id ID of the routing table to be configured.
Command Description
Alternatively, enters the configuration mode of an existing service.
rtg-src-account-table Enters the configuration mode of an existing routing table or creates a new
table whose entries match the source account
rtg-round-robin-table Enters the configuration mode of a policy table whose events have no
match-value parameters or next-table actions.
39-373
OL-13499-04
rtg-src-domain-table
To enter the submode of a routing table configuration, with entries that match the source domain name,
use the rtg-src-domain table command in SBE routing policy mode. If no table exists, the command
creates a new routing table.
Note You cannot enter the submode of a routing table configuration in the active policy set.
The no form of the command destroys the routing table.
Note You cannot destroy a routing table if it is in the active policy set.
rtg-src-domain-table table-name
no rtg-src-domain-table table-name
Syntax Description
Command History
Examples The following command creates the routing policy table MyRtgTable.
host1/Admin(config-sbc-sbe-rtgpolicy)# rtg-src-domain-table MyRtgTable
39-374
OL-13499-04
rtg-dst-domain-table Enters the configuration submode for creation or configuration of a routing
table, with entries that match the destination domain name of an SBE call
policy set.
39-375
OL-13499-04
rtg-time-table
rtg-time-table
To configure time-based routing and enter the routing table submode, use the rtg-time-table command
in SBE routing call policy mode.
rtg-time-table table_name
no rtg-time-table table_name
Syntax Description
Command History
host1/Admin(config-sbc-sbe-rtgpolicy)# rtg-time-table MyRtgTable
Related Commands
Command Description
SBE entity.
39-376
OL-13499-04
rtg-time-table
Command Description
39-377
OL-13499-04
sbc
sbc
To enter the submode of an SBC service (creating it if necessary), use the sbc command in EXEC mode.
To delete the service, use the no form of this command.
sbc sbc-name
no sbc sbc-name
Syntax Description
Command Default No default behvior or values
Command Modes SBC configuation mode (config-sbc)
Command History
Examples The following command creates SBC service mySbc.
host1/Admin(config-sbc)# exit
Related Commands
Command Description
39-378
OL-13499-04
sbe
sbe
To configure the submode of the SBE entity within an SBC service, creating it if necessary, use the sbe
command in EXEC mode. To destroy the SBE entity, use the no form of this command.
sbe
no sbe
Command History
Examples The following example shows how the sbe command is used to enter the submode of the SBE entity
within an SBC service:
39-379
OL-13499-04
sdp-attribute-table
sdp-attribute-table
To configure an SDP attribute table that lists the attributes to add or remove, use the sdp-attribute-table
command in the SDP match table configuration mode. To remove the table, use the no form of this
command.
sdp-attribute-table table_name
no sdp-attribute-table table_name
Syntax Description
Command Modes SDP match table (config-sbc-sbe- sdpmatchtable) configuration mode
Command History
Examples The following command configures the SDP username to use on generated SDPs to foo:
host1/Admin(config-sbc-sbe)# sdp attribute-table foo
Related Commands
table_name The user name to fill in on generated SDPs.
Command Description
39-380
OL-13499-04
sdp-match-table
sdp-match-table
To create an SDP match table, use the sdp-match-table command in mode. To remove the table, use the
sdp-match-table table_name
no sdp-policy-table table_name
Syntax Description
Command History
Usage Guidelines One policy can only hold one sdp-match-table.
Examples The following command configures the SDP match table foo:
host1/Admin(config-sbc-sbe)# sdp-match-table foo
Related Commands
table_name The user name to fill in on generated SDPs.
Command Description
39-381
OL-13499-04
sdp origin-user-name
sdp origin-user-name
To configure the originating user name that is filled in generated SDPs, use the sdp origin-user-name
command in the SBE configuration mode. To reset this user name such that received user name from an
SDP is the user name used on the generated SDP, use the no form of this command.
sdp origin-user-name user-name
no sdp origin-user-name user-name
Syntax Description
Command History
Examples The following command configures the SDP username to use on generated SDPs to foo:
host1/Admin(config-sbc-sbe)# sdp origin-user-name foo
Related Commands
user-name Specifies the admission control table.
Command Description
39-382
OL-13499-04
sdp-policy-table
sdp-policy-table
To configure an SDP policy table, use the sdp-policy-table command in the SBE configuration mode.
To remove the table, use the no form of this command.
sdp-policy-table table_name
no sdp-policy-table table_name
Syntax Description
Command History
Examples The following command configures the SDP policy table foo:
host1/Admin(config-sbc-sbe)# sdp-policy-table foo
Related Commands
table_name The name of the SDP policy. The maximum number of characters is 30.
Command Description
39-383
OL-13499-04
secure-media
secure-media
To configure the DBE to enable a DTLS or SRTP media passthrough, use the secure-media command
in the DBE configuration mode. To disable the media passthrough, use the no form of this command.
secure-media
no secure-media
Command Default The media passthrough is disabled.
Command History
Related Commands
Command Description
media-address pool ipv4 Creates a pool of sequential IPv4 media addresses
addresses,
controller (SBC).
39-384
OL-13499-04
server
server
To enter a submode for configuring ordered lists of RADIUS accounting servers, use the server
command in server configuration mode. Use the no form of the command to leave the submode.
server server-name
no server server-name
Syntax Description
Command History
Usage Guidelines Any number of accounting servers can be specified. Call Detail Reports are sent to the accounting server
with the highest priority upon call termination.
Examples The following command configures accounting servers castor and pollux on mySbc for RADIUS client
instance radius1:
host1/Adminconfig)# sbc mySbc
host1/Admin(config-sbc-sbe-acc)# server castor
host1/Admin(config-sbc-sbe-acc)# server pollux
Related Commands
server-name Name of the server (local to this SBE).
Command Description
39-385
OL-13499-04
server mode
server mode
To enter a submode for configuring of RADIUS Authentication server mode, use the server mode
command in the server authentication mode. To exit the submode for configuring of RADIUS
Authentication server mode, use the no form of this command.
server server-name mode local|remote
no server server-name mode local|remote
Syntax Description
Command Modes Server authentication (config-sbc-sbe-auth-ser)
Command History
Examples The following example shows how to configure server-mode:
host1/Admin(configure)#sbc mysbc
host1/Admin(config-sbc)#sbe
host1/Admin(config-sbc-sbe-auth)# server panther
host1/Admin(config-sbc-sbe-auth-ser)# mode local
host1/Admin(config-sbc-sbe-auth-ser)#
Related Commands
server-name Specifies the name of the server.
local Specifies local authentication.
remote Specifies remote authentication.
Command Description
39-386
OL-13499-04
server-retry disable
To disable the SBC from automatically retrying a failed RADIUS server, use the server-retry disable
command in the server authentication mode or the server accounting mode. Use the no form of this
command to enable the SBC to automaticlly retry a failed RADIUS server.
no server-retry disable
Command History
If you have disabled the SBC from automatically retrying a failed RADIUS server with the server-retry
disable command, you must use the service sbc sbe radius accounting command to reactivate the
connection between the SBC and a RADIUS server after connectivity is lost or to restart billing after
connectivity is restored.
Examples The following example shows how to stop the SBC from automatically retringy a failed RADIUS server:
host1/Admin(configure)#sbc mysbc
host1/Admin(config-sbc)#sbe
host1/Admin(config-sbc-sbe-auth)# server-retry disable
Related Commands
Command Description
service sbc sbe radius accounting Reactivates connection between the SBC and a
RADIUS server after connectivity is lost or to
restart billing after connectivity is restored.
39-387
OL-13499-04
service sbc sbe call-destroy
service sbc sbe call-destroy
To clear an identified call, use the service sbc sbe call-destroy command in EXEC mode.
service sbc name sbe call-destroy 0-2147483647
Syntax Description
Command History
Examples The following example shows how to clear an unidentified call:
host1/Admin# service sbc test sbe call-destroy 1
name Specifies the name of the SBC service.
0-2147483647 Specifies the call index number.
39-388
OL-13499-04
service sbc sbe radius accounting
service sbc sbe radius accounting
To reactivate connection between the SBC and a RADIUS server after connectivity is lost or to restart
billing after connectivity is restored, use the service sbc sbe radius accounting command in EXEC
mode.
service sbc name sbe radius accounting radius client name {resend | server word reactivate}
Syntax Description
Command History
Examples The following example shows how toresend cached messages:
host1/Admin# service sbc test sbe radius accounting acc resend
The following example shows how to reactivate connection to a RADIUS server:
host1/Admin# service sbc test sbe radius accounting acc server svr reactivate
Related Commands
resend Restarts billing between SBC and RADIUS on the reactivated RADIUS
server connection for new billing requests.
server RADIUS account server commands.
name Specifies the name of the SBC service.
radius client Specifies the name of the RADIUS client.
word Specifies the server name.
reactivate Reactivates the connection between SBC and RADIUS server. You need to
do this to manually recover the connection after it has failed.
Command Description
39-389
OL-13499-04
show services sbc dbe addresses
show services sbc dbe addresses
To list the addresses configured on DBEs, use the show services sbc dbe addresses command in EXEC
mode.
show services sbc sbc-name dbe addresses
Syntax Description
Command History
Examples The following command lists the addresses configured on DBEs.
host1/Admin# show services sbc mysbc dmsbc-node9 dbe address
H.248 control address: 22.22.22.100
Media-Address VRF Status
1.1.1.1 Admin Active
Port range: 16384-32767, class of service: any
22.22.22.201 Admin Active
Port range: 16384-32767, class of service: any
old6500_2/Admin#
Related Commands
Command Description
show services sbc dbe controllers Lists the controllers configured on each vDBE.
show services sbc dbe media-flow-stats Lists the statistics about one or more media flows
show services sbc dbe media-flow-stats vrf Lists the statistics about one or more media flows
collected on the DBE associated with a specific
VRF instance.
show services sbc dbe show services sbc dbe
media-flow-stats vrf ipv4
Lists the statistics about one or more media flows
collected on the DBE for an IPv4 address
associated with a specific VRF instance.
media-flow-stats vrf ipv4 port
collected on the DBE for a port with an IPv4
address associated with a specific VRF instance.
show services sbc dbe media-stats Lists general DBE statistics.
show services sbc service List all of the SBC services on the chassis.
39-390
OL-13499-04
show services sbc dbe controllers
To lists the controllers configured on each vDBE, use the show services sbc dbe controllers command
in EXEC mode.
show services sbc sbc-name dbe controllers
Syntax Description
Command History
Examples The following command lists the controllers configured on each vDBE on mySbc:
host1/Admin# show services sbc mySbc dbe controllers
SBC Service "mySbc"
vDBE in DBE location 1
Media gateway controller in use:
H.248 controller address
23.65.54.24:4509
Status: Attached
Requests 0 0 0 0
Replies 0 0 0
Configured controllers:
H.248 controller 1:
Remote address: 23.65.54.24:4509
Transport: UDP
Related Commands
Command Description
show services sbc dbe addresses Lists the addresses configured on DBEs.
VRF instance.
39-391
OL-13499-04
Command Description
39-392
OL-13499-04
show services sbc dbe h248-profile
show services sbc dbe h248-profile
To list the information on the specified H.248 profile, including transport, H.248 form, and active
packages, use the show services sbc dbe h248-profile command in EXEC mode.
show services sbc sbc-name dbe h248-profile
Syntax Description
Command History
Examples The following example shows the defaults and configured options for the H.248 profile:
host1/Admin# show services sbc mysbc dbe h248-profile
Transport UDP IAH
H.248 Version 3
Packages:
Generic(g)
Base Root(root): Max Terminations per context 10
Network(l)
DiffServ(ds)
Gate Management(gm)
Traffic Management(tman)
IP NAPT(ipnapt)
Segment(seg): Max PDU Size 4096 bytes
Related Commands
sbc-name Defines the name of the service.
Command Description
h248-profile Configures the vDBE H.248 profile name to interoperate with the MGC.
h248-profile-version Configures the vDBE H.248 profile version to interoperate with the MGC.
This command is used after you have defined the name of the profile using
the h248-profile command.
39-393
OL-13499-04
show services sbc dbe media-flow-stats
To list statistics about one or more media flows collected on the DBE, use the show services sbc dbe
media-flow-stats command in EXEC mode.
show services sbc sbc-name dbe media-flow-stats vrf [vrf-name] ipv4 [A.B.C.D] port
[port-number]
Syntax Description
Command History
Examples The following example shows media flows to/from port 24000 at the 10.1.1.1 IPv4 address and through
VPN3:
host1/Admin# show services sbc mySbc dbe media-flow-stats vrf vpn3 ipv4 10.1.1.1 port
24000
SBC Service "mySbc"
mediaFlow 1
FlowPairState Open
GateAge 15340 ms
CallPriority Routine (CD5)
FlowPairBandwidth 1500
DtmfPacketsQueued 0
Side A
VpnId vpn3
LocalAddress 10.1.1.1
LocalPort 24000
RemoteAddress 192.168.1.1
RemotePort 32420
RtpPacketsRcvd 300
RtpOctetsRcvd 6000
RtpPacketsSent 100
RtpOctetsSent 2000
RtpPacketsDiscarded 0
RtpOctetsDiscarded 0
EndPointPacketsSent 300
EndPointPacketsRcvd 97
vrf-name (Optional) Displays media flows only to or from the specific VPN.
A.B.C.D (Optional) Displays media flows only to or from the specific IPv4 media
address.
sbc-nam Specifies the name of the SBC service.
port-number (Optional) Displays media flows only to or from the specific port.
39-394
OL-13499-04
EndPointPacketsLost 1
DtmfInterworking No
MediaFlowing Yes
RouteError No
Unexpected SrcAddr Packets Yes (CD6)
BillingId 12AB3C4D567124C7124C12DE
Side B
VpnId <none>
LocalPort 24002
RemotePort 24002
RtpPacketsRcvd 100
RtpOctetsRcvd 2000
RtpPacketsSent 300
RtpOctetsSent 6000
RtpPacketsDiscarded 0
RtpOctetsDiscarded 0
EndPointPacketsSent 100
EndPointPacketsRcvd 300
EndPointPacketsLost 0
DtmfInterworking No
MediaFlowing Yes
RouteError No
Unexpected SrcAddr Packets No (CD6)
BillingId 5DAB3C4D153624C7124E1234
sbc dbe media-address ipv4 Configures a DBE media address pool and an address pool.
sbc dbe media-address pool ipv4 Creates an IPv4 address range within a DBE media address
pool.
sbc dbe media-address port range Creates a port range associated with a media address or range
of addresses.
showservices sbc dbe addresses Lists the addresses configured on DBEs.
39-395
OL-13499-04
show services sbc dbe media-flow-stats vrf
To lists the statistics about one or more media flows collected on the DBE associated with a specific VRF
instance, use the show services sbc dbe media-flow-stats vrf command in EXEC mode.
show services sbc sbc-name dbe media-flow-stats [detail | summary] vrf vrf-name
Syntax Description
Command History
Usage Guidelines With respect to the output of the show services sbc dbe media-flow-stats vrf command, not all
endpoints report RTP Control Protocol (RTCP) endpoint statistics.
Examples The following command lists the statistics for media flows collected on the DBE associated with a VRF
vpn1:
host1/Admin# show services sbc dmsbc-node9 dbe media-flow-sta vrf vpn1 ipv4 88.88.110.100
port 20000
SBC Service ''dmsbc-node9''
Media Flow:
State of Media Flow: Active
Call Age: 3850390 ms
Call Priority: Routine
Reserved Bandwidth: 10 (kilobytes/second)
No media timeout remaining: 2741
Class of service: Any
Side A:
VRF Name: vpn1
Local Address: 88.88.110.100
Local Port: 20000
Remote Address: 200.200.200.172
Remote Port: 17488
RTP Packets Received: 140134
RTP Packets Sent: 140131
RTP Packets Discarded: 0
detail Specifies media flow detailed statistics.
summary Specifies media flow summary statistics.
vrf-name Specifies the name of the VRF.
39-396
OL-13499-04
Related Commands
Command Description
39-397
OL-13499-04
show services sbc dbe media-flow-stats vrf ipv4
To lists the statistics about one or more media flows collected on the DBE for an IPv4 address associated
with a specific VRF instance, use the show services sbc dbe media-flow-stats vrf ipv4 command in
EXEC mode.
show services sbc sbc-name dbe media-flow-stats [detail | summary] vrf vrf-name ipv4
[A.B.C.D]
Syntax Description
Command History
Usage Guidelines With respect to the output of the show services sbc dbe media-flow-stats vrf ipv4 command, not all
endpoints report RTP Control Protocol (RTCP) endpoint statistics.
Examples The following command lists the statistics about one or more media flows collected on the DBE for an
IPv4 address associated with a specific VRF instance:
host1/Admin# show services sbc j dbe media-flow-stats detail vrf vpn1 ipv4 10.127.3.1
SBC Service "j"
Media Flow:
ContextID: 12
StreamID: 49153
Reserved Bandwidth: 10500 (bytes/second)
Class of service: Voice
Side A:
VRF Name: vpn1
Local Port: 16384
Remote Port: 16526
A.B.C.D (Optional) Specifies the IPv4 address.
39-398
OL-13499-04
RTP Data Received: 193400 (bytes)
RTP Data Sent: 188800 (bytes)
RTP Data Discarded: 0 (bytes)
End Point Packets Sent: Not known
End Point Packets Received: Not known
End Point Packets Lost: Not known
DTMF Interworking: No
Media Flowing: Yes
Affected by Routing Error: No
Unexpected SrcAddr Packets: No
Billing ID: 0x47B507DF2020202020202030302B3030303030300000
0018
Media directions allowed: sendrecv
Side B:
VRF Name: vpn2
Local Port: 16384
Remote Port: 19566
Media Flowing: Yes
Billing ID: 0x47B507DF2020202020202030302B3030303030300000
0017
Related Commands
Command Description
VRF instance.
39-399
OL-13499-04
show services sbc dbe media-flow-stats vrf ipv4 port
To lists the statistics about one or more media flows collected on the DBE for a port with an IPv4 address
associated with a specific VPN routing and forwarding (VRF) instance, use the show services sbc dbe
media-flow-stats vrf ipv4 port command in EXEC mode.
show services sbc sbc-name dbe media-flow-stats [detail | summary] vrf vrf-name ipv4
[A.B.C.D] port port-number
Syntax Description
Command History
Usage Guidelines With respect to the output of the show services sbc dbe media-flow-stats vrf ipv4 port command, not
all endpoints report RTP Control Protocol (RTCP) endpoint statistics.
Examples The following command lists the statistics about one or more media flows collected on the DBE for a
port with an IPv4 address associated with a specific VRF instance:
host1/Admin# show services sbc j dbe media-flow-stats detail vrf vpn1 ipv4 10.127.3.1 port
16526
SBC Service "j"
Media Flow:
ContextID: 12
StreamID: 49153
Reserved Bandwidth: 10500 (bytes/second)
Class of service: Voice
Side A:
VRF Name: vpn1
Local Port: 16384
A.B.C.D (Optional) Specifies the IPv4 address.
port-number Only displays media or signaling flows to or from this port. Specifies the port
number.
39-400
OL-13499-04
Remote Port: 16526
Media Flowing: Yes
Billing ID: 0x47B507DF2020202020202030302B3030303030300000
0018
Side B:
VRF Name: vpn2
Local Port: 16384
Remote Port: 19566
Media Flowing: Yes
Billing ID: 0x47B507DF2020202020202030302B3030303030300000
0017
Related Commands
Command Description
VRF instance.
39-401
OL-13499-04
show services sbc dbe media-stats
To list general DBE statistics, use the show services sbc dbe media-stats command in EXEC mode.
These statistics do not include contributions from active calls.
show services sbc sbc-name dbe media-stats
Syntax Description
Command History
Usage Guidelines The Active Flows statistic counts the number of flows for which media has been observed within the
media-timeout period, or where the call has failed over within the last media-timeout period and the SBC
has not yet had a chance to observe whether media is flowing or not.
The Unclassified Pkts statistic includes all packets received on the VLAN interface that are not matched
to a valid media flow. This includes media packets not matched to a flow, signaling packets, and any
other traffic.
Examples The following command lists general DBE statistics:
host1/Admin# show services sbc my sbc dbe signaling-flow-stats vrf vpn3 ipv4 10.1.1.1 port
24000
SBC Service "mySbc"
signalingFlow 1
FlowPairState Open
PinholeAge 15340 ms
PinholeBandwidth 1500
Side A
VpnId vpn3
LocalPort 24000
RemotePort 32420
PacketsRcvd 300
OctetsRcvd 6000
PacketsSent 100
OctetsSent 2000
PacketsDiscarded 0
OctetsDiscarded 0
Release 3.1.00 Updated to include summary information on signaling pinholes.
39-402
OL-13499-04
Side B
VpnId <none>
LocalPort 24002
RemotePort 24002
PacketsRcvd 100
OctetsRcvd 2000
PacketsSent 300
OctetsSent 6000
PacketsDiscarded 0
OctetsDiscarded 0
Related Commands
Command Description
VRF instance.
39-403
OL-13499-04
show services sbc dbe signaling-flow-stats
To lists the statistics about one or more media flows collected on the DBE, use the show services sbc
dbe signaling-flow-stats command in EXEC mode.
show services sbc sbc-name dbe signaling-flow-stats [detail | summary] [vrf vrf-name | ipv4
A.B.C.D. | port port number]
Syntax Description
Command History
Examples The following command lists mdeia flow statistics:
host1/Admin# show services sbc my sbc dbe signaling-flow-stats detail vrf vpn3 ipv4
10.1.1.1 port 24000
SBC Service "mySbc"
signalingFlow 1
FlowPairState Open
PinholeAge 15340 ms
PinholeBandwidth 1500
Side A
VpnId vpn3
LocalPort 24000
RemotePort 32420
PackesRcvd 300
OctetsRcvd 6000
PacketsSent 100
OctetsSent 2000
PacketsDiscarded 0
OctetsDiscarded 0
vrf Specifies VRF.
ipv4 Specifies IPv4.
A.B.C.D. Specifies the IPv4 address.
port Specifies port.
port number Specifies the port number.
39-404
OL-13499-04
Side B
VpnId <none>
LocalPort 24002
RemotePort 24002
PacketsRcvd 100
OctetsRcvd 2000
PacketsSent 300
OctetsSent 6000
PacketsDiscarded 0
OctetsDiscarded 0
Related Commands
Command Description
39-405
OL-13499-04
show services sbc rsrcmon
To show congestion states and statistics during switchover, use the show services sbc rsrcmon command
in EXEC mode.
show services sbc sbc-name rsrcmon
Syntax Description
Command History
Examples The following example shows the addresses that are configured on mySBC:
host1/Admin# show services sbc test rsrcmon
Resource Monitoring : Enabled
Congestion Status : Normal
CPU Congestion Status : Normal
Mem Congestion Status : Normal
Calls Rejected Due to Congestion : 0
CPU Congestion Count : 0
Mem Congestion Count : 0
CPU Congestion Threshold : 91 %
CPU Congestion Clear Threshold : 80 %
Top Procs Frequency : 200 ms
CPU Probe Duration during Congestion : 1000 ms
CPU Probe Duration during Normal Operation : 3000 ms
Avg CPU Utilization in last 500 msec : 0%(cpu0) 7%(cpu1)
1500 msec : 0%(cpu0) 10%(cpu1)
SBC Memory Allocation Limit : No Limit
Current Allocation : 78466149 bytes
Peak Allocation : 78466149 bytes
Allocation Failure Count : 0
Buffer Pool Usage : 67413 bytes
CB Pool Usage : 37464456 bytes
Free Memory SBC Holding : 40934280 bytes
Memory Usage Ceiling : 180000000 bytes
Last Monitored Usage : 37533189 bytes (20 %)

Here is info on malloc:
Total memory for dynamic memory allocation (arena) -- 440040 bytes
Number of ordinary blk not in use (ordblks) --------- 4
Number of small blk not in use (smblks) ------------- 0
Number of blks allocated w/ mmap (hblks) ------------ 300
Sum of memory allocated with mmap (hblkhd) ---------- 78798848 bytes
sbc-name Specifies the name of the SBC service.
39-406
OL-13499-04
Space in small blks in use (usmblks) ---------------- 0 bytes
Space in free small blks (fsmblks) ------------------ 0 bytes
Space in ordinary blocks in use (uordblks) ---------- 434736 bytes
Space in free ordinary blocks (fordblks) ----------- 5304 bytes
keepcost -------------------------------------------- 5168

