Page History
Panel | ||||
---|---|---|---|---|
In this section:
|
New CLI in 11.1.1R7
SBX-130992 Call Trace Should Include Diameter Messages
Multiexcerpt include | ||||
---|---|---|---|---|
|
Code Block | ||
---|---|---|
| ||
% set addressContext <address context name> diamNode <diam node name> dumpPdu <dbg | off | trc> |
Code Block | ||
---|---|---|
| ||
set addressContext default diamNode Diam dumpPdu dbg
commit
show addressContext default diamNode Diam dumpPdu
dumpPdu dbg |
For more information, refer to Diameter Node - CLI.
SBX-132758 Add SWe Traffic Profile Parameter "numAorPerSubscriber"
To resolve this issue, the SBC SWe Traffic Profile configuration is enhanced to allow the user to configure the number of Address of Records (AoRs) per subscription in an access scenario. This new feature calculates the number of RCBs needed to handle all devices per subscription. The parameter length is 1-200, and the default value is 1.
Code Block | ||
---|---|---|
| ||
% set system sweTrafficProfiles <profile name> numAorPerSubscriber <1-200> |
Code Block | ||||
---|---|---|---|---|
| ||||
set system sweTrafficProfiles custom isAccess true callHoldTime 100 passthroughCodecProfile G711_G729_20ms transcodePercent 10 transcodingCodecProfile G711_G729_20ms bhcaPerSubscriber 13 numAorPerSubscriber 15 externalRefreshTimer 1800 internalRefreshTimer 1800
commit |
For more information, refer to SWe Traffic Profiles - CLI.
New CLI in 11.1.0R0
SBX-86522 Support for TLS 1.3 on SBC Core
The flag v1_3
is added to the TLS Profile to configure TLS 1.3 support. In addition, three Ciphersuites are added to support TLS 1.3.
Command Syntax
Code Block | ||
---|---|---|
| ||
% set profiles security tlsProfile <tls profile name> v1_3 <disabled | enabled> % set profiles security tlsProfile <tls profile name> cipherSuite <cipherSuite1/2/3> tls_aes_128_gcm_sha256 tls_aes_256_gcm_sha384 tls_chacha20_poly1305_sha256 |
Command Parameters
Parameter | Length/Range | Default | Description | M/O |
---|---|---|---|---|
v1_3 | n/a | disabled | Enable this flag to configure the SBC to support TLS 1.3 on the ingress and egress legs.
| O |
tls_aes_128_gcm_sha256 | n/a | n/a | TLS 1.3 Ciphersuite | O |
tls_aes_256_gcm_sha384 | n/a | n/a | TLS 1.3 Ciphersuite | O |
tls_chacha20_poly1305_sha256 | n/a | n/a | TLS 1.3 Ciphersuite | O |
Configuration Examples
Code Block | ||
---|---|---|
| ||
set profiles security tlsProfile defaultTlsProfile v1_3 enabled set profiles security tlsProfile defaultTlsProfile cipherSuite1 tls_aes_128_gcm_sha256 set profiles security tlsProfile defaultTlsProfile cipherSuite2 tls_aes_256_gcm_sha384 set profiles security tlsProfile defaultTlsProfile cipherSuite3 tls_chacha20_poly1305_sha256 commit |
SBX-93114 SIP Registrar Functionality Support
The SBC Core is enhanced to support SIP Registrar functionality for SIP end points. This feature allows the Ribbon SBC to act as an Access SBC with Registrar functionality in a single deployment.
SIP TG - Signaling - SIP Local Registrar - CLI
The CLI object sipLocalRegistrar
to support the SIP Registrar functionality is added to the CLI in this release.
Command Syntax
The following CLI shows how to enable the SIP Local Registrar functionality.
Code Block | ||
---|---|---|
| ||
set addressContext <name> zone <name> sipTrunkGroup <name> signaling sipLocalRegistrar <disabled | enabled> |
Command Parameters
Parameter | Length/Range | Default | Description |
---|---|---|---|
sipLocalRegistrar | N/A | disabled | Use this flag to enable the SIP Local Registrar functionality. When enabled, messages are sent to the SIP Local Registrar.
|
Command Example
Code Block | ||
---|---|---|
| ||
set addressContext <name> zone <name> sipTrunkGroup <name> signaling sipLocalRegistrar <disabled | enabled> |
For more information, refer to SIP TG - Signaling - SIP Local Registrar - CLI.
