xConfiguration Administration DeviceProvisioning: <On/Off>
Determines whether the page is accessible in the Expressway web user interface. From there you can connect to the Cisco TelePresence Management
Suite Provisioning Extension (Cisco TMSPE) and its provisioning services for users, devices, FindMe and phone books. Default:
Off.
On: the page is accessible and provisioning services can be configured for this Expressway.
Off: the page is not accessible.
Example: xConfiguration Administration DeviceProvisioning: On
|
xConfiguration Administration HTTP Mode: <On/Off>
Determines whether HTTP calls will be redirected to the HTTPS port. You must restart the system for any changes to take effect.
Default: On.
On: calls will be redirected to HTTPS.
Off: no HTTP access will be available.
Example: xConfiguration Administration HTTP Mode: On
|
xConfiguration Administration HTTPS Mode: <On/Off>
Determines whether the Expressway can be accessed via the web interface. This must be On to enable both web interface and
TMS access. You must restart the system for any changes to take effect. Default: On.
Example: xConfiguration Administration HTTPS Mode: On
|
xConfiguration Administration LCDPanel Mode: <On/Off>
Controls whether the LCD panel on the front of the Expressway identifies the system. Default: On.
On: the system name and first active IP address are shown.
Off: the LCD panel reveals no identifying information about the system.
Example: xConfiguration Administration LCDPanel Mode: On
|
xConfiguration Administration SSH Mode: <On/Off>
Determines whether the Expressway can be accessed via SSH and SCP. You must restart the system for any changes to take effect.
Default: On.
Example: xConfiguration Administration SSH Mode: On
|
xConfiguration Alarm Notification Email Custom Alarm ID: <String>
If one or more customized alarm notifications is configured. The alarm Id for customized or disabled notifications.
|
xConfiguration Alarm Notification Email Custom Disable Notify: <Off>
If one or more customized alarm notifications is configured.
|
xConfiguration Alarm Notification Email Custom Email: <String>
If one or more customized alarm notifications is configured. The email id to which the selected alarm notifications are to
be sent (maximum length 254).
|
xConfiguration Alarm Notification Email Destination Alert: <S: 0, 254>
The email destination for alarms with severity attribute "Alert".
Example: xConfiguration Alarm Notification Email Destination Alert: "ucadmin@example.com"
|
xConfiguration Alarm Notification Email Destination Critical: <S: 0, 254>
The email destination for alarms with severity attribute "Critical".
Example: xConfiguration Alarm Notification Email Destination Alert: "ucadmin@example.com"
|
xConfiguration Alarm Notification Email Destination Debug: <S: 0, 254>
The email destination for alarms with severity attribute "Debug".
Example: xConfiguration Alarm Notification Email Destination Debug: "uctech@example.com"
|
xConfiguration Alarm Notification Email Destination Emergency: <S: 0, 254>
The email destination for alarms with severity attribute "Emergency".
Example: xConfiguration Alarm Notification Email Destination Emergency: "ert@example.com"
|
xConfiguration Alarm Notification Email Destination Error: <S: 0, 254>
The email destination for alarms with severity attribute "Error".
Example: xConfiguration Alarm Notification Email Destination Error: "ucadmin@example.com"
|
xConfiguration Alarm Notification Email Destination Info: <S: 0, 254>
The email destination for alarms with severity attribute "Info".
Example: xConfiguration Alarm Notification Email Destination Info: "ucadmin@example.com"
|
xConfiguration Alarm Notification Email Destination Notice: <S: 0, 254>
The email destination for alarms with severity attribute "Notice".
Example: xConfiguration Alarm Notification Email Destination Notice: "ucadmin@example.com"
|
xConfiguration Alarm Notification Email Destination Warning: <S: 0, 254>
The email destination for alarms with severity attribute "Warning".
Example: xConfiguration Alarm Notification Email Destination Warning: "ucadmin@example.com"
|
xConfiguration Alarm Notification SMTP Mode: <On/Off>
Determines whether or not alarm-based email notifications will be used. The default is Off.
Example: xConfiguration Alarm Notification SMTP Mode: On
|
xConfiguration Alarm Notification SMTP Server Email: <S: 0, 254>
The source email from which alarm-based email notifications are sent to the configured destination address.
Example: Alarm Notification SMTP Server Email: "ucadmin@example.com"
|
xConfiguration Alarm Notification SMTP Server Host: <S: 0, 128>
IP address or FQDN of the SMTP server to be used to send alarm-based email notifications.
Example: xConfiguration Alarm Notification SMTP Server Host: "email.example.com"
|
xConfiguration Alarm Notification SMTP Server Password: <Password>
Password for the SMTP server to be used to send alarm-based email notifications.
Example: xConfiguration Alarm Notification SMTP Server Password: "{cipher}$NNxx1xxx-xxxx-xxxx-xxxn-fnxnxNNNxxxN$1$xX+xnXnnXxnnxxnnnXXXnxnXXxnxXxxx/XXxnxnxxxx="
|
xConfiguration Alarm Notification SMTP Server Port:
Port number of the SMTP server to be used to send alarm-based email notifications. Default is 587.
Example: xConfiguration Alarm Notification SMTP Server Port: 587
|
xConfiguration Alternates Cluster Name: <S: 0,128>
The fully qualified domain name used in SRV records that address this Expressway cluster, for example "cluster1.example.com". The name can only contain letters, digits, hyphens and underscores.
Warning: if you change the cluster name after any user accounts have been configured on this Expressway, you may need to reconfigure
your user accounts to use the new cluster name.
Example: xConfiguration Alternates Cluster Name: "Regional"
|
xConfiguration Alternates ConfigurationPrimary: <1..6>
Specifies which peer in this cluster is the primary, from which configuration will be replicated to all other peers. A cluster
consists of up to 6 peers, including the local Expressway.
Example: xConfiguration Alternates ConfigurationPrimary: 1
|
xConfiguration Alternates Peer [1..6] Address: <S: 0, 128>
Specifies the address of one of the peers in the cluster to which this Expressway belongs. A cluster consists of up to 6 peers,
including the local Expressway. We recommend using FQDNs, but these can be IP addresses.
Example: xConfiguration Alternates 1 Peer Address: "cluster1peer3.example.com"
|
xConfiguration ApacheModReqTimeOut
You can set all available properties for the request timeout using a single shorthand command.
Example: xConfiguration ApacheModReqTimeout Apachehead:20 Apachebody:20 Status:On
|
xConfiguration ApacheModReqTimeOut Apachebody: <0..120>
Modifes the number of seconds that the Apache web server waits for the request body. If the full request body is not received
before the timeout expires, Apache returns a timeout error. Default: 20.
Example: xConfiguration ApacheModReqTimeout Apachebody:20
|
xConfiguration ApacheModReqTimeOut Apacheheader: <0..120>
Modifes the number of seconds that the Apache web server waits for the request header. If the full request header is not received
before the timeout expires, Apache returns a timeout error. Default: 20.
Example: xConfiguration ApacheModReqTimeout Apacheheader:20
|
xConfiguration ApacheModReqTimeOut Status: <On/Off>
Toggles the custom Apache request timeout. Displays the status of the timeout if you omit the switch.
On: The default Apache request timeout is superseded with your settings (or the defaults) for Apachebody and Apacheheader .
Off: Apachebody and Apacheheader have no effect. The Apache request timeout defaults to 300 seconds.
Example: xConfiguration ApacheModReqTimeout Status:On
|
xConfiguration Applications ConferenceFactory Alias: <S:0,60>
The alias that will be dialed by the endpoints when the Multiway feature is activated. This must be pre-configured on all
endpoints that may be used to initiate the Multiway feature.
Example: xConfiguration Applications ConferenceFactory Alias: "multiway@example.com"
|
xConfiguration Applications ConferenceFactory Mode: <On/Off>
The Mode option allows you to enable or disable the Conference Factory application. Default: Off.
Example: xConfiguration Applications ConferenceFactory Mode: Off
|
xConfiguration Applications ConferenceFactory Range End: <1..65535>
The last number of the range that replaces %% in the template used to generate a conference alias. Default: 65535.
Example: xConfiguration Applications ConferenceFactory Range End: 30000
|
xConfiguration Applications ConferenceFactory Range Start: <1..65535>
The first number of the range that replaces %% in the template used to generate a conference alias. Default: 65535.
Example: xConfiguration Applications ConferenceFactory Range Start: 10000
|
xConfiguration Applications ConferenceFactory Template: <S:0,60>
The alias that the Expressway will tell the endpoint to dial in order to create a Multiway conference on the MCU. This alias
must route to the MCU as a fully-qualified SIP alias
Example: xConfiguration Applications ConferenceFactory Template: "563%%@example.com"
|
xConfiguration Applications External Status [1..10] Filename: <S:0,255>
XML file containing status that is to be attached for an external application.
Example: xConfiguration Applications External Status 1 Filename: "foo.xml"
|
xConfiguration Applications External Status [1..10] Name: <S:0,64>
Descriptive name for the external application whose status is being referenced.
Example: xConfiguration Applications External Status 1 Name: "foo"
|
xConfiguration Authentication ADS ADDomain: <S: 0,255>
The Kerberos realm used when the Expressway joins the AD domain. Note: this field is case sensitive.
Example: xConfiguration Authentication ADS ADDomain: "CORPORATION.INT"
|
xConfiguration Authentication ADS Clockskew: <1..65535>
Maximum allowed clockskew between the Expressway and the KDC before the Kerberos message is assumed to be invalid (in seconds).
Default: 300.
Example: xConfiguration Authentication ADS Clockskew: 300
|
xConfiguration Authentication ADS CipherSuite: <S:1,2048>
Specifies the cipher suite to use when the Expressway makes a TLS-encrypted LDAP connection to join the AD domain. The command
accepts a string in the 'OpenSSL ciphers' format (See https://www.openssl.org/docs/man1.0.2/apps/ciphers.html#CIPHER-LIST-FORMAT).
Example: xConfiguration Authentication ADS CipherSuite: "HIGH:MEDIUM:!ADH:!aNULL:!eNULL:-AES128-SHA256:@STRENGTH"
|
xConfiguration Authentication ADS DC [1..5] Address: <S: 0,39>
The address of a domain controller that can be used when the Expressway joins the AD domain. Not specifying a specific AD
will result the use of DNS SRV queries to find an AD.
Example: xConfiguration Authentication ADS DC 1 Address: "192.168.0.0"
|
xConfiguration Authentication ADS Encryption: <Off/TLS>
Sets the encryption to use for the LDAP connection to the ADS server.
Note
|
Removed the weak ciphers, but retained one cipher ( eTYPE-ARCFOUR-HMAC-MD5) to allow for backward compatibility.
|
Default: TLS.
