Page History

...

1. Create Codec Entry.

   1. Create G.711 Codec Entry or create G.711 with Silence Suppression Codec Entry for Comfort Noise.

      Code Block
      language none
      set profiles media codecEntry G711_2833_20 dtmf relay rfc2833 set profiles media codecEntry G711_2833_20 packetSize 20

       
      OR

       

      Code Block
      language none
      set profiles media codecEntry G711SS_2833_20 sendSid enable dtmf relay rfc2833 set profiles media codecEntry G711SS_2833_20 packetSize 20

2.  Set RTCP interval.

   Code Block
   language none
   set system media mediaRtcpControl senderReportInterval 5

3. Create SIP Domains for Mediation Servers to be used with Call Transfer.

   Code Block
   set global sipDomain med1.domain.com set global sipDomain med2.domain.com

4. Configuring Tone And Announcement Profile.

   Code Block

   set profiles media toneAndAnnouncementProfile LRBT_PROF set profiles media toneAndAnnouncementProfile LRBT_PROF localRingBackTone signalingTonePackageState enable makeInbandToneAvailable enable set profiles media toneAndAnnouncementProfile LRBT_PROF localRingBackTone flags useThisLrbtForIngress enable set profiles media toneAndAnnouncementProfile LRBT_PROF localRingBackTone flags dynamicLRBT enable set system mediaProfile compression 75 tone 25

5. Create a configuration object to hold a locally generated RSA key pair.

   Code Block
   language none
   set system security pki certificate SBC_CERT type local-internal

6. Generate Key pair and CSR (certificate signing request) for submission to a Certificate Authority (CA).

   Code Block
   language none
   request system security pki certificate SBC_CERT generateCSR csrSub /C=US/ST=MA/L=Westford/O=Sonus/CN=sbc.domain.com keySize keySize1K

7. Generate the required certificates.

   Note
   Follow certification generation procedure at Certificate and Managing Certificates, and then copy the Lync Server Root Certificate (rootcert.cer) and Microsoft signed SBC Certificate (servercert.pem) into /opt/sonus/external/ folder of SBC.

8. Create Crypto Suite Profile.

   Code Block
   language none
   set profiles security cryptoSuiteProfile CRYPT_PROF entry 1 cryptoSuite AES-CM-128-HMAC-SHA1-80

9. Import Lync Root Certificate into database.

   Code Block
   language none
   set system security pki certificate LYNC_CERT type remote fileName rootcert.cer state enabled

10. Import Microsoft Certified SBC Server Certificate into database.

    Code Block
    language none
    set system security pki certificate SBC_CERT fileName servercert.pem state enabled

11. Create TLS Profile. 

    Code Block
    language none
    set profiles security tlsProfile TLS_PROF clientCertName SBC_CERT serverCertName SBC_CERT cipherSuite1 rsa-with-3des-ede-cbc-sha cipherSuite2 rsa-with-aes-128-cbc-sha authClient true allowedRoles clientandserver acceptableCertValidationErrors invalidPurpose

...

1. Create Path Check Profile.

   Code Block
   language none
   set profiles services pathCheckProfile LYNC_OPTIONS protocol sipOptions sendInterval 20 replyTimeoutCount 1 recoveryCount 1

2. Create Packet Service Profile with G.711 or create Packet Service Profile with G.711 w/ Silence SuppresionSuppression.

   Code Block
   language none
   # Using G.711 Codec set profiles media packetServiceProfile LYNC_PSP set profiles media packetServiceProfile LYNC_PSP codec codecEntry1 G711_2833_20 set profiles media packetServiceProfile LYNC_PSP rtcpOptions rtcp enable terminationForPassthrough enable set profiles media packetServiceProfile LYNC_PSP preferredRtpPayloadTypeForDtmfRelay 101 set profiles media packetServiceProfile LYNC_PSP silenceInsertionDescriptor g711SidRtpPayloadType 13 heartbeat enable # Using G.711 Codec with Silence Suppression for Comfort Noise set profiles media packetServiceProfile LYNC_PSP set profiles media packetServiceProfile LYNC_PSP codec codecEntry1 G711SS_2833_20 set profiles media packetServiceProfile LYNC_PSP rtcpOptions rtcp enable terminationForPassthrough enable set profiles media packetServiceProfile LYNC_PSP preferredRtpPayloadTypeForDtmfRelay 101 set profiles media packetServiceProfile LYNC_PSP silenceInsertionDescriptor g711SidRtpPayloadType 13 heartbeat enable set profiles media packetServiceProfile LYNC_PSP packetToPacketControl transcode only set profiles media packetServiceProfile LYNC_PSP packetToPacketControl codecsAllowedForTranscoding thisLeg g711u otherLeg g711u