Here is OS memory info
Total = 844869632 bytes
Used = 470876160 bytes (321875968 bytes after minus buffers/cached)
Free = 373993472 bytes (522993664 bytes after adding buffers/cached)
Shared = 0 bytes
Buffers = 1130496 bytes
Cached = 147869696 bytes
Related Commands
Command Description
39-407
OL-13499-04
show services sbc sbe aaa
show services sbc sbe aaa
To list the AAA status and configuration on each SBE, use the show services sbc sbe aaa command in
EXEC mode.
show services sbc sbc-name sbe aaa
Syntax Description
Command History
host1/Admin# show services sbc sbe aaa
SBC Service "mySbc"
AAA control address: 10.1.0.1
Accounting server: 10.2.0.1
Authentication server: 172.19.5.1
Authentication server: 172.19.5.2
Related Commands
Command Description
39-408
OL-13499-04
show services sbc sbe addresses
show services sbc sbe addresses
To list the addresses configured on SBEs, use the show services sbc sbe addresses command in EXEC
mode.
show services sbc sbc-name sbe addresses
Syntax Description
Command History
host1/Admin# show services sbc mySBC sbe addresses
SBC Service "mySbc"
Control Addresses
AAA control address: 10.1.0.1
H.248 control address: 10.1.0.1
Signaling Addresses
H.323 adjacency h323ToIsp42: 10.1.0.2:1720, VRF vpn3
SIP adjacency SipToIsp42: 10.1.0.2:5060, VRF vpn3
Related Commands
Command Description
39-409
OL-13499-04
show services sbc sbe adjacencies
To display all adjacencies, use the show services sbc sbe adjacencies command in EXEC mode.
show services sbc sbc-name sbe adjacencies
Syntax Description
Command History
Examples The following example shows the adjacencies that are configured on SBEs:
host1/Admin# show services sbc mysbc sbe adjacencies
SBC Service ''mysbc''
Name Type State Description
---------------------------------------------
h323-7206-CG H.323 Attached
h323-ixvoice H.323 Attached
sip-60 SIP Attached
7600-phone1 SIP Attached
7600-phone2 SIP Attached
sip-ixvoice SIP Attached
sip-7206-CG- SIP Attached
Related Commands
Command Description
show services sbc sbe adjacencies detail Displays all the fields specified SIP adjacency.
39-410
OL-13499-04
show services sbc sbe adjacencies detail
To display all the fields specified SIP adjacency, use the show services sbc sbe adjacencies detail
show services sbc sbc-name sbe adjacencies adjacency-name detail
Syntax Description
Command History
Examples The following example shows all the fields for the SIP adjacency sip-shanghai:
host1/Admin# show services sbc sbc sbe adjacencies sip-shanghai detail
SBC Service "sbc"
Adjacency sip-shanghai (SIP)
Status: Attached
Description:
Remote address: 10.0.3.13 255.255.255.255
Force next hop: No
Account:
Group: None
Local-id: 10.120.10.6
Register aggregate: Disabled
Register Out Interval: 0 seconds
adjacency-name The name of the SIP adjacency whose details are to be displayed.
Release 3.1.00 Modified to show statistic settings.
39-411
OL-13499-04
Force next hop: No
Ping-enabled: No
rewrite request-uri: Disabled
Statistics setting: Disabled
Related Commands
Command Description
show services sbc sbe adjacencies Displays all adjacencies.
39-412
OL-13499-04
show services sbc sbe adjacencies authentication-realms
show services sbc sbe adjacencies authentication-realms
To display authentication realm on the specified adjacency, use the show services sbc sbe adjacencies
authentication-realms command in EXEC mode.
show services sbc sbc-name sbe adjacencies adjacency-name authentication-realms
Syntax Description
Command History
Examples The following example shows how to display all currently configured authentication-realms for all SIP
adjacencies:
host1/Admin# show services sbc mysbc sbe adjacencies sipAdjacency authentication-realms
--------------------------------
abcdef.com abc abc
Related Commands
adjacency-name The name of the SIP adjacency whose details are to be displayed.
Command Description
Displays all currently configured
authentication-realms for all SIP adjacencies.
39-413
OL-13499-04
show services sbc sbe all-authentication-realms
To display all currently configured authentication-realms for all SIP adjacencies, use the show services
sbc sbe all-authentication-realms command in EXEC mode.
Syntax Description
Command History
Examples The following example shows how to display all currently configured authentication realms for all SIP
adjacencies:
host1/Admin# show services sbc mySbc sbe all-authentication-realms
--------------------------------
Example.com usersbc passwordsbc
Related Commands
.This command has no arguments or keywords
Command Description
authentication-realms
Displays authentication realm on the specified
adjacency.
39-414
OL-13499-04
services sbc sbe billing instance
services sbc sbe billing instance
To see if media creation information is enabled in the billing message for a specific billing instance, use
the show services sbc sbe billing instance command in EXEC mode.
show services sbc sbc-name sbe billing instance 0-7
Syntax Description
Command History
Examples The following example shows how to display the billing configuration:
host1/Admin# show services sbc mySbc sbe billing instance 1
Billing Manager Information:
Local IP address: 0.0.0.0
LDR check time: 00:00
Record media create info: Yes/No
Method packetcable-em
Admin Status: UP
Operation Status: UP
1
Related Commands
0-7 The billing instance whose details are to be displayed.
Command Description
record-media-create-info Activates support for media information support
in billing.
services sbc sbe billing instances Displays whether media creation information is
enabled in the billing message for all billing
instances.
39-415
OL-13499-04
services sbc sbe billing instances
services sbc sbe billing instances
To see whether media creation information is enabled in the billing message for all billing instances, use
the show services sbc sbe billing instances command in EXEC mode.
show services sbc sbe billing instances
Syntax Description
Command History
host1/Admin# show services sbc mySbc sbe billing instances
Billing Manager Information:
LDR check time: 00:00
Record media create info: Yes/No
Method packetcable-em
Admin Status: UP
Operation Status: UP
Related Commands
Command Description
services sbc sbe billing instance Displays whether media creation information is
enabled in the billing message for a specific
billing instance.
39-416
OL-13499-04
show services sbc sbe billing remote
To display the billing configuration. use the show services sbc sbe billing remote command in EXEC
mode.
Syntax Description
Command History
host1/Admin# show services sbc mySbc sbe billing remote
billing
Related Commands
Command Description
services sbc sbe billing instances Shows if media creation information is enabled in
the billing message for all billing instances.
39-417
OL-13499-04
show services sbc sbe blacklist configured-limits
To list the explicitly configured limits, showing only the sources configured, use the show services sbc
sbe blacklist configured-limits command in EXEC mode.
Values not explicitly configured and, therefore, inherited from other defaults, are bracketed.
show services sbc sbc-name sbe blacklist configured-limits
Syntax Description
Command History
Examples The following command lists the limits that you explicitly configured, showing only the sources.
Non-explicitly configured values appear in brackets:
host1/Admin(config-sbc-sbe)# show services sbc mySbc sbe blacklist configured-limits
SBC Service mySbc SBE dynamic blacklist configured limits
=========================
Size Period Period
------ ------- ------- ------------
Default for addresses on vpn3
=============================
Size Period Period
------ ------- ------- ------------
Authentication 20 1 sec 1 day
Bad address 20 1 sec 1 day
Routing 20 1 sec 1 day
Registration 5 30 sec 1 day
Corrupt 50 100 ms 12 hours
112.234.23.2
============
sbc-name Specifies the name of the SBC.
39-418
OL-13499-04
Size Period Period
------ ------- ------- ------------
Authentication 2000 (1 sec) (1 hour)
Bad address 2000 (1 sec) (1 hour)
Routing 2000 (1 sec) (1 hour)
Registration 500 (30 sec) (10 hours)
Policy 2000 (1 sec) (1 day)
Corrupt 2000 (100 ms) (1 hour)
vpn3 172.19.12.12
=================
Size Period Period
------ ------- ------- ------------
Authentication (20) (1 sec) (1 hour)
Bad address (20) (1 sec) (1 hour)
Routing (20) (1 sec) (1 hour)
Registration (5) (30 sec) (10 hours)
Policy (20) (1 sec) (1 day)
======================================
Size Period Period
------ ------- ------- ------------
source (in other words, a port, IP address, VPN, global address space).
source.
blacklist
address.
blacklist
39-419
OL-13499-04
show services sbc sbe blacklist current-blacklisting
To list the limit causing sources to be blacklisted, use the show services sbc sbe blacklist
current-blacklisting command in EXEC mode.
show services sbc sbc-name sbe blacklist current-blacklisting
Syntax Description
Command History
Examples The following example shows the current blacklisting information for the SBC:
host1/Admin# show sbc mySbc sbe blacklist current-blacklisting
SBC Service mySbc SBE dynamic blacklist current members
Global addresses
================
------- ------ --------- ---------
125.125.111.123 All Authentication 15 mins
125.125.111.253 UDP 85 Registration 10 secs
144.12.12.4 TCP 80 Corruption Never ends
VRF: vpn3
=========
------- ------ --------- ---------
132.15.1.2 TCP 285 Registration 112 secs
172.23.22.2 All Policy 10 hours
Related Commands
sbc-name Defines the name of the service.
Command Description
source.
39-420
OL-13499-04
blacklist
address.
blacklist
configured-limits
Command Description
39-421
OL-13499-04
show services sbc sbe blacklist ipv4
To list the limits in force for a particular sourcewhether from defaults or explicitly configuredin a
form in which they can be entered into the CLI, use the show services sbc sbe blacklist ipv4 command
in EXEC mode. Also listed are any defaults for a smaller scope configured at this address.
Values not explicitly configured and, therefore, inherited from other defaults, are bracketed.
show services sbc sbc-name sbe blacklist [source] ipv4 IP address
Syntax Description
Command History
Examples The following example shows how to list blacklisting information for a specific VPN with a valid IPv4
address:
host1/Admin# show services sbc mySbc sbe blacklist vpn3 ipv4 172.19.12.12
SBC Service mySbc SBE dynamic blacklist vpn3 172.19.12.12
vpn3 172.19.12.12
=================
Size Period Period
------ ------- ------- ------------
Authentication (20) 10 ms (1 hour)
Bad address (20) 10 ms (1 hour)
Routing (20) 10 ms (1 hour)
Registration (5) 100 ms (10 hours)
Policy (20) 10 ms (1 day)
======================================
Size Period Period
------ ------- ------- ------------
sbc-name Specifies the name of the SBC.
source Specifies the source for which you want to display blacklisting information.
This source is one of the following values:
VPN ID (Only VPN ID is permitted in the present implementation.)
IP address Specifies the IPv4 address.
39-422
OL-13499-04
source.
blacklist
configured-limits
blacklist
39-423
OL-13499-04
show services sbc sbe cac-policy-set
To list detailed information for a given entry in a CAC policy table, use the show services sbc sbe
cac-policy-set command in EXEC mode.
show services sbc sbc-name sbe cac-policy-set set-id {table name entry entry-id} {tables}
Syntax Description
.
Examples The following example lists detailed information for entry 1 of the standard_policy_list CAC table,
which is part of CAC policy set 1:
host1/Admin# show services sbc mysbc sbe cac-policy-set 1 table std_policy_list entry 1
SBC Service "mysbc"
Policy set 1 table std_policy_list entry 1
Match value
Action Next table
Next-table subscriber_limits
Max calls Unlimited
Max in-call rate Unlimited
Max out-call rate Unlimited
Transcoder Allowed
Early media Allowed
set-id Specifies the numeric identifier of the CAC policy set to which the table
belongs.
table name Specifies the name of the table.
entry entry-id Specifies the numeric identifier of the entry that you want to display.
tables Shows all tables in the specified CAC policy set.
Release 3.1.00 This command was modified to show new information in the CAC policy
entry.
39-424
OL-13499-04
sbc/Admin#
call-policy-set table
entry
Displays a summary of the entries associated with the given routing table.
39-425
OL-13499-04
show services sbc sbe cac-policy-sets
show services sbc sbe cac-policy-sets
To list all of the CAC policy sets on the SBE, use the show services sbc sbe cac-policy-sets command
in EXEC mode.
show services sbc sbc-name sbe cac-policy-sets
Syntax Description
Command History
Examples The following example lists all of the CAC (Call Admission Control) policy sets on the SBE:
host1/Admin# show services sbc mySbc sbe cac-policy-sets
SBC Service ''mySbc''
Policy Set Description
---------------------------------------------------------
1 No Description List
Active policy set: 1
Related Commands
Command Description
entry
39-426
OL-13499-04
show services sbc sbe cac-policy-set tables
show services sbc sbe cac-policy-set tables
To list a summary of the CAC policy tables associated with the given policy set, use the show services
sbc sbe cac-policy-set tables command in EXEC mode.
show services sbc sbc-name sbe cac-policy-set id tables
Syntax Description
Command History
Examples The following example lists a summary of the CAC policy tables associated with the given policy set 1:
host1/Admin# show services sbc mysbc sbe cac-policy-set 1 tables
SBC Service "mysbc"
Policy set 1 tables
Table name Match type Description Total Failures
----------------------------------------------------------
subscriber-limits subscriber
Related Commands
id The numeric identifier of the CAC policy set whose tables are to be
displayed.
Release 3.1.00 Modified to show new match type.
Command Description
entry
39-427
OL-13499-04
show services sbc sbe cac-policy-set table entries
show services sbc sbe cac-policy-set table entries
To list a summary of the CAC policy tables associated with the given policy set, use the show services
sbc sbe cac-policy-set table entries command in EXEC mode.
show services sbc sbc-name sbe cac-policy-set id table name entries
Syntax Description
Command History
Examples The following example lists a summary of the CAC policy table associated with the given policy set 1:
host1/Admin# show services sbc mysbc sbe cac-policy-set 1 table std-policy-list entries
SBC Service "mysbc"
Policy set 1 table std-policy-list entries
Entry Match Value
---------------------------
CAC Policy entry 1 subscriber
Related Commands
id The numeric identifier of the CAC policy set whose tables are to be
displayed.
name The name of the table whose entries are to be displayed.
Release 3.1.00 Modifed to show new match value.
Command Description
entry
39-428
OL-13499-04
show services sbc sbe cac-policy-set table entry
To list detailed information for a given entry in a CAC policy table, use the show services sbc sbe
cac-policy-set table entry command in EXEC mode.
show services sbc sbc-name sbe cac-policy-set id table name entry entry
Syntax Description
Command History
Examples The following example lists detailed information for a given entry (1) in a CAC policy table associated
with the given policy set 1:
host1/Admin# show services sbc mysbc sbe cac-policy-set 2 table limited-category entry 1
SBC Service "mysbc"
Policy set 1 table std_policy_list entry 1
Match value
Action CAC Complete
Max calls Unlimited
Transcoder Allowed
Early media Allowed
Match Prefix length 24
host1/Admin#
id The numeric identifier of the CAC policy set whose tables are displayed.
name The name of the table whose entries are to be displayed.
entry The numeric identifier of the entry to display.
Release 3.1.00 Modified to show the new configuration added under an entry.
39-429
OL-13499-04
entry
39-430
OL-13499-04
show services sbc sbe call branches
show services sbc sbe call branches
To show all the branches on the specified call on SBEs, use the show services sbc sbe call branches
show services sbc sbe call call-num branches
Syntax Description
Command History
Examples The following example shows how to display the branches associated with call 2:
host1/Admin# show services sbc mySbc sbe call 2 branches
SBC Service "mySbc"
Call: 2
State: active
Type: video
Branch Calling Number Called Number Billing ID
1 102 789 767 - DAB3C4D153624C7124E1234
2 - 05 659 896
call-num Specifies the call to display information about.
39-431
OL-13499-04
show services sbc sbe call-policy-set
To list information concerning call-policy-sets, use the show services sbc sbe call-policy-set command
in EXEC mode.
show services sbc sbc-name sbe call-policy-set [active | 1-2147483647 [detail | table
{number-analysis | table-name [detail | entry num]}]]
Syntax Description

Command History
Examples The following example shows how to show all call policy sets:
host1/Admin# show services sbc test sbe call-policy-set
Policy set 1
Description : basic adjacency route
Active policy set : No
First Number Analysis table :
First call routing table : start-table
First reg routing table : start-table
Table Name : start-table
Class : Routing
Table type : rtg-src-adj
Total Call-policy Failures: 0 (0 *)
Entry Match Value Destination Adjacency Action
----- ----------- --------------------- ------
1 sipp-a sipp-b Routing complete
2 sipp-b sipp-a Routing complete
3 h323-2 h323-1 Routing complete
4 h323-1 h323-2 Routing complete
1-2147483647 Specifies the routing policy set ID.
active Shows the active call policy set.
detail Shows the full configuration of the call policy set.
table Shows a specific table in the call policy set.
number-analysis Shows number analysis tables.
table-name Specifies a table name. Maximum size is 24 characters.
entry num Shows a specific entry number.
39-432
OL-13499-04
Policy set 2
Description :
Class : Routing
----- ----------- --------------------- ------
1 sipp-2 sipp-1 Routing complete
Policy set 3
Description :
First Number Analysis table : hotel_dialing_plan
First call routing table :
First reg routing table :
Table Name : hotel_dialing_plan
Class : Number Analysis
Table type : na-dst-pre
Policy set 4
Description :
Class : Routing
----- ----------- --------------------- ------
Policy set 5
Description :
Active policy set : Yes
First call routing table : start-routing
Table Name : internal-route
Class : Routing
39-433
OL-13499-04
----- ----------- --------------------- ------
Table Name : external-route
Class : Routing
Table type : rtg-dst-add
----- ----------- --------------------- ------
1 9469 sipp-3 Routing complete
Table Name : start-routing
Class : Routing
Table type : rtg-category
----- ----------- --------------------- ------
1 internal Next table(internal-route)
2 external Next table(external-route)
3 international Next table(international-route)
4 emergency sipp-6 Routing complete
5 Blocked Reject
Table Name : international-route
Class : Routing
Table type : rtg-least-cost
----- ----------- --------------------- ------
1 No match value sipp-5 Routing complete
Entry Match Value Action
----- ----------- ------
1 XXX Routing complete
2 9XXX Routing complete
3 911 Routing complete
* Numbers in brackets refer to a call being rejected by a routing or number
analysis table because there were no matching entries in the table. This is
also included in the total figure.
The following example shows how to list the active call policy set:
host1/Admin# show services sbc test sbe call-policy-set active
Policy set 5
Description :
39-434
OL-13499-04
Class : Routing
----- ----------- --------------------- ------
Class : Routing
----- ----------- --------------------- ------
Class : Routing
----- ----------- --------------------- ------
5 Blocked Reject
Class : Routing
----- ----------- --------------------- ------
----- ----------- ------
The following example shows how to specify a call policy set by its identification number:
host1/Admin# show services sbc test sbe call-policy-set 5
39-435
OL-13499-04
SBC Service "test"
Policy set 5
Description :
Class : Routing
----- ----------- --------------------- ------
Class : Routing
----- ----------- --------------------- ------
Class : Routing
----- ----------- --------------------- ------
5 Blocked Reject
Class : Routing
----- ----------- --------------------- ------
----- ----------- ------
39-436
OL-13499-04
The following example shows how to list the full configuration of a call policy set:
host1/Admin# show services sbc test sbe call-policy-set 5 detail
SBC Service "test"
Policy set 5
Description :
Class : Routing
Entry : 1
Match adjacency sipp-1
Action Routing complete
Dest Adjacency sipp-2
Cost 0
Weight 1
Failures 0
Class : Routing
Entry : 1
Match address 9469
Matching as a prefix
Cost 0
Weight 1
Failures 0
Entry : 2
Match address 9972
Matching as a prefix
Cost 0
Weight 1
Failures 0
Class : Routing
Entry : 1
Match category internal
Action Next table
Next-table internal-route
Failures 0
Entry : 2
Match category external
39-437
OL-13499-04
Action Next table
Next-table external-route
Failures 0
Entry : 3
Match category international
Action Next table
Next-table international-route
Failures 0
Entry : 4
Match category emergency
Cost 0
Weight 1
Failures 0
Entry : 5
Match category Blocked
Action Reject
Failures 0
Class : Routing
Entry : 1
Cost 10
Weight 1
Failures 0
Entry : 2
Cost 30
Weight 50
Failures 0
Entry : 3
Cost 30
Weight 10
Failures 0
Entry : 1
Match address XXX
Action Accept
Category internal
Entry : 2
Match address 9XXX
Action Accept
Category external
Entry : 3
Match address 911
Action Accept
Category emergency
Entry : 4
Match address 011
Action Accept
39-438
OL-13499-04
Category international
Entry : 5
Match address 900
Action Accept
Category Blocked
The following example shows how to list number analysis tables:
host1/Admin# show services sbc test sbe call-policy-set 5 table number-analysis
SBC Service "test"
Policy set 5
Description :
----- ----------- ------
The following example shows how to list a specific table in the call policy set:
host1/Admin# show services sbc test sbe call-policy-set 5 table international-route
SBC Service "test"
Policy set 5
Description :
Class : Routing
----- ----------- --------------------- ------
39-439
OL-13499-04
The following example shows how to list all configurations for a specific call policy set table:
host1/Admin# show services sbc test sbe call-policy-set 5 table international-route detail
SBC Service "test"
Policy set 5
Description :
Class : Routing
Entry : 1
Cost 10
Weight 1
Failures 0
Entry : 2
Cost 30
Weight 50
Failures 0
Entry : 3
Cost 30
Weight 10
Failures 0
also included in the total figure.#
The following example shows how to list a specific entry:
host1/Admin# services sbc test sbe call-policy-set 5 table international-route entry 3
SBC Service "test"
Policy set 5
Description :
Class : Routing
Entry : 3
Cost 30
Weight 10
39-440
OL-13499-04
Failures 0
Related Commands
Command Description
call-policy-set Creates a new policy set.
39-441
OL-13499-04
show services sbc sbe call-policy-set table entry
show services sbc sbe call-policy-set table entry
To display detailed information for a given entry in a CAC policy table, use the show services sbc sbe
call-policy-set table entry command in EXEC mode.
show services sbc sbc-name sbe call-policy-set id table name entry entry
Syntax Description
Command History
Examples The following example shows how to display a summary of the entries associated with the given table:
host1/Admin# show services sbc mySbc sbe call-policy-set 1 table rtgTable entry 1
SBC Service ''mySbc''
Policy set 1 table rtgTable entry 1
Routing table entry
Match adjacency sipOrig
Dest Adjacency h323Term
Failures 0
NEED UPDATED SAMPLW
Related Commands
id Specifies the numeric identifier of the routing policy set to which the table
belongs.
name Specifies the table whose entries are to be displayed.
sbc name Name of the SBC service.
entryentry Specifies the entry index of the table.
Release 3.1.00 Modifies to support new tables.
Command Description
show services sbc sbe call-policy-set table
entries
Displays a summary of the entries associated with
a given table.
39-442
OL-13499-04
show services sbc sbe call-rate-stats
show services sbc sbe call-rate-stats
To list all of the current rate of attempted call setups per second over a short period of time (default to 3
seconds,. use the show services sbc sbe call-rate-stats command in EXEC mode.
show services sbc sbc-name sbe call-rate-stats
Syntax Description
Command Default Default value is 3 seconds.
Command History
Examples The following example shows how to list all of the current rate of attempted call setups per second:
host1/Admin# show services sbc sbc-1 sbe call-rate-stats
Calls Per Second:
-----------------
Current CPS 10
Maximum CPS 80
Minimum CPS 1
Average CPS 0
Related Commands
Command Description
SBE.
39-443
OL-13499-04
show services sbc sbe calls
show services sbc sbe calls
To list all the calls on the SBEs, use the show services sbc sbe calls command in EXEC mode.
show services sbc sbc-name sbe calls
Syntax Description
Command History
Examples The following example shows how to list the complete call statistics for the current hour:
host1/Admin# show services sbc a sbe calls
SBC Service ''a''
Call State Type Src Adjacency Dest Adjacency
-----------------------------------------------------------------------------
393 Activating Audio navtel1 navtel2
394 Activating Audio navtel1 navtel2
host1/Admin#
Related Commands
Command Description
SBE.
39-444
OL-13499-04
show services sbc sbe call-stats
To list the statistics for all the calls on the specified SBE, use the show services sbc sbe call-stats
show services sbc sbc-name sbe call-stats period
Syntax Description
Command History
Usage Guidelines Readings are taken at 5-minute intervals past the hour (that is, 05, 10, 15, and so on). Current readings
apply to the statistics since the last appropriate readings were taken.
If the time is now 12:34, currenthour will apply to the statistics collected since 00:00 and current15mins
will be since 12:30. In this example, previous hour would be 11:00-12:00 and previous15mins would be
12:15-12:30.
period Specifies the interval when the statistics display. The possible values are:
current15minsStats from current 15 minute interval. Shows the average of
all snapshots taken since the last 15 minute boundary.
current5minsStats from current 5 minute interval. Shows the
instantaneous number of activating, deactivating or active calls.
currentdayStats from current day from midnight. Shows the average of all
snapshots taken since the last 15 minute boundary.
currenthourStats in current hour. Shows the average of all snapshots taken
since the last 15 minute boundary.
previous15minsStats from previous 15 minute interval. Shows the average
of the four snapshots (taken on the 5 minute boundaries) during the previous
full 15 minute period.
previous5minsStats from previous 5 minute interval. Shows the
instantaneous number of activating, deactivating or active calls at the previous
5 minute boundary.
previousdayStats from the previous day. Shows the average of the four
snapshots taken since the last whole day multiple.
previoushourStats from the previous hour. Shows the average of the four
snapshots taken since the last whole hour multiple.
39-445
OL-13499-04
If a reading occurs on a 15 minute boundary (that is. 0:15, 0:30, 0:45, 1:00, and so on) the code will move
the value of the current15 minutes bucket into the previous15 minutes bucket and reset the
current15minutes. This process is repeated on hour and day boundaries for the previoushour and
previousday statistics respectively.
The call-stats field descriptors are as follows:
Active callsWhen the period queried is "current5mins", this is the number of calls currently active
at the instant that the query is issued. Otherwise, this is the average number of calls that have been
active for the entire period.
Activating callsWhen the period queried is "current5mins", this is the number of calls currently
activating at the instant that the query is issued. Otherwise, this is the average number of calls that
have been activating for the entire period.
Deactivating callsWhen the period queried is "current5mins", this is the number of calls currently
deactivating at the instant that the query is issued. Otherwise, this is the average number of calls that
have been deactivating for the entire period.
Total call attemptsCall establishment attempts made. Because a call attempt may have failed in a
later summary period, this may include failed calls that are not included in the failed call attempt
count.
Failed call attemptsCall establishment attempts failed. Because a failed call attempt may result
from a call that was started during a previous summary period, this may include call attempts that
are not included in the total call attempt count.
Successful call attempts0 if the total call attempts are less than the failed call attempts; otherwise
this is the total call attempts minus the failed call attempts.
Call routing failedThe total number of call setup failures due to routing policies.
Call resources failedCall establishment attempts failed due to a resource failure.
Call media failedCall establishment attempts failed due to a media failure on a call. The media
failure could be because the caller and callee could not agree on the media to use or because the SBC
rejects the media request because it would break CAC policy.
Call signaling failedCall establishment attempts failed due to a signaling failure.
Active call failuresCalls failed from an active state. Includes all deactivation causes other than
normal release.
Congestion failuresCall establishment attempts failed due to system congestion.
Examples The following example shows how to list the complete call statistics for the current hour:
host1/Admin# show services sbc test sbe call-stats current15mins
SBC Service ''test''
Active calls: 0
Activating calls = 0
Deactivating calls = 0
Total call attempts = 0
Failed call attempts = 0
Successful call attempts = 0
Call routing failed = 0
Call resources failed = 0
Call media failed = 0
Call signaling failed = 0
Active call failures = 0
Congestion failures = 0
39-446
OL-13499-04
Note The Deactivating calls statistic displays the number of calls that are undergoing deactivation
internally in the SBC. This statistic does not include the number of calls for which the SBC is
waiting for a response from an endpoint to signal call teardown.
call-rate-stats
Lists all of the current rate of attempted call setups per second over a
short period of time.
39-447
OL-13499-04
show services sbc sbe codec-list
show services sbc sbe codec-list
To show information about the codec lists that are configured on the SBE, use the show services sbc sbe
codec-list command in EXEC mode.
show services sbc sbc-name sbe codec-list list-name
Syntax Description
Command History
Examples The following example shows how to display information about the codec list named my_codecs.
host1/Admin# show services sbc mySbc sbe codec-list my_codecs
SBC Service "mySbc"
Codec list "my_codecs" (Legitimate codecs)
Codec Name Min Packetization Period
========== ========================
PCMU 20ms
G729 10ms
Related Commands
Command Description
39-448
OL-13499-04
show services sbc sbe gates
show services sbc sbe gates
To list the gates created on the SBE, use the show services sbc sbe gates command in EXEC mode.
show services sbc sbc-name sbe gates
Syntax Description