Off: no encryption is used.
TLS: TLS encryption is used.
Example: xConfiguration Authentication ADS Encryption: TLS
|
xConfiguration Authentication ADS KDC [1..5] Address: <S: 0,39>
The address of a Kerberos Distribution Center (KDC) to be used when connected to the AD domain. Not specifying a specific
KDC will result in the use of DNS SRV queries to find a KDC.
Example: xConfiguration Authentication ADS KDC 1 Address: "192.168.0.0"
|
xConfiguration Authentication ADS KDC [1..5] Port: <1..65534>
Specifies the port of a KDC that can be used when the Expressway joins the AD domain. Default: 88.
Example: xConfiguration Authentication ADS KDC 1 Port: 88
|
xConfiguration Authentication ADS MachineName: <S: 0..15>
This overides the default NETBIOS machine name used when the Expressway joins the AD domain.
Example: xConfiguration Authentication ADS MachineName: "short_name"
|
xConfiguration Authentication ADS MachinePassword Refresh: <On/Off>
Determines if this samba client should refresh its machine password every 7 days, when joined to the AD domain. Default: On.
Example: xConfiguration Authentication ADS MachinePassword Refresh: On
|
xConfiguration Authentication ADS Mode: <On/Off>
Indicates if the Expressway should attempt to form a relationship with the AD. Default: Off.
Example: xConfiguration Authentication ADS Mode: On
|
xConfiguration Authentication ADS SPNEGO: <Enabled/Disabled>
Indicates if SPNEGO (Simple and Protected GSSAPI Negotiation Mechanism) is used when the client (the Expressway) authenticates
with the server (the AD domain controller). Default: Enabled.
Example: xConfiguration Authentication ADS SPNEGO: Enabled
|
xConfiguration Authentication ADS SecureChannel: <Auto/Enabled/Disabled>
Indicates if data transmitted from the Expressway to an AD domain controller is sent over a secure channel. Default: Auto.
Example: xConfiguration Authentication ADS SecureChannel: Auto
|
xConfiguration Authentication ADS Workgroup: <S: 0,15>
The workgroup used when the Expressway joins the AD domain.
Example: xConfiguration Authentication ADS Workgroup: "corporation"
|
xConfiguration Authentication Account Admin Account [1..n] AccessAPI: <On/Off>
Determines whether this account is allowed to access the system's status and configuration via the Application Programming
Interface (API). Default: On.
Example: xConfiguration Authentication Account Admin Account 1 AccessAPI: On
|
xConfiguration Authentication Account Admin Account [1..n] AccessWeb: <On/Off>
Determines whether this account is allowed to log in to the system using the web interface. Default: On.
Example: xConfiguration Authentication Account Admin Account 1 AccessWeb: On
|
xConfiguration Authentication Account Admin Account [1..n] Enabled: <On/Off>
Indicates if the account is enabled or disabled. Access will be denied to disabled accounts. Default: On.
Example: xConfiguration Authentication Account Admin Account 1 Enabled: On
|
xConfiguration Authentication Account Admin Account [1..n] Name: <S: 0, 128>
The username for the administrator account.
Example: xConfiguration Authentication Account Admin Account 1 Name: "bob_smith"
|
xConfiguration Authentication Account Admin Account [1..n] Password: <Password>
The password that this administrator will use to log in to the Expressway.
Example: xConfiguration Authentication Account Admin Account 1 Password: "abcXYZ_123"
|
xConfiguration Authentication Account Admin Group [1..n] AccessAPI: <On/Off>
Determines whether members of this group are allowed to access the system's status and configuration using the Application
Programming Interface (API). Default: On.
Example: xConfiguration Authentication Account Admin Group 1 AccessAPI: On
|
xConfiguration Authentication Account Admin Group [1..n] AccessWeb: <On/Off>
Determines whether members of this group are allowed to log in to the system using the web interface. Default: On.
Example: xConfiguration Authentication Account Admin Group 1 AccessWeb: On
|
xConfiguration Authentication Account Admin Group [1..n] Enabled: <On/Off>
Indicates if the group is enabled or disabled. Access will be denied to members of disabled groups. Default: On.
Example: xConfiguration Authentication Account Admin Group 1 Enabled: On
|
xConfiguration Authentication Account Admin Group [1..n] Name: <S: 0, 128>
The name of the administrator group.
Example: xConfiguration Authentication Account Admin Group 1 Name: "administrators"
|
xConfiguration Authentication Certificate Crlcheck: <None/Peer/All>
Specifies whether HTTPS client certificates are checked against certificate revocation lists (CRLs). CRL data is uploaded
to the Expressway via the CRL management page. Default: All.
None: no CRL checking is performed.
Peer: only the CRL associated with the CA that issued the client's certificate is checked.
All: all CRLs in the trusted certificate chain of the CA that issued the client's certificate are checked.
Example: xConfiguration Authentication Certificate Crlcheck: All
|
xConfiguration Authentication Certificate Crlinaccessible: <Ignore/Fail>
Controls the revocation list checking behavior if the revocation status cannot be established, for example if the revocation
source cannot be contacted or no appropriate revocation list is present. Default: Ignore.
Ignore: treat the certificate as not revoked.
Fail: treat the certificate as revoked (and thus do not allow the TLS connection).
Example: xConfiguration Authentication Certificate Crlinaccessible: Ignore
|
xConfiguration Authentication Certificate Mode: <NotRequired/Validation/Authentication>
Controls the level of security required to allow client systems (typically web browsers) to communicate with the Expressway
over HTTPS. Default: NotRequired.
NotRequired: the client system does not have to present any form of certificate.
Validation: the client system must present a valid certificate that has been signed by a trusted certificate authority (CA). Note that
a restart is required if you are changing from Not required to Certificate validation.
Authentication: the client system must present a valid certificate that has been signed by a trusted CA and contains the client's authentication
credentials. When this mode is enabled, the standard login mechanism is no longer available.
Example: xConfiguration Authentication Certificate Mode: NotRequired
|
xConfiguration Authentication Certificate UsernameRegex: <String>
The regular expression to apply to the client certificate presented to the Expressway. Use the (? regex) syntax to supply
names for capture groups so that matching sub-patterns can be substituted in the associated template. Default: /Subject:.*CN=
(? ([^,\]|(\,))*)/m
Example: xConfiguration Authentication Certificate UsernameRegex: "/Subject:.*CN= (? ([^,\]|(\,))*)/m"
|
xConfiguration Authentication Certificate UsernameTemplate: <String>
A template containing a mixture of fixed text and the capture group names used in the Regex. Delimit each capture group name
with # , for example, prefix#Group1#suffix. Each capture group name will be replaced with the text obtained from the regular
expression processing. The resulting string is used as the user's authentication credentials (username). Default: #captureCommonName#
Example: xConfiguration Authentication Certificate UsernameTemplate: "#captureCommonName#"
|
xConfiguration Authentication H350 BindPassword: <S: 0, 60>
Sets the password to use when binding to the LDAP server.
Example: xConfiguration Authentication H350 BindPassword: "abcXYZ_123"
|
xConfiguration Authentication H350 BindSaslMode: <None/DIGEST-MD5>
The SASL (Simple Authentication and Security Layer) mechanism to use when binding to the LDAP server. Default: DIGEST-MD5.
None: no mechanism is used.
DIGEST-MD5: the DIGEST-MD5 mechanism is used.
Example: xConfiguration Authentication H350 BindSaslMode: DIGEST-MD5
|
xConfiguration Authentication H350 BindUserDn: <S: 0, 500>
Sets the user distinguished name to use when binding to the LDAP server.
Example: xConfiguration Authentication H350 BindUserDn: "manager"
|
xConfiguration Authentication H350 BindUserName: <S: 0, 500>
Sets the username to use when binding to the LDAP server. Only applies if using SASL.
Example: xConfiguration Authentication H350 BindUserName: "manager"
|
xConfiguration Authentication H350 DirectoryBaseDn: <S: 0, 500>
Sets the Distinguished Name to use when connecting to an LDAP server.
Example: xConfiguration Authentication H350 DirectoryBaseDn: "dc=example,dc=company,dc=com"
|
xConfiguration Authentication H350 LdapEncryption: <Off/TLS>
Sets the encryption to use for the connection to the LDAP server. Default : TLS.
Off: no encryption is used.
TLS: TLS encryption is used.
Example: xConfiguration Authentication H350 LdapEncryption: TLS
|
xConfiguration Authentication H350 LdapServerAddress: <S: 0, 256>
The IP address or Fully Qualified Domain Name of the LDAP server to use when making LDAP queries for device authentication.
Example: xConfiguration Authentication H350 LdapServerAddress: "ldap_server.example.com"
|
xConfiguration Authentication H350 LdapServerAddressResolution: <AddressRecord/ServiceRecord>
Sets how the LDAP server address is resolved if specified as an FQDN. Default: AddressRecord.
Address record: DNS A or AAAA record lookup.
SRV record: DNS SRV record lookup.
Example: xConfiguration Authentication H350 LdapServerAddressResolution: AddressRecord
|
xConfiguration Authentication H350 LdapServerPort: <1..65535>
Sets the IP port of the LDAP server to use when making LDAP queries for device authentication. Typically, non-secure connections
use 389. Default : 389
Example: xConfiguration Authentication H350 LdapServerPort: 389
|
xConfiguration Authentication H350 Mode: <On/Off>
Enables or disables the use of an H.350 directory for device authentication. Default: Off.
Example: xConfiguration Authentication H350 Mode: Off
|
xConfiguration Authentication LDAP AliasOrigin: <LDAP/Endpoint/Combined>
Determines how aliases are checked and registered. Default: LDAP.
LDAP: the aliases presented by the endpoint are checked against those listed in the LDAP database.
Endpoint: the aliases presented by the endpoint are used; any in the LDAP database are ignored.
Combined: the aliases presented by the endpoint are used in addition to any listed in the LDAP database.
Example: xConfiguration Authentication LDAP AliasOrigin: LDAP
|
xConfiguration Authentication Password: <S: 0, 215>
The password used by the Expressway when authenticating with another system. The maximum plaintext length is 128 characters,
which is then encrypted. Note: this does not apply to traversal client zones.
