Installation and Administration Guide for the Cisco TelePresence Exchange System Release 1.0

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Book Contents

Find Matches in This Book

Available Languages

Download Options

Book Title

Installation and Administration Guide for the Cisco TelePresence Exchange System Release 1.0

Chapter Title

Configuring Cisco Session Border Controllers

PDF - Complete Book (2.64 MB) PDF - This Chapter (142.0 KB)
View with Adobe Reader on a variety of devices

Results

Updated:: October 31, 2013

Chapter: Configuring Cisco Session Border Controllers

Creating a Session Border Controller Interface
Creating a Management Interface
Creating the SBC Instance
Configuring the Signaling Border Element
Defining a Media Address

Configuring Cisco Session Border Controllers

Revised June 30, 2011

This section describes the Cisco TelePresence Exchange System configuration requirements for the session border controller (SBC) functionality.

This section includes the following topics:

•Creating a Session Border Controller Interface

•Creating a Management Interface

•Creating the SBC Instance

•Configuring the Signaling Border Element

•Defining a Media Address

The procedures in this section assume that a Cisco Aggregation Series Router (Cisco ASR) serves as an SBC, and that the router is installed and active in the network. See the Release Notes for the Cisco TelePresence Exchange System document for information about the Cisco routers that support SBC functionality. The document is available at http://www.cisco.com/go/ctx-relnotes.

For more information about configuring the SBC on the Cisco ASR, see the Cisco Unified Border Element (SP Edition) Configuration Guide: Unified Model document at http://www.cisco.com/en/US/docs/routers/asr1000/configuration/guide/sbcu/2_xe/sbcu_2_xe_book.html.

For more details on the commands shown in the configuration commands below, see the Cisco Unified Border Element (SP Edition) Command Reference: Unified Model document at http://www.cisco.com/en/US/docs/ios/sbc/command/reference/sbcu_book.html.

Note Cisco Unified Border Element (SP Edition) was formerly known as Integrated Session Border Controller and may be referenced in this document as the session border controller (SBC).

Creating a Session Border Controller Interface

You must create an SBC interface for each SBC module in the Cisco ASR and assign at least one primary IP address to the interface.

Procedure

To configure the SBC interface, do the following procedure:


	Command	Purpose
Step 1	Router# configure terminal	Enters global configuration mode.
Step 2	Router(config)# interface sbc interface-number	Creates a virtual SBC interface on the Cisco ASR.
Step 3	Router(config-if)# ip address {IPv4 ip address} {IPv4 subnet address}	Assigns a primary IP address and subnet mask to the SBC interface.
Step 4	Router(config-if)# ip address {IPv4 ip address} {IPv4 subnet address} secondary	(Optional) Assigns a secondary IP address and subnet mask to the SBC interface.

The following example shows how to create an SBC interface and assign primary and secondary IP addresses and subnet masks:

Router(config)# interface sbc 1

Router(config-if)# ip address 10.22.141.100 255.255.255.248

Router(config-if)# ip address 10.22.141.101 255.255.255.248 secondary

Router(config-if)# ip address 10.22.141.102 255.255.255.248 secondary

Creating a Management Interface

You must define at least one management interface on the Cisco ASR for Telnet and SSH remote access.

Procedure

To define a management interface, do the following procedure:


	Command	Purpose
Step 1	Router(config)# GigabitEthernet module / slot / port	Enters interface configuration mode for the specified interface.
Step 2	Router(config-if)# ip address {IPv4 ip address} {IPv4 subnet address}	Assigns an IP address and subnet mask to the management interface.
Step 3	Router(config-if)# negotiation auto	Enables negotiation of the speed, duplex mode, and flow control on the Gigabit Ethernet interface.

The following example shows how to configure a management interface:

Router(config)# interface GigabitEthernet 0/0/0

Router(config-if)# ip address 10.22.139.84 255.255.255.224

Router(config-if)# negotiation auto

Creating the SBC Instance

To configure the signaling border element (SBE) and data border element (DBE) on the SBC, you first create an SBC instance.

Procedure

To create the SBC instance, do the following procedure:


	Command	Purpose
Step 1	Router(config)# sbc service-name	Creates the SBC instance and enters SBC configuration mode.
Step 2	Router(config-sbc)# sbe	Enters SBE configuration mode.
Step 3	Router(config-sbc-sbe)# secure-media	Enables media pass through, which configures the SBC to treat every media flow as an encrypted media flow. This action enables DTLS and SRTP media packets to pass through the SBC.