Command History
Examples The following example shows how to list the gates created on the SBE:
host1/Admin# show services sbc a sbe gates
SBC Service ''a''
Billing correlator A: 0x4803FFFFFF8EFFFFFFD12020202020202030000000000000000000
000544
Billing correlator B: 0x4803FFFFFF8EFFFFFFD12020202020202030000000000000000000
000543
Media Gateway is collocated
Number of flow pairs = 1
host1/Admin#
39-449
OL-13499-04
show services sbc sbe h323 timers
To display a list of H.323 timer configuration, use the show services sbc sbe h323 command in EXEC
mode.
show services sbc sbc-name sbe h323 timers
Syntax Description

Command History
Examples The following example shows how the show services sbc sbe h323 timers command is used to display
a list of H.323 timer configuration:
host1/Admin# show services sbc test sbe h323 timers
H.323 Timers
Global scope
adjacency retry timeout 30000
ras rrq ttl 60
ras rrq keepalive 45000
ras retry count (arq) 2
ras timeout (arq) 5000
ras retry count (brq) 2
ras timeout (brq) 3000
ras retry count (drq) 2
ras timeout (drq) 3000
ras retry count (grq) 2
ras timeout (grq) 5000
ras retry count (rrq) 2
ras timeout (rrq) 3000
ras retry count (urq) 1
ras timeout (urq) 3000
Adjacency tekOrig
H225 Timeout Setup 4000
H225 Timeout Proceeding 10000
H225 Timeout Establishment 180000
RAS RRQ TTL 60
RAS RRQ Keepalive 45000
RAS Retry Count (arq) 2
RAS Timeout (arq) 5000
39-450
OL-13499-04
RAS Retry Count (brq) 2
RAS Timeout (brq) 3000
RAS Retry Count (drq) 2
RAS Timeout (drq) 3000
RAS Retry Count (grq) 2
RAS Timeout (grq) 5000
RAS Retry Count (rrq) 2
RAS Timeout (rrq) 3000
RAS Retry Count (urq) 1
RAS Timeout (urq) 3000
Related Commands
Command Description
show services sbc sbe hunting-trigger Shows the the H.323 hunting triggers at the
global level.
39-451
OL-13499-04
show services sbc sbe hold-media-timeout
show services sbc sbe hold-media-timeout
To show the configured duration of the media timeout timer for on-hold calls, use the show services sbc
sbe hold-media-timeout command in EXEC mode.
show services sbc sbc-name sbe hold-media-timeout
Syntax Description
Command History
Examples The following example shows sample data for the media timeout timer for on-hold calls:
host1/Admin# show services sbc mysbc sbe hold-media-timeout
SBC Service "mysbc"
SBE On-hold media timeout duration is: 10 seconds
host1/Admin#
Related Commands
sbc-name Specifies the SBC service.
Command Description
hold-media-timeout Configures the time an SBE will wait after
receiving a media timeout notification from the
DBE for an on-hold call before tearing that call
down.
39-452
OL-13499-04
show services sbc sbe hunting-trigger
show services sbc sbe hunting-trigger
To show the the H.323 or SIP hunting triggers at the global level, use the show services sbc sbe
hunting-trigger command in EXEC mode.
show services sbc sbc-name sbe {h323 | sip} hunting-trigger
Syntax Description
Command History
Examples The following example shows sample data for the media timeout timer for on-hold calls:
host1/Admin# show services sbc uut105-1 sbe h323 hunting-trigger
H.323 Hunting Triggers
----------------------
noBandwidth
unreachableDestination
destinationrejection
noPermission
badFormatAddress
securityDenied
Related Commands
h323 Specifies H.323 hunting-trigger.
sip Specifies SIP hunting-trigger.
Command Description
hunting-trigger Configures failure return codes to trigger hunting.
39-453
OL-13499-04
show services sbc sbe media-gateway-associations
show services sbc sbe media-gateway-associations
To list all the media gateways associated with this SBE and statistics associated with the media gateway,
use the show services sbc sbe media-gateway-associations command in EXEC mode.
show services sbc sbc-name sbe media-gateway-associations
Syntax Description
Command History
Examples The following example shows how to list all the media gateways associated with this SBE and statistics
associated with the media gateway:
host1/Admin# show services sbc test sbe media-gateway-associations
Media gateway 200.200.207.101:2944
Gateway Protocol = megaco
Transport Protocol = UDP
Local Address = 88.104.1.3:2944
Requests 3687 1 0 0
Replies 1 3686 - 0
Related Commands
Command Description
show services sbc sbe media-gateways Lists the gateway configuration and attachment
status on SBE.
39-454
OL-13499-04
show services sbc sbe media-gateways
show services sbc sbe media-gateways
To list the gateway configuration and attachment status on SBE, use the show services sbc sbe
media-gateways command in EXEC mode.
show services sbc sbc-name sbe media-gateways
Syntax Description
Command History
Examples The following example shows how to list the gateway configuration and attachment status on SBEs:
host1/Admin# show services sbc mySbc sbe media-gateways
SBC Service mySbc
Configured Gateway 10.0.0.1
Related Commands
Command Description
media-gateway-associations
Lists all the media gateways associated with this
SBE and statistics associated with the media
gateway.
39-455
OL-13499-04
show services sbc sbe policy-failure-stats
To list the statistics for all of the policy failures on a specific SBE, use the show services sbc sbe
policy-failure-stats command in EXEC mode.
show services sbc sbc-name sbe policy-failure-stats period
Syntax Description
Command History
Usage Guidelines Readings are taken at five-minute intervals past the hour (for example, 05, 10, 15 and so on). Current
readings apply to the statistics since the last appropriate readings were taken.
If the time is now 12:34 then currenthour applies to the statistics collected since 11:35 and
current15mins is since 12:20. Also, in this example, previoushour indicates 10:35-11:35 and
previous15mins indicates 12:05-12:20.
Examples The following example shows the complete policy failure stats for the current hour:
host1/Admin# show services sbc test sbe policy-failure-stats current15mins
period Specifies the time period for the statistics that you want to display. The time
period can be one of the following:
current15minsDisplays statistics in 15 minute intervals starting
from the current minute.
current5minsDisplays statistics in 5 minute intervals starting from
the current minute.
currentdayDisplays statistics for the current day starting midnight
of the same day.
currenthourDisplays statistics for the current hour.
previous15minsDisplays statistics from previous 15 minute
intervals.
previous5minsDisplays statistics from previous 5 minute intervals.
previousdayDisplays statistics from the previous day.
previoushourDisplays statistics from the previous hour.
39-456
OL-13499-04
Policy failure statistics for the current 15 mins:
Total call setup failures: 0
Total call update failures: 0
Call setups failed due to NA: 0
Call setups failed due to rtg: 0
Call setups failed due to CAC: 0
CAC fails due to num call lim: 0
CAC fails due to rate call lim: 0
CAC fails due to num channels lim: 0
CAC fails due to num media updates: 0
CAC fails due to bandwidth lim: 0
policy-rejection-stats
Clears all the policy rejection statistics by the SBE.
policy-failure-stats src-adjacency
Lists the statistics for all the policy failures on the specified
SBE.
policy-failure-stats dst-adjacency
Lists the statistics for the policy failures for calls with the
adjacency.
policy-failure-stats src-account
account.
policy-failure-stats dst-account
account.
39-457
OL-13499-04
show services sbc sbe policy-failure-stats dst-account
To list policy failure statistics for a specified target account for a specified time period, use the
show services sbc sbe policy-failure-stats dst-account command in EXEC mode.
show services sbc sbc-name sbe policy-failure-stats dst-account name period time-period
Syntax Description
Command History
Examples The following example lists the policy failure statistics for an adjacent account named AA for the current
hour:
host1/Admin# show services sbc mysbc sbe policy-failure-stats dst-account AA period
currenthour
SBC Service mysbc
Policy failure statistics for the current hour for source adjacency AA
name Specifies the name of the account for which you would like to display
statistics. The maximum length of this value is 30 characters.
period time-period Specifies the time period to which the statistics apply. Choose one of the
following time intervals:
the current minute.
of the same day.
intervals.
39-458
OL-13499-04
dst-adjacency
Lists policy failure statistics for calls within the specified target adjacency
for the specified time period.
src-account
Lists policy failure statistics for calls within the specified source account for
the specified time period.
src-adjacency
Lists policy failure statistics for calls within the specified source adjacency
39-459
OL-13499-04
show services sbc sbe policy-failure-stats dst-adjacency
To list policy failure statistics for a specified target adjacency for a specified time period use the show
services sbc sbe policy-failure-stats dst-adjacency command in EXEC mode.
show services sbc sbc-name sbe policy-failure-stats dst-adjacency name period time-period
Syntax Description
Command History
Examples The following example shows the policy failure statistics for an adjacency named ZZ for the current
hour:
host1/Admin# show services sbc mysbc sbe policy-failure-stats dst-adjacency ZZ period
currenthour
SBC Service mysbc
Policy failure statistics for the current hour for source adjacency ZZ
name Specifies the name of the adjacency for which you would like to display
the current minute.
of the same day.
intervals.
39-460
OL-13499-04
dst-account
Lists policy failure statistics for calls within the specified target account for
src-account
src-adjacency
39-461
OL-13499-04
show services sbc sbe policy-failure-stats src-account
To list policy failure statistics for a specified source account for a specified time period use the show
services sbc sbe policy-failure-stats src-account command in EXEC mode.
show services sbc sbc-name sbe policy-failure-stats src-account name period time-period
Syntax Description
Command History
Examples The following example shows the policy failure statistics for a source account named BB for the current
hour:
host1/Admin# show services sbc mysbc sbe policy-failure-stats src-account BB period
currenthour
SBC Service mysbc
Policy failure statistics for the current hour for source adjacency BB
name Specifies the name of the account for which you would like to display
the current minute.
of the same day.
intervals.
39-462
OL-13499-04
dst-adjacency
dst-account
src-adjacency
39-463
OL-13499-04
show services sbc sbe policy-failure-stats src-adjacency
To list policy failure statistics for a specified source adjacency for a specified time period use the show
services sbc sbe policy-failure-stats src-adjacency command in EXEC mode.
show services sbc sbc-name sbe policy-failure-stats src-adjacency name period time-period
Syntax Description
Command History
Examples The following example displays policy failure statistics for a source adjacency named YY for the current
hour:
host1/Admin# show services sbc test sbe policy-failure-stats src-adjacency Acct1
period current15mins
Policy failure statistics for the current 15 mins for source adjacency Acct1
name Specifies the name of the adjacency for which you would like to display
statistics. The maximum name length is 30 characters.
the current minute.
of the same day.
intervals.
39-464
OL-13499-04
dst-adjacency
src-account
dst-account
39-465
OL-13499-04
show services sbc sbe qos-profiles
To list all QoS profiles, use the show services sbc sbe qos-profiles command in EXEC mode. If you
specify a QoS profile, the details of that profile are shown.
show services sbc sbc-name sbe qos-profiles [profile-name]
Syntax Description
Command History
Examples The following example shows how to list all of the QoS profiles on the SBE:
host1/Admin# show services sbc test sbe qos-profiles
Profile name Class
---------------------------------------------------------
default Voice
profile6 Voice
residential Voice
default Video
profile3 Video
profile5 Video
profile7 Video
profile9 Video
default Fax
default Signaling
profile2 Signaling
profile4 Signaling
profile8 Signaling 7
The show services sbc test sbe qos-profiles command is invalid when displaying one profile. Correct
usage is singular as shown below.
host1/Admin# show services sbc test sbe qos-profiles profile6
^
% long command detected at '^' marker.
host1/Admin# show services sbc test sbe qos-profile profile6
QoS profile profile6
Class of Service Voice
Marking type Passthrough
profile-name (Optional) Specifies the profile name.
39-466
OL-13499-04
host1/Admin#
Related Commands
Command Description
39-467
OL-13499-04
show services sbc sbe radius-client-accounting acounting
show services sbc sbe radius-client-accounting acounting
To list the the parameters configured for the account, use the show services sbc sbe
radius-client-accounting acounting command in EXEC mode.
show services sbc sbc-name sbe radius-client-accounting acounting client-name
Syntax Description
Command History
Examples The following example lists the the parameters configured for accounting:
host1/Admin# show services sbc uut105-1 sbe radius-client-accounting accounting
SBC1-account-1
SBC Service ''uut105-1''
radius client address = 88.105.2.100
radius client retry interval = 1200
radius client retry limit = 5
radius client concurrent requests limit = 250
host1/Admin#
Related Commands
client-name Clears all statistics for the specified local RADIUS client.
Command Description
radius-client-accounting authentication
Lists the the parameters configured for the
authentication.
39-468
OL-13499-04
show services sbc sbe radius-client-accounting authentication
show services sbc sbe radius-client-accounting authentication
To list the the parameters configured for the authentication, use the show services sbc sbe
radius-client-accounting authentication command in EXEC mode.
show services sbc sbc-name sbe radius-client-accounting authentication
Syntax Description
Command History
Examples The following example lists the the parameters configured for the authentication:
host1/Admin# show services sbc mysbc sbe radius-client-accounting authentication
SBC Service ''node105''
radius client address = 88.105.128.100
radius client retry interval = 1800
radius client retry limit = 5
radius client concurrent requests limit = 250
Related Commands
Command Description
radius-client-accounting acounting
Lists the the parameters configured for the
account.
39-469
OL-13499-04
show services sbc sbe radius-client-stats
show services sbc sbe radius-client-stats
To list the RADIUS accounting client statistics for all accounting clients configured on an SBE, use the
show services sbc sbe radius-client-stats command in EXEC mode.
show services sbc sbc-name sbe radius-client-stats radius-client [accounting client-name |
authentication]
Syntax Description
Command History
Examples The following example shows how to list the RADIUS accounting server statistics for all accounting
servers configured on an SBE:
host1/Admin# show services sbc j sbe radius-client-stats accounting CISCO_UM
SBC Service "j"
Bad address packets: 0
Primary server: RADIUS1
Radius SET state: Active
The following example shows how to list the RADIUS accounting server statistics for all authentication
servers configured on an SBE:
host1/Admin# show services sbc j sbe radius-client-stats authentication
SBC Service "j"
Bad address packets: 0
Primary server:
Related Commands
radius-client Specifies the RADIUS client to show.
accounting
client-name
Specifies the name to assign to the accounting RADIUS client.
Command Description
show services sbc sbe radius-server-stats Lists the RADIUS server statistics for all
accounting servers.
39-470
OL-13499-04
show services sbc sbe radius-server-stats
To list the RADIUS server statistics for all accounting servers configured on a RADIUS client on an
SBE, use the show services sbc sbe radius-server-stats command in EXEC mode.
show services sbc sbc-name sbe radius-server-stats radius-client [accounting client-name |
authentication]
Syntax Description
Command History
Examples The following example shows how to list the RADIUS server statistics for all accounting servers
configured on a radius client on an SBE:
host1/Admin# show services sbc sanity sbe radius-server-stats accounting SBC1-account-1
SBC Service ''sanity''
Cisco-AR1-PC:
Round trip time: 0 ms
Access-requests sent: 0
Access-request retransmitted: 0
Access-accepts received: 0
Access-reject received: 0
Access-challenge received: 0
Accounting-requests sent: 0
Accounting-requests retransmitted: 0
Accounting-responses received: 0
Malformed packets received: 0
Invalid authenticators received: 0
Outstanding repsonses: 0
Timeouts occurred: 0
Unknown packets: 0
Packets dropped: 0
The following example shows how to list the RADIUS server statistics for all authentication servers
configured on a radius client on an SBE:
host1/Admin# show services sbc sanity sbe radius-server-stats authentication
radius-client Specifies the RADIUS client to show.
accounting
client-name
Specifies the name to assign to the accounting RADIUS client.
39-471
OL-13499-04
SBC Service ''sanity''
Cisco-AR1-PC:
Round trip time: 0 ms
Access-requests sent: 0
Access-request retransmitted: 0
Access-accepts received: 0
Access-reject received: 0
Access-challenge received: 0
Accounting-requests sent: 0
Accounting-requests retransmitted: 0
Accounting-responses received: 0
Malformed packets received: 0
Invalid authenticators received: 0
Outstanding repsonses: 0
Timeouts occurred: 0
Unknown packets: 0
Packets dropped: 0
Related Commands
Command Description
39-472
OL-13499-04
show services sbc sbe redirect-limit
show services sbc sbe redirect-limit
To display the current limit on the maximum number of redirections that a call can undergo, use the show
services sbc sbe redirect-limit command in EXEC mode.
show services sbc sbc-name sbe redirect-limit
Syntax Description
Command History
Examples The following example displays the limit on the maximum number of redirections that a call can
undergo:
host1/Admin# show service sbc mysbc sbe redirect-limit
SBC Service mySbc
Call redirect limit is 4
Related Commands
Command Description
redirect-limit Configures the maximum number of redirections
that SBC performs on a call.
39-473
OL-13499-04
show services sbc sbe resource-priority-sets
show services sbc sbe resource-priority-sets
To display the resource priority sets, use the show services sbc sbe resource-priority-sets command in
EXEC mode.
show services sbc sbc-name sbe resource-priority-sets
Syntax Description
Command History
Usage Guidelines Lists the high-level status and capabilities of each instantiated SBE or DBE.
Examples The following example shows how the show services sbc sbe resource-priority-sets command is used
to display the resource priority sets:
host1/Admin# show services sbc mysbc sbe resource-priority-sets
Resource priority sets
---------------------------------------------------------
dsn
host1/Admin# show services sbc test sbe resource-priority-set dsn
Resource priority set: dsn
Name Value
---------------------------------------------------------------------
dsn.flash Flash
ACE-104-1.4/Admin#
Related Commands
Command Description
priority Configures the priority to associate with the
Resource-Priority.
39-474
OL-13499-04
show services sbc sbe sdp-h245-mapping
To display the mapping for codec strings between SDP (SIP) and H245 (H323), use the show services
sbc sbe sdp-h245-mapping command in EXEC mode.
show services sbc sbc-name sbe sdp-h245-mapping
Syntax Description
Command History
Examples The following example shows how the show services sbc sbe sdp-h245-mapping command is used.
host1/Admin# show services sbc mysbc sbe sdp-h245-mappings
SDP H.245
------------------
PCMA g711Alaw64k
PCMU g711Ulaw64k
G722 g722_64k
G723 g7231
G728 g728
G729 g729,
g729AnnexA,
g729wAnnexB,
g729AnnexAwAnnexB
GSM gsmFullRate
t38 t38Fax
In H.323 calls,
- T.38 fax is the only non-audio codec supported.
- Audio codecs not in the list above are reported as ''PCMU''.
In SIP/H.323 interworking calls, only audio codecs using static
RTP payload types are supported.
39-475
OL-13499-04
Related Commands
Command Description
show services sbc sbe sdp-match-table Shows the SDP match table configured on the
SBC.
39-476
OL-13499-04
show services sbc sbe sdp-match-table
show services sbc sbe sdp-match-table
To show the SDP match table configured on the SBC, use the show services sbc sbe sdp-match-table
show services sbc sbc-name sbe sdp-match-table [detail]
Syntax Description
Command History
Examples The following example shows how the show services sbc sbe sdp-match-table command is used to
display SDP match table:
host1/Admin# show services sbc pgw sbe sdp-match-table detail
Name : m <--- table name
Action : blacklist <--- action: blacklist or whitelite
Match String : ddd <--- several match string
ddf

-------------------------------------------------
Name : n
Action : whitelist
Match String : 2
3
4
Related Commands
detail Shows the SDP attribute configured on a given SDP match table.
Command Description
show services sbc sbe sdp-h245-mapping Displays the mapping for codec strings between
SDP (SIP) and H245 (H323).
39-477
OL-13499-04
show services sbc sbe sdp-policy-table
show services sbc sbe sdp-policy-table
To show the SDP policy table configured on the SBC, use the show services sbc sbe sdp-policy-table
show services sbc sbc-name sbe sdp-policy-table
Syntax Description
Command History
Examples The following example shows how the show services sbc sbe resource-priority-sets command is used
to display the SDP policy table:
host1/Admin# show services sbc pgw sbe sdp-policy-table
Name SDP Match Table
--------------------------------------------------
p m <--- "m" is sdp match table name
Related Commands
Command Description
show services sbc sbe sdp-match-table Shows the SDP match table configured on the
SBC.
39-478
OL-13499-04
show services sbc sbe sip essential-headers
show services sbc sbe sip essential-headers
To display a list of the essential SIP headers, use the show services sbc sbe sip essential-headers
show services sbc sbc-name sbe sip essential-headers
Syntax Description
Command History
Examples The following example shows how the show services sbc sbe sip essential-headers command is used
to display a list of all essential headers:
host1/Admin# show services sbc mySbc sbe sip essential-headers
Essential headers:
AUTHORIZATION CALL-ID CONTACT CONTENT-LENGTH
CONTENT-TYPE CSEQ EVENT EXPIRES FROM MAX-FORWARDS
MIN-EXPIRES PROXY-AUTHORIZATION
PROXY-AUTHENTICATE PROXY-REQUIRE RACK
RECORD-ROUTE REFERRED-BY REFER-TO REPLACES
REQUIRE ROUTE RSEQ SUBSCRIPTION-STATE SUPPORTED
TO VIA WWW-AUTHENTICATE
Related Commands
Command Description
sip header-profiles
Displays a list of all configured SIP header profiles.
39-479
OL-13499-04
show services sbc sbe sip essential-methods
To display a list of the essential SIP methods, use the show services sbc sbe sip essential-methods
show services sbc sbc-name sbe sip essential-methods
Syntax Description.
Command History
Examples The following example shows how the show services sbc sbe sip essential-methods command is used
to display a list of all essential methods:
host1/Admin# show services sbc mySbc sbe sip essential-methods
Essential methods:
ACK BYE CANCEL INVITE NOTIFY PRACK REFER REGISTER
SUBSCRIBE
Related Commands
Command Description
sip method-profiles
Displays a list of all configured SIP method profiles.
39-480
OL-13499-04
show services sbc sbe sip essential-options
show services sbc sbe sip essential-options
To show the options that are vital for base SBC operation, use the show services sbc sbe sip
essential-options command in EXEC mode.
show services sbc sbc-name sbe sip essential-options
Syntax Description
Command History
Usage Guidelines These options can not be configured on an option profile.
Examples The following example shows how the show services sbc sbe sip essential-options command is used to
display a list of all essential methods:
host1/Admin# show services sbc test sbe sip essential-options
Essential options:
100REL
Related Commands
Command Description
show services sbc sbe sip method-profiles Displays a list of all configured SIP method
profiles.
39-481
OL-13499-04
show services sbc sbe sip fast-register-stats
show services sbc sbe sip fast-register-stats
To show how many subscribers have been afforded fast register status by the application, use the show
services sbc sbe sip fast-register-stats command in EXEC mode.
show services sbc sbc-name sbe sip fast-register-stats
Syntax Description
Command History
Usage Guidelines A register message in the context of this command is counted as a unique combination of the pair of
address-of-record (AOR) and Contact-URI (CURI). Thus, a single REGISTER message from the
subscriber, identified by an AOR with two contact URI will translate to a count of 2.
Examples The following example shows how the show services sbc sbe sip essential-options command is used to
display a list of all essential methods:
host1/Admin# show services sbc mysbc sbe sip fast-register-stats
SBC Service "mysbc"
SIP fast register statistics:
Total entries: 15
39-482
OL-13499-04
show services sbc sbe sip header-profile
show services sbc sbe sip header-profile
To display details of the specified SIP header profile, use the show services sbc sbe sip header-profile
show services sbc sbc-name sbe sip header-profile profile-name
Syntax Description
Command History
Examples The following example shows how the show services sbc sbe sip header-profile command is used to
display details of the specified header profile:
host1/Admin# show services sbc test sbe sip header-profile default
Header profile ''default''
Type: Whitelist
Headers:
HEADERS-A
HEADERS-B
HEADERS-C
Adjacency: sip-60 (out)
Adjacency: sip-61 (in)
Related Commands
profile-name Specifies the name of the header profile. If you enter the name default, the
details of the default header profile are displayed.
Command Description
sip header-profiles
Displays a list of all configured SIP header profiles.
39-483
OL-13499-04
show services sbc sbe sip header-profiles
show services sbc sbe sip header-profiles
To display a list of all configured SIP header profiles, use the show services sbc sbe sip header-profiles
show services sbc sbc-name sbe sip header-profiles
Syntax Description
Command History
Examples The following example shows how the show services sbc sbe sip header-profiles command is used to
display a list of all configured header profiles:
host1/Admin# show services sbc mySbc sbe sip header-profiles
Header profile for SBC service "mysbc"
Name In use
====================================
Profile1 Yes
Default No
Related Commands
Release 3.1.00 Enhanced to show additional information.
Command Description
sip header-profile
Displays details of the specified SIP header profile.
39-484
OL-13499-04
show services sbc sbe sip method-profile
show services sbc sbe sip method-profile
To display details for the specified method profile, use the show services sbc sbe sip method-profile
show services sbc sbc-name sbe sip method-profile prof-name
Syntax Description
Command History
Examples The following example shows how the show services sbc sbe sip method-profile command is used to
display a specific method profile:
host1/Admin# show services sbc test sbe sip method-profile method2
Method profile ''method2''
Type: Whitelist
Methods:
meth1
meth2
Adjacency: sip-60 (in)
Adjacency: sip-61 (out)
Related Commands
prof-name Name of profile.
Release 3.1.00 Enhanced to show the response code map.
Command Description
show services sbc sbe sip header-profile Displays details of the specified SIP header
profile.
39-485
OL-13499-04
show services sbc sbe sip method-profiles
show services sbc sbe sip method-profiles
To display a list of all SIP method profiles, use the show services sbc sbe sip method-profiles command
in EXEC mode.
show services sbc sbc-name sbe sip method-profiles
Syntax Description