Example: xConfiguration Authentication Password: "password123"
|
xConfiguration Authentication Remote Digest Cache ExpireCheckInterval: <0..65535>
The interval between digest authentication cache expiration checks in seconds. Default: 600
Example: xConfiguration Authentication Remote Digest Cache ExpireCheckInterval: 600
|
xConfiguration Authentication Remote Digest Cache Lifetime: <0..43200>
The lifetime of digest authentication interim hashes in seconds. Default: 600
Example: xConfiguration Authentication Remote Digest Cache Lifetime: 600
|
xConfiguration Authentication Remote Digest Cache Limit: <0..65535>
The interval between digest authentication cache expiration checks in seconds. Default: 10000
Example: xConfiguration Authentication Remote Digest Cache Limit: 10000
|
xConfiguration Authentication Remote Digest Cache Mode: <On/Off>
Controls whether the digest authentication cache is enabled. Default: On
Example: xConfiguration Authentication Remote Digest Cache Mode: On
|
xConfiguration Authentication StrictPassword Enabled: <On/Off>
Determines whether local administrator account passwords must meet a minimum level of complexity before they are accepted.
In addition, passwords must not: be based on a dictionary word contain too many consecutive characters such as "abc" or "123", contain too few different characters or be palindromes. Default: Off.
On: local administrator account passwords must meet the complexity requirements.
Off: passwords are not checked for complexity.
Example: xConfiguration Authentication StrictPassword Enabled: Off
|
xConfiguration Authentication StrictPassword MaximumConsecutiveRepeated: <0..255>
The maximum number of times the same character can be repeated consecutively. A value of 0 disables this check. Default: 0
Example: xConfiguration Authentication StrictPassword MaximumConsecutiveRepeated: 0
|
xConfiguration Authentication StrictPassword MinimumClasses: <0..4>
The minimum number of character classes that must be present. There are four character classes: digit, upper case, lower case
and special. Use this setting if you want to mandate the use of 2-3 different character classes without requiring all of them
to be present. A value of 0 disables this check. Default: 0.
Example: xConfiguration Authentication StrictPassword MinimumClasses: 0
|
xConfiguration Authentication StrictPassword MinimumDigits: <0..255>
The minimum number of digits that must be present. A value of 0 disables this check. Default: 2.
Example: xConfiguration Authentication StrictPassword MinimumDigits: 2
|
xConfiguration Authentication StrictPassword MinimumLength: <6..255>
The minimum length of the password. Default: 15.
Example: xConfiguration Authentication StrictPassword MinimumLength: 15
|
xConfiguration Authentication StrictPassword MinimumLowerCase: <0..255>
The minimum number of lower case characters that must be present. A value of 0 disables this check. Default: 2.
Example: xConfiguration Authentication StrictPassword MinimumLowerCase: 2
|
xConfiguration Authentication StrictPassword MinimumOther: <0..255>
The minimum number of special characters that must be present. A special character is anything that is not a letter or a digit.
A value of 0 disables this check. Default: 2
Example: xConfiguration Authentication StrictPassword MinimumOther: 2
|
xConfiguration Authentication StrictPassword MinimumUpperCase: <0..255>
The minimum number of upper case characters that must be present. A value of 0 disables this check. Default : 2
Example: xConfiguration Authentication StrictPassword MinimumUpperCase: 2
|
xConfiguration Authentication UserName: <S: 0, 128>
The username used by the Expressway when authenticating with another system. Note: this does not apply to traversal client
zones.
Example: xConfiguration Authentication UserName: "user123"
|
xConfiguration Bandwidth Default: <64..65535>
The bandwidth (in kbps) to use on calls managed by the Expressway where no bandwidth has been specified by the endpoint. Default:
384.
Example: xConfiguration Bandwidth Default: 384
|
xConfiguration Bandwidth Downspeed PerCall Mode: <On/Off>
Determines whether the Expressway attempts to downspeed a call if there is insufficient per-call bandwidth available to fulfill
the request. Default: On.
On: the Expressway will attempt to place the call at a lower bandwidth.
Off: the call will be rejected.
Example: xConfiguration Bandwidth Downspeed PerCall Mode: On
|
xConfiguration Bandwidth Downspeed Total Mode: <On/Off>
Determines whether the Expressway attempts to downspeed a call if there is insufficient total bandwidth available to fulfill
the request. Default: On.
On: the Expressway will attempt to place the call at a lower bandwidth.
Off: the call will be rejected.
Example: xConfiguration Bandwidth Downspeed Total Mode: On
|
xConfiguration Bandwidth Link [1..3000] Name: <S: 1, 50>
Assigns a name to this link.
Example: xConfiguration Bandwidth Link 1 Name: "HQ to BranchOffice"
|
xConfiguration Bandwidth Link [1..3000] Node1 Name: <S: 0, 50>
Specifies the first zone or subzone to which this link will be applied.
Example: xConfiguration Bandwidth Link 1 Node1 Name: "HQ"
|
xConfiguration Bandwidth Link [1..3000] Node2 Name: <S: 0, 50>
Specifies the second zone or subzone to which this link will be applied.
Example: xConfiguration Bandwidth Link 1 Node2 Name: "BranchOffice"
|
xConfiguration Bandwidth Link [1..3000] Pipe1 Name: <S: 0, 50>
Specifies the first pipe to be associated with this link.
Example: xConfiguration Bandwidth Link 1 Pipe1 Name: "512Kb ASDL"
|
xConfiguration Bandwidth Link [1..3000] Pipe2 Name: <S: 0, 50>
Specifies the second pipe to be associated with this link.
Example: xConfiguration Bandwidth Link 1 Pipe2 Name: "2Gb Broadband"
|
xConfiguration Bandwidth Pipe [1..1000] Bandwidth PerCall Limit: <1..100000000>
If this pipe has limited per-call bandwidth, sets the maximum amount of bandwidth (in kbps) available for any one call. Default:
1920.
Example: xConfiguration Bandwidth Pipe 1 Bandwidth PerCall Limit: 256
|
xConfiguration Bandwidth Pipe [1..1000] Bandwidth PerCall Mode: <Limited/Unlimited/NoBandwidth>
Determines whether or not this pipe is limiting the bandwidth of individual calls. Default: Unlimited.
NoBandwidth: no bandwidth available. No calls can be made on this pipe.
Example: xConfiguration Bandwidth Pipe 1 Bandwidth PerCall Mode: Limited
|
xConfiguration Bandwidth Pipe [1..1000] Bandwidth Total Limit: <1..100000000>
If this pipe has limited bandwidth, sets the maximum bandwidth (in kbps) available at any one time on the pipe. Default: 500000.
Example: xConfiguration Bandwidth Pipe 1 Bandwidth Total Limit: 1024
|
xConfiguration Bandwidth Pipe [1..1000] Bandwidth Total Mode: <Limited/Unlimited/NoBandwidth>
Determines whether or not this pipe is enforcing total bandwidth restrictions. Default: Unlimited.
NoBandwidth: no bandwidth available. No calls can be made on this pipe.
Example: xConfiguration Bandwidth Pipe 1 Bandwidth Total Mode: Limited
|
xConfiguration Bandwidth Pipe [1..1000] Name: <S: 1, 50>
Assigns a name to this pipe.
Example: xConfiguration Bandwidth Pipe 1 Name: "512Kb ASDL"
|
xConfiguration Call Loop Detection Mode: <On/Off>
Specifies whether the Expressway will check for call loops. Default: On.
Example: xConfiguration Call Loop Detection Mode: On
|
xConfiguration Call Routed Mode: <Always/Optimal>
Specifies whether the Expressway routes the signaling for calls. Default: Always.
Always: the Expressway will always route the call signaling.
Optimal: if possible, the Expressway will remove itself from the call signaling path, which may mean the call does not consume a
call license.
Example: xConfiguration Call Routed Mode: Always
|
xConfiguration Call Services CallsToUnknownIPAddresses: <Off/Direct/Indirect>
The way in which the Expressway attempts to call systems that are not registered with it or one of its neighbors. Default:
Indirect.
Direct: allows an endpoint to make a call to an unknown IP address without the Expressway querying any neighbors. The call setup
would occur just as it would if the far end were registered directly to the local system.
Indirect: upon receiving a call to an unknown IP address, the Expressway will query its neighbors for the remote address and if permitted
will route the call through the neighbor.
Off: endpoints registered directly to the Expressway may only call an IP address of a system also registered directly to that
Expressway.
Example: xConfiguration Call Services CallsToUnknownIPAddresses: Indirect
|
xConfiguration Call Services Fallback Alias: <S: 0, 60>
Specifies the alias to which incoming calls are placed for calls where the IP address or domain name of the Expressway has
been given but no callee alias has been specified.
Example: xConfiguration Call Services Fallback Alias: "reception@example.com"
|
xConfiguration CollaborationEdge AllowEmbeddedSafari: <Yes/No>
This only applies to Cisco Jabber 11.8 or later, on iPads or iPhones using iOS 9 or later, when they authorize using OAuth
tokens.
Select Yes to allow Jabber on iOS devices to display the authentication page in the native Safari browser.
Select No to have Jabber on iOS devices display the authentication page in the WebView browser, rather than in the Safari browser.
Note
|
If you toggle this option, also make the corresponding selection for SSO Login Behavior for iOS in Cisco Unified Communications Manager.
|
Example: xConfiguration CollaborationEdge AllowEmbeddedSafari: No
|
xConfiguration CollaborationEdge AllowList DefaultMethods: <String>
Configure one or more default HTTP methods for the HTTP allow list.
Configuration Parameters:
Methods: <OPTIONS/GET/HEAD/POST/PUT/DELETE> - A comma-delimiting set of one or more http methods
Example: xConfiguration CollaborationEdge AllowList DefaultMethods: PUT,GET,POST
|
xConfiguration CollaborationEdge AllowOnboardingOverMra: <On/Off>
Enables or disables activation code onboarding for MRA devices. If enabled/disabled, mTLS is automatically enabled/disabled
on the MRA port. The necessary CA certificates for mTLS are auto-generated.
Example: xConfiguration CollaborationEdge AllowOnboardingOverMra: On
|
xConfiguration CollaborationEdge AllowRedirectUri: <On/Off>
Enables or disables Redirect URI. Allows the client to use Embedded browser for (and MRA) OAuth flow. Default value is No. Set the value to Yes to enable this option.
Example: xConfiguration CollaborationEdge AllowRedirectUri: Off
|
xConfiguration CollaborationEdge Enabled: <On/Off>
Enables or disables Mobile and Remote Access on this Expressway.
Example: xConfiguration CollaborationEdge Enabled: On
|
xConfiguration CollaborationEdge InternalCheck: <No/Yes>
This switch determines whether the Expressway-C will check the user's home node for available authentication modes. If you
select No , the Expressway tells the client that the authentication modes enabled on the Expressway-C are available, without actually
checking the home node. You should see less traffic on the internal network as a result, but you should only select this option
if you know that all nodes have the same authentication modes available.
Select Yes to allow the Expressway-C to check on the user's home node before the Expressway-E responds to the client.
