In this section:
The IP Interface group screen specifies the IP interfaces that the SBC utilizes for telephony, management, and system debugging traffic.
IP Interface Groups are a primary tool for accomplishing disjoint networks (administrative network separation). An IP Interface Group is the local manifestation of a segregated network domain.
Each signaling port within an Address Context must use a unique IP address and port number combination.
The SBC 5400 and SBC 7000 systems support creating IP Interface Groups containing sets of IP interfaces that are not "processor friendly" (i.e. carried on physical Ethernet ports served by separate processors). However, restrictions exist regarding the usage of such Interface Groups.
For complete details, refer to Configuring IP Interface Groups and Interfaces.
View an IP Interface Group
From the main menu, go to Configuration > System Provisioning > Category: Base Provisioning > IP Interface Group to open the IP Interface Group window.
The IP Interface Group can be checked for each Address Context or for all the Address Contexts created. Use the drop-down box to select the desired Address Context.
Edit an IP Interface Group
To edit any of the IP Interface Groups in the list, select the specific IP Interface Group name. The Edit Selected IP Interface Group window displays.
Make the required changes and click Save at the right hand bottom of the panel to save the changes made.
Create an IP Interface Group
To create a new IP Interface Group, click New IP Interface Group tab on the IP Interface Group List panel.
The Create New IP Interface Group window is displayed.
The following fields are displayed:
Parameter | Description |
---|---|
Name | The name of the IP interface group. |
IPsec | The administrative state of a resource. Administrative state of the IPsec support for this interface group.
Note
PING does not work when IPSec is enabled on the IP interface.
|
IPsec For Media | This feature applies to SBC 7000 only. The parameter IPsec For Media in the IP Interface Group EMA screen supports media over IPsec. The IPsec For Media parameter works in conjunction with the IPsec state parameter already available in the same screen. The IPsec Admin State field enables or disables IPsec on the LIF Group as a whole. Prior to the SBC 10.1.2 release, the IPsec parameter was only applicable to signaling and Lawful Intercept (LI) traffic - whichever the LIF Group was used for. Starting with the SBC 10.1.2, it also applies to media, but only if the IPsec For Media parameter is also enabled.
Note
To support media over IPsec, you must enable both the IPsec and IPsec for Media parameters. Calls using this IP Interface Group will only succeed if the media packets match a media SPD entry. Whenever IPsec For Media is disabled, only media SAs are deleted. If only IPsec is disabled, then only the signaling/LI SAs are deleted. Currently, whenever IPsec is disabled on a LIF group, isakmp ports on the interfaces belonging to the LIF group are closed. If IPsec is disabled on LIF group but IPsec for Media is enabled, then isakmp ports are not closed, and vice versa. To establish IPsec SAs for media traffic, enable IPsec For Media of a media IP Interface Group as well as the administrative "state" of media IPsec SPD.
Modified: for 10.1.2 |
Enter all the required fields. You can click Show only required fields at the left hand bottom of the panel to view and enter only the required fields to create a IP Interface Group.
Delete an IP Interface Group
To delete any of the created IP Interface Group, click the radio button next to the specific IP Interface Group which you want to delete.
Click Delete at the end of the highlighted row. This will open a delete confirmation message.
Click Yes to remove the specific IP Interface Group from the list.