User's Manual 628 Document #: LTRT-27045
Mediant 1000B Gateway & E-SBC
The device's Authentication server functionality is configured per IP Group, using the
'Authentication Mode' parameter in the IP Groups table (see ''Configuring IP Groups'' on
page 333).
28.8.2 User Authentication based on RADIUS
The device can authenticate SIP clients (users) using a remote RADIUS server. The device
supports the RADIUS extension for digest authentication of SIP clients, according to draft-
sterman-aaa-sip-01. Based on this standard, the device generates the nonce (in contrast to
RFC 5090, where it is done by the RADIUS server).
RADIUS based on draft-sterman-aaa-sip-01 operates as follows:
1. The device receives a SIP request without an Authorization header from the SIP
client.
2. The device generates the nonce and sends it to the client in a SIP 407 (Proxy
Authentication Required) response.
3. The SIP client sends the SIP request with the Authorization header to the device.
4. The device sends an Access-Request message to the RADIUS server.
5. The RADIUS server verifies the client's credentials and sends an Access-Accept (or
Access-Reject) response to the device.
6. The device accepts the SIP client's request (sends a SIP 200 OK or forwards the
authenticated request) or rejects it (sends another SIP 407 to the SIP client).
To configure this feature, set the SBCServerAuthMode ini file parameter to 2.
28.9 Interworking SIP Signaling
The device supports interworking of SIP signaling messages to ensure interoperability
between communicating SIP UAs or entities. This is critical in network environments where
the UAs on opposing SBC legs have different SIP signaling support. For example, some
UAs may support different versions of a SIP method while others may not event support a
specific SIP method. The configuration method for assigning specific SIP message
handling modes to UAs, includes configuring an IP Profile with the required interworking
mode, and then assigning the IP Profile to the relevant IP Group.
This section describes some of the device's support for handling SIP methods to ensure
interoperability.
28.9.1 Interworking SIP 3xx Redirect Responses
The device supports interworking of SIP 3xx redirect responses. By default, the device's
handling of SIP 3xx responses is to send the Contact header unchanged. However, some
SIP UAs may support different versions of the SIP 3xx standard while others may not even
support SIP 3xx.
The handling of SIP 3xx can be configured for all calls, using the global parameter
SBC3xxBehavior. To configure different SIP 3xx handling options for different UAs (i.e., per
IP Group), use the IP Profiles table parameter, 'SBC Remote 3xx Mode'.
28.9.1.1 Resultant INVITE Traversing Device
The device can handle SIP 3xx responses so that the new INVITE message sent as a
result of the 3xx traverses the device. The reasons for enforcing resultant INVITEs to
traverse the device may vary:
The user that receives the 3xx is unable to route to the 3xx contact (i.e., the user is on
To Next Page
Loading...
Need help?
General