Example: xConfiguration CollaborationEdge InternalCheck: No
|
xConfiguration CollaborationEdge JabbercEnabled: <On/Off>
Enables or disables Jabber Guest services on this Expressway.
Example: xConfiguration JabbercEnabled: Off
|
xConfiguration CollaborationEdge JabbercProxyProtocol: <http/https>
Selects the protocol used to proxy Jabber Guest services requests through the Expressway.
Example: xConfiguration JabbercProxyProtocol: https
|
xConfiguration CollaborationEdge LegacyCred: <On/Off>
Select On if Unified Communications services authorize MRA clients based on the username and password they supply to the Expressway.
Example: xConfiguration CollaborationEdge LegacyCred: Off
|
xConfiguration CollaborationEdge LegacySso: <On/Off/Exclusive>
Select On if Unified Communications services authorize MRA clients based on the OAuth token they supply to the Expressway.
This is not the self-describing OAuth token type.
Example: xConfiguration CollaborationEdge LegacySso: Off
|
xConfiguration CollaborationEdge OauthLocal: <On/Off>
Enables or disables OAuth local authentication for mobile and remote access to Unified Communications services.
Example: xConfiguration CollaborationEdge OauthLocal: Off
|
xConfiguration CollaborationEdge OauthSso: <On/Off>
Enables or disables OAuth Single Sign-On for mobile and remote access to Unified Communications services.
Example: xConfiguration CollaborationEdge OauthSso: Off
|
xConfiguration CollaborationEdge RFC3327Enabled: <On/Off>
Changes Path header support for registrations going through automatically generated neighbor zones to Unified CM nodes.
On: The Expressway-C inserts its address into the Path header of the REGISTER message, and into the response to that message.
Off: The Expressway-C overwrites the address in the Contact header of the REGISTER message.
Example: xConfiguration CollaborationEdge rfc3327Enabled: On
|
xConfiguration CollaborationEdge SSO Scope: <PEER/CLUSTER>
Use PEER if you wish to use a SAML agreement, with your chosen IdP, for each Expressway peer. Use CLUSTER if you wish to use
a single SAML agreement for the cl uster.
Example: xConfiguration CollaborationEdge SSO Scope: CLUSTER
|
xConfiguration CollaborationEdge SSO IdP <index> Digest: <sha1/sha256>
Changes the hash algorithm that the Expressway uses when signing SAML authentication requests given to the client.
<index> is an integer distinguishing a particular IdP from the list that is configured on the Expressway.
Example: xConfiguration CollaborationEdge SSO IdP 1 Digest: sha256
|
xConfiguration CollaborationEdge SsoAlwaysAvailable: <On/Off>
Determines whether the Expressway-C will check if the user's home node has SSO available.
On: The Expressway-E always tells the client that SSO is available, without actually checking the home node.
Off: Allow the Expressway-C to check if SSO is available on the user's home node before the Expressway-E responds to the client.
Example: xConfiguration CollaborationEdge SsoAlwaysAvailable: Off
Note
|
The default value Off corresponds to the following default on the web UI: Check for internal SSO availability: Yes
|
|
xConfiguration CollaborationEdge SsoEnabled: <On/Off>
Toggles Single Sign-On for mobile and remote access to UC services.
Example: xConfiguration CollaborationEdge SsoEnabled: Off
|
xConfiguration CollaborationEdge SsoSipTokenExtraTtl: <0..172800>
Extends the lifetime of the SIP authorization token by the supplied number of seconds.
Important
|
The extended time-to-live means that external users can still use SIP over the edge after their on-premises UC credentials
have expired. This gives users a short window in which they can still accept calls (if they haven't noticed that they need
to re-authenticate), but you should balance this convenience against the increased security exposure.
|
Example: xConfiguration CollaborationEdge SsoSipTokenExtraTtl: 0
|
xConfiguration CollaborationEdgeDeployments <index> DeploymentId: <1..65535>
Changes the deployment ID of a particular deployment.
<index> is an integer distinguishing a particular IdP from the list that is configured on the Expressway.
Example: xConfiguration CollaborationEdgeDeployments 1 DeploymentId: 5
|
xConfiguration CollaborationEdgeDeployments <index> UserReadableName: <String>
Enter a name for this deployment. You can use multiple deployments to partition the Unified Communications services provided
via this Expressway. See Using deployments to partition Unified Communications services.
<index> is an integer distinguishing a particular IdP from the list that is configured on the Expressway.
Example: xConfiguration CollaborationEdgeDeployments 1 UserReadableName: StagingDeployment
|
xConfiguration Ciphers SIPTLSCiphers Value: <S:0,2048>
Specifies the SIP TLS cipher suite to use in 'OpenSSL ciphers' format (See https://www.openssl.org/docs/manmaster/man1/ciphers.html#CIPHER-LIST-FORMAT). Note that a restart is required for this to take effect. Also note that aNULL ciphers are not supported for inbound connections.
Default: EECDH:EDH:HIGH:-AES256+SHA:!MEDIUM:!LOW:!3DES:!MD5:!PSK:!eNULL:+ADH
Example: xConfiguration Ciphers SIPTLSCiphers Value: "EECDH:EDH:HIGH:-AES256+SHA:!MEDIUM:!LOW:!3DES:!MD5:!PSK:!eNULL:+ADH"
To change SIP TLS protocol value, see: SIP Advanced SipTlsVersions.
|
xConfiguration Ciphers HTTPSCiphers Value: <S:0,2048>
Specifies the HTTPS cipher suite to use in 'OpenSSL ciphers' format (See https://www.openssl.org/docs/manmaster/man1/ciphers.html#CIPHER-LIST-FORMAT).
Default: EECDH:EDH:HIGH:-AES256+SHA:!MEDIUM:!LOW:!3DES:!MD5:!PSK:!eNULL:!aNULL
Example: xConfiguration Ciphers HTTPSCiphers Value: "EECDH:EDH:HIGH:-AES256+SHA:!MEDIUM:!LOW:!3DES:!MD5:!PSK:!eNULL:!aNULL"
|
xConfiguration Ciphers HTTPSProtocol Value: <S:minTLSv1.0, minTLSv1.1, minTLSv1.2>
Specifies the HTTPS TLS protocol minimum version.
Default: minTLSv1.2
Example: xConfiguration Ciphers HTTPSProtocol Value: "minTLSv1.2"
|
xConfiguration Ciphers SMTPTLSCiphers Value: <S:0,2048>
Specifies the SMTP TLS cipher suite to use in 'OpenSSL ciphers' format (see https://www.openssl.org/docs/manmaster/man1/ciphers.html#CIPHER-LIST-FORMAT
Default: EECDH:EDH:HIGH:-AES256+SHA:!MEDIUM:!LOW:!3DES:!MD5:!PSK:!eNULL:!aNULL
Example: xConfiguration Ciphers SMTPTLSCiphers Value: "EECDH:EDH:HIGH:-AES256+SHA:!MEDIUM:!LOW:!3DES:!MD5:!PSK:!eNULL:!aNULL"
|
xConfiguration Ciphers SMTPTLSProtocol Value: <S:minTLSv1.0, minTLSv1.1, minTLSv1.2>
Specifies the SMTP TLS protocol minimum version.
Default: minTLSv1.2
Example: xConfiguration Ciphers SMTPTLSProtocol Value: "minTLSv1.2"
|
xConfiguration Ciphers ReverseProxyTLSCiphers Value: <S:0,2048>
Specifies the Reverse Proxy TLS cipher suite to use in 'OpenSSL ciphers' format (See https://www.openssl.org/docs/manmaster/man1/ciphers.html#CIPHER-LIST-FORMAT).
Default: EECDH:EDH:HIGH:-AES256+SHA:!MEDIUM:!LOW:!3DES:!MD5:!PSK:!eNULL:!aNULL
Example: xConfiguration Ciphers ReverseProxyTLSCiphers Value: "EECDH:EDH:HIGH:-AES256+SHA:!MEDIUM:!LOW:!3DES:!MD5:!PSK:!eNULL:!aNULL"
|
xConfiguration Ciphers ReverseProxyTLSProtocol Value: <S:minTLSv1.0, minTLSv1.1, minTLSv1.2>
Specifies the Reverse Proxy TLS protocol minimum version.
Default: minTLSv1.2
Example: xConfiguration Ciphers ReverseProxyTLSProtocol Value: "minTLSv1.2"
|
xConfiguration Ciphers UcClientTLSCiphers Value: <S:0,2048>
Specifies the UC Client TLS cipher suite to use in 'OpenSSL ciphers' format (See https://www.openssl.org/docs/manmaster/man1/ciphers.html#CIPHER-LIST-FORMAT).
Default: EECDH:EDH:HIGH:-AES256+SHA:!MEDIUM:!LOW:!3DES:!MD5:!PSK:!eNULL:!aNULL
Example: xConfiguration CiphersUcClientTLSCiphers Value: "EECDH:EDH:HIGH:-AES256+SHA:!MEDIUM:!LOW:!3DES:!MD5:!PSK:!eNULL:!aNULL"
|
xConfiguration Ciphers UcClientTLSProtocol Value: <S:minTLSv1.0, minTLSv1.1, minTLSv1.2>
Specifies the UC Client TLS protocol minimum version.
Default: minTLSv1.2
Example: xConfiguration Ciphers UcClientTLSProtocol Value: "minTLSv1.2"
|
xConfiguration Ciphers XCPTLSCiphers Value: <S:0,2048>
Specifies the XCP TLS cipher suite to use in 'OpenSSL ciphers' format (See https://www.openssl.org/docs/manmaster/man1/ciphers.html#CIPHER-LIST-FORMAT). Note that a restart is required for this to take effect.
Default: EECDH:EDH:HIGH:-AES256+SHA:!MEDIUM:!LOW:!3DES:!MD5:!PSK:!eNULL:!aNULL
Example: xConfiguration Ciphers XCPTLSCiphers Value: "EECDH:EDH:HIGH:-AES256+SHA:!MEDIUM:!LOW:!3DES:!MD5:!PSK:!eNULL:!aNULL"
|
xConfiguration Ciphers XCPTLSProtocol Value: <S:minTLSv1.0, minTLSv1.1, minTLSv1.2>
Specifies the XCP TLS protocol minimum version.
Default: minTLSv1.2
Example: xConfiguration Ciphers XCPTLSProtocol Value: minTLSv1.2
|
xConfiguration Ciphers sshd_ciphers Value: <S:0,2048>
Configures the available ciphers for admin/root SSH connections (TCP/22) in "openssh" format.
