In this section:
The SBC Core supports local authentication autonomously on a per-IP trunk group basis in situations where an IP-PBX does not perform a registration and the service provider does not require/want registrations. This functionality is accomplished using the authentication configurable to the ingress IP Peer and/or ingress IP Trunk Group (IPTG) as described below.
Additionally, the IP Signaling Profile relay flag statusCode4xx6xx
must be enabled on egress leg of the call to relay error status codes.
IP Trunk Group Authentication is not supported over Gateway-to-Gateway (GW2GW) signaling.
The CLI syntax for this configuration is shown below:
% set addressContext <addressContext name> zone <zone name> sipTrunkGroup <SIP trunkgroup name> signaling authentication authPassword <authentication password for trunkgroup> authUserPart <userPart used for authentication> intChallengeResponse <enabled | disabled> incInternalCredentials <enabled | disabled> % set profiles signaling ipSignalingProfile <profile_name> commonIpAttributes relayFlags statusCode4xx6xx <disable | enable>
authPassword
) used when replying to local authentication requests.authUserPart
) used when replying to local authentication requests.statusCode4xx6xx
to relay error status codes.intChallengeResponse
) if credentials are configured on the egress IPTG.Set authentication flag to choose whether to include credentials (incInternalCredentials
) in subsequent mid-dialog requests before they are challenged if the dialog initiating INVITE was challenged.
intChallengeResponse
) if credentials are configured on the egress IPTG.Set flag to choose whether to include credentials (incInternalCredentials
) in subsequent mid-dialog requests before they are challenged if the dialog initiating INVITE was challenged.
The SBC supports local authentication for dialog initiating INVITE, dialog initiating SUBSCRIBE, mid-dialog INVITE, mid-dialog INFO, mid-dialog REFER, mid-dialog MESSAGE, initial REGISTER, refresh REGISTER, UPDATE, PUBLISH, out-of-dialog REFER, out-of-dialog MESSAGE, BYE and PRACK.
The SBC supports all Trunk Group configuration when IPTG is out of service (OOS). The SBC considers all the IPTG configuration as active while processing incoming INVITE. Incoming and outgoing SMM rules are applied even when IPTG is OOS. And by making SG available (even if IPTG is OOS) SMM rule is enabled on it. To support this behavior, a new flag processSGConfigWhenTGOOS
is introduced to IPTG. When this flag is enabled, SBC makes service group configuration available when Trunk Group is OOS. 5XX Response is send for the INVITES even if the TG is OOS, which means Service group is intact with TG configuration and values even if TG is OOS. To achieve this, as per the flag value (enable/disabled), trmstatus TRM_FOUND_TG_OOS/NOTFOUND is set and is forwarded to SIPSG. SIPSG then takes decision to tear down the calls.
% set addressContext <addressContext name> zone <zone name> sipTrunkGroup <SIP trunkgroup name> state disabled mode outOfService processSGConfigWhenTGOOS enabled % set addressContext <addressContext name> zone <zone name> sipTrunkGroup <SIP trunkgroup name> processSGConfigWhenTGOOS disabled