Command History
Examples The following example shows how the show services sbc sbe sip method-profiles command is used to
display a list of all configured method profiles:
host1/Admin# show services sbc mySbc sbe sip method-profiles
Method profile for SBC service "mysbc"
Name In use
====================================
Profile1 No
Default Yes
Related Commands
Command Description
sip method-profile
Displays details of the specified SIP method profile.
39-486
OL-13499-04
show services sbc sbe sip option-profile
show services sbc sbe sip option-profile
To show the details for a specified option profile, use the show services sbc sbe sip option-profile
show services sbc sbc-name sbe sip option-profile profile-name
Syntax Description
Command History
Examples The following example shows how the show services sbc sbe sip option-profile command is used to
display details of the specified option profile:
host1/Admin# show services sbc test sbe sip option-profile profile1
Option profile ''profile1''
Type: Whitelist
Options:
opt1
Adjacency: sip-60 (in-px)
NABOO_4/Admin#show services sbc test sbe sip option-profile profile2
Option profile ''profile2''
Type: Whitelist
Options:
opt1
opt2
Related Commands
profile-name Specifies the name of the profile.
Command Description
sip option-profiles
Displays a list of all configured SIP option profiles.
39-487
OL-13499-04
show services sbc sbe sip-method-stats
To show the summary or detailed statistics for a SIP method, use the show services sbc sbe
sip-method-stats command in EXEC mode.
show services sbc sbc-name sbe sip-method-stats adj-name sip-req-name sip-response-code
summery-period
Syntax Description
Command History
Usage Guidelines Summary statistics displays all the response codes sent and received for a specific SIP method.
Detailed statistics displays the statistics for specific SIP method and response code. You must use the
sip-response-code string to view detailed statistics.
Examples The following example shows how the show services sbc sbe sip-method-stats command is used to
display summary statistics for a specific SIP method:
host1//Admin# show services sbc sbc sbe sip-method-stats sip-41 invite currenthour
SBC Service "sbc"
Adjacency sip-41 (SIP)
Statistics for SIP method INVITE
Total request recieved :3
Total request sent :0
adj-name Specifies the name of the adjacency.
sip-req-name Specifies the request name: ACK BYE CANCEL INFO INVITE
MESSAGE NOTIFY OPTIONS PRACK REFER REGISTER
SUBSCRIBE UNKNOWN UPDATE
sip-response-code 100-999
summery-period Values you can enter are current5mins, current15mins, currenthour,
currentday, previous5mins, previous15mins, previoushour, or previousday.
39-488
OL-13499-04
Other response received :0
Other response sent :0
host1/Admin#
The following example shows how the show services sbc sbe sip-method-stats command is used to
display detailed statistics for a specific SIP method:
host1//Admin# show services sbc sbc sbe sip-method-stats sip-41 invite 604 currenthour
SBC Service "sbc"
Adjacency sip-41 (SIP)
Statistics for SIP method INVITE ,response 604
Response recieved: 0
Response sent : 3
host1/Admin#
sip option-profiles
Displays a list of all configured SIP option profiles.
39-489
OL-13499-04
show services sbc sbe sip option-profiles
show services sbc sbe sip option-profiles
To display a summary of the configured option profiles, use the show services sbc sbe sip
option-profiles command in EXEC mode.
show services sbc sbc-name sbe sip option-profiles
Syntax Description
Command History
Examples The following example shows how the show services sbc sbe sip option-profiles command is used to
display details of the specified header profile:
host1/Admin# show services sbc test sbe sip option-profiles

Option profiles for SBC service "test":
Name Description In use
===================================================
default Default profile Yes
OP1 Option profile 1 Yes
OP2 Option profile 2 Yes
OPTest Unused profile No
Related Commands
Command Description
sip option-profile Configures an option profile.
39-490
OL-13499-04
show services sbc sbc sbe sip parameter-profile
show services sbc sbc sbe sip parameter-profile
To display a summary of the configured parameter-profile, use the show services sbc sbc sbe sip
parameter-profile command in EXEC mode.
show services sbc sbc-name sbe sip parameter-profile profile-name
Syntax Description
Command History
Examples The following example shows how the show services sbc sbc sbe sip parameter-profile command is
used to display details of the specified parmater-profile access-param:
host1/Admin# show services sbc test sbe sip parameter-profile access-param

