H.323 Gatekeeper Enable

Default = Off

This settings enables gatekeeper operation.

H.323 Signaling over TLS

Default = Disabled. For hosted deployments, default = Preferred.

When enabled, TLS is used to secure the registration and call signaling communication between IP Office and endpoints that support TLS. The H.323 phones that support TLS are 9608, 9611, 9621, and 9641 running firmware version 6.6 or higher.

When enabled, certificate information is configured in the 46xxSettings.txt file on IP Office and automatically downloaded to the phone. When IP Office receives a request from the phone for an identity certificate, IP Office searches its trusted certificate store and finds the root CA that issued its identity certificate. IP Office then provides the root CA as an auto-generated certificate file named Root-CA-xxxxxxxx.pem.

For information on IP Office certificates, see Security > Certificates.

The options are:

• Disabled: TLS is not used.

• Preferred: Use TLS when connecting to a phone that supports TLS.

• Enforced: TLS must be used. If the phone does not support TLS, the connection is rejected.

  When set to Enforced, the Remote Call Signaling Port setting is disabled.

If TLS security is enabled (Enforced or Preferred), it is recommended that you enable a matching level of media security on System Settings > System > VoIP Security.

H.323 Remote Extn Enable

Default = Off.

The system can be configured to support remote H.323 extensions in the case where NAT is used in the connection path. This could be the case where the IP Office is located behind a corporate NAT/Firewall router and/or the  H.323 phone is located behind residential NAT enable router.

The use of this option and the interaction and configuration of external third party elements is beyond the scope this help file.

In the case where the public IP address of the corporate router is unknown, the LAN's Network Topology settings should be used to configure a STUN Server. Enabling H.323 Remote Extn Enable allows configuration of the RTP Port number Range (NAT) settings.

Auto-create Extn

Default = Off

The field to set up auto creation of extensions for H.323 phones registering themselves with the System as their gatekeeper. If selected, the system displays the Auto Create Extension Password window prompting you to type a Password and Confirm Password. This password is used for subsequent auto creation of extensions. A message H.323 Auto-Create Extension option is active is flashed next to the Auto Create Extension field till the option is cleared. SIP Extensions use a separate setting, see below. This setting is not supported on systems configured to use WebLM server licensing.

If using resilience backup to support Avaya IP phones, Auto-create Extn and Auto-create User should not be left enabled after initial configuration or any subsequent addition of new extensions and users. Leaving auto-create options enabled on a system that is a failover target may cause duplicate extension/user records on the multi-site network under multiple failure scenarios.

For security, any auto-create settings that are enabled are automatically disabled after 24 hours.

SIP Trunks Enable

Default = On.

This settings enables support of SIP trunks. It also requires entry of SIP Trunk Channels licenses.

Enabling SIP Trunks Enable allows configuration of the RTP Port number Range (NAT) settings.

SIP Registrar Enable

Default = Off.  

If enabled, the IP Office can act as a SIP Registrar to which SIP endpoints register.

• Separate SIP registrars can be configured on LAN1 and LAN2.

• Registration of a SIP endpoint requires an available IP Endpoints license.

• SIP endpoints are also still subject to the extension capacity limits of the system.

SIP Remote Extn Enable

Default = Off.

The system can be configured to support remote SIP extensions in the case where NAT is used in the connection path. This could be the case where the IP Office is located behind a corporate NAT/Firewall router and/or the SIP phone is located behind residential NAT enable router.

• This option cannot be enabled on both LAN1 and LAN2.

• The use of this option and the interaction and configuration of external third party elements is beyond the scope this help file.

In the case where the public IP address of the corporate router is unknown, the LAN's Network Topology settings should be used to configure a STUN Server. Enabling SIP Remote Extn Enable allows configuration of:

• the Remote UDP Port, Remote TCP Port, Remote TLS Port settings

• the Port Number Range (NAT) settings

Allowed SIP User Agents

Default = Block Blacklist Only

Select which SIP devices can register with the IP Office system, using SIP User Agents specified on System > VoIP > Access Control Lists tab.

Auto-create Extn/User

Default = Off.

The field to set up auto creation of extensions for SIP phones registering themselves with the SIP registrar. If selected, the system prompts you to enter and confirm the password is used for subsequent auto creation of extensions.

• This setting is not supported on systems configured to use WebLM server licensing.

• For security, any auto-create settings set to On are automatically set to Off after 24 hours.

SIP Domain Name

Default = Blank

This value is used by SIP endpoints for registration with the IP Office system. SIP endpoints register with IP Office using their SIP address that consists of their phone number and IP Office SIP domain. Since IP Office does not allow calls from unauthorized entities, the SIP domain does not need to be resolvable. However, the SIP domain should be associated with FQDN (Fully Qualified Domain Name) for security purposes. The entry should match the domain suffix part of the SIP Registrar FQDN below, for example, example.com. If the field is left blank, registration uses the LAN 1, LAN2, or public IP address.

SIP Registrar FQDN

Default = Blank

The fully-qualified domain name to which the SIP endpoint send their registration requests. For example, sbc.example.com.

• This FQDN is also used for Avaya Cloud Services and Avaya Push Notification Services

The customer DNS must resolve this FQDN to an IP address that routes to the IP Office. That is:

• For local extensions, the IP address of the IP Office LAN.

• For remote extensions, the external IPv4 address of the Avaya SBC or customer firewall that routes to the IP Office.

Challenge Expiry Time (secs)

Default = 10.