3. Configure Packet Service Profile with Crypto Suite.

   Code Block
   language none
   set profiles media packetServiceProfile LYNC_PSP secureRtpRtcp cryptoSuiteProfile CRYPT_PROF set profiles media packetServiceProfile LYNC_PSP secureRtpRtcp flags enableSrtp enable set profiles media packetServiceProfile LYNC_PSP secureRtpRtcp flags allowFallback disable ### IF MEDIA BYPASS ENABLED set profiles media packetServiceProfile LYNC_PSP secureRtpRtcp flags resetROCOnKeyChange disable set profiles media packetServiceProfile LYNC_PSP secureRtpRtcp flags resetEncDecROCOnDecKeyChange enable ### IF MEDIA BYPASS DISABLED set profiles media packetServiceProfile LYNC_PSP secureRtpRtcp flags resetROCOnKeyChange enable set profiles media packetServiceProfile LYNC_PSP secureRtpRtcp flags resetEncDecROCOnDecKeyChange disable

4. Create IP Signaling Profile.

   Code Block
   language none
   set profiles signaling ipSignalingProfile LYNC_IPSP set profiles signaling ipSignalingProfile LYNC_IPSP commonIpAttributes flags includeReasonHeader enable set profiles signaling ipSignalingProfile LYNC_IPSP commonIpAttributes flags sendPtimeInSdp enable set profiles signaling ipSignalingProfile LYNC_IPSP commonIpAttributes flags sendRtcpPortInSdp enable set profiles signaling ipSignalingProfile LYNC_IPSP commonIpAttributes optionTagInRequireHeader suppressReplaceTag enable set profiles signaling ipSignalingProfile LYNC_IPSP commonIpAttributes flags routeUsingRecvdFqdn enable set profiles signaling ipSignalingProfile LYNC_IPSP commonIpAttributes flags publishIPInHoldSDP enable set profiles signaling ipSignalingProfile LYNC_IPSP commonIpAttributes flags minimizeRelayingOfMediaChangesFromOtherCallLegAll enable set profiles signaling ipSignalingProfile LYNC_IPSP commonIpAttributes flags relayDataPathModeChangeFromOtherCallLeg enable set profiles signaling ipSignalingProfile LYNC_IPSP egressIpAttributes numberGlobalizationProfile DEFAULT_IP set profiles signaling ipSignalingProfile LYNC_IPSP egressIpAttributes domainName useZoneLevelDomainNameInContact enable set profiles signaling ipSignalingProfile LYNC_IPSP egressIpAttributes transport type1 tlsOverTcp set profiles signaling ipSignalingProfile LYNC_IPSP ingressIpAttributes flags sendSdpIn200OkIf18xReliable enable

5.  Create Feature Control Profile.

   Code Block
   language none
   set profiles featureControlProfile LYNC_FCP ipProtocolFlags useIpProtocol enable defaultCalledUser enable

6. Create IP Interface Group.

   Code Block
   language none
   set addressContext a1 ipInterfaceGroup LIF1 ipInterface PKT0_V4 ceName LYNCSBC portName pkt0 set addressContext a1 ipInterfaceGroup LIF1 ipInterface PKT0_V4 ipAddress 10.10.10.11 prefix 24 set addressContext a1 ipInterfaceGroup LIF1 ipInterface PKT0_V4 mode inService state enabled

7. Create Zone.

   Code Block
   language none
   set addressContext a1 zone LYNC_ZONE id 2 set addressContext a1 zone LYNC_ZONE domainName sbc.domain.com