The following example shows how to create the SBC instance and enable secure media pass through:

Router(config)# sbc mmsbc

Router(config-sbc)# sbe

Router(config-sbc-sbe)# secure-media

Configuring the Signaling Border Element

You configure the signaling border element (SBE) to enable SIP signaling functionality such as header and method profiles, adjacencies, call admission control policies, route tables and blacklists.

SBE configuration is described in the following sections:

•Configuring Default Profiles

•Creating Adjacencies

•Configuring CAC Policy

•Configuring Call Policies

•Configuring SIP Timers

•Defining Blacklists

Configuring Default Profiles

Procedure

To configure the default profiles on the SBE, do the following procedure:


	Command	Purpose
Step 1	Router(config)# sbc service-name	Enters SBC configuration mode for the specified SBC instance.
Step 2	Router(config-sbc)# sbe	Enters SBE configuration mode.
Step 3	Router(config-sbc-sbe)# sip-header profile profile-name	Configures a header profile for the SBE. Enter default as the profile-name to configure the default header profile. The default profile is used for all adjacencies that do not have a specific profile configured.
Step 4	Router(config-sbc-sbe-sip-hdr)# header header-name	Adds the specified header to the profile.
Step 5	Router(config-sbc-sbe-sip-hdr-e le)# action pass {add-first-header \| add-header \| as-profile \| drop-msg \| pass \| replace-name \| replace-value \| strip}	Configures the action to take on the header. For the Cisco TelePresence Exchange System configuration, always set the action to pass, which allows the message to proceed.
Step 6	Router(config-sbc-sbe-sip-hdr-e le)# exit Router(config-sbc-sbe-sip-hdr)# exit	Exits the header profile configuration mode.
Step 7	Router(config-sbc-sbe)# sip method-profile default	Configure a method profile for the SBE. Enter default as the profile-name to configure the default method profile. The default profile is used for all adjacencies that do not have a specific profile configured.
Step 8	Router(config-sbc-sbe-sip-mth)# pass-body	Permits SIP message bodies to pass through.
Step 9	Router(config-sbc-sbe-sip-mth)# method method-name	Adds a method with a specified name to a SIP message profile.
Step 10	Router(config-sbc-sbe-sip-mth)# action pass	Configures the action to take for the message. For the Cisco TelePresence Exchange System configuration, always set the action to pass, which allows the message to proceed.
Step 11	Router(config-sbc-sbe-sip-mth)# exit	Exits the method profile configuration mode.
Step 12	Router(config-sbc-sbe)# sip option-profile default	Configures the default SIP option profile for either a SIP option white list or black list profile on the SBE.
Step 13	Router(config-sbc-sbe-sip-opt)# option opt-name	Adds an option to the profile.
Step 14	Router(config-sbc-sbe-sip-opt)# exit	Exits the option profile configuration mode.

The following example shows how to define default header and method profiles:

Router(config)# sbc mmsbc

Router(config-sbc)# sbe

Router(config-sbc-sbe)# sip-header profile default

Router(config-sbc-sbe-sip-hdr-prf)# header Allow entry 1

Router(config-sbc-sbe-sip-hdr-prf-ent)# action pass

Router(config-sbc-sbe-sip-hdr-prf)# header Reason entry 1

Router(config-sbc-sbe-sip-hdr-prf-ent)# action pass

Router(config-sbc-sbe-sip-hdr-prf)# header SERVER entry 1

Router(config-sbc-sbe-sip-hdr-prf-ent)# action pass

Router(config-sbc-sbe-sip-hdr-prf)# header DIVERSION entry 1

Router(config-sbc-sbe-sip-hdr-prf-ent)# action pass

Router(config-sbc-sbe-sip-hdr-prf)# header Allow-Events entry 1

Router(config-sbc-sbe-sip-hdr-prf-ent)# action pass

Router(config-sbc-sbe-sip-hdr-prf)# header session-expiry entry 1

Router(config-sbc-sbe-sip-hdr-prf-ent)# action pass

Router(config-sbc-sbe-sip-hdr-prf)# header Session-Expires entry 1

Router(config-sbc-sbe-sip-hdr-prf-ent)# action pass

Router(config-sbc-sbe-sip-hdr-prf)# header RESOURCE-PRIORITY entry 1

Router(config-sbc-sbe-sip-hdr-prf-ent)# action pass

Router(config-sbc-sbe)# sip method-profile default

Router(config-sbc-sbe-sip-mth)# pass-body

Router(config-sbc-sbe-sip-mth)# method INFO

Router(config-sbc-sbe-sip-mth)# action pass

Router(config-sbc-sbe-sip-mth)# method REFER

Router(config-sbc-sbe-sip-mth)# action pass

Router(config-sbc-sbe-sip-mth)# method INVITE

Router(config-sbc-sbe-sip-mth)# action pass

Router(config-sbc-sbe-sip-mth)# method NOTIFY

Router(config-sbc-sbe-sip-mth)# action pass

Router(config-sbc-sbe-sip-mth)# method OPTION

Router(config-sbc-sbe-sip-mth)# action pass

Router(config-sbc-sbe-sip-mth)# method UPDATE

Router(config-sbc-sbe-sip-mth)# action pass

Router(config-sbc-sbe-sip-mth)# method SUBSCRIBE

Router(config-sbc-sbe-sip-mth)# action pass

Router(config-sbc-sbe)# sip-option profile default

Router(config-sbc-sbe-sip-opt)# option TIMER

Router(config-sbc-sbe-sip-opt)# option REPLACES

Router(config-sbc-sbe-sip-opt)# exit

Creating Adjacencies

An adjacency represents a signaling relationship with a remote call agent. The adjacency defines protocol-specific parameters as well as admission control and routing policy. Each incoming call is matched to an adjacency, and each outgoing call is routed out over an adjacency.

You need to create adjacencies between the SBE and the following network elements:

•Cisco Application Control Engine

•Hosted Cisco Unified Communications Manager

•Both Cisco TelePresence Exchange System call engines

Also, you need to create an adjacency for each remote SP to which we provide interconnect service.Procedure

To create an adjacency, do the following procedure:


	Command	Purpose
Step 1	Router(config-sbc-sbe)# adjacency (sip \| h323} adjacency-name	Enters configuration mode for the specified SIP or H.323 adjacency. For the Cisco TelePresence Exchange System configuration, enter sip as the type of adjacency.
Step 2	Router(config-sbc-sbe-adj-sip)# nat force-off	Configures network address translation (NAT) for the adjacency. Note The nat force-off option is the only supported option in this configuration. The nat force-off option sets the SIP adjacency to assume that all endpoints are not behind a NAT device.
Step 3	Router(config-sbc-sbe-adj-sip)# hunting-trigger error-codes	Configures SIP to retry routing to the adjacency if it receives one of the specified error codes.
Step 4	Router(config-sbc-sbe-adj-sip)# preferred-transport {tcp\|udp}	Sets the preferred transport protocol for SIP signaling on the adjacency.
Step 5	Router(config-sbc-sbe-adj-sip)# signaling-address{ipv4_IP_address\|i pv6_IP_address}	Configures the local IP signaling address of the SIP adjacency.
Step 6	Router(config-sbc-sbe-adj-sip)# signaling-port port-num [max- port-num]	Configures the local port number for the signaling address of the SIP adjacency. Specify a maximum port number to configure a range of port values. The default port number is 5060.
Step 7	Router(config-sbc-sbe-adj-sip)# statistics-setting summary	Enables the show sbc sbe sip-method-stats command to display a summary level of statistics about SIP request names.
Step 8	Router(config-sbc-sbe-adj-sip)# remote-address ipv4 remote-address	Restricts the set of remote signaling peers that can be contacted over the adjacency to those with the given IP address prefix. Note For Cisco TelePresence Exchange System configuration, enter the virtual IP (VIP) address of the Cisco ACE as the remote address.
Step 9	Router(config-sbc-sbe-adj-sip)# signaling-peer peer-name	Configures the SIP adjacency to use the specified remote signaling-peer. Specify the IPv4 address of the signaling peer in dotted-decimal format. Note For Cisco TelePresence Exchange System configuration, enter the VIP address of the Cisco ACE as the signaling peer.
Step 10	Router(config-sbc-sbe-adj-sip)# attach	Attaches the adjacency to the SBC instance. The adjacency is now available for SIP call processing.