Default: aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
Example: xConfiguration Ciphers sshd_ciphers Value: "aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr"
|
xConfiguration Ciphers sshd_kex Value: <S:0,2048>
Configures key exchange algorithms for admin/root SSH connections (TCP/22) in "openssh" format.
Default: ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
Example: xConfiguration Ciphers sshd_kex Value: "ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1"
|
xConfiguration Ciphers sshd_macs Value: <S:0,2048>
Configures the message authentication code digests for admin/root SSH connections (TCP/22) in "openssh" format.
Default: hmac-sha2-512,hmac-sha2-256,hmac-sha1
Example: xConfiguration Ciphers sshd_macs Value: "hmac-sha2-512,hmac-sha2-256,hmac-sha1"
|
xConfiguration Ciphers sshd_pfwd_ciphers Value: <S:0,2048>
The ciphers available for the SSH tunnels used for the forward and reverse HTTP proxies (i.e. APNS and MRA HTTP traffic).
Default: aes256-ctr
Example: xConfiguration Ciphers sshd_pfwd_ciphers Value: "aes256-ctr"
|
xConfiguration DNS PerDomainServer [1..5] Address: <S: 0, 39>
The IP address of the DNS server to use only when resolving hostnames for the associated domain names.
Example: xConfiguration DNS PerDomainServer 1 Address: "192.168.12.1"
|
xConfiguration DNS PerDomainServer [1..5] Domain1: <S: 0, 39>
The first domain name to be resolved by this particular DNS server.
Example: xConfiguration DNS PerDomainServer 1 Domain1: "dept.example.com"
|
xConfiguration DNS PerDomainServer [1..5] Domain2: <S: 0, 39>
The second domain name to be resolved by this particular DNS server.
Example: xConfiguration DNS PerDomainServer 1 Domain2: "other.example.com"
|
xConfiguration DNS Server [1..5] Address: <S: 0, 39>
The IP address of a default DNS server to use when resolving domain names. You can specify up to 5 servers. These default
DNS servers are used if there is no per-domain DNS server defined for the domain being looked up.
Example: xConfiguration DNS Server 1 Address: "192.168.12.0"
|
xConfiguration EdgeConfigServer CredentialTtl: <0..604800>
Does not apply to SSO authentications.
Specifies the lifetime of the authentication token issued by the Expressway to a successfully authenticated client. A client
that successfully authenticates should request a refresh before this token expires, or it will need to re-authenticate.
Example: xConfiguration EdgeConfigServer CredentialTtl: 28800
|
xConfiguration EdgeConfigServer PurgeInterval: <0..604800>
Does not apply to SSO authentications.
Specifies how long the Expressway waits between cache clearing operations. Only expired tokens are removed when the cache
is cleared, so this setting is the longest possible time that an expired token can remain in the cache.
Example: xConfiguration EdgeConfigServer PurgeInterval: 43200
|
xConfiguration EdgeConfigServer RateLimitLogins: <0..100>
Limits the number of times that any user's credentials can authorize via VCS per rate control period. Any device using the
same user credentials contributes to the number.
After the limit is reached, any further attempts to use these credentials are rejected until the current rate control period
expires.
Enter 0 to disable the rate control feature.
Example: xConfiguration EdgeConfigServer RateLimitLogins: 3
|
xConfiguration EdgeConfigServer RateLimitPeriod: <0..86400>
Defines the period (in seconds) over which authorizations are counted. If rate control is enabled, then a user's first authorization
starts the counter and the timer. When the rate control period expires, the counter is reset and a new period will start with
the user's next authorization.
Enter 0 to disable the rate control feature.
Example: xConfiguration EdgeConfigServer RateLimitPeriod: 300
|
xConfiguration ErrorReport Contact: <S: 0, 128>
An optional contact email address for follow up on incident reports if required.
Example: xConfiguration ErrorReport Contact: "bob smith"
|
xConfiguration ErrorReport CoreDump: <On/Off>
Determines whether diagnostic core dump files are created. Default: On.
Example: xConfiguration ErrorReport CoreDump: On
|
xConfiguration ErrorReport Mode: <On/Off>
Determines whether details of application failures are automatically sent to a web service. Default: Off.
Example: xConfiguration ErrorReport Mode: Off
|
xConfiguration ErrorReport Proxy: <S: 0, 128>
An optional proxy server to use for the HTTP/HTTPS connections to the incident reporting server.
Example: xConfiguration ErrorReport Proxy: https://proxy_address/submiterror/
|
xConfiguration ErrorReport Url: <S: 0, 128>
The URL of the web service to which details of application failures are sent. Default: https://cc-reports.cisco.com/submitapplicationerror/
Example: xConfiguration ErrorReport Url: https://cc-reports.cisco.com/submitapplicationerror/
|
xConfiguration Ethernet [1..2] IP V4 Address: <S: 7,15>
Specifies the IPv4 address of the specified LAN port. Note: you must restart the system for any changes to take effect.
Example: xConfiguration Ethernet 1 IP V4 Address: "192.168.10.10"
|
xConfiguration Ethernet [1..2] IP V4 StaticNAT Address: <S:7,15>
If the Expressway is operating in static NAT mode, this specifies the external public IPv4 address of that static NAT. You
must restart the system for any changes to take effect.
Example: xConfiguration Ethernet 1 IP V4 StaticNAT Address: "64.22.64.85"
|
xConfiguration Ethernet [1..2] IP V4 StaticNAT Mode: <On/Off>
Specifies whether the Expressway is located behind a static NAT. You must restart the system for any changes to take effect.
Default: Off.
Example: xConfiguration Ethernet 1 IP V4 StaticNAT Mode: On
|
xConfiguration Ethernet [1..2] IP V4 SubnetMask: <S: 7,15>
Specifies the IPv4 subnet mask of the specified LAN port. You must restart the system for any changes to take effect.
Example: xConfiguration Ethernet 1 IP V4 SubnetMask: "255.255.255.0"
|
xConfiguration Ethernet [1..2] IP V6 Address: <S: 0, 39>
Specifies the IPv6 address of the specified LAN port. You must restart the system for any changes to take effect.
Example: xConfiguration Ethernet 1 IP V6 Address: "2001:db8::1428:57ab"
|
xConfiguration Ethernet [1..2] Speed: <Auto/10half/10full/100half/100full/1000full
Sets the speed of the Ethernet link from the specified LAN port. Use Auto to automatically configure the speed. You must restart
the system for any changes to take effect. Default: Auto.
Example: xConfiguration Ethernet 1 Speed: Auto
|
xConfiguration ExternalManager Address: <S: 0, 128>
Sets the IP address or Fully Qualified Domain Name (FQDN) of the external manager.
Example: xConfiguration ExternalManager Address: "192.168.0.0"
|
xConfiguration ExternalManager Path: <S: 0, 255>
Sets the URL of the external manager. Default: tms/public/external/management/SystemManagementService.asmx
Example: xConfiguration ExternalManager Path: "tms/public/external/management/SystemManagementService.asmx"
|
xConfiguration ExternalManager Protocol: <HTTP/HTTPS>
The protocol used to connect to the external manager. Default: HTTPS.
Example: xConfiguration ExternalManager Protocol: HTTPS
|
xConfiguration ExternalManager Server Certificate Verification Mode: <On/Off>
Controls whether the certificate presented by the external manager is verified. Default: On.
Example: xConfiguration ExternalManager Server Certificate Verification Mode: On
|
xConfiguration H323 Gatekeeper AutoDiscovery Mode: <On/Off>
Determines whether or not the Expressway responds to gatekeeper discovery requests from endpoints. Default: On.
Example: xConfiguration H323 Gatekeeper AutoDiscovery Mode: On
|
xConfiguration H323 Gatekeeper CallSignaling PortRange End: <1024..65534>
Specifies the upper port in the range to be used by calls once they are established. Default: 19999.
Example: xConfiguration H323 Gatekeeper CallSignaling PortRange End: 19999
|
xConfiguration H323 Gatekeeper CallSignaling PortRange Start: <1024..65534>
Specifies the lower port in the range to be used by calls once they are established. Default: 15000.
Example: xConfiguration H323 Gatekeeper CallSignaling PortRange Start: 15000
|
xConfiguration H323 Gatekeeper CallSignaling TCP Port: <1024..65534>
Specifies the port that listens for H.323 call signaling. Default: 1720.
Example: xConfiguration H323 Gatekeeper CallSignaling TCP Port: 1720
|
xConfiguration H323 Gatekeeper CallTimeToLive: <60..65534>
Specifies the interval (in seconds) at which the Expressway polls the endpoints in a call to verify that they are still in
the call. Default: 120.
Example: xConfiguration H323 Gatekeeper CallTimeToLive: 120
|
xConfiguration H323 Gatekeeper Registration RIPAllRequests: <On/Off>
Determines whether the Expressway will respond to H.323 registration request with a Request In Progress message.
Enable this setting if you are experiencing registration timeouts when authenticating registration requests with a remote
LDAP directory service. Default: Off
Example: xConfiguration H323 Gatekeeper Registration RIPAllRequests: Off
|
xConfiguration H323 Gatekeeper Registration ConflictMode: <Reject/Overwrite>
How the system behaves if an endpoint attempts to register an alias currently registered from another IP address. Default:
Reject.
Reject: denies the registration.
Overwrite: deletes the original registration and replaces it with the new registration.
Example: xConfiguration H323 Gatekeeper Registration ConflictMode: Reject
|
xConfiguration H323 Gatekeeper Registration UDP Port: <1024..65534>
Specifies the port to be used for H.323 UDP registrations. Default: 1719.
Example: xConfiguration H323 Gatekeeper Registration UDP Port: 1719
|
xConfiguration H323 Gatekeeper TimeToLive: <60..65534>
The interval (in seconds) at which an H.323 endpoint must re-register with the Expressway to confirm that it is still functioning.
Default: 1800.
Example: xConfiguration H323 Gatekeeper TimeToLive: 1800
|
xConfiguration H323 Gateway CallerId: <IncludePrefix/ExcludePrefix>
Specifies whether the prefix of the ISDN gateway is inserted into the caller's E.164 number presented on the destination endpoint.
Including the prefix allows the recipient to directly return the call. Default: ExcludePrefix.
IncludePrefix: inserts the ISDN gateway's prefix into the source E.164 number.
ExcludePrefix: only displays the source E.164 number.
Example: xConfiguration H323 Gateway CallerId: ExcludePrefix
|
xConfiguration H323 Mode: <On/Off>
Determines whether or not the Expressway will provide H.323 gatekeeper functionality. Default: Off.
Example: xConfiguration H323 Mode: On
|
xConfiguration Interworking BFCP Compatibility Mode: <Auto/TAA/Draft>
Controls the compatibility settings of the SIP to H.323 interworking BFCP component. Default: Auto.