The challenge expiry time is used during SIP extension registration. When a device registers, the IP Office SIP Registrar sends a challenges and waits for a response. If a response is not received within this timeout, the registration fails.

Layer 4 Protocol

Default = TCP 5060 + UDP 5060.

Sets the ports on which the IP Office listens for SIP extension connections. Note that most SIP clients use TLS/TCP/UDP in order of priority unless configured otherwise, and will not fallback to a lower priority protocol even if it is enabled on the IP Office.

• UDP Port: Default = 5060 Enabled.

• TCP Port: Default = 5060 Enabled.

• TLS Port: Default = 5061 Disabled.

The following additional port settings are used if SIP Remote Extn Enable is selected. Otherwise, the ports above are used for all SIP extension connections. They set the ports the ports on which the IP Office listens for SIP extension connections from remote extensions:

• Remote UDP Port: Default = 5060 Enabled.

• Remote TCP Port: Default = 5060 Enabled.

• Remote TLS Port: Default = 5061 Disabled.

Port Number Range

For each VoIP call, a receive port for incoming Real Time Protocol (RTP) traffic is selected from a defined range of possible ports, using the even numbers in that range. The Real Time Control Protocol (RTCP) traffic for the same call uses the RTP port number plus 1, that is the odd numbers.

On some installations, it may be a requirement to change or restrict the port range used. It is recommended that only port numbers between 49152 and 65535 are used, that being the range defined by the Internet Assigned Numbers Authority (IANA) for dynamic usage.

Port Range (minimum)

Default: IP500 V2 = 46750/Linux = 40750. Range = 1024 to 65530.

This sets the lower limit for the RTP port numbers used by the system.

Port Range (maximum)

Default = 50750. Range = 1024 to 65530.

This sets the upper limit for the RTP port numbers used by the system.

Port Range (minimum)

Default: IP500 V2 = 46750/Linux = 40750. Range = 1024 to 65530.

This sets the lower limit for the RTP port numbers used by the system.

Port Range (maximum)

Default = 50750. Range = 1024 to 65530.

This sets the upper limit for the RTP port numbers used by the system.

Enable RTCP Monitor On Port 5005

Default = On.

For 1600, 4600, 5600, 9600 and J100 Series phones, the system can collect VoIP QoS (Quality of Service) data from the phones. For other phones, including non-IP phones, it can collect QoS data for calls that use a VCM channel. The QoS data collected by the system is displayed by the System Status Application.

• This setting is mergeable. However, it is only applied to IP phones when they register with the system. Therefore, any change to this setting requires the IP phones that have already registered to be rebooted. IP phones can be remotely rebooted using the System Status Application.

• The QoS data collected includes: RTP IP Address, Codec, Connection Type, Round Trip Delay, Receive Jitter, Receive Packet Loss.

• This setting is not the same as the RTCPMON option within Avaya H.323 phone settings. The system does not support the RTCPMON option.

RTCP collector IP address for phones

Default = Blank.

Sets the destination for the RTCP Monitor data described above. This enables you to send the data collected to a third party QoS monitoring application.

The Enable RTCP Monitor On Port 5005 must be turned Off to enable this field. Changes to this setting requires a reboot of the phones.

Scope

Default = Disabled

Select whether the sending of keepalive packets should be disabled or sent for RTP or for both RTP and RTCP.

Periodic timeout

Default = 0 (Off). Range = 0 to 180 seconds.

Sets how long the system will wait before sending a keepalive if no other packets of the select SCOPE are seen.

Initial keepalives

Default = Disabled.

If enabled, keepalives can also been sent during the initial connection setup.

DSCP (Hex)

Default = B8 (Hex)/46 (decimal). Range = 00 to FF (Hex)/0 to 63 (decimal)

The DiffServ Code Point (DSCP) setting applied to the media on VoIP calls. By default, this value is applied to both audio and video unless a separate video value is set.

Video DSCP (Hex)

Default = B8 (Hex)/46 (decimal). Range = 00 to FF (Hex)/0 to 63 (decimal)

The DSCP setting applied to video VoIP calls.

DSCP Mask (Hex)

Default = FC (Hex)/63 (decimal). Range = 00 to FF (Hex)/0 to 63 (decimal)

The mask applied to packets for the DSCP value.

SIG DSCP (Hex)

Default = 88 (Hex)/34 (decimal). Range = 00 to FF (Hex)/0 to 63 (decimal)

This DSCP setting applied to the call signaling on VoIP calls. This must not match the settings used for the media.

Primary Site Specific Option Number (4600/5600)

Default = 176. Range = 128 to 254.

A site specific option number (SSON) is used as part of DHCP to request additional information. 176 is the default SSON used by 4600 Series and 5600 Series IP phones.

Secondary Site Specific Option Number (1600/9600)

Default = 242. Range = 128 to 254.

Similar to the primary SSON. 242 is the default SSON used by 1600 and 9600 Series IP phones requesting installation settings via DHCP.

VLAN

Default = Not present. This option is applied to H.323 phones using the system for DHCP support. If set to Disabled, the L2Q value indicated to phones in the DHCP response is 2 (disabled). If set to Not Present, no L2Q value is included in the DHCP response.

1100 Voice VLAN Site Specific Option Number (SSON)

Default = 232.

This is the SSON used for responses to 1100/1200 Series phones using the system for DHCP.

1100 Voice VLAN IDs

Default = Blank.

For 1100/1200 phone being supported by DHCP, this field sets the VLAN ID that should be provided if necessary. Multiple IDs (up to 10) can be added, each separated by a + sign.