The following example shows how to create an adjacency between the SBE and the Cisco ACE:

Router(config)# sbc mmsbc

Router(config-sbc)# sbe

Router(config-sbc-sbe)# adjacency sip SBC-ACE

Router(config-sbc-sbe-adj-sip)# nat force-off

Router(config-sbc-sbe-adj-sip)# hunting-trigger 408 500 503

Router(config-sbc-sbe-adj-sip)# preferred-transport tcp

Router(config-sbc-sbe-adj-sip)# signaling-address ipv4 10.22.141.100

Router(config-sbc-sbe-adj-sip)# statistics-setting summary

Router(config-sbc-sbe-adj-sip)# signaling-port port-num 5060

Router(config-sbc-sbe-adj-sip)# remote-address ipv4 10.22.141.98 255.255.255.255

Router(config-sbc-sbe-adj-sip)# signaling-peer 10.22.141.98

Router(config-sbc-sbe-adj-sip))# attach

The following example shows how to create an adjacency between the SBC and the Unified CM and how to define a call admission control policy for the SBE:

Router(config)# sbc mmsbc

Router(config-sbc)# sbe

Router(config-sbc-sbe)# adjacency sip UNCM-SBC

Router(config-sbc-sbe-adj-sip)# nat force-off

Router(config-sbc-sbe-adj-sip)# hunting-trigger 408 500 503

Router(config-sbc-sbe-adj-sip)# preferred-transport tcp

Router(config-sbc-sbe-adj-sip)# signaling-address ipv4 10.22.141.100

Router(config-sbc-sbe-adj-sip)# signaling-port port-num 5060

Router(config-sbc-sbe-adj-sip)# remote-address ipv4 10.22.139.70 255.255.255.255

Router(config-sbc-sbe-adj-sip)# signaling-peer 10.22.139.70

Router(config-sbc-sbe-adj-sip)# attach

Configuring CAC Policy

You need to define call admission control (CAC) policy to instruct the SBC to ignore the media bandwidth fields in the session description protocol (SDP) messages.

Procedure

To define a CAC policy, do the following procedure:


	Command	Purpose
Step 1	Router(config-sbc-sbe)# cac-policy-set policy-set-id	Creates a new CAC policy set for the SBE. The new CAC policy set is empty until you define additional parameters for the policy.
Step 2	Router(config-sbc-sbe-cacpolicy)# first-cac-table table-name	Defines the first policy table to process when performing the admission control stage of policy.
Step 3	Router(config-sbc-sbe-cacpolicy)# cac-table table-name	Creates an admission control table for the CAC policy set created in Step 1.
Step 4	Router(config-sbc-sbe-cacpolicy -cactable)# table-type policy set	Configures the CAC table type. Policy set specifies that the event is applied to all entries in the table.
Step 5	Router(config-sbc-sbe-cacpolicy -cactable)# entry entry-id	Creates an entry in the CAC table.
Step 6	Router(config-sbc-sbe-cacpolicy -cactable-entry)# media bandwidth-fields ignore	Sets the media flag to ignore the media bandwidth fields (b-line) in the session description protocol (SDP) messages. The SBC will use the CODEC value in the SDP message to calculate the baseline bandwidth required for the media stream.
Step 7	Router(config-sbc-sbe-cacpolicy -cactable-entry)# action cac-complete	Configures the action to perform after this entry in the CAC table. The cac-complete keyword specifies that no further action is required for this CAC policy.
Step 8	Router(config-sbc-sbe-cacpolicy -cactable-entry)# exit	Exits the CAC table entry configuration mode.
Step 9	Router(config-sbc-sbe-cacpolicy)# complete	Marks the end of a CAC policy set definition.
Step 10	Router(config-sbc-sbe-cacpolicy)# exit	Exits the CAC policy configuration mode.
Step 11	Router(config-sbc-sbe)# active-cac-policy-set policy-set-id	Sets the active CAC policy set within the SBE.

The following example shows how to define a call admission control policy for the SBE:

Router(config-sbc-sbe)# cac-policy-set 1

Router(config-sbc-sbe-cacpolicy)# first-cac-table BW

Router(config-sbc-sbe-cacpolicy)# cac-table BW

Router(config-sbc-sbe-cacpolicy-cactable)# table-type policy set

Router(config-sbc-sbe-cacpolicy-cactable)# entry 1

Router(config-sbc-sbe-cacpolicy-cactable-entry)# media bandwidth-fields ignore

Router(config-sbc-sbe-cacpolicy-cactable-entry)# action cac-complete

Router(config-sbc-sbe-cacpolicy-cactable-entry)# exit

Router(config-sbc-sbe-cacpolicy)# complete

Router(config-sbc-sbe-cacpolicy)# exit

Router(config-sbc-sbe)# active-cac-policy-set 1

Configuring Call Policies

Create a call policy set to contain the incoming and outgoing route tables. The route tables provide a mapping of each incoming and outgoing call to its corresponding adjacency.