8. Create SIP Signaling Port.

   Code Block
   language none
   set addressContext a1 zone LYNC_ZONE id 2 sipSigPort 2 ipInterfaceGroupName LIF1 ipAddressV4 10.10.10.11 portNumber 5060 tlsProfileName TLS_PROF transportProtocolsAllowed sip-tls-tcp state enabled mode inService

9. Create External DNS Group or local DNS group.

   Code Block
   language none
   # Configuring External DNS Group set addressContext a1 dnsGroup EXT_DNS set addressContext a1 dnsGroup EXT_DNS type mgmt server DNS1 ipAddress 10.10.10.10 state enabled set addressContext a1 zone LYNC_ZONE dnsGroup EXT_DNS # Configuring Local DNS Group set addressContext a1 dnsGroup LOCAL_DNS set addressContext a1 dnsGroup LOCAL_DNS localRecord DNS1 hostName lync.domain.com data 1 ipAddress 10.10.10.22 state enabled set addressContext a1 dnsGroup LOCAL_DNS localRecord DNS1 hostName lync.domain.com data 2 ipAddress 10.10.10.23 state enabled set addressContext a1 dnsGroup LOCAL_DNS localRecord DNS1 hostName lync.domain.com order roundrobin state enabled set addressContext a1 dnsGroup LOCAL_DNS localRecord DNS1 state enabled set addressContext a1 dnsGroup LOCAL_DNS localRecord DNS2 state enabled hostName med1.domain.com data 1 ipAddress 10.10.10.22 state enabled set addressContext a1 dnsGroup LOCAL_DNS localRecord DNS3 state enabled hostName med2.domain.com data 1 ipAddress 10.10.10.23 state enabled

    

    

   Note
   You can configure centralized round-robin or strict round-robin for first-come first-served basis. Centralized round-robin is not recommended for high call traffic volume. For distributed round-robin over a large volume of traffic, configure the following: set addressContext a1 dnsGroup LOCAL_DNS localRecord DNS1 hostName lync.domain.com order roundrobin state enabled

10. Create SIP Trunk.

    Code Block
    language none
    set addressContext a1 zone LYNC_ZONE sipTrunkGroup LYNC_TG media mediaIpInterfaceGroupName LIF1 set addressContext a1 zone LYNC_ZONE sipTrunkGroup LYNC_TG policy media packetServiceProfile LYNC_PSP set addressContext a1 zone LYNC_ZONE sipTrunkGroup LYNC_TG policy signaling ipSignalingProfile LYNC_IPSP set addressContext a1 zone LYNC_ZONE sipTrunkGroup LYNC_TG downstreamForkingSupport enabled set addressContext a1 zone LYNC_ZONE sipTrunkGroup LYNC_TG signaling rel100Support enabled set addressContext a1 zone LYNC_ZONE sipTrunkGroup LYNC_TG signaling acceptHistoryInfo enabled set addressContext a1 zone LYNC_ZONE sipTrunkGroup LYNC_TG services dnsSupportType a-only set addressContext a1 zone LYNC_ZONE sipTrunkGroup LYNC_TG ingressIpPrefix 10.10.10.0 24 set addressContext a1 zone LYNC_ZONE sipTrunkGroup LYNC_TG policy featureControlProfile LYNC_FCP set addressContext a1 zone LYNC_ZONE sipTrunkGroup LYNC_TG mode inService state enabled

11. Configure IP Peer for LYNC listening on port 5067 for TLS:

    Code Block
    language none
    set addressContext a1 zone LYNC_ZONE ipPeer LYNC_IPP set addressContext a1 zone LYNC_ZONE ipPeer LYNC_IPP policy sip fqdn lync.domain.com fqdnPort 5067 set addressContext a1 zone LYNC_ZONE ipPeer LYNC_IPP pathCheck profile LYNC_OPTIONS hostName lync.domain.com hostPort 5066 state enabled

12. Create Static Route.

    Code Block
    language none
    set addressContext a1 staticRoute 10.10.10.22 32 10.10.10.1 LIF1 PKT0_V4 preference 100

...