Parameter profile "access-param"
Description:
Parameters:
firewall
action add-or-replace
value private-ip-address
Not in use with any method-profile
In use by header-profile:access,header:contact,entry:1
ACE-7/Admin# sh services sbc sbc sbe sip header-profile proxy
Header profile "proxy"
Description:
Type: Whitelist
Headers:
contact
entry 1
action as-profile
Not in use with any method-profile
Related Commands
Command Description
parameter-profile Configures a parameter profile.
39-491
OL-13499-04
show services sbc sbe sip subscribers
To display details of all SIP endpoints that have registered with the SBC, use the show services sbc sbe
sip subscribers command in EXEC mode.
show services sbc sbc-name sbe sip subscribers [filter prefix] [adjacency adj-name]
Syntax Description
Command History
Examples The following example shows how the show services sbc sbe sip subscribers command is used to
display details of the SIP endpoints that have registered with the SBC:
host1/Admin# show services sbc node2 sbe sip subscribers
SBC Service "mysbc"
SIP subscribers:
AOR: sip:sipuser1@cisco.com
Subscriber Location[s]: sip:sipuser_21@101.101.101.4:5060 -> 7200-2
Fast register active, fast time remaining 88
sip:sipuser1@101.101.101.4:5060 -> 7200-2
SIP URI: sip:sipuser1@101.101.101.5:5070
Registrar adj: 7200-1
Time left: 181 secs
AOR: sip:sipuser2@cisco.com
Subscriber Location[s]: sip:sipuser_22@101.101.101.4:5060 -> 7200-2
sip:sipuser2@101.101.101.4:5060 -> 7200-2
SIP URI: sip:sipuser2@101.101.101.5:5070
Registrar adj: 7200-1
Time left: 181 secs
filter prefix Match only subscribers whose address-of-record starts with the specified
prefix.
adjacency adj-name Match only subscribers registered on this adjacency.
39-492
OL-13499-04
Related Commands
Command Description
show services sbc sbe sip timers Displays the current configuration of SIP-related
timers.
39-493
OL-13499-04
show services sbc sbe sip timers
show services sbc sbe sip timers
To show the current configuration of SIP-related timers, use the show services sbc sbe sip timers
show services sbc service-name sbe sip timers
Syntax Description
Command History
Examples The following example shows how to list the configurations of SIP-related timers:
host1/Admin# show services sbc test sbe sip timers
IP timer configuration:
TCP connect timeout: 0 ms
TCP idle timeout: 120000 ms
TLS idle timeout: 3600000 ms
INVITE timeout: 180 s
UDP first retransmit interval: 500 ms
UDP max retransmit interval: 4000 ms
UDP response linger period: 5000 ms
Related Commands
service-name Specifies the name of the SBC.
Command Description
show services sbc sbe sip subscribers Displays details of all SIP endpoints that have
registered with the SBC.
39-494
OL-13499-04
show services sbc services
To display lists all of the SBC services on the chassis, use the show services sbc services command in
EXEC mode.
Command History
Examples The following example shows how the show services sbc services command is used to display lists of
all the SBC services on the chassis.
host1/Admin# show services sbc mysbc services
SBC Service "mySbc"
SBE capabilities
SIP Signaling
H.323 Signaling
H.248 media gateway control (MGC)
DBE capabilities
Related Commands
Command Description
show services sbc sbe calls Shows all the calls on the SBC.
39-495
OL-13499-04
signaling-address ipv4
To define the local IPv4 signaling address of an H.323 or SIP adjacency, use the signaling-address ipv4
command in the appropriate configuration mode. To return to the default behavior, use the no form of
this command.
signaling-address ipv4 ipv4_IP_address
no signaling-address
Syntax Description
Command History
When defined, the SBE listens on this address for inbound call signaling from the adjacency. If two
adjacencies share the same signaling address, a different remote domain name must be specified for each
one.
Examples The following example shows how to configure the H.323 adjacency h323ToIsp42 to listen on signaling
address 10.1.0.2:
host1/Admin(config-sbc-sbe-adj-h323)# signaling-address ipv4 10.1.0.2
The following example shows how to configure the SIP adjacency adjSip1 to listen on signaling address
10.10.10.10:
host1/Admin(config-sbc-sbe)# adjacency sip adjSip1
ipv4_IP_address Specifies the IPv4 address for the signaling address of the SIP or H.323
adjacency.
39-496
OL-13499-04
Related Commands
Command Description
signaling-peer-port Configures an H.323 or SIP adjacency to use the
given remote signaling-peers port.
39-497
OL-13499-04
signaling-peer
signaling-peer
To configure an H.323 or SIP adjacency to use the given remote signaling-peer, use the signaling-peer
command in the appropriate configuration mode. To remove this configuration, use the no form of this
command.
signaling-peer gk peer-name
no signaling-peer
Syntax Description
Command History
Examples The following example shows how to configure the H.323 adjacency h323ToIsp42 to use gatekeeper
andrew:
host1/Admin(config-sbc-sbe-adj-h323)# signaling-peer gk andrew
Note You can use the signaling-peer command to configure the SIP adjacency using the IP address or the
hostname of the given remote signaling-peer.
The following example shows how to configure SIP adjacency using the IP address of the given remote
signaling-peer:
host1/Admin(config-sbc-sbe)# adjacency sip adjSip1
peer-name Specifies the IPv4 address in dotted decimal format.
gk Specifies the H.323 gatekeeper.
39-498
OL-13499-04
signaling-peer
The following example shows how to configure SIP adjacency using the hostname of the given remote
signaling-peer:
host1/Admin(config-sbc-sbe-adj-sip)# signaling-peer athene
signaling-peer-port Configures an H.323 or SIP adjacency to use the given remote
signaling-peers port.
39-499
OL-13499-04
signaling-peer-port
signaling-peer-port
To configure an H.323 or SIP adjacency to use the given remote signaling-peers port, use the
signaling-peer-port command in the appropriate configuration mode. To remove this configuration, use
signaling-peer-port port-num
no signaling-peer-port
Syntax Description
Command Default By default, this command assumes that port-num is 5060.
Command History
Examples The following example shows how to configure the H.323 adjacency h323ToIsp42 to use port 123 on the
signaling peer:
host1/Admin(config-sbc-sbe-adj-h323)# signaling-peer-port 123
The following example shows how to configure the SIP adjacency SipToIsp42 to port 123 as the
signaling peers port:
Related Commands
port-num Specifies the number of the signaling port. Range is 1 to 65535.
Command Description
signaling-peer Configures an H.323 or SIP adjacency to use the
given remote signaling-peer.
39-500
OL-13499-04
signaling-port
signaling-port
To define the local port of signaling address of an H.323 or SIP adjacency, use the signaling-port
command in the appropriate configuration mode. To return to the default value, use the no form of this
command.
signaling-port port-num
no signaling-port
Syntax Description
Command Default port-num: 5060
Command History
The SBE will listen on this port for inbound call signaling from the adjacency. The port will also be
appended to the SBEs contact header on outbound SIP requests and responses.
Examples The following example shows how to configure the SIP adjacency SipToIsp42 to listen on signaling port
5000:
Related Commands
port-num Specifies the number of the signaling peer. Range is 1 to 65535.
Command Description
signaling-address ipv4 Configures a SIP adjacency to use the given remote signaling-peer.
39-501
OL-13499-04
sip
sip
To create the SIP configuration mode, use the sip command in SBE configuration mode. To remove the
DBE entity, use the no form of this command.
sip
no sip
Command History
39-502
OL-13499-04
sip dns
sip dns
To enter the SIP DNS configuration mode, use the sip dns command in the SBE configuration mode. To
exit this mode, use the exit command.
sip dns
Command History
Examples The following example shows how to configure limits on DNS entries:
host1/Admin(config-sbe-dns)#
Related Commands
Command Description
cache-lifetime Configures the lifetime of any DNS entry.
cache-limit Configures the maximum number of entries that are permitted in the DNS
cache.
39-503
OL-13499-04
sip encryption key
sip encryption key
To configure a global encryption key on a SIP Interconnection Border Control Function (IBCF)
adjacency, use the sip encryption key command in the SIP adjacency mode. To deconfigure the global
encryption key, use the no form of this command.
sip encryption key key
no sip encryption key key
Syntax Description
Command History
Examples The following example shows how the sip encryption key command is used to configure a global
encryption key on a SIP IBCF adjacency:
host1/Admin(config-sbe-adj-sip)# encryption key mykey
Related Commands
key Specifies the encryption key.
Command Description
sip inherit profile Configures a global inherit profile in the SIP adjacency mode.
39-504
OL-13499-04
sip header-profile
sip header-profile
To configure a header profile in the mode of an SBE entity, use the sip header-profile command in SBE
configuration mode. To remove the method profile, use the no form of this command.
sip header-profile profile-name
no sip method-profile
Syntax Description
Command History
Examples The following example shows how the sip header-profile command configures a method profile with
the name of test1:
host1/Admin(config-sbc-sbe)# sip header-profile test1
Related Commands
profile-name Specifies the name of the method profile. If you enter the name default, the
default profile is configured.
Command Description
method Adds a method with a specified name to a SIP message profile.
pass-body Permits SIP message bodies to pass through for non-vital SIP methods
39-505
OL-13499-04
sip home network identifier
sip home network identifier
To configure a home network identifier on all IBCF adjacencies, use the sip home network identifier
command in the SBE cconfiguration mode. To deconfigure the home network identifier, use the no form
of this command.
sip home network identifier network-name
no sip home network identifier
Syntax Description
Command History
Examples The following example shows how the home network identifier command is used to configure a home
network identifier on all IBCF adjacencies:
host1/Admin(config-sbc-sbe)# sip home network identifier myhome.com
Related Commands
network-name Specifies the name of the home network identifier.
Command Description
sip visited network
identifier
Configures a visited network identifier on a SIP Proxy-Call Session Control
Function (P-CSCF) adjacency.
39-506
OL-13499-04
sip hunting-trigger
sip hunting-trigger
To configure failure return codes to trigger hunting, use the sip hunting-trigger command in the SBE
configuration mode.The no form of the command clears all error codes.
If you enter no hunting-trigger x y, then just codes x and y are removed from the configured list.
sip hunting-trigger error-codes
no sip hunting-trigger error-codes
Syntax Description
Command Modes SBE configuration(config-sbc-sbe)
Command History
Usage Guidelines If you enter hunting-trigger x followed by hunting-trigger y, the value of x is replaced with y.
To set both x and y to be hunting triggers, you must enter hunting-trigger x y.
To use this command, you must be in the correct configuration mode and submode.
The "Examples" section shows the hierarchy of modes and submodes required to run the command.
Examples The following example shows how to configure SIP to retry routing if it receives a 415 (media
unsupported) or 480 (temporarily unavailable) error:
host1/Admin (config-sbc-sbe)# sip hunting trigger 416 480
Related Commands
error-codes Signifies a space-separated list of SIP numeric error codes.
Command Description
hunting-trigger
Shows the the H.323 or SIP hunting triggers at the global level.
39-507
OL-13499-04
sipi
sipi
To configure the SIP-I commands on a SIP adjacency, use the sipi command in adjacency SIP
configuration mode. To deconfigure the SIP-I commands, use the no form of this command.
sipi passthrough
no sipi passthrough
Syntax Description
Command History
Examples The following example shows how the sipi command is used to configure a SIP adjacency for SIP-I
passthrough:
host1/Admin(config-sbe-adj-sip)# sipi passthrough
Related Commands
passthrough Configures a SIP adjacency for SIP-I passthrough.
Command Description
show services sbcs sbe
adjacencies
Lists the adjacencies configured on the SBE.
39-508
OL-13499-04
sip inherit profile
sip inherit profile
To configure a global inherit profile, use the sip inherit profile command in adjacency SIP configuration
mode. To deconfigure the global inherit profile, use the no form of this command.
sip inherit profile {preset-ibcf-ext-untrusted | preset-ibcf-external | preset-ibcf-internal |
no sip inherit profile
Syntax Description
SBE configuration(config-sbc-sbe)
Command History
Examples The following example shows how the sip inherit profile command is used to configure a
P-CSCF-access inherit profile on a SIP adjacency:
host1/Admin(config-sbe-adj-sip)# inherit profile preset-p-cscf-access
The following example shows how to configure a P-CSCF-access default profile:
host1/Admin(config-sbc-sbe)# sip inherit profile preset-p-cscf-access
preset-ibcf-ext-untrusted Specifies a preset IBCF external untrusted profile.
preset-ibcf-external Specifies a preset IBCF external profile.
preset-ibcf-internal Specifies a preset IBCF internal profile.
preset-p-cscf-access Specifies a preset P-CSCF-access profile.
preset-p-cscf-core Specifies a preset P-CSCF-core profile.
preset-standard-non-ims Specified a preset standard-non-IMS profile.
39-509
OL-13499-04
sip inherit profile
sip timer Enters the mode of a SIP timer function.
39-510
OL-13499-04
sip max-connections
sip max-connections
To configure the maximum number of SIP connections that will be made to each remote address, use the
sip max-channels command in SBE configuration mode. To set this to an unlimited number of
connections, use the no form of this command.
sip max-connections number-of-connections
no sip max-connections number-of-connections
Syntax Description
Command Modes SBE configuration(config-sbc-sbe)
Command History
Related Commands
number-of-connections The maximum number of connections.
Command Description
table.
table.
39-511
OL-13499-04
sip method-profile
sip method-profile
To configure a method profile in the mode of an SBE entity, use the sip method-profile command in
SBE configuration mode. To remove the method profile, use the no form of this command.
sip method-profile profile-name
no sip method-profile
Syntax Description
Command History
Examples The following example shows how the sip method-profile command configures a method profile with
the name of test1:
Related Commands
profile-name Specifies the name of the method profile. If you enter the name default, the
default profile is configured. This profile is used for all adjacencies that do
Command Description
pass-body Permits SIP message bodies to pass through for non-vital SIP methods
39-512
OL-13499-04
sip option-profile
sip option-profile
To configure an option profile in the mode of an SBE entity for a SIP option whitelist or blacklist profile,
use the sip option-profile command in SBE configuration mode. To remove the option profile, use the
sip option-profile {profile-name | default}
no sip option-profile {profile-name | default}
Syntax Description
Command Modes SBE configuration
Command History
Use the sip option-profile command to enter SBE SIP option configuration mode.
If you use the default keyword, the default profile is configured. This profile is used for all adjacencies
which do not have a specific profile configured.
Examples The following example shows how to configure an option profile with the name of test1.
host1/Admin(config-sbc-sbe-sip-opt)#
profile name Name of the method profile.
default Configures the default option profile.
39-513
OL-13499-04
sip option-profile
blacklist Configures SIP header or method blacklist profiles on a Session Initiation
Protocol (SIP) message.
description Configures the description for the SIP header-profile or SIP method-profile.
pass-body Permits SIP message bodies to pass through [for non-vital SIP methods
accepted by a method profile] in the SIP method profile mode of an SBE
entity.
39-514
OL-13499-04
sip parameter-profile
sip parameter-profile
To configure a parameter profile for a method profile in the mode of an SBE entity, use the sip
parameter-profile command in SBE configuration mode. To remove the parameter profile, use the no
sip parameter-profile profile-name
no sip parameter-profile profile-name
Syntax Description
Command Modes SBE configuration
Command History
The following example shows how to configure a parameter profile with the name of paramprof1:
host1/Admin# conf
Related Commands
profile name Name of the parameter profile.
Command Description
sip-method profile Configures a method-profile.
39-515
OL-13499-04
sip ping-support
sip ping-support
To allow SIP ping support, use the sip ping-support command in SBE configuration mode. To disable
SIP ping-support, use the no form of this command.
sip ping-support
no sip ping-support
Command Default Ping support is disabled.
Command History
Examples The following example shows how to configure SIP ping support:
host1/Admin# config
Related Commands
Command Description
sip inherit profile Configures a global inherit profile.
39-516
OL-13499-04
sip timer
sip timer
To enter the mode of the SIP timer function, use the sip timer command in SBE configuration mode. To
return to the default value, use the no form of this command.
sip timer
no sip timer
Command History
Examples The following example shows how to enter the SIP timer submode:
host1/Admin# config
host1/Admin(config-sbc-sbe-sip-tmr)
Related Commands
Command Description
sip inherit profile Configures a global inherit profile.
39-517
OL-13499-04
sip visited network identifier
sip visited network identifier
To configure a visited network identifier on a SIP P-CSCF adjacency, use the sip visited network
identifier command in SBE configuration mode. To deconfigure the visited network identifier, use the
sip visited network identifier network-name
no sip visited network identifier
Syntax Description
Command History
Examples The following example shows how to use the sip visited network identifier command to configure a
visited network identifier on a P-CSCF-access adjacency:
host1/Admin(config-sbe-adj-sip)# sip visited network identifier cisco.com2
Related Commands
network-name Specifies the name of the visited network identifier.
Command Description
sip home network
identifier
Configures a home network identifier on all IBCF adjacencies.
39-518
OL-13499-04
snmp-server enable traps sbc
snmp-server enable traps sbc
To enable all SBC notification types, use the snmp-server enable traps sbc command in global
configuration mode without keywords. To disable all SBC notification types, use the no form of this
command without keywords.
snmp-server enable traps sbc [adj-status | blacklist | congestion-alarm | h248-ctrlr-status |
media-source | radius-conn-status | sla-violation | svc-state ]
no snmp-server enable traps sbc [adj-status | blacklist | congestion-alarm | h248-ctrlr-status |
media-source | radius-conn-status | sla-violation | svc-state ]
Syntax Description
Command Default Disable all SBC related traps.
Command Modes Global configuration
Command History
Use the snmp-server enable traps sbc command by itself to enable or disable all of the SNMP traps.
Use specific keywords to enable or disable specific SNMP traps.
After you enable the trap, you will need to specify the recipient of a SNMP notification operation with
the snmp-server host command. For information about that command, see the Cisco IOS Release 12.2
SR Command References at
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122sr/cr/index.htm.
Examples The following example shows how to enable only the SNMP blacklist notification:
Router/Admin# configure
Router/Admin(config)# snmp-server enable traps sbc blacklist
adj-status Enable SNMP SBC Adjacency Status traps.
blacklist Enable SNMP SBC Blacklist traps.
congestion-alarm Enable SNMP SBC Congestion Alarm traps.
h248-ctrlr-status Enable SNMP SBC H.248 Controller Status traps.
media-source Enable SNMP SBC Media Source Alert traps.
radius-conn-status Enable SNMP SBC Radius Connect Status traps.
sla-violation Enable SNMP SBC Sla Violation traps.
svc-state Enable SNMP SBC Service state traps.
39-519
OL-13499-04
statistics-setting
statistics-setting
To enable summary statistics or detailed response codes statistics recording for an SIP adjacency, use
the statistics-setting command in the Adjacency SIP configuration mode.
statistics-setting summary/detail
Syntax Description
Command Default Disabled.
Command History
When changing statistics-setting command from detailed to summary, the detailed statistics will be lost.
Examples The following example shows how to enable summary statistics for an SIP adjacency:
host1/Admin# config
host1/Admin(config-sbc-sbe-adj-sip)# statistics-setting summary
host1/Admin(config-sbc-sbe-adj-sip)# end
Related Commands
summary Displays
detail
sip-method-stats
Shows the number of each category of responses
(1xx,2xx,3xx,4xx,5xx,5xx) for a given SIP method.
39-520
OL-13499-04
tcp (blacklist)
tcp (blacklist)
To enter the mode for configuring blacklisting for TCP protocol only, use the tcp command in the SBE
blacklist IPv4 configuration mode.
tcp port number
Syntax Description
Command History
Examples The following example shows how to enter the mode for configuring blacklisting for TCP protocol only:
host1/Admin# config
host1/Admin(config-sbc-sbe-blacklist-ipv4)# tcp 1
host1/Admin(config-sbc-sbe-blacklist-ipv4-tcp)#
Related Commands
port number Port number to blacklist. Range is 0-65535.
blacklist
source.
39-521
OL-13499-04
tcp-connect-timeout
tcp-connect-timeout
To configure the time that SBC waits for a SIP TCP connection to a remote peer to complete before
failing that connection, use the tcp-connect-timeout command in SIP timer mode. To return to the
tcp-connect-timeout interval
no tcp-connect-timeout
Syntax Description
Command Default Default interval is 30000 milliseconds
Command History
Examples The following example shows how to set the TCP connection timeout to 30 seconds:
host1/Admin(config-sbc-sbe-sip-tmr)# tcp-connect-timeout 30000
Related Commands
interval Specifies the time, in milliseconds, that the SIP TCP connection to a remote
peer stays alive before timing out.
Command Description
tcp-idle-timeout Configures the length of time that the TCP connection should stay active
when in the idle state.
39-522
OL-13499-04
tcp-idle-timeout
tcp-idle-timeout
To configure the length of time that the TCP connection should stay active when in the idle state, use the
tcp-idle-timeout command in SIP timer mode. To return to the default value, use the no form of this
command.
tcp-idle-timeout interval
no tcp-idle-timeout
Syntax Description
Command Default Default value is 120000 ms (2 minutes).
Command History
Examples The following example shows how to configure the minimum TCP idle timeout value to 10000 ms:
host1/Admin(config-sbc)#s be
Related Commands
interval Specifies the minimum time, in milliseconds, that the TCP connection stays
active when it is not processing any traffic. After this time, the TCP
connection closes. Range is 1 to 4294967295 ms.
Note The value for this command might not be precise since the idle
timers are checked every 12 seconds.
Command Description
tcp-connect-timeout Configures the time that SBC waits for a SIP TCP connection to a remote
peer to complete before failing that connection.
39-523
OL-13499-04
tech-prefix
tech-prefix
To configure the RAS tech prefix on an H.323 adjacency, use the tech-prefix command in adjacency
H.323 configuration mode. To deconfigure RAS Tech Prefix, use the no form of this command.
tech-prefix tech-prefix name
no tech-prefix tech-prefix name
Syntax Description
Command History
Examples The following example shows how the tech-prefix command is used to configure RAS tech prefix on an
H.323 adjacency named H323ToIsp42:
host1/Admin(config-sbc-sbe-adj-h323)# tech-prefix 2334
Related Commands
tech-prefix name Specifies the name of the tech prefix. Use a combination of the numbers
from 0-9 and the special characters star (*), hash (#), and comma (,).
Command Description
39-524
OL-13499-04
time-offset
time-offset
To configure the number of hours and minutes that the desired time zone is ahead of or behind the local
time, use the time-offset command in the SBE configuration mode. To remove the time-zone offset, use
time-offset hour hour min min [negative]
no time-offset
Syntax Description
Command Default Default is positive offset.
Command History
Without this command the time-offset specified by the timezone-offset command under the SBE
configuration submode is unused.
Examples The following example shows how to specify the time-offset by the timezone-offset comand for 2 hours
4 minutes negative:
cfg sbe time offset hour 2
cfg sbe time offset minute 4
cfg sbe time offset sign 1
cfg sbc sbe, sbc name test, offset hour 2 offset min 4 sign 1
Related Commands
hour Range: h: -23 to +23
min Range: m:-59 to +59
negative Optional. Specifies behind the local time.
Command Description
use-time-offset Uses the time-offset specifiedby the time-offset comand.
39-525
OL-13499-04
timeout
timeout
To define the length of time that packets from the source are blocked if the number of authentication
requests exceed the set limit, use the timeout command in blacklist reason mode. The no form of this
command releases the limit duration for blacklisting the source.
timeout time-period
no timeout
Syntax Description
Command Default The address-default value defaults to its initial settings. The port-default values default to zero.
If this field is omitted on explicit ports, it defaults to the value given in the port-default for this
address.
If this field is omitted on explicit addresses, this field defaults to the value in the address-default for
this address.
If this field is omitted for VPN, it defaults to the value for global addresses.
If this field is omitted for the global address space, it defaults to the initial settings.
Command Modes Blacklist adress-default submode (config-sbc-sbe-blacklist-addr-default-reason)
Blacklist global submode (config-sbc-sbe-blacklist-global-reason)
Blacklist ipv4 submode (config-sbc-sbe-blacklist-ipv4-reason)
Blacklist vpn submode (config-sbc-sbe-blacklist-vpn-reason)
Command History
Examples The following command configures a new blacklist on the SBE to affect all packets arriving from address
125.12.12.15 for three minutes, should 250 failed authentication requests arrive from it on average (or,
in other words, 10 in a 20-ms burst):
time-period Duration for which the source is blacklisted after activation of blacklisting.
0 = source not blacklisted
never = blacklisting is permanent
number { milliseconds | seconds | minutes | hours | days }
Note Period must be less than 23 days.
39-526
OL-13499-04
timeout
host1/Admin(config-sbc-sbe-blacklist-ipv4-reason)# timeout 180 seconds
host1/Admin(config-sbc-sbe-blacklist-ipv4-reason)# exit
source.
blacklist
configured-limits
blacklist
address.
blacklist
39-527
OL-13499-04
transcode-deny
transcode-deny
To forbid transcoding for an entry in the admission control table, use the transcode-deny command in
CAC table entry configuration mode. To allow transcoding for this entry in the admission control table,
transcode-deny
no transcode-deny
Syntax Description No default behavior or values
Command Default By default, transcoding for this entry in the admission control table is allowed.
Command History
Examples The following example shows how to configure the entry to forbid transcoding in the new admission
host1/Admin# config
host1/Admin(config-sbc-sbe-cacpolicy)# match-type dst-prefix
host1/Admin(config-sbc-sbe-cacpolicy-cactable-entry)# transcode-deny
Related Commands
Command Description
transcoder Configure that the media gateway is a transcoder.
39-528
OL-13499-04
transcoder
transcoder
To configure that the media gateway is a transcoder, use the transcoder command in media gateway
codecs configuration mode. To return to the default behavior, use the no form of this command.
transcoder
no transcoder
Syntax Description No default behavior or values
Command Default By default, this command assumes the media gateway has no transcoding features.
Command Modes Media gateway codecs configuration (config-sbc-sbe-mg-codecs)
Command History
Examples The following example shows how to set media gateway 10.0.0.1 to be a transcoder:
host1/Admin(config-sbc-sbe-mg)# codecs m=audio 1234 RTP/AVP 0 2 8 18,a=rtpmap:0
PCMU/8000,a=rtpmap:a=rtpmap:8 PCMA/8000,a=rtpmap:18 G729/80002 G72 6-32/8000,a=rtpmap:8
PCMA/8000,a=rtpmap:18 G729/8000
host1/Admin(config-sbc-sbe-mg-codecs)# transcoder
Related Commands
Command Description
transcode-deny Forbids transcoding for an entry in the admission
control table.
39-529
OL-13499-04
transport (SBE H.248)
transport (SBE H.248)
To configure an SBE to use a transport for H.248 communications when acting as a media gateway
controller, use the transport command in H.248 control address mode. To delete a given IPv4 H.248
transport, use the no form of this command.
transport [tcp | udp]
no transport [tcp | udp]
Syntax Description
Command History
Examples The following example shows how to configure an SBE to use udp transport:
Related Commands
udp Configures the UDP transport for H.248 signaling.
vrf vrf name Configures the VRF name for H.248 association.
Command Description
index
39-530
OL-13499-04
transport tcp
transport tcp
To configure a DBE to use TCP for H.248 control signaling with the specified H.248 controller, use the
transport tcp command in VDBE h248 mode. The no form of this command reverts to the default.
transport tcp
no transport tcp
Command Default Default is UDP.
Command Modes VDBE h248 (config-sbc-dbe-vdbe-h248)
Command History
Usage Guidelines The no transport tcp command reverts to the default, UDP. You must use the no attach controllers
command before using the no transport tcp command.
Examples The following command configures the H.248 controller with index 1 to use TCP as a transport:
host1/Admin(config-sbc-dbe-vdbe-h248)# transport tcp
Related Commands
Command Description
transport udp Configures a DBE to use UDP.
39-531
OL-13499-04
transport udp
transport udp
To configure a DBE to use UDP for H.248 control signaling with the specified H.248 controller, use the
transport udp command in VDBE h248 mode. The no form of this command reverts to the default.
transport udp
no transport udp
Command Default Default is UDP.
Command Modes VDBE h248(config-sbc-dbe-vdbe-h248)
Command History
Usage Guidelines Not applicable.
Examples The following command configures the H.248 controller with index 1 to use TCP as a transport:
host1/Admin(config-sbc-dbe-vdbe-h248)# transport udp
Related Commands
Command Description
transport tcp Configures a DBE to use TCP.
39-532
OL-13499-04
trigger-period
trigger-period
To define the period over which events are considered, use the trigger-period command in blacklist
reason mode. For more detailed information, see the related trigger-size command description.
The no form of this command releases the previously configured trigger period in which events should
be considered.
trigger-period time
no trigger-period
Syntax Description
If this field is omitted on explicit ports, it defaults to the value given in the port-default for this
address.
If this field is omitted on explicit addresses, this field defaults to the value in the address-default for
this address.
If this field is omitted for VPN, it defaults to the value for global addresses.
Command History
time The number of milliseconds for the trigger period. This can be any value
from 0 to 65535.
39-533
OL-13499-04
trigger-period
Examples The following command configures the source to be blacklisted if authentication failures have occurred
at a recent steady rate of over 200 per second (or 40 in a 100-ms burst):
host1/Admin(config-sbc-sbe-blacklist-ipv4-reason)# trigger-period 100 milliseconds
source.
blacklist
configured-limits
blacklist
blacklist
39-534
OL-13499-04
trigger-size
trigger-size
To define the allowable number of events from the specified source before blacklisting is triggered, and
to block all packets from reaching the source, use the trigger-size command in blacklist reason mode.
The no form of this command releases the previously configured number of allowable events before
blacklisting is triggered.
trigger-size number
no trigger-size
Syntax Description
If this field is omitted on explicit ports, it defaults to the value given in the port-default for the given
address.
If this field is omitted on explicit addresses, it defaults to the value given in the address-default for
the given address.
If this field is omitted for VPN, it defaults to the values of global addresses.
Command History
Usage Guidelines The number of events recorded decays linearly to zero to give a leaky bucket average over the trigger
period. The steady-state maximum event rate therefore equals this trigger size divided by the trigger
period. See also the description of the trigger-period command. The maximum number of events in a
much shorter period is this trigger size.
number The minimum number of consecutive events that must occur faster on
average than the trigger rate to activate the blacklist. Can be any value from
0 to 65535.
39-535
OL-13499-04
trigger-size
Examples The following command configures the source to be blacklisted if a burst of more than 20 authentication
failures enter within a time period smaller than the trigger period:
host1/Admin(config-sbc-sbe-blacklist-ipv4-reason)# trigger-size 20
blacklist
configured-limits
blacklist
blacklist
39-536
OL-13499-04
udp (blacklist)
udp (blacklist)
To enter the mode for configuring blacklisting for UDP protocol only, use the udp command in the SBE
blacklist IPv4 configuration mode.
udp port number
Syntax Description
Command History
Examples The following example shows how to enter the mode for configuring blacklisting for UDP protocol only:
host1/Admin(config-sbc-sbe-blacklist-ipv4)# udp 1
host1/Admin(config-sbc-sbe-blacklist-ipv4-udp)#
Related Commands
port number Port number to blacklist. Range is 0-65535.
blacklist
source.
39-537
OL-13499-04
udp-first-retransmit-interval
udp-first-retransmit-interval
To configure the time that SBC waits for a UDP response or ACK before sending a retransmission of the
relevant signal, use the udp-first-retransmit-interval command in SIP timer mode. To return to the
udp-first-retransmit-interval interval
no udp-first-retransmit-interval interval
Syntax Description
Command Default Default interval is 500 milliseconds
Command History
Usage Guidelines If the SBC continues to fail to get a response, then subsequent retransmission intervals are doubled each
time until they reach the udp-max-retransmit-interval duration. The SBC will cease retransmitting the
request and time out the signal if 64 times this duration passes without receipt of a response/ACK.
This timer interval corresponds to the T1 interval detailed in RFC 3261, section 17.1.1.1.
Examples The following command configures the SBC to send the first UDP retransmission after waiting for 1
second.
Related Commands
interval The time to wait, in milliseconds, before sending the first retransmission of
a UDP signal.
Command Description
39-538
OL-13499-04
udp-max-retransmit-interval
udp-max-retransmit-interval
To configure the maximum interval at which the SBC will retransmit, use the
udp-max-retransmit-interval command inSIP timer mode. To return to the default value, use the no
udp-max-retransmit-interval interval
no udp-max-retransmit-interval interval
Syntax Description
Command Default Default interval is 4 seconds.
Command History
Usage Guidelines If the SBC continues to fail to get a response, then subsequent retransmission intervals are doubled each
time until they reach the udp-max-retransmit-interval duration. The SBC will cease retransmitting the
request and time out the signal if 64 times this duration passes without receipt of a response/ACK.
This timer interval corresponds to the T1 interval detailed in RFC 3261, section 17.1.1.1.
Examples The following command sets the maximum retransmission interval to 8 seconds:
Related Commands
interval The maximum retransmission interval, in milliseconds.
Command Description
udp-response-linger-period Configures the period for which SBC will retain
negative UDP responses to INVITE requests.
39-539
OL-13499-04
udp-response-linger-period
udp-response-linger-period
To configure the period for which SBC will retain negative UDP responses to INVITE requests, use the
udp-response-linger-period command in SIP timer mode. To return to the default value, use the no
udp-response-linger-period interval
no udp-response-linger-period interval
Syntax Description
Command Default Default interval is 32 seconds.
Command History
Examples The following command sets negative INVITE responses to be retained for 10 seconds:
Related Commands
interval The time to retain negative INVITE responses, in milliseconds.
Command Description
udp-max-retransmit-interval Configures the maximum interval at which the
SBC will retransmit.
39-540
OL-13499-04
To enable the generation of alerts when media packets for a call are received from an unexpected source
address and port, use the unexpected-source-alerting command in VDBE configuration mode. Use the
no form of this command to delete the unexpected-source-alerting.
no unexpected-source-alerting
Command Default If the unexpected-source-alerting command is not specified, unexpected source alerting is disabled.
Command History
Usage Guidelines The vdbe unexpected-source-alerting command should be enabled only on trusted networks, where
any occurrence of packets from an unexpected source might indicate a threat to network security.
Alerts on the same flow and the total number of alerts reported at any one time are both rate-limited to
ensure management systems are not flooded with reports. (As a result, there is not a one-to-one
correspondence between alerts and incorrect packets.)
Diagnosing and resolving the issue of rogue packets is beyond the scope of SBC function; SBC simply
serves as the messenger to notify you of the existence of the rogue packets.
Any and all packets from unexpected sources are dropped.
Examples The following example creates a DBE service on an SBC called mySbc, enters into DBE configuration
and VDBE configuration modes, and enables the generation of alerts when unexpected source address
packets are received by a virtual data border element (vDBE):
host1/Admin(config-sbc-dbe-vdbe)# unexpected-source-alerting
Related Commands
Command Description
vdbe Enters into VDBE configuration submode.
39-541
OL-13499-04
use-any-local-port
use-any-local-port
To configure a DBE to use any available local port when connecting to the default Media Gateway
Control (MGC), use the use-any-local-port command in VDBE configuration bmode. To disable this
use-any-local-port
no use-any-local-port
Command Default The default behavior is to use any local port.
Command History
Usage Guidelines The local port cannot be modified once any controller has been configured on the vDBE. You must delete
the controller before you can modify or configure the local port.
Note Do not use the use-any-local-port command when there is a redundant SBC because the connection to
the MGC may be lost with an SBC switch over.
configuration and VDBE configuration modes, and configures the DBE to use any local port:
host1/Admin(config-sbc-dbe-vdbe)# use-any-local-port
Related Commands
Command Description
local-port Configures a DBE to use a specific local port
when connecting to the default Media Gateway
Control (MGC).
39-542
OL-13499-04
use-time-offset
use-time-offset
Use the time-offset specifiedby the timezone-offset comand. To disable using the time-offset specified
by the timezone-offset comand, use the no form of this command.
use-time-offset time-offset
no use-time-offset
Command History
Without this command the time-offset specified by the timezone-offset command under the SBE
configuration submode is unused.
Examples The following example shows how to configure the destination adjacency of an entry in the new routing
table MyRtgTable to softswitch1:
Related Commands
Command Description
timezone-offset Configures the number of hours and minutes that
the desired time zone is ahead of or behind the
local time.
39-543
OL-13499-04
vdbe
vdbe
To enter into VDBE configuration submode, use the vdbe command in the DBE entity in SBC-DBE
configuration mode. To delete the entire virtual data border element (vDBE) from the running
configuration, use the no form of this command
vdbe global
no vdbe global
Syntax Description
Command History
Usage Guidelines In the intial release only one VDBE (the global VDBE) is supported, and DBE resources cannot be
partitioned. As such, the vdbe name is not required. If specified it must be global.
Examples The following command enters the configuration-sbc-dbe submode.
host1/Admin(config-sbc-dbe-vdbe)# global
Related Commands
global Only one VDBE can be configured. This is given the name global. If specified,
the VDBE name must be global. If not specified, global is assumed.
Command Description
dbe .Enters the configuration-sbc-dbe submode.
39-544
OL-13499-04
vpn
vpn
To enter the mode for configuring the event limits for a given VPN, use the vpn command in the SBE
blacklist configuration mode.
vpn word
Syntax Description
Command History
Examples The following example shows how the vpn command is used to enter the mode for configuring the event
limits for a given VPN:
host1/Admin(config-sbc-sbe-blacklist)# vpn test
host1/Admin(config-sbc-sbe-blacklist-vpn)#
Related Commands
word Optional. VPN name or default for the global VPN. Maximum
size is 80 characters.
Command Description
blacklist
source.
39-545
OL-13499-04
vpn
blacklist
configured-limits
blacklist
Command Description
39-546
OL-13499-04
vrf
vrf
To configure an H.323 or SIP adjacency as tied to a specific VPN, use the vrf command in the
appropriate configuration mode. To remove this configuration, use the no form of this command.
vrf vrf_name
no vrf
Syntax Description
Command History
Examples The following example shows how to assign the H.323 adjacency h323ToIsp42 to VRF vpn3:
host1/Admin(config-sbc-sbe-adj-h323)# vrf vpn3
Related Commands
vrf_name Specifies the VRF of this adjacency.
Command Description
39-547
OL-13499-04
weight
weight
To assign a weight to this route, use the weight command in RTG routing table configuration entry
weight weight
no weight weight
Syntax Description
Command Default The command default is 1.
Command Modes RTG routing table configuration entry (config-sbc-sbe-rtgpolicy-rtgtable-entry)
Command History
Examples The following example shows how.
host1/Admin(config-sbc-sbe-rtgpolicy-rtgtable-entry)# weight 33
host1/Admin(config-sbc-sbe-rtgpolicy)# end
Related Commands
weight Range: [1-65535]
Command Description
39-548
OL-13499-04
weight
A-1
OL-13499-04
A P P E N D I X A
End-to-End SBC Configuration Example on a
Cisco 7600 series router
This section contains a complete Cisco 7600 series router SBC configuration .
7600-101-UUT1# show run
Building configuration...
Current configuration : 5863 bytes
!
upgrade fpd auto
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service internal
service counters max age 10
!
hostname 7600-101-UUT1
!
boot-start-marker
boot system disk0:c7600s72033-adventerprisek9-mz.122-32.8.109.SR
boot device module 3 disk0:c76-sbck9-mzg.devtest_26NOV07.bin
boot device module 4 disk0:c76-sbck9-mzg.devtest_26NOV07.bin
boot-end-marker
!
vrf definition vpn1
rd 55:1111
!
address-family ipv4
exit-address-family
!
vrf definition vpn2
rd 55:1112
!
address-family ipv4
exit-address-family
!
enable password cisco
!
no aaa new-model
svclc module 3 vlan-group 100,200,300,400,500 svclc module 4 vlan-group
100,200,300,400,500 svclc vlan-group 100 23 svclc vlan-group 200 88 svclc vlan-group 300
172 svclc vlan-group 400 99 svclc vlan-group 500 77 ip subnet-zero !
!
no ip domain lookup
A-2
OL-13499-04

ip host abrick 172.20.211.35
!
!
!
!
vtp domain sbc
vtp mode transparent
mls ip multicast flow-stat-timer 9
mls flow ip interface-full
no mls flow ipv6
no mls acl tcam share-global
mls cef error action reset
multilink bundle-name authenticated
!
!
spanning-tree mode pvst
spanning-tree extend system-id
diagnostic cns publish cisco.cns.device.diag_results diagnostic cns subscribe
cisco.cns.device.diag_commands !
redundancy
main-cpu
auto-sync running-config
mode sso
!
vlan internal allocation policy ascending vlan access-log ratelimit 2000 !
vlan 23,77,88,99
!
!
interface Loopback0
ip address 1.101.1.1 255.255.255.255
!
description ''Connected to CAT-3550-101 Fa 0/7''
ip address 100.101.11.2 255.255.255.0
ip router isis
!
description ''Connected to CAT-3550-101 Fa 0/8''
ip address 100.101.21.2 255.255.255.0
ip router isis
!
vrf forwarding vpn1
ip address 10.122.3.3 255.255.255.0
!
vrf forwarding vpn2
ip address 10.122.4.3 255.255.255.0
!
no ip address
shutdown
!!
description ''Connected to CAT-3550-101 FA0/3 ip address 172.20.212.14 255.255.255.0
media-type rj45 !
no ip address
shutdown
!
description ''Connected to CAT-3550-101 FA 0/4''
A-3
OL-13499-04
no ip address
media-type rj45
!
interface Vlan1
no ip address
shutdown
!
interface Vlan23
no ip address
logging event link-status
logging event nfas-status
!
interface Vlan77
vrf forwarding vpn2
ip address 77.101.1.1 255.255.255.0
!
interface Vlan88
ip address 88.101.1.1 255.255.255.0
ip router isis
logging event link-status
logging event nfas-status
!
interface Vlan99
vrf forwarding vpn1
ip address 99.101.1.1 255.255.255.0
!
router isis
net 50.0101.0001.0101.0001.00
!
ip classless
ip route 171.0.0.0 255.0.0.0 172.20.212.1 ip route 172.0.0.0 255.0.0.0 172.20.212.1 !
!
no ip http server
no ip http secure-server
!
access-list 1 deny 200.200.200.149
access-list 1 permit any
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
line vty 0 4
exec-timeout 0 0
password cisco
login
transport input lat pad mop udptn telnet rlogin ssh nasi acercon !
scheduler runtime netinput 300
!
end
7600-101-UUT1#
ACE Configuration
=================
ACE-101-UUT1-2/Admin# show run
A-4
OL-13499-04

login timeout 0
hostname ACE-101-UUT1-2
boot system image:c76-sbck9-mzg.devtest_26NOV07.bin
clock timezone standard BST
timeout xlate 2147483
interface vlan 88
ip address 88.101.1.3 255.255.255.0
alias 88.101.1.100 255.255.255.0
peer ip address 88.101.1.2 255.255.255.0
no shutdown
ft interface vlan 23
ip address 23.23.23.11 255.255.255.0
peer ip address 23.23.23.10 255.255.255.0
no shutdown
ft peer 1
heartbeat count 10
ft group 1
peer 1
priority 125
peer priority 225
inservice
ip route 100.0.0.0 255.0.0.0 88.101.1.1
ip route 10.0.0.0 255.0.0.0 88.101.1.1
ip route 200.200.200.0 255.255.255.0 88.101.1.1
context vpn1
context vpn2
ft group 2
peer 1
priority 60
peer priority 70
associate-context vpn1
inservice
ft group 3
peer 1
priority 60
peer priority 70
associate-context vpn2
inservice
username admin password 5 $1$faXJEFBj$TJR1Nx7sLPTi5BZ97v08c/ role Admin domain
default-domain username www password 5 $1$UZIiwUk7$QMVYN1JASaycabrHkhGcS/ role Admin
domain de fault-domain
sbc SBC-CONFIG-SAMPLE
sbe
sbe
media-gateway ipv4 200.200.207.101
A-5
OL-13499-04
codecs m=audio 1234 RTP/AVP 2 8 0 18,a=rtpmap:2 G726-32/8000,a=rtpmap:8
PCMA/8000,a=rtpmap:0 PCMU/8000,a=rtpmap:18 G729/8000
transcoder

index 0
ipv4 88.101.1.100
port 2944
transport udp

sip method-profile default
pass-body

adjacency sip SIP-GW-1A
nat force-off
signaling-port 5060
dbe-location-id 4294967295
account SIP-CUSTOMER-1
reg-min-expiry 3000
attach

adjacency sip SIP-GW-1B
nat force-off
signaling-port 5060
dbe-location-id 4294967295
account SIP-CUSTOMER-2
reg-min-expiry 3000
attach

sip inherit profile preset-standard-non-ims
retry-limit 3
call-policy-set 1
rtg-dst-address-table ROUTE-ON-DEST-NUM
entry 1
action complete
dst-adjacency SIP-GW-1B
match-address 6661
prefix
entry 2
action complete
dst-adjacency SIP-GW-1A
match-address 7771
prefix
complete