Entries in the SBC route table must match the corresponding entries in the Cisco TelePresence Exchange System routing tables. The carrier ID that you insert on an incoming route (or use as the match parameter on an outgoing route) needs to match the SBC Tag field in the Cisco TelePresence Exchange System. See the "Configuring Routes" section on page 12-1 for information about configuring routes on the Cisco TelePresence Exchange System.

Procedure

To create a call policy set and configure the route tables, do the following procedure:


	Command	Purpose
Step 1	Router(config-sbc-sbe)# call-policy-set policy-set-id	Creates a new policy set for processing calls within the SBE.
Step 2	Router(config-sbc-sbe-rtgpolicy)# first-call-routing-table table-name	Configures the name of the first routing table for new-call events.
Step 3	Router(config-sbc-sbe-rtgpolicy)# rtg-src-adjacency-table table-id	Creates a new routing table whose entries match the source adjacency.
Step 4	Router(config-sbc-sbe-rtgpolicy -rtgtable)# entry entry-id	Creates an entry in the routing table.
Step 5	Router(config-sbc-sbe-rtgpolicy -rtgtable-entry)# action {complete \| {next-table go-to-table-name } }	Specifies the next routing table to process if the event matches the entry. Action complete specifies that no further action is required.
Step 6	Router(config-sbc-sbe-rtgpolicy -rtgtable-entry)# edit-cic replace ds	Replaces the carrier ID in the SIP message with the specified digit string.
Step 7	Router(config-sbc-sbe-rtgpolicy -rtgtable-entry)# dst-adjacency target-adjacency	Configures the destination adjacency for calls that match this table entry.
Step 8	Router(config-sbc-sbe-rtgpolicy -rtgtable-entry)# match-adjacency key	Configure the source adjacency as the match value for this table entry.
Step 9	Router(config-sbc-sbe-rtgpolicy -rtgtable-entry)# exit	Exits the routing table entry (rtgtable-entry) mode.
Step 10	Router(config-sbc-sbe-rtgpolicy -rtgtable)# exit	Exits the routing table (rtgtable) mode.
Step 11	Router(config-sbc-sbe-rtgpolicy)# rtg-carrier-id-table table-id	Creates a new routing table whose entries match the carrier ID field.
Step 12	Router(config-sbc-sbe-rtgpolicy -rtgtable)# entry entry-id	Creates an entry in the routing table.
Step 13	Router(config-sbc-sbe-rtgpolicy -rtgtable-entry)# action {complete \| {next-table go-to-table-name } }	Specifies the next routing table to process if the event matches the entry. Action complete specifies that no further action is required.
Step 14	Router(config-sbc-sbe-rtgpolicy -rtgtable-entry)# edit-cic replace ds	Replaces the carrier ID in the SIP message with the specified digit string.
Step 15	Router(config-sbc-sbe-rtgpolicy -rtgtable-entry)# dst-adjacency target-adjacency	Configures the destination adjacency of an entry in a routing table.
Step 16	Router(config-sbc-sbe-rtgpolicy -rtgtable-entry)# match-cic key	Configures the carrier ID match value of the entry.
Step 17	Router(config-sbc-sbe-rtgpolicy -rtgtable-entry)# exit	Exits the routing table entry (rtgtable-entry) mode.
Step 18	Router(config-sbc-sbe-rtgpolicy -rtgtable)# exit	Exits the routing table (rtgtable) mode.
Step 19	Router(config-sbc-sbe-rtgpolicy)# complete	Marks the end of a call policy set definition.
Step 20	Router(config-sbc-sbe-rtgpolicy)# exit	Exits the routing policy (rtgpolicy) mode.
Step 21	Router(config-sbc-sbe)# active-call-policy-set policy-set-id	Activates the call policy set.