Example: xConfiguration Interworking BFCP Compatibility Mode: Auto
|
xConfiguration Interworking Encryption KeySize2048: <On/Off>
Determines whether or not the Expressway includes 2048-bit Diffie-Hellman keys for encryption of H.323-SIP interworking. Default:
On.
On: Expressway will offer both 1024-bit and 2048-bit encryption key lengths.
Off: Expressway will not offer 2048-bit encryption key length.
Example: xConfiguration Interworking Encryption KeySize2048: On
|
xConfiguration Interworking Encryption Mode: <Auto/Off>
Determines whether or not the Expressway will allow encrypted calls between SIP and H.323 endpoints. Default: Auto.
Off: interworked calls will never be encrypted.
Auto: interworked calls will be encrypted if the endpoints request it.
Example: xConfiguration Interworking Encryption Mode: Auto
|
xConfiguration Interworking Encryption Replay Protection Mode: <On/Off>
Controls whether the Expressway will perform replay protection for incoming SRTP packets when interworking a call. Default:
Off.
On: replayed SRTP packets will be dropped by the Expressway.
Off: the Expressway will not check for replayed SRTP packets.
Example: xConfiguration Interworking Encryption Replay Protection Mode: Off
|
xConfiguration Interworking Mode: <On/Off/RegisteredOnly>
Determines whether or not the Expressway will act as a gateway between SIP and H.323 calls. Default: RegisteredOnly.
Off: the Expressway will not act as a SIP-H.323 gateway.
On: the Expressway will act as SIP-H.323 gateway regardless of whether the endpoints are locally registered.
RegisteredOnly: the Expressway will act as a SIP-H.323 gateway but only if at least one of the endpoints is locally registered.
Example: xConfiguration Interworking Mode: On
|
xConfiguration Interworking Require Invite Header Mode: <On/Off>
Controls whether the SIP to H.323 interworking function sends com.tandberg.sdp.duo.enable and com.tandberg.sdp.bfcp.udp in
the require header for dialog forming INVITEs. Default: Off.
Example: xConfiguration Interworking Require Invite Header Mode: Off
|
xConfiguration IP DNS Domain Name: <S: 0, 128>
The name to be appended to an unqualified host name before querying the DNS server. Used when attempting to resolve unqualified
domain names for NTP, LDAP, external manager and remote syslog servers. May also be used along with the System host name to identify references to this Expressway in SIP messaging.
Example: xConfiguration IP DNS Domain Name: "example.com"
|
xConfiguration IP DNS Hostname : <S: 0, 63>
The DNS host name that this system is known by. This is not the fully-qualified domain name, just the host label portion.
The name can only contain letters, digits, hyphens and underscores. The first character must be a letter and the last character
must be a letter or a digit.
Example: xConfiguration IP DNS Hostname: "localsystem"
|
xConfiguration IP DNS MaxPort: <1024..65535>
The upper source port in the range used for sending DNS queries. Requests choose a random port from this range. Warning: setting
a small source port range increases your vulnerability to DNS spoofing attacks. Default: 65535.
Example: xConfiguration IP DNS MaxPort: 65535
|
xConfiguration IP DNS MinPort: <1024..65535>
The lower source port in the range used for sending DNS queries. Requests choose a random port from this range. Warning: setting
a small source port range increases your vulnerability to DNS spoofing attacks. Default: 1024.
Example: xConfiguration IP DNS MinPort: 1024
|
xConfiguration IP DNS SearchDomains: <S: 0, 1024>
Space separated list of extra domain names to be searched when querying the DNS server. Used when attempting to resolve unqualified
domain names for NTP, LDAP, external manager and remote syslog servers. May also be used along with the local System host
name to identify references to this system in SIP messaging. (Peer-specific)
Example: xConfiguration IP DNS SearchDomains: "example1.int"
"example2.int"
"example3.int"
|
xConfiguration IP DNS UseEphemeralPortRange: <On/Off>
Determines whether outgoing DNS queries use the system's normal ephemeral port range, or a custom port range that you can
configure. Default: On.
Example: xConfiguration IP DNS UseEphemeralPortRange: On
|
xConfiguration IP Ephemeral PortRange End: <1024..65534>
The highest port in the range used for ephemeral outbound connections not otherwise constrained by Expressway call processing.
Default: 35999.
Example: xConfiguration IP Ephemeral PortRange End: 35999
|
xConfiguration IP Ephemeral PortRange Start: <1024..65534>
The lowest port in the range used for ephemeral outbound connections not otherwise constrained by Expressway call processing.
Default: 30000.
Example: xConfiguration IP Ephemeral PortRange Start: 30000
|
xConfiguration IP External Interface: <LAN1/LAN2>
Defines which LAN interface is externally facing. Default: LAN1.
Example: xConfiguration IP External Interface: LAN1
|
xConfiguration IP Gateway: <S: 7,15>
Specifies the IPv4 gateway of the Expressway. Note: you must restart the system for any changes to take effect. Default: 127.0.0.1
Example: xConfiguration IP Gateway: "192.168.127.0"
|
xConfiguration IP QoS Mode: <None/DiffServ>
The type of QoS (Quality of Service) tags to apply to all signaling and media packets. You must restart the system for any
changes to take effect. Default: None.
None: no specific QoS tagging is applied.
DiffServ: puts the specified Tag value in the TOS (Type Of Service) field of the IPv4 header or TC (Traffic Class) field of the IPv6
header.
Example: xConfiguration IP QoS Mode: DiffServ
Important
|
This command is discontinued from Version X8.9 and replaced by commands QoS Audio, QoS Video, QoS XMPP , and QoS Signaling .
|
|
xConfiguration IP QoS Value: <0..63>
The value to stamp onto all signaling and media traffic routed through the system. You must restart the system for any changes
to take effect. Default: 0.
Example: xConfiguration IP QoS Value: 16
Important
|
This command is discontinued from Version X8.9 and replaced by commands QoS Audio, QoS Video, QoS XMPP, and QoS Signaling .
|
|
xConfiguration IP RFC4821 Mode: <Auto/Enabled/Disabled>
Determines when RFC4821 Packetization Layer Path MTU Discovery is used by the Expressway network interface. You must restart
the system for any changes to take effect. Default: Disabled.
Enabled: Packetization layer MTU probing is always performed.
Auto: Disabled by default, enabled when an ICMP black hole is detected.
Disabled: Packetization layer MTU probing is not performed.
Example: xConfiguration IP RFC4821 Mode: Disabled
|
xConfiguration IP Route [1..50] Address: <S: 0, 39>
Specifies an IP address used in conjunction with the Prefix Length to determine the network to which this route applies.
Example: xConfiguration IP Route 1 Address: "128.168.0.0"
|
xConfiguration IP Route [1..50] Gateway: <S: 0, 39>
Specifies the IP address of the Gateway for this route.
Example: xConfiguration IP Route 1 Gateway: "192.168.0.0"
|
xConfiguration IP Route [1..50] Interface: <Auto/LAN1/LAN2>
Specifies the LAN interface to use for this route. Auto: The Expressway will select the most appropriate interface to use.
Default: Auto.
Example: xConfiguration IP Route 1 Interface: Auto
|
xConfiguration IP Route [1..50] PrefixLength: <0..128>
The number of bits of the IP address which must match when determining the network to which this route applies. Default: 32.
Example: xConfiguration IP Route 1 PrefixLength: 16
|
xConfiguration IP V6 Gateway: <S: 0, 39>
Specifies the IPv6 gateway of the Expressway. You must restart the system for any changes to take effect.
Example: xConfiguration IP V6 Gateway: "3dda:80bb:6::9:144"
|
xConfiguration IPProtocol: <Both/IPv4/IPv6>
Selects whether the Expressway is operating in IPv4, IPv6 or dual stack mode. You must restart the system for any changes
to take effect. Default: IPv4.
Example: xConfiguration IPProtocol: IPv4
|
xConfiguration Language Default: <S: 0, 128>
The default language used on the web interface. Default: "en_US".
Example: xConfiguration Language Default: "en_US"
|
xConfiguration Log CDR Service: <off/serviceonly/serviceandlogging>
Select how to log Call Detail Records produced by this Expressway.
Off: Call Detail Records are not logged.
serviceonly: Call Detail Records are stored locally for 7 days and then deleted. The logged records are not accessible via the user interface.
serviceandlogging: As for serviceonly, except the CDRs are accessible via the local Event log. If you have added syslog server addresses, the
records are sent to those as Info messages.
Default: off
Example: xConfiguration Log CDR Service: serviceonly
|
xConfiguration Log Level: <1..4>
Controls the granularity of Event Logging. 1 is the least verbose, 4 the most. Note: this setting is not retrospective; it
determines which events are written to the Event Log from now onwards. Default: 1
Example: xConfiguration Log Level: 1
|
xConfiguration Log MediaStats Logging: <On/Off>
Toggles media statistics logging. Default: Off
Example: xConfiguration Log MediaStats Logging: On
|
xConfiguration Log SystemMetrics Interval: <30..600>
Sets the number of seconds to wait between metrics collection events.
Important
|
A shorter interval has more impact on system performance, while a longer interval yields coarser metrics. We recommend using
the longest interval unless you need very fine metrics.
|
Default: 60
Example: xConfiguration Log SystemMetrics Interval: 60
|
xConfiguration Log SystemMetrics Mode: <On/Off>
Toggles the System Metrics Collection service. Enter On to start collecting metrics for this system.
Default: Off
Example: xConfiguration Log SystemMetrics Mode: On
|
xConfiguration Log SystemMetrics Network Address: <S: 0,1024>
Enter the address of the listening server. You may use IP address, hostname, or FQDN.
Default: Empty
Example: xConfiguration log SystemMetrics Network Address: "192.168.0.5"
|
xConfiguration Log SystemMetrics Network Port: <1..65535>
Enter the port on which the listening server is expecting System Metrics traffic.
Default: 25826
Example: xConfiguration log SystemMetrics Network Port: 25826
|
xConfiguration Logger Network [1..n] Level: <FATAL/ERROR/WARN/INFO/DEBUG/TRACE>
The logging level for the nominated module. Default : INFO.
Example: xConfiguration Logger Developer 1 Level: INFO
|
xConfiguration Login Remote LDAP BaseDN Accounts: <S: 0,255>
Sets the Distinguished Name to use as the base when searching for administrator and user accounts.
Example: xConfiguration Login Remote LDAP BaseDN Accounts: "ou=useraccounts,dc=corporation,dc=int"
|
xConfiguration Login Remote LDAP BaseDN Groups: <S: 0,255>
Sets the Distinguished Name to use as the base when searching for administrator and user groups.