A-6
OL-13499-04

sip max-connections 2
sip timer
tls-idle-timeout 3600000
invite-timeout 180

h323
ras retry arq 2
ras retry brq 2
ras retry drq 2
ras retry grq 2
ras retry rrq 2
ras rrq ttl 60
ras retry urq 1
ras rrq keepalive 45000

h323
blacklist
global

redirect-limit 2
deact-mode normal
dbe
media-address ipv4 77.101.1.100 vrf vpn2
media-address ipv4 99.101.1.100 vrf vpn1
media-timeout 90
deact-mode normal
activate
B-1
OL-13499-04
A P P E N D I X B
Additional Information about Billing Support
The following sections describe billing and its many aspects. It is critical to understand all SBC billing
features and capabilities before performing billing configurations for the SBC.
Event Message Transmission
Supported Event Message Detail
Logging and Alarms
Fault Tolerance
Example for Event Messages from SBC to RADIUS Billing Server, page B-12
Security
Integrated billing is achieved through the PacketCable Event Messages architecture (see the PacketCable
1.5 Event Messages Specification; PKT-SP-EM1.5-I01-050128) as exemplified in Figure B-1 where the
SBC is integrated into this architecture. As shown, the billing server supports PacketCable Event
Messages.
The SBC on the Cisco 7600 router supports remote billing in the unified mode. Remote billing is call
billing that is integrated with a third-party accounting server.
Figure B-1 shows the SBC operating in a unified model where the billing system is being deployed with
three billing servers. The SBC can be configured to send to these servers in a range of ways, such as to
all three simultaneously, or to use one primary and two backups.
The system operates as follows:
The SBC produces event messages (EMs). These event messages are billable or other interesting
events, such as call start, call end, and media-type changes.
The SBC (and other elements of the system), which produces EMs, sends them in real time (or
batched up for network efficiency) using the RADIUS protocol to the billing server.
B-2
OL-13499-04
Note The PacketCable 1.5 Event Messages Specification discusses sending the identifying information (the
BCID and FEID) on the outgoing INVITE and responding SDP so that correlation can be done between
the two sets of billing data. SBC does not support this mechanism for intra-domain or inter-domain
transmission. The billing server must perform the correlation using an alternative method (for example,
using the telephone numbers dialed and the time of the call).
Figure B-1 Integrated Billing Deployment
The generated event messages, as described in the Event Messages Set Overview section are sent using
the RADIUS protocol to a preconfigured set of billing servers. Before getting into the actual detail of
the event messages, review the following event message transmission considerations described in the
following sections:
Multiple Server Support
Event Message Batching
Multiple Server Support
Billing servers are configured at start-up, in SETs:
Each SET contains a list of one or more billing servers, consisting of a single primary server and an
ordered list of zero or more backup servers.
The SBE can be configured with one or more sets of billing servers.
Each event message is sent to the entire collection of sets, but to only one machine within each set.
For each set, the SBE sends the event message to the primary server within the set.
ISP A
Billing
server 1
Billing
server 2
IP phone
SBE
SBC Router
Billing
server 3
IP
Internet
2
7
0
7
9
5
B-3
OL-13499-04
If the primary server is unavailable, then the message is sent to the first backup server (if present).
If the first backup server is also unavailable, the message is sent to the second backup etc. until either
a machine accepts the message or all the servers in the set have been tried.
If there are no machines in a set accepting messages, then the entire set is marked as unavailable.
Multiple server support is illustrated in Figure B-2.
Figure B-2 Multiple Server Support
Event Message Batching
Because of the inefficiency of the RADIUS protocol, the SBE collates event messages into batches and
sends them using a single RADIUS message to alleviate the burden on the transport mechanism.
Batching is possible only on a per-set basis. The batch size is not configurable, but is determined by the
load on the billing component.
It is not possible to disable batching.
Event Messages Set Overview
This section specifies the set of event messages supported by SBC:
Call-Specific Messages
Out-of-Band Messages
Call-Specific Messages
The messages listed in Table B-1 are supported call event messages.
primary
SET
primary
SET
primary backup backup
backup backup
SET
G
R
O
U
P
1
4
9
6
0
8
event
message
B-4
OL-13499-04
Out-of-Band Messages
The event messages listed in Table B-2 are non-call-related, out-of-band event messages.
The event messages listed in Table B-3 are not supported.
Table B-1 Supported Event Message Sets
Event Message Notes
Signaling_Start Sent when signaling has begun (inbound) and when it is about to begin
(outbound); for example, received INVITE on inbound and about to send
INVITE on outbound for a SIP endpoint
QoS_Reserve Sent when there is reserved QoS in the DBE. Sent for the inbound leg when the
inbound QoS is reserved, and for the outbound leg when we reserve the
outbound QoS is reserved.
Call_Answer Indicates that the terminating party has answered and that media has started.
This message is sent for both legs at the same time.
QoS_Commit Sent when QoS is committed by the DBE. This message is sent for both legs at
the same time.
Call_Disconnect The call has been terminated; media has ceased flowing. Sent for both legs at
the same time.
QoS_Release The QoS has been released by the DBE. Sent for both legs at the same time.
Signaling_Stop All signaling is complete for each party in the call. (The event is generated once
for each party, when the last signaling message has been sent.)
Media_Statistics Media statistics for the call as reported by the DBE. This is sent for each leg
when the media is released.
Media_Alive Indicates that a long-duration call is still active. This is sent for each leg of the
call, at a preconfigured time of day, every 24 hours.
Table B-2 Out-of-Band Event Message Sets
Event Message Notes
Time_Change Sent when changes of more than 200 ms occur in the time; also sent for daylight
savings changes, and so on.
Table B-3 Unsupported Event Messages
Event Message Notes Why Not Supported?
Database_Query Sent when querying external
databases about toll-free carriers,
LNP routing, and so on.
SBC does not support database
queries.
Service_Instance Indicates an instance of a service. SBC does not support services.
(Services are more applicable to
softswitches and application
servers.)
Service_Activation Indicates service activation.
Service_Deactivation Indicates service deactivation.
B-5
OL-13499-04
This section specifies the supported event messages and the attributes sent for each one.
Signaling_Start
This message is sent when signaling starts for a call. That is, when the SBC has ascertained that the
destination is routable, and that the originating endpoint is allowed to make the call (i.e. after the SLA
has been checked).
Table A-4 lists the attributes sent with this message.
Table B-4 Attributes Included for Signaling_Start
Table A-5 lists the attributes not sent with this message.
Table B-5 Attributes Not Included in Signaling_Start
Interconnect_Start Sent when interconnecting to
PSTN.
SBC does not interface directly to
the public switch telephony
network (PSTN).
Interconnect_Stop Sent when terminating a
connection to PSTN.
Conference_Party_Change Indicates a party state change in a
multi-party call.
SBC does not support multi-party
calls.
Table B-3 Unsupported Event Messages (continued)
Event Message Notes Why Not Supported?
Attribute Name Comment
EM_Header Common header attribute.
Direction_Indicator Specifies if the device represents an originating or terminating part of the
call.
1= originating
2 = terminating
MTA_Endpoint_Name The originating or terminating endpoint name (dependent on direction).
Calling_Party_Number The number of the calling party (if available).
Called_Party_Number The number of the called party (always present).
Routing_Number Indicates a routable number (always present).
Billing_Type Included when the originating endpoint is a measured rate subscriber.
Location_Routing_Number LNP not supported
Carrier_Identification_Code PSTN interfacing not supported (softswitch function).
Trunk_Group_ID As above.
B-6
OL-13499-04
QoS_Reserve
This message is generated when the SBE has reserved bandwidth (QoS) on the network through the
DBE.
If this reserved bandwidth changes, this message (along with the partner QoS_Commit message) is
generated anew.
Note If the SBE is managing multiple gates, this message is generated only for the gates to and from each
MTA endpoint (and not the internal gates). There are no optional attributes not sent on this message.
Table B-6 Attributes Sent on QoS_Reserve
Call_Answer
This message indicates the earliest point at which non-early two-way media is established.
The SBE sends the message to the billing servers when it is notified that the called party has gone
off-hook; that is, that they have answered the call.
Intl_Code Indicates the origin of an international call.
Dial_Around_Code Carrier specification via dial-around codes not supported.
Jurisdiction_Information_Par
ameter
Ported-In billing not supported (transparent to SBC).
Ported_In_Calling_Number As above.
Ported_In_Called_Number As above.
Called_Party_NP_source LNP not supported.
Calling_Party_NP_source As above.
EM_Header Common header attribute
QoS_Descriptor Description of the QoS reserved (see below).
MTA_UDP_Portnum The UDP port number on the network element endpoint.
Flow_Direction 1 = upstream
2 = downstream
SF_ID This is a required, DOCSIS-specific attribute, generated by the CMTS
in a PacketCable architecture. Since the SBC does not support
DOCSIS, this attribute is always 0.
B-7
OL-13499-04
Table B-7 Attributes Sent on the Call_Answer Message
Table B-8 Attributes Not Sent on the Call_Answer Message
QoS_Commit
This message is sent by the SBE when the gate bandwidth is committed. This message is only sent if a
QoS_Reserve has been sent previously.
Table B-9 Attributes Sent on QoS_Commit
Table B-10 Attributes Not Sent on QoS_Commite
EM_Header Common header attribute
Charge_Number The charge number in the appropriate cases such as collect call,
calling-card call, call billed to a 3rd party, or others
For SBC, this number is always the calling number.
Related_Call_Billing_Correla
tion_ID
The BCID assigned to the leg from the terminating network element.
the SBC does not share BCID and FEID information with other
network elements.
FEID Contains the FEID assigned to the network element at the other end of
the leg. the SBC does not share BCID and FEID information with
other network elements.
MTA_UDP_Portnum The UDP port number on the network element endpoint.
2 = downstream
SF_ID Always 0 (the SBC does not support DOCSIS).
QoS_Descriptor Information is sent on the QoS_Reserve message and not duplicated
on this message
B-8
OL-13499-04
Call_Disconnect
This message is generated by the SBE when 2-way media flow terminates - i.e. when sending a 200 OK
response to a BYE from either party.
Usually, this message immediately precedes QoS_Release and Signaling_Stop.
This message is only sent if a Call_Answer has previously been sent.
Table B-11 Attributes Sent on Call_Disconnect
There are no optional attributes not sent for this message.
QoS_Release
This message is generated by the SBE when reserved bandwidth has been released. That is, the gate on
the DBE has been closed.
Table B-12 Attributes Sent on QoS_Release
Signaling_Stop
This message is sent when:
The terminating signaling request (e.g. a SIP BYE) from the party terminating the call is
acknowledged by the SBE
The terminating signaling request for the party not terminating the call is sent by the SBE and
acknowledged by that party.
This message is not sent if we have not sent a Signaling_Start for this call.
Call_Termination_Cause Reason for termination of the call.
2 = downstream
SF_ID A DOCSIS specific attribute, service flow ID, generated by the CMTS
in a PacketCable architecture. SBC does not support DOCSIS, and
therefore this attribute is always set to 0.
B-9
OL-13499-04
Table B-13 Attributes Sent on Signaling_Stop
Table B-14 Attributes Not Sent on Signaling_Stop
Media_Statistics
When a call is terminated on the DBE (that is, the gate is closed), statistics are returned to the SBE. On
receipt of these statistics, this message is generated.
When media QoS is renegotiated, the gate is closed and re-opened. In this case, we will also log statistics
for the first gate when it closes, and the second gate when it closes (say at the end of the call).
There may be multiple gates for each Media. The statistics will be aggregated and will result in only one
Media_Statistics message per billing leg.
Table B-15 Attributes Sent on Media_Statistics
Media_Alive
This message is generated once a day, at a pre-configured time.
At the preconfigured time, the SBE audits the active calls, and determines which calls (if any) have been
active for more than 24 hours. For each call satisfying this condition, a Media_Alive message is
generated.
EM_Header The header attribute (must be first).
Related_Call_Billing_Correla
tion_ID
The BCID of the other leg (i.e. if this is the caller, then the callee, and
vice-versa).
Call_Termination_Cause The reason the call was terminated.
FEID The FEID of the terminating network element; the SBC does not
transmit this between network elements.
RTCP_Data The report data from the DBE on the gate statistics.
B-10
OL-13499-04
Administration and Configuration
Table B-16 Attributes Sent on Media_Alive
Time_Change
This message is generated by the SBE either on its own behalf, or on the behalf of the DBE, when either
the DBE or SBE experiences a time change of more than 200ms (discounting slew adjustments via NTP).
This includes step adjustments, manual time settings changes and daylight savings time adjustments.
Table B-17 Attributes Sent on Time_Change
Administration and Configuration
Billing requires the following generic configuration:
Integrated Mode Configuration
If integrated mode is specified, then the following configuration information is required:
The assigned element ID. This is an ID assigned by the Internet service provider (ISP). The ID must
be unique across the set of SBEs, sending event messages to a particular set of billing servers.
The minor, major, and critical threshold sizes for the event message cache file.
The location of the event message cache file on disk.
The time at which to generate the Media_Alive message.
RADIUS client configuration information.
Integrated mode requires the RADIUS client component of SBC. This has configuration
requirements (such as the sets of billing servers). Each of these sets also has a state, which depends
on the existence or absence of the event message cache file for that set. The administrator may
change this state. The state may be disabled, active, failed, or resending.
Time_Adjustment Adjustment in milliseconds.
B-11
OL-13499-04
Logging and Alarms
Administering SBC Billing
The billing component is administered using the SBC command-line interface. Refer to applicable
billing commands in Chapter 39, Cisco Session Border Controller Commands.
Logging and Alarms
Alarms are tripped differently, based on how billing has been integrated, as described in Table B-18.
Fault Tolerance
The SBC billing system is fault tolerant on the following two levels:
Warm FailoverFailover to a live backup (for example, a second card on the same machine).
Cold FailoverFailover to a new machine with no software connection between the defunct
machine and the new machine.
Warm Failover
In the event of failover to a backup system, warm failover mechanisms are supported. In the case of warm
failover:
No data is lost on the SBE.
The value for media statistics for the call on the DBE is reset (this information is lost).
Table B-18 Billing System Logging Conditions
Billing System Type Logging Conditions
Integrated Billing
Alarms
Alarms are tripped under the following conditions:
Minor, major, and critical alarms are sent if the cache file size exceeds a
preconfigured threshold.
Alarms are tripped when billing servers become unavailable, as follows.
A minor alarm is tripped if just one of the configured sets of billing
servers is unavailable.
A major alarm is tripped if more than one of the billing server sets is
unavailable.
A critical alarm is tripped if none of the billing servers is available.
Note In this situation, it may be that the condition for more than one alarm is
satisfied (for example, there is just one server set configured, which
fails). The most severe alarm dominates.
B-12
OL-13499-04
Example for Event Messages from SBC to RADIUS Billing Server
Cold Failover
In the event of failover to a cold, non-dedicated backup, some billing data is lost in the transition from
the old, failed system to the new server. The number of billing records completely lost during this
transition is less than 10,000 per failover. However, in such a situation, consider the following
possibilities:
The remaining billing records may be corrupted, and only partial billing records recovered. This is
especially true with local CDR generation, because no logs are produced in a hard format until the
call ends.
If an event message cache exists on the failed machine, more billing events may be lost, because the
disk record may be unrecoverable due to fire, hardware malfunction, or whatever the original cause
of the total failure was. This, however, is an unlikely scenario, given that it would require the billing
server to be unavailable and unrecovered for a period preceding the cold failover.
If the media to which the CDRs are written is lost, the entire store of CDRs not backed up (by
extracting the records using FTP) is lost.
It is not possible to detect long-duration calls following a cold failover. Data is only recoverable
from the system only when an event occurs in the network, such as the media being terminated).
This example shows two requests from the SBC to the RADIUS server for a single placed call.
The first RADIUS event message has messages related to call setup:
Event Message Type: Signaling_Start
Event Message Type: QoS_Reserve
Event Message Type: Call_Answer
Event Message Type: QoS_Commit
The second RADIUS event message has messages related to call teardown:
Event Message Type: QoS_Release
Event Message Type: Call_Disconnect
Event Message Type: Signaling_Stop
Radius Protocol
Code: Accounting-Request (4)
Packet identifier: 0x0 (0)
Length: 1298
Authenticator: 25CE1B487AE4AE70033D61E0EF540A4A
[The response to this request is in frame 4]
Attribute Value Pairs
AVP: l=6 t=NAS-IP-Address(4): 77.111.1.51
NAS-IP-Address: 77.111.1.51 (77.111.1.51)
AVP: l=6 t=Acct-Status-Type(40): Interim-Update(3)
Acct-Status-Type: Interim-Update (3)
AVP: l=26 t=Acct-Session-Id(44): HDq] 01+000000\000\000\000\001
Acct-Session-Id: HDq] 01+000000
AVP: l=84 t=Vendor-Specific(26) v=CableLabs(4491)
VSA: l=78 t=CableLabs-Event-Message(1):
Event Message Version ID: 4
BCID
B-13
OL-13499-04
Timestamp: 1212445021
Element ID: 0
Time Zone: DST: 1, Offset: +000000
Event Counter: 1
Event Message Type: Signaling_Start (1)
Element Type: CMS (1)
Element ID: 0
Sequence Number: 0
Event Time: 20080602221700.000
Status: 0x00000008
.... .... .... .... .... .... .... ..00 = Status: No Error
(0x00000000)
.... .... .... .... .... .... .... .0.. = Event Origin: Trusted
Element (0x00000000)
.... .... .... .... .... .... .... 1... = Event Message Proxied:
Proxied (0x00000001)
Priority: 128
Attribute Count: 6
Event Object: 0
VSA: l=4 t=CableLabs-Direction-indicator(37): Originating(1)
CableLabs-Direction-indicator: Originating (1)
VSA: l=14 t=CableLabs-MTA-Endpoint-Name(3): MTA Endpoint
CableLabs-MTA-Endpoint-Name: MTA Endpoint
VSA: l=22 t=CableLabs-Calling-Party-Number(4): 123
CableLabs-Calling-Party-Number: 123
VSA: l=22 t=CableLabs-Called-Party-Number(5): service
CableLabs-Called-Party-Number: service
VSA: l=22 t=CableLabs-Routing-Number(25): service
CableLabs-Routing-Number: service
VSA: l=4 t=CableLabs-Billing-Type(87): 3
CableLabs-Billing-Type: 3
BCID
Element ID: 0
Event Counter: 2
Event Message Type: Signaling_Start (1)
Element ID: 0
Sequence Number: 1
Event Time: 20080602221700.000
Status: 0x00000008
.... .... .... .... .... .... .... ..00 = Status: No Error
(0x00000000)
Priority: 128
Attribute Count: 6
Event Object: 0
VSA: l=4 t=CableLabs-Direction-indicator(37): Terminating(2)
B-14
OL-13499-04
CableLabs-Direction-indicator: Terminating (2)
VSA: l=14 t=CableLabs-MTA-Endpoint-Name(3): MTA Endpoint
CableLabs-MTA-Endpoint-Name: MTA Endpoint
VSA: l=22 t=CableLabs-Calling-Party-Number(4): 123
CableLabs-Calling-Party-Number: 123
VSA: l=22 t=CableLabs-Called-Party-Number(5): service
CableLabs-Called-Party-Number: service
VSA: l=22 t=CableLabs-Routing-Number(25): service
CableLabs-Routing-Number: service
VSA: l=4 t=CableLabs-Billing-Type(87): 3
CableLabs-Billing-Type: 3
BCID
Element ID: 0
Event Counter: 1
Event Message Type: QoS_Reserve (7)
Element ID: 0
Sequence Number: 2
Event Time: 20080602221700.000
Status: 0x00000008
.... .... .... .... .... .... .... ..00 = Status: No Error
(0x00000000)
Priority: 128
Attribute Count: 4
Event Object: 0
VSA: l=26 t=CableLabs-QoS-Descriptor(32):
QoS Status: 0x00000005
.... .... .... .... .... .... .... ..01 = Status Indication: Resource
Reserved but not Activated (1)
.... .... .... .... .... .... .... .1.. = Service Flow Scheduling
Type: 1
.... .... .... .... .... .... .... 0... = Grant Interval: 0
.... .... .... .... .... .... ...0 .... = Tolerated Grant Jitter: 0
.... .... .... .... .... .... ..0. .... = Grants Per Interval: 0
.... .... .... .... .... .... .0.. .... = Unsolicited Grant Size: 0
.... .... .... .... .... .... 0... .... = Traffic Priority: 0
.... .... .... .... .... ...0 .... .... = Maximum Sustained Rate: 0
.... .... .... .... .... ..0. .... .... = Maximum Traffic Burst: 0
.... .... .... .... .... .0.. .... .... = Minimum Reserved Traffic
Rate: 0
.... .... .... .... .... 0... .... .... = Minium Packet Size: 0
.... .... .... .... ...0 .... .... .... = Maximum Concatenated Burst:
0
.... .... .... .... ..0. .... .... .... = Status Request/Transmission
Policy: 0
.... .... .... .... .0.. .... .... .... = Nominal Polling Interval: 0
.... .... .... .... 0... .... .... .... = Tolerated Poll Jitter: 0
.... .... .... ...0 .... .... .... .... = Type of Service Override: 0
B-15
OL-13499-04
.... .... .... ..0. .... .... .... .... = Maximum Downstream Latency:
0
Service Class Name:
Service Flow Scheduling Type: 1
VSA: l=6 t=CableLabs-MTA-UDP-Portnum(26): 0
CableLabs-MTA-UDP-Portnum: 0
VSA: l=6 t=CableLabs-SF-ID(30): 0
CableLabs-SF-ID: 0
VSA: l=4 t=CableLabs-Flow-Direction(50): Upstream(1)
CableLabs-Flow-Direction: Upstream (1)
BCID
Element ID: 0
Event Counter: 2
Event Message Type: QoS_Reserve (7)
Element ID: 0
Sequence Number: 3
Event Time: 20080602221700.000
Status: 0x00000008
.... .... .... .... .... .... .... ..00 = Status: No Error
(0x00000000)
Priority: 128
Attribute Count: 4
Event Object: 0
VSA: l=26 t=CableLabs-QoS-Descriptor(32):
QoS Status: 0x00000005
.... .... .... .... .... .... .... ..01 = Status Indication: Resource
Reserved but not Activated (1)
.... .... .... .... .... .... .... .1.. = Service Flow Scheduling
Type: 1
.... .... .... .... .... .... .... 0... = Grant Interval: 0
.... .... .... .... .... .... ...0 .... = Tolerated Grant Jitter: 0
.... .... .... .... .... .... ..0. .... = Grants Per Interval: 0
.... .... .... .... .... .... .0.. .... = Unsolicited Grant Size: 0
.... .... .... .... .... .... 0... .... = Traffic Priority: 0
.... .... .... .... .... ...0 .... .... = Maximum Sustained Rate: 0
.... .... .... .... .... ..0. .... .... = Maximum Traffic Burst: 0
.... .... .... .... .... .0.. .... .... = Minimum Reserved Traffic
Rate: 0
.... .... .... .... .... 0... .... .... = Minium Packet Size: 0
.... .... .... .... ...0 .... .... .... = Maximum Concatenated Burst:
0
.... .... .... .... ..0. .... .... .... = Status Request/Transmission
Policy: 0
.... .... .... .... .0.. .... .... .... = Nominal Polling Interval: 0
.... .... .... .... 0... .... .... .... = Tolerated Poll Jitter: 0
.... .... .... ...0 .... .... .... .... = Type of Service Override: 0
.... .... .... ..0. .... .... .... .... = Maximum Downstream Latency:
0
Service Class Name:
B-16
OL-13499-04
Service Flow Scheduling Type: 1
CableLabs-SF-ID: 0
VSA: l=4 t=CableLabs-Flow-Direction(50): Downstream(2)
CableLabs-Flow-Direction: Downstream (2)
BCID
Element ID: 0
Event Counter: 1
Event Message Type: Call_Answer (15)
Element ID: 0
Sequence Number: 4
Event Time: 20080602221701.000
Status: 0x00000008
.... .... .... .... .... .... .... ..00 = Status: No Error
(0x00000000)
Priority: 128
Attribute Count: 2
Event Object: 0
VSA: l=22 t=CableLabs-Charge-Number(16): 123
CableLabs-Charge-Number: 123
VSA: l=26 t=CableLabs-Related-Call-Billing-Correlation-ID(13):
Element ID: 0
Event Counter: 2
BCID
Element ID: 0
Event Counter: 2
Event Message Type: Call_Answer (15)
Element ID: 0
Sequence Number: 5
Event Time: 20080602221701.000
Status: 0x00000008
.... .... .... .... .... .... .... ..00 = Status: No Error
(0x00000000)
B-17
OL-13499-04
Priority: 128
Attribute Count: 2
Event Object: 0
VSA: l=22 t=CableLabs-Charge-Number(16): service
CableLabs-Charge-Number: service
Element ID: 0
Event Counter: 1
BCID
Element ID: 0
Event Counter: 1
Event Message Type: QoS_Commit (19)
Element ID: 0
Sequence Number: 6
Event Time: 20080602221701.000
Status: 0x00000008
.... .... .... .... .... .... .... ..00 = Status: No Error
(0x00000000)
Priority: 128
Attribute Count: 3
Event Object: 0
CableLabs-SF-ID: 0
BCID
Element ID: 0
Event Counter: 2
Event Message Type: QoS_Commit (19)
Element ID: 0
Sequence Number: 7
Event Time: 20080602221701.000
Status: 0x00000008
.... .... .... .... .... .... .... ..00 = Status: No Error
(0x00000000)
B-18
OL-13499-04
Priority: 128
Attribute Count: 3
Event Object: 0
CableLabs-SF-ID: 0
==========================================================================================
===================
Radius Protocol
Code: Accounting-Response (5)
Length: 20
Authenticator: EB0BD7E187D3301CB7D73349761F9DE0
[This is a response to a request in frame 1]
[Time from request: 0.041131000 seconds]
No. Time Source Destination Protocol Info
5 29.324537 77.111.1.51 200.200.1.2 RADIUS
Accounting-Request(4) (id=0, l=1162)
==========================================================================================
===================
Radius Protocol
Code: Accounting-Request (4)
Length: 1162
Authenticator: 78D7DE7EA0162046A7936593F80048D5
[The response to this request is in frame 6]
Attribute Value Pairs
AVP: l=6 t=NAS-IP-Address(4): 77.111.1.51
NAS-IP-Address: 77.111.1.51 (77.111.1.51)
AVP: l=6 t=Acct-Status-Type(40): Interim-Update(3)
Acct-Status-Type: Interim-Update (3)
AVP: l=26 t=Acct-Session-Id(44): HDq] 01+000000\000\000\000\001
Acct-Session-Id: HDq] 01+000000
BCID
Element ID: 0
Event Counter: 1
Event Message Type: Unknown (22)
Element ID: 0
Sequence Number: 8
Event Time: 20080602221731.000
B-19
OL-13499-04
Status: 0x00000008
.... .... .... .... .... .... .... ..00 = Status: No Error
(0x00000000)
Priority: 128
Attribute Count: 1
Event Object: 0
VSA: l=128 t=CableLabs-RTCP-Data(93): PS=0, OS=0, PR=0, OR=0, PD=0, OD=0,
PL=0, JI=0, LA=0, PC/RPS=0, PC/ROS=0, PC/RPR=0, PC/RPL=0,
PC/RJI=0\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\0
00\000\000\000
CableLabs-RTCP-Data: PS=0, OS=0, PR=0, OR=0, PD=0, OD=0, PL=0, JI=0, LA=0,
PC/RPS=0, PC/ROS=0, PC/RPR=0, PC/RPL=0, PC/RJI=0
BCID
Element ID: 0
Event Counter: 2
Event Message Type: Unknown (22)
Element ID: 0
Sequence Number: 9
Event Time: 20080602221731.000
Status: 0x00000008
.... .... .... .... .... .... .... ..00 = Status: No Error
(0x00000000)
Priority: 128
Attribute Count: 1
Event Object: 0
VSA: l=128 t=CableLabs-RTCP-Data(93): PS=0, OS=0, PR=0, OR=0, PD=0, OD=0,
PL=0, JI=0, LA=0, PC/RPS=0, PC/ROS=0, PC/RPR=0, PC/RPL=0,
PC/RJI=0\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\0
00\000\000\000
CableLabs-RTCP-Data: PS=0, OS=0, PR=0, OR=0, PD=0, OD=0, PL=0, JI=0, LA=0,
PC/RPS=0, PC/ROS=0, PC/RPR=0, PC/RPL=0, PC/RJI=0
BCID
Element ID: 0
Event Counter: 1
Event Message Type: QoS_Release (8)
Element ID: 0
Sequence Number: 10
Event Time: 20080602221731.000
Status: 0x00000008
B-20
OL-13499-04
.... .... .... .... .... .... .... ..00 = Status: No Error
(0x00000000)
Priority: 128
Attribute Count: 2
Event Object: 0
CableLabs-SF-ID: 0
BCID
Element ID: 0
Event Counter: 2
Event Message Type: QoS_Release (8)
Element ID: 0
Sequence Number: 11
Event Time: 20080602221731.000
Status: 0x00000008
.... .... .... .... .... .... .... ..00 = Status: No Error
(0x00000000)
Priority: 128
Attribute Count: 2
Event Object: 0
CableLabs-SF-ID: 0
BCID
Element ID: 0
Event Counter: 1
Event Message Type: Call_Disconnect (16)
Element ID: 0
Sequence Number: 12
Event Time: 20080602221731.000
Status: 0x00000008
.... .... .... .... .... .... .... ..00 = Status: No Error
(0x00000000)
B-21
OL-13499-04
Priority: 128
Attribute Count: 1
Event Object: 0
VSA: l=8 t=CableLabs-Call-Termination-Cause(11):
Source Document: BAF (0x0001)
Event Object: 16
BCID
Element ID: 0
Event Counter: 1
Event Message Type: Signaling_Stop (2)
Element ID: 0
Sequence Number: 13
Event Time: 20080602221731.000
Status: 0x00000008
.... .... .... .... .... .... .... ..00 = Status: No Error
(0x00000000)
Priority: 128
Attribute Count: 2
Event Object: 0
Element ID: 0
Event Counter: 2
Event Object: 16
BCID
Element ID: 0
Event Counter: 2
Event Message Type: Call_Disconnect (16)
Element ID: 0
Sequence Number: 14
Event Time: 20080602221731.000
Status: 0x00000008
.... .... .... .... .... .... .... ..00 = Status: No Error
(0x00000000)
B-22
OL-13499-04
Security
Priority: 128
Attribute Count: 1
Event Object: 0
Event Object: 16
BCID
Element ID: 0
Event Counter: 2
Event Message Type: Signaling_Stop (2)
Element ID: 0
Sequence Number: 15
Event Time: 20080602221731.000
Status: 0x00000008
.... .... .... .... .... .... .... ..00 = Status: No Error
(0x00000000)
Priority: 128
Attribute Count: 2
Event Object: 0
Element ID: 0
Event Counter: 1
Event Object: 16
==========================================================================================
===================
Radius Protocol
Code: Accounting-Response (5)
Length: 20
Authenticator: 663449DAB02BF4CC5480672195DFFFE0
[This is a response to a request in frame 5]
[Time from request: 0.063580000 seconds]
Security
The PacketCable 1.5 Event Messages Specification mandates that the billing messages are sent using the
RADIUS protocol and IPSec for security.
B-23
OL-13499-04
Security
Note In ACE SBC Release 3.0.00, only the RADIUS security mechanism, based on its own Request
Authenticator, is supported.
B-24
OL-13499-04
Security
C-1
OL-13499-04
A P P E N D I X C
Additional Information about Syslog Capabilities
You may decide to use the syslog protocol in order to see debug messages from the SBC application.
This appendix describes how use the syslog protocol to set the appropriate logging level.
For information about the commands used in this appendix, see the Application Control Engine Module
Command Reference at
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A1/command/refer
ence/cmdref.html.
Internal Log Levels
The SBC application uses an internal log-level in order to control logging to the file and console
(separate log-levels can be set for both). The default SBC logging level is 63 for both file and console.
You can change the default SBC logging level using the debug services sbc log-level console command
or the debug services sbc log-level file command.
The internal SBC application log-levels are mapped to syslog levels (<1-7>, where 1-alert; 2-critical;
3-error; 4-warning; 5-notif; 6-informational;7-debug) as follows:
Note The SBC internal log-level default (63) is OK for most purposes.
Log Level Syslog Level
80 alert
70 critical
63 error
60 warning
50 notice
40 informational
- debug
C-2
OL-13499-04
Enabling Syslog Functionality
To enable syslog functionality on the SBC, first set the internal log-levels, and then issue syslog-specific
logging commands. The following assumes a default level of 63 (no further action is needed if this is a
fresh reboot).
1. First, enable logging using the following commands:
host1/Admin(config)# logging enable
host1/Admin(config)# logging standby
Note The logging standby command allows synchronization of active and standby syslog settings.
2. Next, configure where you want the syslog messages to be sent:
Console: logging console <1-7>
host1/Admin(config)# logging console severity-level
Buffer: logging buffer <1-7>
host1/Admin(config)# logging buffered severity-level
Note Use the show logging command to see logging statistics and the logging buffer
Note Use the clear logging command to clear. the logging buffer.
Syslog server: logging trap <1-7>
host1/Admin(config)# logging host ip_address [tcp[/port] | udp[/port]]
host1/Admin(config)# logging trap severity-level
host1/Admin(config)# logging device-id {hostname | ipaddress interface_name | string
text | context-name}
Note The logging device-id command allows customization of syslog message when sending
thelog to a remote server.
host1/Admin(config)# logging facility number
Telnet sessions: logging monitor <1-7>
host1/Admin(config)# logging monitor severity-level
host1/Admin# terminal monitor
SNMP management station: logging history <1-7>
host1/Admin(config)# logging history severity-level
Supervisor: logging supervisor <1-7>
host1/Admin(config)# logging supervisor severity-level
3. Next, configure specific syslog message manipulation:
C-3
OL-13499-04
host1/Admin(config)# logging message syslog_id [level severity_level]
host1/Admin# show logging message
host1/Admin# clear logging
4. Finally, configure global syslog settings:
host1/Admin(config)# logging queue queue-size
host1/Admin# show logging queue
host1/Admin(config)# logging timestamp
host1/Admin(config)# logging rate-limit {num {interval | level severity_level |
message syslog_id} | unlimited {level severity_level | message syslog_id}}
host1/Admin# show logging
Note The logging queue size for the Admin context will be 8192.
C-4
OL-13499-04
D-1
OL-13499-04
A P P E N D I X D
Upgrading to Release 3.1.00
This appendix describes how to upgrade the SBC image to v3.1.0. Release 3.1.0 is not backwards
compatible with Release 3.0.2 because some configuration and functionality has changed and thus,
in-service upgrade from 3.0.x to 3.1.00 is not feasible.
Migration to release 3.1.0 requires a brief service downtime. Also, for a brief period of time during the
upgrade, the system is not be protected by a backup. Because ISSU is not supported, at one stage during
migration the existing sessions on the active blade will be lost.
The procedure described here is markedly different from the standard upgrade process for earlier
versions of SBC. Some individual steps may be identical.
This appendix defines the scope, approach, resources, schedule, risks and mitigations, and entry and exit
criteria that are required as part of upgrade planning. If the upgrade fails, this document describes steps
to fall back to the previous version and abort gracefully.
The output shown in this document reflects the output captured on the system where this process was
done. The configuration, location of the SBC in specific slots, VLAN configuration, supervisor card
configuration, supervisor image version of the actual system being upgraded will most likely not match
the description here. Also, it is assumed that the system is configured to boot the SBC from the local
flash on the ACE card. Thus, on an actual system the steps may be different
Definitions
As referenced in this document the states Active and Standby can be determined on the SBC by executing
the following command:
The output on an active blade is of the form:
Context Name: vlan100 Context Id: 1
Because all the FT groups have "My State" as FSM_FT_STATE_ACTIVE, the blade is in the Active
state.
The output on the standby blade is of the form:
ACTIVE
D-2
OL-13499-04
Appendix D Upgrading to Release 3.1.00
Assumptions
ACTIVE
Context Name: vlan100 Context Id: 1
Because all the FT groups have "My State" as FSM_FT_STATE_STANDBY_HOT, the blade is in
Standby state.
When the second SBC comes up, it goes through various state transitions before going to
FSM_FT_STATE_STANDBY_HOT. Until that time, do not execute the ft switchover command on the
Active blade.
If there are active calls/subscribers on the active SBC, synchronizing them to the standby SBC can take
some time (proportional to the number of sessions or subscribers).
Note Before the upgrade, save Release 3.0.2 based configurations to disk0 (as sbc3.0.2.cfg), then remove
billing configuration on the active and execute a write memory all command on both active and standby
blades. If the upgrade fails, copy the disk0:3.0.2.cfg to running configuration to retrieve the original
configuration and save it again with the write memory all command.
Note During upgrade, until the Blade A is Active and Blade B is Standby at version 3.1.00, do not do a write
memory command on either of the blades. The write memory command will save the new
configuration, which is not backwards compatible, with version 3.0.2. Thus, in case the upgrade fails,
the configuration, if saved, will not work with the version 3.0.2 image.
Note The procedure describes the commands as executed on the sample system. Your configuration may vary
and thus, the exact sequence of steps may vary.
Assumptions
This upgrade procedure makes the following assumptions:
The SBC is in slots 3 and 4, referred to as slot3 and slot4. The SBC in slot3 is Active and the SBC
in slot4 is Standby.
Both the slots are at version 3.0.2 and are being upgraded to 3.1.0.
The SBC is configured to boot from the internal flash and thus the image needs to be copied to the
SBC. During the upgrade process, the SBC is booted from the image located on disk0 of the
Supervisor card.
High Level Steps
This section provides a high level overview of the upgrade process. It also lists the steps to fall back to
the existing 3.0.2 version if the upgrade of either slot3 or slot4 fails. The steps are a summary of the
detailed steps and do not exactly match the detailed steps.
1. Backup the current configuration on both cards.
D-3
OL-13499-04
High Level Steps
2. Remove the billing configuration and save the configuration on both slot3 and slot4 as startup-config
(write memory all command).
3. Copy the 3.1.0 image to disk0: of the supervisor and then to the internal flash of both slot3 and slot4.
4. Remove slot4 from svclc on SUP.
a. Card slot3 is functional as Active without a backup.
5. Change boot string for slot4 to 3.1.0 and reset from SUP (boot slot4).
a. Wait for slot4 to boot to Active state, when successful. go to step 6.
b. On failure to boot to Active, change boot string to 3.0.2 and reset slot4.
c. Add slot4 to svclc before it has booted up.
d. Slot4 should come up as Standby with 3.0.2.
e. Reconfigure billing if it was unconfigured.
f. When state is synchronized (to STANDBY_HOT), execute the write memory all command.
g. Upgrade failed, abort (collect relevant data).
6. Add new billing configuration to slot4.
7. Remove slot3 from svclc on SUP.
a. Active calls on slot3 will be dropped, leading to total outage while (b) is done
b. Add slot4 to svclc on SUP.
c. Slot4 will start acting as Active with no backup.
8. Change boot string for slot3 to 3.1.0 and reset from SUP (boot slot3).
9. Add slot3 to svclc immediately after the reset above.
10. If slot3 successfully comes up as standby, do a ft switchover command when in steady state and
reboot slot4 as Standby:
a. Save running configuration as startup config.
b. The upgrade is complete at this stage.
11. If slot3 fails to come up as active:
a. Remove slot3 from svclc.
b. Copy saved 3.0.2 configuration to startup configuration (to get original billing configuration).
c. Change boot string to 3.0.2 and reset slot3.
d. Wait for slot3 to come up as Active.
e. Remove slot4 from svclc. This leads to total outage until (f) below is done.
f. Add slot3 to svclc.
g. Change boot string for slot4 to 3.0.2 and reset slot4.
h. Immediately add slot4 to svclc.
i. Slot3 is active and slot4 will be standby when it comes up.
j. Collect relevant data. Upgrade failed.
D-4
OL-13499-04
Pre-Upgrade Procedure
In this procedure, we are upgrading from image 3.0.2 to image 3.1.0. Here we assume that the ACE card
slot3 inserted in slot 3 is Active and ACE card slot4 inserted in slot 4 is Standby. The actual location of
Active and Standby cards in your configuration will vary.
The pre-upgrade process collects various data from the running system. The output shown here is sample
output. You should collect the corresponding data and save it to have it available for troubleshooting.
Note In this document, sample output is only shown for certain commands. You should collect output for all
the commands shown here.
1. Ensure that the server holding the 3.1.00 image is accessible from the supervisor module (ping from
supervisor to confirm):
Sup# ping bizarre
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 64.102.16.25, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
Sup#
2. Verify the md5sum of the image on the tftp server:
Note On some UNIX/LINUX servers, this should be cksum.
bizarre# md5sum c76-sbck9-mzg.3.0.1_AS31_0.bin
This should match the md5sum as documented on the Cisco Connections Online (CCO) site from
which the image was obtained.
3. Copy the image to the disk0 of the supervisor. On supervisor, execute the following:
sup# copy tftp://bizarre/test/ c76-sbck9-mzg.3.0.1_AS31_0.bin disk0:
4. Verify the checksum after upload to the supervisor by executing the following command (The output
of this should match the output from step 2 above):
sup# verify /md5 disk0:c76-sbck9-mzg.3.0.1_AS31_0.bin
5. Copy the image to both active and standby cards:
sup# copy disk0:c76-sbck9-mzg.3.0.1_AS31_0.bin tftp://127.0.0.30/mnt/cf/
sup# copy disk0:c76-sbck9-mzg.3.0.1_AS31_0.bin tftp://127.0.0.40/mnt/cf/
6. Execute the following commands on the supervisor and capture the output of the same (a partial
sample output is shown here):
a. Execute the show version command:
sup# show version
Cisco IOS Software, c7600s72033_rp Software (c7600s72033_rp-IPSERVICES-M), Version
12.2(33)SRC1, RELEASE SOFTWARE
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Fri 23-May-08 05:13 by prod_rel_team
D-5
OL-13499-04
ROM: System Bootstrap, Version 12.2(17r)S4, RELEASE SOFTWARE
Sup uptime is 8 weeks, 5 days, 2 hours, 31 minutes
Uptime for this control processor is 8 weeks, 5 days, 2 hours, 29 minutes
System returned to ROM by reload at 11:30:26 PDT Thu Jul 3 2008 (SP by reload)
System restarted at 15:40:25 UTC Wed Feb 25 2009
System image file is "bootdisk:c7600s72033-ipservices-mz.122-33.SRC1.bin"
Last reload type: Normal Reload
cisco CISCO7606-S (R7000) processor (revision 1.0) with 458720K/65536K bytes of
memory.
Processor board ID FOX1221GH0X
SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 Cache
Last reset from s/w reset
7 Virtual Ethernet interfaces
50 Gigabit Ethernet interfaces
2 Ten Gigabit Ethernet interfaces
b. Execute the show running-config command:

sup# how running-config
Current configuration : 6144 bytes
!
! Last configuration change at 15:12:41 UTC Wed Apr 22 2009
! NVRAM config last updated at 14:16:37 UTC Wed Apr 15 2009
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service counters max age 10
!
hostname Sup
!
boot-start-marker
boot device module 3 disk0:c76-sbck9-mzg.3.0.1_AS30_2.bin
boot device module 4 disk0:c76-sbck9-mzg.3.0.1_AS30_2.bin
boot-end-marker
!
vrf definition vlan100
description subnet 101.101.101.x
rd 55:1111
!
address-family ipv4
exit-address-family
!
vrf definition vlan200
description subnet 102.102.102.x
rd 56:1112
!
address-family ipv4
exit-address-family
!
enable password cisco
!
no aaa new-model
D-6
OL-13499-04
c. Exectue the show module command:
sup# show module
Mod Ports Card Type Model Serial No.
--- ----- -------------------------------------- ------------------ -----------
1 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX JAF1221BQGF
3 1 Application Control Engine Module ACE20-MOD-K9 SAD1239008S
4 1 Application Control Engine Module ACE20-MOD-K9 SAD121301Y9
5 2 Supervisor Engine 720 (Active) WS-SUP720-3B JAF1221AKFF
Mod MAC addresses Hw Fw Sw Status
--- ---------------------------------- ------ ------------ ------------ -------
1 001f.cae7.3d94 to 001f.cae7.3dc3 3.0 12.2(18r)S1 12.2(33)SRC1 Ok
3 0022.55b3.cc60 to 0022.55b3.cc67 2.4 8.7(0.22)ACE 3.0(1)AS31(0 Ok
4 001f.9e1a.f70e to 001f.9e1a.f715 2.3 8.7(0.22)ACE 3.0(1)AS31(0 Ok
5 001e.be6e.8e34 to 001e.be6e.8e37 5.6 8.5(2) 12.2(33)SRC1 Ok
Mod Sub-Module Model Serial Hw Status
---- --------------------------- ------------------ ----------- ------- -------
1 Centralized Forwarding Card WS-F6700-CFC JAF1220CEPN 4.0 Ok
5 Policy Feature Card 3 WS-F6K-PFC3B JAF1221AJJA 2.3 Ok
5 MSFC3 Daughterboard WS-SUP720 JAF1221AJSB 3.1 Ok
Mod Online Diag Status
---- -------------------
1 Pass
3 Pass
4 Pass
5 Pass
d. Execute the dir disk0 command:
sup# dir disk0 :
e. Execute the show run command to check svclc configuration on supervisor:
host1/Admin# show run | inc svclc
7. Open a session on the active ACE module (slot3); execute the commands below and collect the
output as appropriate:
sup# session slot 3 processor 0
(This opens a session into the slot, login with the ACE module username and password; default
username is "admin" and default password is "admin.")
host1/Admin# show version
(This is sample output, your output will vary.)
Cisco Application Control Software (Session Border Controller)
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2007, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.
Software
D-7
OL-13499-04
loader: Version 12.2[120]
system: Version 3.0(1)AS31(0) [build 3.0(1)AS31(0) test_07:14:20-2009/04/
27_/ws/test-rtp/sub]
system image file: [SUP] disk0:c76-sbck9-mzg.3.0.1_AS30_2.bin
installed license: no feature license is installed
Hardware
Cisco ACE (slot: 3)
cpu info:
number of cpu(s): 2
cpu type: SiByte
cpu: 0, model: SiByte SB1 V0.2, speed: 700 MHz
cpu: 1, model: SiByte SB1 V0.2, speed: 700 MHz
memory info:
total: 953560 kB, free: 70244 kB
shared: 0 kB, buffers: 3992 kB, cached 0 kB
cf info:
filesystem: /dev/cf
total: 1014624 kB, used: 381360 kB, available: 633264 kB
last boot reason: Service "sbc"
configuration register: 0x1
slot3 kernel uptime is 0 days 0 hour 34 minute(s) 11 second(s)
host1/Admin# dir image:
(This sample shows a partial output. Your output will vary. The image
c76-sbck9-mzg.3.0.1_AS31_0.bin must be present.)
6085 Dec 12 20:38:56 2008 sbcworking.cfg
Usage for image: filesystem
390512640 bytes total used
648462336 bytes free
1038974976 bytes available
host1/Admin# dir core:
slot3/Admin# dir core:
Usage for core: filesystem
1068032 bytes total used
202029056 bytes free
203097088 bytes available
If this directory is not empty, clear it using the command:
slot3/Admin# clear cores
Continue with the following commands:
slot3/Admin# dir disk0:
slot3/Admin# show running-config
slot3/Admin# sh bootvar
BOOT variable = "disk0:c76-sbck9-mzg.3.0.1_AS30_2.bin "
(Your output could vary depending on whether you areusing a 3.0.0 or 3.0.1 image)
Continue with the following commands:
slot3/Admin# show ft group status
slot3/Admin# show ft group brief
slot3/Admin# show services sbc <name> rsrcmon
slot3/Admin# show services sbc <name> version
slot3/Admin# show services sbc <name> memstats
slot3/Admin# show services sbc <name> sbe calls
slot3/Admin# show services sbc <name> sbe call-stats currenthour
D-8
OL-13499-04
Detailed Upgrade Procedure
8. Open a session on the standby ACE (slot4) module and collect the output by executing the following
commands:
sup# session slot 4 processor 0
slot4/Admin# show version
slot4/Admin# dir image:
slot4/Admin# dir core:
slot4/Admin# dir disk0:
slot4/Admin# show running-config
slot4/Admin# sh bootvar
slot4/Admin# show ft group status
slot4/Admin# show ft group brief
9. Verify that the SBC is configured to boot from the internal flash on the ACE.
Sup# show hw-module slot 4 boot
Boot option for module 4 is 0
slot4/Admin# show bootvar
BOOT variable = "disk0:c76-sbck9-mzg.3.0.1_AS30_2.bin"
(Your output above should indicate: disk0:c76-sbck9-mzg.3.0.1_AS30_2.bin or a 3.0.0 or 3.0.1
image.)
10. Pre-upgrade configuration changes:
a. Save running configuration on both active and standby as 3.0.2 config
slot3/Admin# copy running-config disk0:sbc_3_0_2.cfg
slot4/Admin# copy running-config disk0:sbc_3_0_2.cfg
b. Unconfigure billing on active (slot3) if present:
slot3/Admin# conf t
slot3/Admin(config)# sbc mysbc
slot3/Admin(config-sbc)# sbe
slot3/Admin(config-sbc-sbe)# no billing remote
slot3/Admin(config-sbc-sbe)# end
c. On both active and standby cards (slot3 and slot4), execute:
slot#/Admin$ write mem all
d. Backup the configuration on both active and standby:
slot3/Admin# copy running-config disk0:sbc3.1_nobilling.cfg
slot4/Admin# copy running-config disk0:sbc3.1_nobilling.cfg
1. Modify slot4 boot configuration on supervisor, by executing the following command:
Sup(config)# boot device module 4 disk0: c76-sbck9-mzg.3.0.1_AS31_0.bin
2. Remove slot4 svclc config on SUP and boot slot4 from eobc by executing the following commands:
a. Reboot slot4 from eobc.
D-9
OL-13499-04
Note Executing the no svclc command before resetting the module may cause the active side
(module 3) to hang. You may need to reset module 4 before executing the no svclc command.
SUP# hw-module module 4 boot eobc
SUP# hw-module module 4 reset
Note Card slot3 is functional as active without a backup (on slot3, peer state is
FSM_FT_STATE_UNKNOWN). While the above command is executed, card in slot4 will
show state as active and peer state of FSM_FT_STATE_UNKNOWN.
b. Wait, and then during slot4 boot up, excute the following commands:
Sup(config)# no svclc module 4 vlan-group 99,100,200
Sup(config)# end
Card in slot4 removed from svclc.
Execute step 3 below after slot4 bootup (You can use the session command to connect to s lot 4).
3. Promote slot4 (with 3.1 to active) and migrate slot3 to 3.1:
a. Remove slot3 from svclc on SUP by executing the command:
Active calls on slot3 will be dropped, leading to total outage until (3b) is done.
b. Add slot4 to svclc on SUP by executing the command:
Sup(config)# svclc module 4 vlan-group 99,100,200
Slot4 will start acting as Active, without a Standby. If failure, go to step 4
Billing for active slot is still not configured, so calls will not be billed until step 5.
Go to step 5 for billing.
4. If slot4 fails to come up as active, follow these steps:
a. Add slot3 back to the svclc as follows:
Sup(config)# svclc module 3 vlan-groups 99,100,200
Sup(config)# end
b. Change boot string to 3.0.2 and reset slot4:
Sup(config)# end
Sup# hw-module module 4 boot config-register
Sup# hw-module module 4 reset
c. Add slot4 to svclc before it has booted up:
Slot4 boots to 3.0.2 from image in disk0: of slot4.
Slot4 should come up as Standby with 3.0.2.
Upgrade failed, abort (collect console output to analyze failure. If there is a corefile on slot4,
upload it to a tftpserver for offline analysis).
D-10
OL-13499-04
5. Add new billing configuration to slot4.
This is deployment specific, see the Billing chapter. You might want to have the configuration in a
file where it can be pasted in sbc config mode.
6. Wait and verify new active Release 3.1.0 SBC behaviour is correct.
7. Modify slot3 boot configuration on sup by executing the commands:
Sup(config)# end
8. Boot slot3 from eobc.
SUP# hw-module module 3 boot eobc
SUP# hw-module module 3 reset
Slot3 starts booting after a few seconds.
Execute step 8 below after executing the hw-module module 3 reset command. (Do not wait.)
9. Add slot3 to svclc immediately after reset above by executing the commands:
Sup(config)# end
10. If slot3 successfully comes up as Standby, change boot configuration for slot4 by executing the
commands below, otherwise go to step 11:
SUP# hw-module module 4 boot config-register
slot4/Admin(config)# config-register 1
slot4/Admin(config)# boot system image: c76-sbck9-mzg.3.0.1_AS31_0.bin
slot4/Admin(config)# no boot system image: c76-sbck9-mzg.3.0.1_AS30_2.bin
slot4/Admin(config)# do write mem all
slot4/Admin(config)# end
11. Revert to slot3 being Active and slot4 as Standby:
slot3/Admin#: show ft group brief
My State:FSM_FT_STATE_STANDBY_HOT
The above output should appear for all the Ft groups on slot3.
a. Now change slot3 to act as Active and slot4 as Standby by executing:
slot4/Admin# ft switchover
This command will cause card to switchover.
Slot3 becomes Active and slot4 comes up in Standby mode.
While slot4 is booting, slot3 is Active without a Standby.