The following example shows how to create a call policy for the SBE and match it to an adjacency:

Router(config-sbc-sbe)# call-policy-set 1

Router(config-sbc-sbe-rtgpolicy)# first-call-routing-table INCOMING

Router(config-sbc-sbe-rtgpolicy)# rtg-src-adjacency-table INCOMING

Router(config-sbc-sbe-rtgpolicy-rtgtable)# entry 1

Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# action complete

Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# edit-cic replace 200

Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# dst-adjacency SBC-ACE

Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-adjacency WMT-ADJ1

Router(config-sbc-sbe-rtgpolicy-rtgtable)# entry 2

Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# action complete

Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# edit-cic replace 400

Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# dst-adjacency SBC-ACE

Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-adjacency SBC-UNCM

Router(config-sbc-sbe-rtgpolicy-rtgtable)# entry 3

Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# action next-table CIC-OUTGOING

Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-adjacency SBC-ACE

Router(config-sbc-sbe-rtgpolicy-rtgtable)# entry 4

Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# action next-table CIC-OUTGOING

Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-adjacency SBC-Engine1

Router(config-sbc-sbe-rtgpolicy-rtgtable)# entry 5

Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# action next-table CIC-OUTGOING

Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-adjacency SBC-Engine2

Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# exit

Router(config-sbc-sbe-rtgpolicy)# rtg-carrier-id-table OUTGOING

Router(config-sbc-sbe-rtgpolicy-rtgtable)# entry 1

Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# action complete

Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# edit-cic replace 0

Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# dst-adjacency WMT-ADJ1

Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-cic 200

Router(config-sbc-sbe-rtgpolicy-rtgtable)# entry 2

Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# action complete

Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# edit-cic replace 0

Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# dst-adjacency SBC-UNCM

Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-cic 200

Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# exit

Router(config-sbc-sbe-rtgpolicy-rtgtable)# exit

Router(config-sbc-sbe-rtgpolicy)# complete

Router(config-sbc-sbe-rtgpolicy)# exit

Router(config-sbc-sbe)# active-call-policy-set 1

Configuring SIP Timers

Procedure

To define a SIP timer for call processing within the SBE, do the following procedure:


	Command	Purpose
Step 1	Router(config-sbc-sbe)# sip timer	Enters the SIP timer configuration mode.
Step 2	Router(config-sbc-sbe-sip-tmr)# tcp-idle-timeout interval	Specifies the minimum time, in milliseconds, that the TCP connection stays active when it is not processing any traffic. After the timeout period expires, the TCP connection closes. The default value is 120,000 ms.
Step 3	Router(config-sbc-sbe-sip-tmr)# tcp-connect-timeout interval	Specifies the time, in milliseconds, that the SBC waits for a SIP TCP connection to a remote peer to complete before timing out. The default value is 30,000 ms.
Step 4	Router(config-sbc-sbe-sip-tmr)# exit	Exits the SIP timer configuration mode.

The following example shows how to set a SIP timer for the SBE:

Router(config-sbc-sbe)# sip timer

Router(config-sbc-sbe-sip-tmr)# tcp-idle-timeout 120000

Router(config-sbc-sbe-sip-tmr)# tcp-connect-timeout 5000

Router(config-sbc-sbe-sip-tmr)# exit

Note The values shown in the previous example are the recommended values for the Cisco TelePresence Exchange System configuration.

Defining Blacklists

Procedure

To define a global blacklist for the SBE, do the following procedure:


	Command	Purpose
Step 1	Router(config-sbc-sbe)# blacklist global	Creates a global blacklist for configuring event limits.
Step 2	Router(config-sbc-sbe-blacklist -global)# reason event	Configures the event type for which SBC applies the limit.
Step 3	Router(config-sbc-sbe-blacklist -global-reason)# timeout number {milliseconds\|seconds\|minutes\| hours\|days}	Defines the length of time that packets are blocked from the source if the number of authentication requests exceed the set limit.
Step 4	Router(config-sbc-sbe-blacklist -global-reason)# exit	Exits reason configuration mode.
Step 5	Router(config-sbc-sbe-blacklist -global)# exit	Exits blacklist global mode.
Step 6	Router(config-sbc-sbe)# blacklist global address-default	Configures a default event limit for all addresses within the SBE.
Step 7	Router(config-sbc-sbe-blacklist -global)# reason event	Defines an event type that triggers application of the blacklist.
Step 8	Router(config-sbc-sbe-blacklist -global-reason)# timeout number {milliseconds\|seconds\|minutes\| hours\|days}	Defines the length of time that packets are blocked from the source if the number of authentication requests exceeds the set limit.
Step 9	Router(config-sbc-sbe-blacklist -global)# exit	Exits blacklist global mode and completes configuration of default event limits for all addresses.