Example: xConfiguration Login Remote LDAP BaseDN Groups: "ou=groups,dc=corporation,dc=int"
|
xConfiguration Login Remote LDAP CRLCheck: <None/Peer/All>
Specifies whether certificate revocation lists (CRLs) are checked when forming a TLS connection with the LDAP server. CRL
data is uploaded to the Expressway via the trusted CA certificate PEM file. Default: None.
None: no CRL checking is performed.
Peer: only the CRL associated with the CA that issued the LDAP server's certificate is checked.
All: all CRLs in the trusted certificate chain of the CA that issued the LDAP server's certificate are checked.
Example: xConfiguration Login Remote LDAP CRLCheck: Peer
|
xConfiguration Login Remote LDAP DirectoryType: <ActiveDirectory>
Defines the type of LDAP directory that is being accessed. Default: ActiveDirectory.
ActiveDirectory: directory is Windows Active Directory.
Example: xConfiguration Login Remote LDAP DirectoryType: ActiveDirectory
|
xConfiguration Login Remote LDAP Encryption: <Off/TLS>
Sets the encryption to use for the connection to the LDAP server. Default: TLS.
Off: no encryption is used.
TLS: TLS encryption is used.
Example: xConfiguration Login Remote LDAP Encryption: Off
|
xConfiguration Login Remote LDAP SASL: <None/DIGEST-MD5>
The SASL (Simple Authentication and Security Layer) mechanism to use when binding to the LDAP server. Default: DIGEST-MD5.
None: no mechanism is used.
DIGEST-MD5: The DIGEST-MD5 mechanism is used.
Example: xConfiguration Login Remote LDAP SASL: DIGEST-MD5
|
xConfiguration Login Remote LDAP SearchOptimize NestedDepth: <1..16>
Sets the subgroup search depth level for LDAP authentication. Default: 16
Example: xConfiguration Login Remote LDAP SearchOptimize NestedDepth: "1"
|
xConfiguration Login Remote LDAP SearchOptimize SkipMembers: <Yes/No>
Defines whether to skip group member lookup when searching groups for LDAP authentication. Default: Yes
Example: xConfiguration Login Remote LDAP SearchOptimize SkipMembers: "No"
|
xConfiguration Login Remote LDAP Server Address: <S: 0,128>
Sets the IP address or Fully Qualified Domain Name (FQDN) of the LDAP server to use when making LDAP queries.
Example: xConfiguration Login Remote LDAP Server Address: "server.example.com"
|
xConfiguration Login Remote LDAP Server FQDNResolution: <AddressRecord/SRVRecord>
Sets how the LDAP server address is resolved if specified as an FQDN. Default: AddressRecord.
AddressRecord: DNS A or AAAA record lookup.
SRVRecord: DNS SRV record lookup.
Example: xConfiguration Login Remote LDAP Server FQDNResolution: AddressRecord
|
xConfiguration Login Remote LDAP Server Port: <1..65534>
Sets the IP port of the LDAP server to use when making LDAP queries. Non-secure connections use 389 and secure connections
use 636. Other ports are not supported. Default: 389.
Example: xConfiguration Login Remote LDAP Server Port: 389
|
xConfiguration Login Remote LDAP VCS BindDN: <S: 0,255>
Sets the user distinguished name to use when binding to the LDAP server.
Example: xConfiguration Login Remote LDAP VCS BindDN: "systemmanager"
|
xConfiguration Login Remote LDAP VCS BindPassword: <S: 0,122>
Sets the password to use when binding to the LDAP server. The maximum plaintext length is 60 characters, which is then encrypted.
Example: xConfiguration Login Remote LDAP VCS BindPassword: "password123"
|
xConfiguration Login Remote LDAP VCS BindUsername: <S: 0,255>
Sets the username to use when binding to the LDAP server. Only applies if using SASL.
Example: xConfiguration Login Remote LDAP VCS BindUsername: "systemmanager"
|
xConfiguration Login Remote Protocol: <LDAP>
The protocol used to connect to the external directory. Default: LDAP.
Example: xConfiguration Login Remote Protocol: LDAP
|
xConfiguration Login Source Admin: <LocalOnly/RemoteOnly/Both>
Defines where administrator login credentials are authenticated before access is allowed. Default: LocalOnly.
LocalOnly: credentials are verified against a local database stored on the Expressway.
RemoteOnly: credentials are verified against an external credentials directory, for example Windows Active Directory. Note that this
disables login access via the default admin account.
Both: credentials are verified first against a local database stored on the Expressway, and then if no matching account is found
the external credentials directory is used instead.
Example: xConfiguration Login Source Admin: LocalOnly
|
xConfiguration Login User [1..n] Name: <S: 0,60>
Defines the name for this entry in the local authentication database.
Example: xConfiguration Login User 1 Name: "alice"
|
xConfiguration Login User [1..n] Password: <S: 0,128>
Defines the password for this entry in the local authentication database.
Example: xConfiguration Login User 1 Password: "abcXYZ_123"
|
xConfiguration Management Interface HstsMode: <On/Off>
Determines whether web browsers are instructed to only ever use a secure connection to access this server. Enabling this feature
gives added protection against man-in-the-middle (MITM) attacks. Default: On.
On: the Strict-Transport-Security header is sent with all responses from the web server, with a 1 year expiry time.
Off: the Strict-Transport-Security header is not sent, and browsers work as normal. Note: you must restart the system for any
changes to take effect.
Example: xConfiguration Management Interface HstsMode: On
|
xConfiguration Management Interface Port: <1..65535>
Sets the https listening port for administrators to access the Expressway web interface. Default: 443.
Example: xConfiguration Management Interface Port: 7443
|
xConfiguration Management Session InactivityTimeout: <0..65535>
Sets the number of minutes that an administration session (serial port, HTTPS or SSH) may be inactive before the session is
timed out. A value of 0 turns session time outs off. Default: 30.
Example: xConfiguration Management Session InactivityTimeout: 30
|
xConfiguration Management Session MaxConcurrentSessionsTotal: <0..65535>
The maximum number of concurrent administrator sessions allowed on the system. This includes web, SSH and serial sessions.
A value of 0 turns session limits off. Default: 0.
Example: xConfiguration Management Session MaxConcurrentSessionsTotal: 0
|
xConfiguration Management Session MaxConcurrentSessionsUser: <0..65535>
The number of concurrent sessions that each individual administrator account is allowed on the system. This includes web,
SSH and serial sessions. A value of 0 turns session limits off. Default: 0.
Example: xConfiguration Management Session MaxConcurrentSessionsUser: 0
|
xConfiguration NetworkLimits
Configures the experimental rate limiting feature. Enter xconfig networklimits ? to read the help.
Example: xConfiguration NetworkLimits Configuration GarbageCollectSecs: 5
|
xConfiguration NTP Server [1..5] Address: <S: 0, 128>
Sets the IP address or Fully Qualified Domain Name (FQDN) of up to 5 NTP servers to be used when synchronizing system time.
Example: xConfiguration NTP Server 1 Address: "ntp.server.example.com"
|
xConfiguration Option [1..64] Key: <S: 0, 90>
Specifies the option key of your software option. These are added to the system in order to add extra functionality, such
as increasing the system’s capacity. Contact your Cisco support representative for further information.
Example: xConfiguration Option 1 Key: "1X4757T5-1-60BAD5CD"
|
xConfiguration Policy AdministratorPolicy Mode: <Off/LocalCPL/LocalService/PolicyService>
Enables and disables use of Call Policy. Default: Off.
Off: Disables call policy.
LocalCPL: uses policy from an uploaded CPL file.
LocalService: uses group policy information and a local file.
PolicyService: uses an external policy server.
Example: xConfiguration Policy AdministratorPolicy Mode: Off
|
xConfiguration Policy AdministratorPolicy Service DefaultCPL: <S: 0,255>
The CPL used by the Expressway when the remote service is unavailable. Default: <reject status='403' reason='Service Unavailable'/>
Example: xConfiguration Policy AdministratorPolicy Service DefaultCPL: "<reject status='403' reason='Service Unavailable'/>"
|
xConfiguration Policy AdministratorPolicy Service Password: <S: 0,82>
Specifies the password used by the Expressway to log in and query the remote service. The maximum plaintext length is 30 characters,
which will then be encrypted.
Example: xConfiguration Policy AdministratorPolicy Service Password: "password123"
|
xConfiguration Policy AdministratorPolicy Service Path: <S: 0,255>
Specifies the URL of the remote service.
Example: xConfiguration Policy AdministratorPolicy Service Path: "service"
|
xConfiguration Policy AdministratorPolicy Service Protocol: <HTTP/HTTPS>
Specifies the protocol used to connect to the remote service. Default: HTTPS.
Example: xConfiguration Policy AdministratorPolicy Service Protocol: HTTPS
|
xConfiguration Policy AdministratorPolicy Service Server [1..3] Address: <S: 0,128>
Specifies the IP address or Fully Qualified Domain Name (FQDN) of the remote service.
Example: xConfiguration Policy AdministratorPolicy Service Server 1 Address: "service.server.example.com"
|
xConfiguration Policy AdministratorPolicy Service Status Path: <S: 0..255>
Specifies the path for obtaining the remote service status. Default: status
Example: xConfiguration Policy AdministratorPolicy Service Status Path: status
|
xConfiguration Policy AdministratorPolicy Service TLS CRLCheck Mode: <On/Off>
Controls certificate revocation list checking of the certificate supplied by the policy service. When enabled, the server's
X.509 certificate will be checked against the revocation list of the certificate authority of the certificate. Default: Off.
Example: xConfiguration Policy AdministratorPolicy Service TLS CRLCheck Mode: Off
|
xConfiguration Policy AdministratorPolicy Service TLS Verify Mode: <On/Off>
Controls X.509 certificate checking and mutual authentication between this Expressway and the policy service. When enabled,
the server's FQDN or IP address, as specified in the address field, must be contained within the server's X.509 certificate
(in either the Subject Common Name or the Subject Alternative Name attributes). Default: On.
Example: xConfiguration Policy AdministratorPolicy Service TLS Verify Mode: On
|
xConfiguration Policy AdministratorPolicy Service UserName: <S: 0,30>
Specifies the user name used by the Expressway to log in and query the remote policy service.
Example: xConfiguration Policy AdministratorPolicy Service UserName: "user123"
|
xConfiguration Policy FindMe CallerID: <FindMeID/IncomingID>
Determines how the source of an incoming call is presented to the callee. Default: IncomingID.
IncomingID: displays the address of the endpoint from which the call was placed.