Signaling - Global - CLI - SIP Local Registrar Object
Command Syntax
Code Block | ||
---|---|---|
| ||
% set global signaling sipLocalRegistrar expires <15-65535> minExpires<15-65535> sipRegSubscriberProfile <aor Name> sipRegAdminState <active | inactive> sipRegSendChallenge <challengeForNone | challengeForRegister | challengeForRegisterAndInvite> sipRegAuthRealm <authentication Realm> sipRegAuthUserName <authentication UserName> sipRegAuthPassword <authentication Password> % show global signaling sipLocalRegistrar sipRegSubscriberProfile <aor Name> expires minExpires |
Command Parameters
Parameter | Length/Range | Default | Description | M/O |
---|---|---|---|---|
expires | 15-65535 | 3600 | The Expiry value used for Registration. | O |
minExpires | 15-65535 | 30 | The Min-Expiry value used for Registration. If REGISTER is received with Expires value less than this field, 423 Error is generated | O |
sipRegSubscriberProfile | 1-127 characters | N/A | This represents the Address Of Record (AOR) of the user. This is the mandatory key against which the binding is created. The AOR uses the "user@host" format. For example, testUser@example.com. Also see CLI example below. | M |
sipRegAdminState | N/A | active | Defines if Subscriber state is active or inactive. The choices are:
| O |
sipRegSendChallenge | N/A | challengeForNone | Defines how the Authentication Challenge is sent.
| O |
sipRegAuthRealm | 1-127 characters | N/A | Th Authorization realm for SIP registration. | O |
sipRegAuthUserName | 1-127 characters | N/A | The Authorization user name for SIP registration. | O |
sipRegAuthPassword | 6-32 characters | N/A | DES3 (triple Digital Encryption Standard) encrypted string authentication password for SIP local registration. All ASCII characters from 33 to 126 (except 34 - double quotes) are allowed. Note: If Authentication Password contains ASCII characters, enclose the entire password string with double quotes (" ") . Example using double quotes: "Password1:@\#:########~%&*@#" Since the SBC Registrar supports bulk load configuration, the length of the password string is not validated at the time of entry into the database. The Admin must make sure that length is within the prescribed range (6-32 characters). For such out of bound passwords, authentication can fail with 403 error response. | O |
Command Example
Code Block | ||||
---|---|---|---|---|
| ||||
set global signaling sipLocalRegistrar expires 3500 set global signaling sipLocalRegistrar minExpires 300 set global signaling sipLocalRegistrar sipRegSubscriberProfile testUser@example.com sipRegAdminState active sipRegSendChallenge challengeForRegisterAndInvite sipRegAuthRealm example.com sipRegAuthUserName testUser sipRegAuthPassword password1 show global signaling sipLocalRegistrar sipRegSubscriberProfile testUser@example.com sipRegAuthUserName testUser; sipRegAuthRealm example.com; sipRegAuthPassword $7$FZ5ju2oDUvNyLs8MvuBYmoCo55fOBhnu; sipRegAdminState active; sipRegSendChallenge challengeForRegisterAndInvite; show global signaling sipLocalRegistrar expires expires 3500 show global signaling sipLocalRegistrar minExpires minExpires 300 show status global sipLocalRegistrar sipLocalRegistrarRegStatus 53056@10.xx.xx.70 { state active; contactURI sip:53056@10.xx.1xx.xx:5xx0; expirationTime 3600; creationTime 2022-09-08T10:23:29+00:00; refreshTime 0000-00-00T00:00:00+00:00; remainingTime 3493; } sipLocalRegistrarRegCountStatistics entry { sipRegAttemptCount 1; sipRegChallengedCount 1; sipRegStableCount 1; sipRegFailed403Count 0; sipRegFailed404Count 0; sipRegFailed503Count 0; sipRegFailedOthersCount 0; } request global sipLocalRegistrar sipRegCountReset request global sipLocalRegistrar sipRegistrationDeleteByAor sipRegAor 53056@10.xx.xx.70 result success |
For more information, refer to Signaling - Global - CLI.
SIP Local Registrar - Request CLI
Command Syntax
Code Block | ||
---|---|---|
| ||
% request global sipLocalRegistrar sipLocalRegistrarRegDeleteByAor <aor Name> % request global sipLocalRegistrar sipRegCountReset |
Command Parameters
Parameter | Length/Range | Default | Description | |||||
---|---|---|---|---|---|---|---|---|
sipLocalRegistrarRegDeleteByAor | N/A | N/A | Use this flag to delete an AOR entry from the Registrar. | |||||
sipRegCountReset | N/A | N/A | Use this parameter to reset the count of statistics.
|
Info | ||
---|---|---|
| ||
The |
For more information, refer to Request Global - CLI.
SIP Local Registrar - Show CLI
Command Syntax
Code Block | ||
---|---|---|
| ||
% show status global sipLocalRegistrar sipActiveLocalRegistrarRegStatus sipLocalRegistrarRegCountStatistics sipLocalRegistrarRegCountCurStats sipLocalRegistrarRegCountIntStats % show table global sipLocalRegistrar sipLocalRegistrarRegCountStatistics |
Command Parameters
Parameter | Length/Range | Default | Description |
---|---|---|---|
sipActiveLocalRegistrarRegStatus | N/A | N/A | Shows the status of the AOR registered with the Registrar. If the AOR name is not provided, this shows the data for all the AORs registered at Registrar. |
sipLocalRegistrarRegCountStatistics | N/A | N/A | Shows the attempt/stable/failed counts for registrations received at the Registrar. The statistics displays the following fields.
|
sipLocalRegistrarRegCountCurStats | N/A | N/A | The high water mark of total number of stable registrations for the current interval. |
sipLocalRegistrarRegCountIntStats | N/A | N/A | The high water mark of total number of stable registrations for the reporting interval. |
For more information, refer to Show Status Global.