The follow example shows how to set a global blacklist for the SBE:

Router(config-sbc-sbe)# blacklist global

Router(config-sbc-sbe-blacklist-global)# reason authentication-failure

Router(config-sbc-sbe-blacklist-global-reason)# timeout 1 milliseconds

Router(config-sbc-sbe-blacklist-global)# reason bad-address

Router(config-sbc-sbe-blacklist-global-reason)# timeout 1 milliseconds

Router(config-sbc-sbe-blacklist-global)# reason routing-failure

Router(config-sbc-sbe-blacklist-global-reason)# timeout 1 milliseconds

Router(config-sbc-sbe-blacklist-global)# reason endpoint-registration

Router(config-sbc-sbe-blacklist-global-reason)# timeout 1 milliseconds

Router(config-sbc-sbe-blacklist-global)# reason policy-rejection

Router(config-sbc-sbe-blacklist-global-reason)# timeout 1 milliseconds

Router(config-sbc-sbe-blacklist-global)# reason corrupt-message

Router(config-sbc-sbe-blacklist-global-reason)# timeout 1 milliseconds

Router(config-sbc-sbe-blacklist-global-reason)# exit

Router(config-sbc-sbe)# blacklist global address-default

Router(config-sbc-sbe-blacklist-global)# reason authentication-failure

Router(config-sbc-sbe-blacklist-global-reason)# timeout 1 milliseconds

Router(config-sbc-sbe-blacklist-global)# reason bad-address

Router(config-sbc-sbe-blacklist-global-reason)# timeout 1 milliseconds

Router(config-sbc-sbe-blacklist-global)# reason routing-failure

Router(config-sbc-sbe-blacklist-global-reason)# timeout 1 milliseconds

Router(config-sbc-sbe-blacklist-global)# reason endpoint-registration

Router(config-sbc-sbe-blacklist-global-reason)# timeout 1 milliseconds

Router(config-sbc-sbe-blacklist-global)# reason policy-rejection

Router(config-sbc-sbe-blacklist-global-reason)# timeout 1 milliseconds

Router(config-sbc-sbe-blacklist-global)# reason corrupt-message

Router(config-sbc-sbe-blacklist-global-reason)# timeout 1 milliseconds

Router(config-sbc-sbe-blacklist-global-reason)# exit

Router(config-sbc-sbe-blacklist-global)# exit

Router(config-sbc-sbe)#

Defining a Media Address

Configure a local media address for traffic that arrives on the SBE for each defined SBC virtual IP address (see the "Creating a Session Border Controller Interface" section). The SBC inserts its own address into the media stream.

After you configure a local media address, the media address cannot be modified while the SBE service is active.

The media address is a pool of IP addresses on the SBE for media relay functionality.

Procedure

To define a media address, do the following procedure:


	Command	Purpose
Step 1	Router(config)# sbc service-name \	Enters SBC configuration mode for the specified SBC instance.
Step 2	Router(config-sbc)# media-address ipv4 IPv4 ip address	Configures a local media address for traffic that arrives on the DBE. Define one media address for each of the SBC virtual IP addresses.
Step 3	Router(config-sbc-media -address)# port-range min-port max-port any	Defines the valid port range for the media address. The optional any keyword specifies that the class of service affinity for the port range is any class of service. If the port-range command is not configured, the default min-port value is 16384, the default max-port value is 32767, and the default class of service affinity is any.
Step 4	Router(config-sbc-media -address)# exit	Exits the media address configuration mode.
Step 5	Router(config-sbc)# dbe	Enters DBE configuration mode.
Step 6	Router(config-sbc-dbe)# media timeout timeout	Sets the maximum time in seconds that an SBE waits after receiving the last media packet on a call before cleaning up the call resources.
Step 7	Router(config-sbc-dbe)# activate	Activates the DBE.

The following example shows how to define a local media address for each defined SBC virtual IP address:

Router(config-sbc)# media-address ipv4 10.22.141.102

Router(config-sbc-media-address)# port-range 16384 32766 any

Router(config-sbc-dbe)# media timeout 600

Router(config-sbc-dbe)# activate

Was this Document Helpful?

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)