b. Change the boot configuration for slot3 by executing:
slot3/Admin(config)# hw-module module 3 boot config-register
slot3/Admin(config)# config-register 1
slot3/Admin(config)# boot system image: c76-sbck9-mzg.3.0.1_AS31_0.bin
slot3/Admin(config)# no boot system image: c76-sbck9-mzg.3.0.1_AS30_2.bin
slot3/Admin(config)# do write mem all
D-11
OL-13499-04
c. Verify the status by executing the following commands and capturing the output:
Slot3 should indicate FSM_FT_STATE_ACTIVE and slot4 should indicate
FSM_FT_STATE_STANDBY_HOT for all Ft groups (when slot4 is up).
d. Execute the show version command on both slot3 and slot4 and capture the outputs.
Both SBCs should be at at 3.1.0.
Upgrade is now complete.
e. Execute the following command on both SBCs:
slot3/Admin#: clear cores
slot4/Admin#: clear cores
12. If slot3 fails to come up as standby in step 10:
a. Remove slot3 from svclc:
Sup(config)# end
b. Change boot setting and reset slot3:
Slot3 comes up with 3.0.x image from the ACE card disk.
c. Remove slot4 from svclc. This leads to total outage until (d).
d. Wait for slot3 to come up as Active.
e. Change boot setting for slot4 to 3.0.2 and reset slot4.
Slot4 comes up with 3.0.x image from the ACE card disk.
f. Immediately add slot4 to svclc:
Sup(config)# do write mem
Slot3 is Active and slot4 will be Standby when it comes up.
g. Upgrade failed. Capture console output from sup, ace and any crash files from the ace for
analysis.
D-12
OL-13499-04
Post Upgrade Steps
Post Upgrade Steps
Context Configuration
SBC context configuration is automatically changed once upgraded to 3.1 from 3.0.x image. The
previous configuration was of the form:
context <context-name>
subcommands
New configuration will be of the form:
context <context-name> context-id <number>
subcommands
The "context-id <number>" is auto-generated in Release 3.1.00. When new contexts are defined, it is
recommended to add the full command, with an unused "number."
Billing Configuration
The billing configuration has changed. Please refer to the configuration guide to get the latest
configuration commands.
GL-1
OL-13499-04
G L O S S A R Y
#
1:1 redundancy Mechanism to provide redundancy by ensuring that for each piece of hardware there is a backup that
can take over non disruptively.
1:n redundancy Mechanism to provide redundancy by ensuring that for each n identical pieces of hardware, there is a
single backup that can take over non disruptively in the case of a single failure.
A
AAA address Authentication, authorization, accounting address. This is the IP address used when contacting billing
or authentication servers. AAA performs user/endpoint authentication prior to forwarding a request to
an upstream.
Call Admission Control (CAC) to control DBE
Quality of service (QoS)
Network Address Port Translation (NAPT) binding
Firewall pinhole
Call detail record (CDR) generation for billing
account An account represents a service relationship with a remote organization on the SBE. Each adjacency
is assigned to an account, which is used to define customer-specific Call Admission Control and
routing policy configuration.
admission control
policy
A set of rules on the SBE that define system and call level restrictions.
ALG Application layer gateway. A bridge for traffic between two networks. It has knowledge of, and
operates at the level of, the application generating the traffic.
B
B2BUA Back-to-back user agent. This is a piece of software that links together the signaling flows for two legs
of a call, providing a bridge between them with local termination for each leg.
Glossary
GL-2
OL-13499-04
C
CAC Call Admission Control. This is the set of actions taken by a network during the set-up phase of a call
event to determine whether the event should be accepted or rejected.
call policy An interconnected set of rules used to configure how SBC responds to new call events. It includes
number analysis, routing, and CAC.
CDR Call detail record. The billing record for a phone call.
CE See PE.
codec Compressor/decompressor. A codec is any technology for compressing and decompressing data,
typically audio or video.
control address IP address on the SBE or DBE used for terminating the H.248 control traffic between SBE and SBE.
Also used in AAA control traffic.
D
DoS protection Protects SBE from DoS (Denial of Service) attack.
DBE Data border element, also known as the media proxy. Represents the media-handling portion (RTP,
RTCP, and so on) of the SBC. There can be only one DBE per service card. However, the DBE can be
partitioned into several virtual DBEs (VDBEs). The DBE supports the following services:
Bandwidth allocation, Call Admission Control (CAC), and Service Level Agreement (SLA)
Monitoring
Policing, marking (DSCP), and rate limiting
RSVP proxy
Firewall (media pinholes)
Security functions
NAPT traversing
Topology hiding
VPN aware (VPN interconnect)
Quality monitoring and statistics gathering
DSP service control Engages in the codec negotiation procedures and enforces policy on codecs being negotiated to control
digital signal processor (DSP) service.
DiffServ Differentiated services. A mechanism for marking IP traffic with different priorities.
DoS Denial of service. A malicious attempt to overload a piece of hardware in some way.
DMZ Demilitarized zone. This is a small subnetwork that sits between a trusted private network, such as a
corporate LAN, and an untrusted public network, such as the public Internet.
Glossary
GL-3
OL-13499-04
F
firewall A system designed to protect a computer network from unauthorized access, especially through the
Internet.
H
H.248 H.248 (or Megaco) is a VoIP signaling protocol, usually used between a dumb device and a clever
controller. It is similar in functionality (if not syntax) to MGCP. It is used to communicate between
SBC and DBE in a distributed SBC system.
H.323 A protocol used for signaling for VoIP.
HSD Hot software downgrade.
L
Lawful intercept Provides intercept-related information (IRI) and call content intercept (replication of the media
streams).
load-related
services (sharing
and balancing)
SBE may also perform load balancing when it sends a message to multiple upstream or downstream
servers.
location ID Identifies the location of DBE within the network.
M
media address Pool of IP addresses on the DBE for media relay functionality. A separate pool of addresses is defined
for each VPN that the DBE is attached to. All vDBEs within the DBE draw media addresses from these
pools.
media bypass An SBC function allowing media to bypass DBE and flow directly between two endpoints within the
same customer network or VPN.
media transcoding
device
A type of media gateway that can convert between media codec types in real time. SBEs sometimes
include a combination of vDBE and a media transcoding device in the data path of a single call.
megaco See H.248.
MGCP Media Gateway Control Protocol. This is a VoIP signaling protocol, usually used between a dumb
device and a clever controller. It is similar in functionality (if not syntax) to H.248/Megaco. It is
defined in RFC 2705.
Glossary
GL-4
OL-13499-04
MPLS Multiprotocol Label Switching. Protocol used for network traffic flow shaping and management.
message scrubbing
for identity and
address hiding
Hiding end-user identifying information and end-user IP-addresses by adding, removing, or
modifying the identity and IP address information in the signaling headers.
N
NAT Network Address Translator. This is a program or piece of hardware that converts an IP address from
a private address to a public address in real time. It allows multiple users to share a single public IP
address.
NAT traversal Detects that the endpoints are behind a NAT device and provide NAT traversal.
NNI Network to network interface. The border between two carriers.
Number analysis A set of rules to determine whether a called number is valid and, optionally, to assign a category to
the call or edit the called number.
O
OAM Operation, administration, and maintenance.
P
PE Provider edge. This is a piece of equipment situated at the edge of a service providers network,
typically contrasted with Customer Edge (CE) equipment.
POTS Plain old telephone service. This is the standard telephone service that most homes use. It is also
referred to as the PSTN.
PSTN Public Switched Telephone Network. The worlds collection of interconnected voice-oriented public
telephone networks.
R
RADIUS Remote Authentication Dial-In User Service. Protocol used by SIG to connect to call accounting
services or authentication services.
routing policy A set of rules on the SBE to determine the next-hop VoIP signaling entity to which a signaling
request should be sent. It defines whether a given called number is valid, and if so, where to send
outbound signaling.
RSIP Realm-Specific Internet Protocol. An IP address translation technique that is an alternative to NAT.
RSIP lets an enterprise safeguard many private Internet addresses behind a single public Internet
address.
Glossary
GL-5
OL-13499-04
RTCP Real-Time Control Protocol. A protocol to carry information on the performance of RTP traffic.
RTP Real-Time Protocol. This is the dominant protocol for carrying VoIP media data. It is defined in
RFC 3550.
S
SBE Signaling border element (also known as signaling proxy). Represents the signaling agent of the SBC
to handle all call processing through SIP or H.323 protocols. There can be only one signaling agent
per service card. An SBE typically controls one or more media gateways. The SBE supports the
following services:
Call Admission Control (CAC)
Signaling scrubbing
Security functions
Routing
Registration/authentication
Identity hiding
Topology hiding
Protocol conversion
Facilitate transcoding by communicating with the media gateway or media server
SDP Session Description Protocol. A syntax for describing key features of media streams, including
codecs, IP addresses and ports, bit rates, and other information. It is defined in RFC 2327.
Session Control
Interface (SCI)
SCI controls the various DBE entities in a distributed mode of operation.
signaling address IP address on the SBE for terminating VoIP signaling (that is, SIP, H.323). A signaling address may
be qualified by a VPN ID (VRF name) if the SBE needs to be assigned private addresses specific to
particular VPNs.
signaling protocol
translation and
interworking
Performs protocol translation between different signaling protocols such as SIP and H.323.
SIP Session Initiation Protocol. A protocol used for signaling for VoIP.
SLA Service Level Agreement. The contract between a service provider and the customer that specifies the
level of service that will be provided.
SNMP Simple Network Management Protocol. An Internet standard that defines methods for remotely
managing active network components such as hubs, routers, and bridges.
SP Service provider.
SVI Service virtual interface.
Glossary
GL-6
OL-13499-04
T
TCP Transmission Control Protocol. The connection-oriented, transport-level protocol used in the TCP/IP
suite of communications protocols.
TLS Transport Layer Security. A protocol that provides data integrity and privacy on a communications
link over the Internet. It allows client/server applications to communicate and is designed to prevent
eavesdropping, message forgery, and interference.
topology and
infrastructure
hiding
Hiding organization topology and infrastructure by removing routing information or by modifying the
From/Contact information in the signaling headers.
transcoder Technology for converting between different codecs.
U
UDP User Datagram Protocol. This is a transport layer protocol in the TCP/IP protocol suite, used in the
Internet. UDP is used at the two ends of a data transfer. It does not establish a connection or provide
reliable data transfer like TCP.
UNI User-to-Network Interface. The border between a service provider and the customer.
V
VDBE Represents a resource partition within a DBE. A VDBE is a type of media gateway. Each VDBE can
be controlled by a separate SBE using the H.248 (Megaco) protocol.
VoIP Voice over IP.
VPN Virtual Private Network.
VRF Virtual Routing and Forwarding Instances
VoIP signaling peer Peer device within the VoIP signaling network.
VoIP event Significant events within the VoIP network, such as new calls, call updates, and subscriber
registrations.

IN-1
OL-13499-04
I N D E X
A
account command 11, 14, 10, 11, 14, 15, 17
ACE module 1
action (SBC SBE SIP) command 20, 22
activate command 7, 16
adding new terminations 2
adjacencies
about implementing 2
defined 1
detail 1
H.323
configuration examples 22, 23
configuring 8
how they affect media routing 5
overview 7
properties common to SIP and H.323 3
SIP
configuration examples 26
configuring 13
adjacency h323 command 11, 8, 10, 11, 12
adjacency sip command 2, 13, 14, 15, 16, 18, 20, 21, 27, 28, 30,
31, 36, 4, 6, 8, 12, 18, 21, 29
affinity, CoS 2
alerting 2
allow private info command 35
any class of service 5
application control engine 1
attach command 2, 3, 12, 14, 10, 14, 16, 17
attach-controllers command 16
authentication endpoint command 42
authentication-key command 42
B
BGP 7
billing
event messages 2
multiple server support 2
out-of-band event messages 4
unsupported messages 4
events messages
batching 3
integrated systems 1
overview 7
billing, fault tolerance 11
cold failover 12
warm failover 11
billing, security 22
billing services 1
border gateway protocol 7
bridging 1
C
cac-policy-set command 8
cac-table command 8, 61
call
incoming 7
logging 7
call-agent-signaled upspeed 2
callee-privacy command 62
callee-sig-qos-profile command 62
callee-video-qos-profile command 69
callee-voice-qos-profile command 71
caller-privacy command 62

Index
IN-2
OL-13499-04
caller-video-qos-profile command 10
caller-voice-qos-profile command 10, 84
call load 1
category (NA-DST) command 82
chassis supported 1
Cisco 7600 series router 1
guidelines 1
hardware 1
restrictions 1
software 1
support 1
classes of service 2
classification 5
class of service
any class 5, 6
video 6
clear services command 69
clear services sbc sbe policy-failure-stats src-adjacency
command 89, 90, 91, 92, 94, 95
codec 7
codec command 103
codec packetization-period command 107
codecs command 106
collecting QoS statistics 5
command 3, 11, 13, 10, 11, 14, 15, 17, 5
command conventions xxiv
congestion 1
control plane overload conditions 1
CoS affinity 2
creating IPv4 media addresses 6
D
DBE
addresses 6
configuring 1, 5, 7
deact-mode command 132
default route 8
deployment models
distributed 2
unified 1
differentiated services code point 5
DSCP 5
DSCP bits 5
DTMF 1
DTMF, interworking
overview 5
dual tone multifrequency 5
E
early-media-timeout command 206
edit-cic command 210
edit command 203
entry command 9
event logging 7
events
generating 2
F
fast-register disable command 14, 16
fault tolerance 6
fax over IP 6
feature history 1
firewall traversal
overview 8
firewall upgrades 8
first-cac-scope command 220
first-cac-table command 8
first-call-routing-table command 395
first-number-analysis-table command 224, 395

Index
IN-3
OL-13499-04
G
G.711 passthrough 1
generating events 2
signaling-peer 3, 11, 13, 10, 11, 14, 15, 17, 5
glossary
detail 1
group command 226
H
H.248 protocol 2
H.323 adjacencies
common properties with SIP 3
configuration examples 22, 23
configuring 8
overview 4
h248-profile command 234
h248-profile-version command 236
history of feature 1
I
ICMP ping 5
in-channel signaling 5
ingress line card 5
Interconnection Border Control Function 1
IP address, assigning 7
ip precedence command 4, 249
IP stack 5
IP-to-IP connection 1
ip TOS command 250
ip tos command 4
J
jitter 2
K
key command 252
L
latency 2
local address command 249
local-id host command 13
logging
call 7
M
marking command 3
match-address command 269
match-adjacency command 270
match-cic 271
match-type command 9
match-value command 10
max-channels command 290
max-regs-rate command 300, 302
media address, defning 1
media addresses 5
media-address ipv4 command 7, 16
media-address pool command 6
media address pools
about 2
configuring 3, 17, 19
example 7
restrictions 2
media bridging 1
media-bypass-bypass command 14
media-bypass command 12, 14
media-bypass-forbid command 320
media gateway controller 2
media packet forwarder 5
media streams 7
messaging 7

Index
IN-4
OL-13499-04
method command 323
method-profile command 323
MIBs 12
modes
data border element 3
global configuration 3
SBC service 3
MPF component 5
multi-VRF 2
overview 6
N
na-dst-prefix-table command 326, 328
na-src-account-table command 331
NAT 8
overview 8
nat command 326
nat-enable command 5, 6
Network Address Translation (NAT) 4
network address translator 8
network-id command 335
O
overload conditions 1
P
paired protection 1
payload types 2
PCMU 7
policies
detail 1
overview 7
policy failure statistics
about 9, 1
commands
automatically tracked 3
per entry 2
per table 2
time-based 2
hunting 4 to 6
restrictions 1
port range
VoIP 2
prerequisites for configuration
detail 1
primary service 2
priority command 354
privacy restrict outbound command 357
private network 5
profiles, SIP
header
how to apply 27
parameter
how to apply 27
how to configure 25
protecting traffic 5
protocols
border gateway 7
H248 2
UDP-TL 1
User Datagram 1
VoIP signaling 2
provisioning 1
Proxy-Call Session Control Function 1
pulse code modulation u-law 7
Q
QoS (marking)
overview 5
qos sig command 359
qos voice command 3, 361

Index
IN-5
OL-13499-04
R
RADIUS-based call logging 7
ras retry command 364
rate limit 5
reason command 372
record-based call logging 7
redirect-limit command 374
redundancy (high availability)
overview 6
registration rewrite-register command 14, 16
registration target address command 17
registration target address host command 14
registration target port command 14, 17
remote-address ipv4 command 2, 3, 11, 13, 10, 11, 14, 15, 16, 5
reporting
data border element 1
overload conditions 1
resource-priority command 385
resource-priority-set command 385
restrictions
rogue packets 2
routing
default route 8
RPS (Routing Policy System) 33
rtg-carrier-id-table command 391
rtg-dst-domain-table command 397
rtg-round-robin-table command 401
rtg-src-account-table command 403
rtg-src-adjacency-table command 407
rtg-src-domain-table command 408
S
SBC, accounts
defined 1
sbc command 4, 8, 9, 12, 14, 18, 21, 27, 30, 36, 4, 6, 8, 7, 11, 18, 20,
26, 29, 3, 5, 6, 7
SBC features 3
SBE
relationship with other network elements 3
sbe command 4, 8, 9, 12, 15, 18, 21, 27, 30, 36, 4, 6, 8, 6, 7, 10, 11,
16, 18, 20, 23, 26, 29, 3, 7, 4
secure-media command 413, 414
security threats 2
sequential IPv4 media addresses 6
service card 1
show services sbc dbe addresses command 417
show services sbc dbe h248-profile command 428
show services sbc dbe media-flow-stats command 439
show services sbc sbe adjacencies command 439, 443
show services sbc sbe blacklist command 446
command 453
command 455
show services sbc sbe cac-policy-set command 459
show services sbc sbe call-policy-set command 461, 467,
468
show services sbc sbe call-policy-set-table entries
command 470, 471
show services sbc sbe call-stats command 468, 469
show services sbc sbe codec-list command 476
show services sbc sbe h323 timers command 478
show services sbc sbe hold-media-timeout command 477
show services sbc sbe media-gateways command 481
command 486
dst-adjacency 488
command 488
command 490
command 492
show services sbc sbe qos-profiles command 494
show services sbc sbe radius-client-stats command 496
show services sbc sbe radius-server-stats command 499
show services sbc sbe redirect-limit command 501

Index
IN-6
OL-13499-04
show services sbc sbe sip essential-headers command 502
command 501
show services sbc sbe sip header-profile command 510
show services sbc sbe sip header-profiles command 512
show services sbc sbe sip method-profiles command 513
show services sbc sbe sip timers command 515
signaling-address ipv4 command 2, 3, 11, 13, 10, 11, 13, 14, 15,
16, 5, 515
signaling-peer command 2, 14, 523
signaling-peer-port command 2, 3, 11, 13, 10, 11, 14, 15, 17, 5,
527
signaling-port command 2, 3, 11, 13, 10, 11, 14, 15, 16, 5, 528
signaling protocol 2
SIP 6
SIP (Session Initiation Protocol)
encrypted signaling
functions 31
UAS (User Agent Server) 33
SIP adjacencies
common properties with H.323 3
configuration examples 26
configuring 13
overview 3
security 32
sip encryption key command 531
sip home network identifier command 532
sipi command 535
SIP INFO method 5
sip inherit profile command 536
sip option-profile (SBC SBE SIP) command 540
sip timer command 536
sip visited network identifier command 545
softswitches 7
source address alerting 2
spoofed traffic 5
standalone call logging 7
standby service 2
statistics, policy failure
about 9, 1
commands
automatically tracked 3
per entry 2
per table 2
time-based 2
hunting 4 to 6
restrictions 1
SUP 720-3B 1
SUP 720-3BXL 1
Supervisor 720-3B 1
Supervisor 720-3BXL 1
T
T.38 passthrough 1
tcp-connect-timeout command 549
tcp-idle-timeout command 550
Telnet, access 10
terminations, adding 2
threats to security 2
traffic 1
transcoding 1
detail 1
overview 7
translating media streams 7
trigger-period command 546, 574
trigger-size command 562
troubleshooting
bad getbuffer log message 10
U
UAS (User Agent Server)
client side processing 33
server side processing 33
unexpected source address 2
unexpected source addresses 6
unified messaging 7

Index
IN-7
OL-13499-04
V
VLANs
configuring 2, 34
maximum 2
voicemail 7
VoIP 2
events 7
port range 2
VoIP signaling protocol 2
vrf command 11, 13

SBC 7600 Config Guide PDF

Transféré par

Informations du document

Description originale:

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

SBC 7600 Config Guide PDF

Transféré par

Droits d'auteur :

Formats disponibles

Americas Headquarters

Cisco Systems, Inc.

b. Execute the show running-config command:

Vous aimerez peut-être aussi