SBX-111375 LDAP AD authentication support
The parameter ldapConfigurationMode
is added to the ldapAuthentication
configuration for the user to choose the "advanced" mode option to configure the newly-added parameters.
Command Syntax
Code Block | ||
---|---|---|
| ||
% set oam ldapAuthentication ldapConfigurationMode <advanced | legacy> |
Code Block | ||
---|---|---|
| ||
% set oam ldapAuthentication ldapServer <serverName> bindMethod <sasl | simple> binddn <name> groupNameAttribute <groupName, or empty string> ldapServerAddress <IPv4, IPv6 or FQDN> ldapServerPort <valid port> priority <1-25> saslMechanism <digest-md5 | plain> searchbase <1-255 characters> state <disabled | enabled> transport <ldaps | tcp | tls> |
Code Block | ||
---|---|---|
| ||
% set oam ldapAuthentication ldapServer <serverName> bindMethod <sasl | simple> binddn <name> ldapServerAddress <IPv4, IPv6 or FQDN> ldapServerPort <valid port> priority <1-25> returnAttribute <1-255 characters> saslMechanism <digest-md5 | plain> searchFilter <1-255 characters> searchbase <1-255 characters> state <disabled | enabled> systemPassword <password> systemUsername <1-255 characters> transport <ldaps | tcp | tls> |
Command Parameters
ldapAuthentication (New Parameter)
The ldapConfigurationMode
parameter is added to the LDAP Authentication configuration to specify legacy or advanced modes.
Parameter | Length/Range | Default | Description | M/O |
---|---|---|---|---|
ldapConfigurationMode | n/a | legacy | The configuration mode for the LDAP client.
| O |
ldapServer (Updated Parameters)
The following parameters are updated in this release (for both 'legacy' and 'advanced' modes):
Parameter | Length/Range | Description | M/O |
---|---|---|---|
| IPv4 address IPv6 address FQDN | The IPv4 address, IPv6 address or FQDN of the server as a hostname. The supported formats are:
| M |
priority | 1-25 | <priority #> – The server priority, where '1' is the highest priority. | M |
saslMechanism | N/A | The SASL mechanism to use.
| O |
ldapServer (New Parameters)
The following new LDAP Sever parameters are available when ldapConfigurationMode
is set to advanced
:
Parameter | Length/Range | Description | M/O | |||||
---|---|---|---|---|---|---|---|---|
| 1-255 characters | The attribute returned from the search for the group name of the LDAP user. For example, in the above query, if cn is specified as the return attribute, then the returned attribute will be: | O | |||||
| 1-255 characters | The LDAP filter used to search for the group name of the LDAP user. Specify {0} in the search filter to specify the user in the searchFilter. For example: (&(objectClass=group)(member=cn={0},CN=Users,DC=example,DC=tst)) | O | |||||
| string | The password for the LDAP user with Administrative privileges | O | |||||
| 1-255 characters | An LDAP user with Administrative privileges – Leave blank, or enter a user name.
| O |
Configuration Example
An example of LDAP Authentication using the "advanced" mode is provided below:
Code Block | ||
---|---|---|
| ||
set oam ldapAuthentication ldapConfigurationMode advanced set oam ldapAuthentication ldapServer ldap1 priority 1 set oam ldapAuthentication ldapServer ldap1 state enabled set oam ldapAuthentication ldapServer ldap1 bindMethod simple set oam ldapAuthentication ldapServer ldap1 saslMechanism plain set oam ldapAuthentication ldapServer ldap1 systemUsername CN=Administrator,CN=Users,DC=mdroot,DC=tst set oam ldapAuthentication ldapServer ldap1 systemPassword xxxyyyzzz set oam ldapAuthentication ldapServer ldap1 transport ldaps set oam ldapAuthentication ldapServer ldap1 binddn "cn={0},CN=Users,dc=mdroot,dc=tst" set oam ldapAuthentication ldapServer ldap1 searchbase CN=Builtin,DC=mdroot,DC=tst set oam ldapAuthentication ldapServer ldap1 ldapServerAddress rdc1.mdroot.tst set oam ldapAuthentication ldapServer ldap1 ldapServerPort 636 set oam ldapAuthentication ldapServer ldap1 searchFilter (&(objectClass=group)(member=CN=Administrator,CN=Users,DC=mdroot,DC=tst)) set oam ldapAuthentication ldapServer ldap1 returnAttribute cn commit |