FindMeID: displays the FindMe ID associated with the originating endpoint's address.
Example: xConfiguration Policy FindMe CallerId: FindMeID
|
xConfiguration Policy FindMe Mode: <Off/On/ThirdPartyManager>
Configures how the FindMe application operates. Default: Off.
Off: disables FindMe.
On: enables FindMe.
ThirdPartyManager: uses an off-box, third-party FindMe manager.
Example: xConfiguration Policy FindMe Mode: On
|
xConfiguration Policy FindMe Server Address: <S: 0, 128>
Specifies the IP address or Fully Qualified Domain Name (FQDN) of the remote FindMe Manager.
Example: xConfiguration Policy FindMe Server Address: "userpolicy.server.example.com"
|
xConfiguration Policy FindMe Server Password: <S: 0, 82>
Specifies the password used by the Expressway to log in and query the remote FindMe Manager. The maximum plaintext length
is 30 characters, which will then be encrypted.
Example: xConfiguration Policy FindMe Server Password: "password123"
|
xConfiguration Policy FindMe Server Path: <S: 0, 255>
Specifies the URL of the remote FindMe Manager.
Example: xConfiguration Policy FindMe Server Path: "service"
|
xConfiguration Policy Services Service [1..20] DefaultCPL: <S: 0,255>
The CPL used by the Expressway when the remote service is unavailable. Default: <reject status='504' reason='Policy Service
Unavailable'/>
Example: xConfiguration Policy Services Service 1 DefaultCPL: "<reject status='403' reason='Service Unavailable'/>"
|
xConfiguration Policy Services Service [1..20] Description: <S: 0,64>
A free-form description of the Policy Service.
Example: xConfiguration Policy Services Service 1 Description: "Conference management service"
|
xConfiguration Policy Services Service [1..20] HTTPMethod: <POST/GET>
Specifies the HTTP method type to use for the remote service. Default: POST.
Example: xConfiguration Policy Services Service 1 HTTPMethod: POST
|
xConfiguration Policy Services Service [1..20] Name: <S: 0,50>
Assigns a name to this Policy Service.
Example: xConfiguration Policy Services Service 1 Name: "Conference handler"
|
xConfiguration Policy Services Service [1..20] Password: <S: 0,82>
Specifies the password used by the Expressway to log in and query the remote service. The maximum plaintext length is 30 characters,
which will then be encrypted.
Example: xConfiguration Policy Services Service 1 Password: "password123"
|
xConfiguration Policy Services Service [1..20] Path: <S: 0,255>
Specifies the URL of the remote service.
Example: xConfiguration Policy Services Service 1 Path: "service"
|
xConfiguration Policy Services Service [1..20] Protocol: <HTTP/HTTPS>
Specifies the protocol used to connect to the remote service. Default: HTTPS.
Example: xConfiguration Policy Services Service 1 Protocol: HTTPS
|
xConfiguration Policy Services Service [1..20] Server [1..3] Address: <S: 0,128>
Specifies the IP address or Fully Qualified Domain Name (FQDN) of the remote service.
Example: xConfiguration Policy Services Service 1 Server 1 Address: "192.168.0.0"
|
xConfiguration Policy Services Service [1..20] Status Path: <S: 0..255>
Specifies the path for obtaining the remote service status. Default: status
Example: xConfiguration Policy Services Service 1 Status Path: status
|
xConfiguration Policy Services Service [1..20] TLS CRLCheck Mode: <On/Off>
Controls certificate revocation list checking of the certificate supplied by the policy service. When enabled, the server's
X.509 certificate will be checked against the revocation list of the certificate authority of the certificate. Default: Off.
Example: xConfiguration Policy Services Service 1 TLS CRLCheck Mode: Off
|
xConfiguration Policy Services Service [1..20] TLS Verify Mode: <On/Off>
Controls X.509 certificate checking and mutual authentication between this Expressway and the policy service. When enabled,
the server's FQDN or IP address, as specified in the address field, must be contained within the server's X.509 certificate
(in either the Subject Common Name or the Subject Alternative Name attributes). Default: On.
Example: xConfiguration Policy Services Service 1 TLS Verify Mode: On
|
xConfiguration Policy Services Service [1..20] UserName: <S: 0,30>
Specifies the user name used by the Expressway to log in and query the remote service.
Example: xConfiguration Policy Services Service 1 UserName: "user123"
|
xConfiguration QoS Audio <0..63>
Defines a DSCP (Differentiated Service Code Point) value for Quality of Service marking of audio traffic. The DSCP value is
stamped (marked) onto SIP and H.323 audio media traffic routed through the Expressway, by writing it to the IP packet headers.
To the ToS field for IPv4 or to the TC field for IPv6. A value of "0" specifies standard best effort service. Default: 46.
You must restart the system for any changes to take effect.
Example: xConfiguration QoS Audio: 30
|
xConfiguration QoS Video <0..63>
Defines a DSCP value for Quality of Service marking of video traffic. The DSCP value is stamped (marked) onto SIP and H.323
video media traffic routed through the Expressway, by writing it to the IP packet headers. To the ToS field for IPv4 or to
the TC field for IPv6. A value of "0" specifies standard best effort service. Default: 34.
You must restart the system for any changes to take effect.
Example: xConfiguration QoS Video: 43
|
xConfiguration QoS XMPP <0..63>
Defines a DSCP value for Quality of Service marking of IM & Presence traffic. The DSCP value is stamped (marked) onto XMPP
traffic routed through the Expressway, by writing it to the IP packet headers. To the ToS field for IPv4 or to the TC field
for IPv6. A value of "0" specifies standard best effort service. Default: 24.
You must restart the system for any changes to take effect.
Example: xConfiguration QoS XMPP: 34
|
xConfiguration QoS Signaling <0..63>
Defines a DSCP value for Quality of Service marking of signaling traffic. The DSCP value is stamped (marked) onto SIP and
H.323 signaling traffic routed through the Expressway, by writing it to the IP packet headers. To the ToS field for IPv4 or
to the TC field for IPv6. A value of "0" specifies standard best effort service. Default: 24.
You must restart the system for any changes to take effect.
Example: xConfiguration QoS Signaling: 34
|
xConfiguration Registration AllowList [1..2500] Description: <S: 0,64>
A free-form description of the Allow List rule.
Example: xConfiguration Registration AllowList 1 Description: "Everybody at @example.com"
|
xConfiguration Registration AllowList [1..2500] Pattern String: <S: 0, 60>
Specifies an entry to be added to the Allow List. If one of an endpoint’s aliases matches one of the patterns in the Allow
List, the registration will be permitted.
Example: xConfiguration Registration AllowList 1 Pattern String: "john.smith@example.com"
|
xConfiguration Registration AllowList [1..2500] Pattern Type: <Exact/Prefix/Suffix/Regex>
Specifies whether the entry in the Allow List is a prefix, suffix, regular expression, or must be matched exactly. Default:
Exact.
Exact: the string must match the alias character for character.
Prefix: the string must appear at the beginning of the alias.
Suffix: the string must appear at the end of the alias.
Regex: the string will be treated as a regular expression.
Example: xConfiguration Registration AllowList 1 Pattern Type: Exact
|
xConfiguration Registration AllowList [1..2500] Pattern Type: <Exact/Prefix/Suffix/Regex>
Specifies whether the entry in the Allow List is a prefix, suffix, regular expression, or must be matched exactly. Default:
Exact.
Exact: the string must match the alias character for character.
Prefix: the string must appear at the beginning of the alias.
Suffix: the string must appear at the end of the alias.
Regex: the string will be treated as a regular expression.
Example: xConfiguration Registration AllowList 1 Pattern Type: Exact
|
xConfiguration Registration DenyList [1..2500] Description: <S: 0,64>
A free-form description of the Deny List rule.
Example: xConfiguration Registration DenyList 1 Description: "Anybody at @nuisance.com"
|
xConfiguration Registration DenyList [1..2500] Pattern String: <S: 0, 60>
Specifies an entry to be added to the Deny List. If one of an endpoint’s aliases matches one of the patterns in the Deny List,
the registration will not be permitted.
Example: xConfiguration Registration DenyList 1 Pattern String: "john.jones@example.com"
|
xConfiguration Registration DenyList [1..2500] Pattern Type: <Exact/Prefix/Suffix/Regex>
Specifies whether the entry in the Deny List is a prefix, suffix, regular expression, or must be matched exactly. Default:
Exact.
Exact: the string must match the alias character for character.
Prefix: the string must appear at the beginning of the alias.
Suffix: the string must appear at the end of the alias.
Regex: the string will be treated as a regular expression.
Example: xConfiguration Registration DenyList 1 Pattern Type: Exact
|
xConfiguration Registration RestrictionPolicy Mode: <None/AllowList/DenyList/Directory/PolicyService>
Specifies the policy to be used when determining which endpoints may register with the system. Default: None.
None: no restriction.
AllowList: only endpoints attempting to register with an alias listed on the Allow List may register.
DenyList: all endpoints, except those attempting to register with an alias listed on the Deny List, may register.
Directory: only endpoints who register an alias listed in the local Directory, may register.
PolicyService: only endpoints who register with details allowed by the Policy Service, may register.
Example: xConfiguration Registration RestrictionPolicy Mode: None
|
xConfiguration Registration RestrictionPolicy Service DefaultCPL: <S: 0,255>
The CPL used by the Expressway when the remote service is unavailable. Default: <reject status='504' reason='Policy Service
Unavailable'/>
Example: xConfiguration Registration RestrictionPolicy Service DefaultCPL: "<reject status='403' reason='Service Unavailable'/>"
|
xConfiguration Registration RestrictionPolicy Service Password: <S: 0,82>
Specifies the password used by the Expressway to log in and query the remote service. The maximum plaintext length is 30 characters,
which will then be encrypted.
Example: xConfiguration Registration RestrictionPolicy Service Password: "password123"
|
xConfiguration Registration RestrictionPolicy Service Path: <S: 0,255>
Specifies the URL of the remote service.
Example: xConfiguration Registration RestrictionPolicy Service Path: "service"
|
xConfiguration Registration RestrictionPolicy Service Protocol: <HTTP/HTTPS>
Specifies the protocol used to connect to the remote service. Default: HTTPS.
Example: xConfiguration Registration RestrictionPolicy Service Protocol: HTTPS
|
xConfiguration Registration RestrictionPolicy Service Server [1..3] Address: <S: 0,128>
Specifies the IP address or Fully Qualified Domain Name (FQDN) of the remote service.
Example: xConfiguration Registration RestrictionPolicy Service Server 1 Address: "192.168.0.0"
|
xConfiguration Registration RestrictionPolicy Service Status Path: <S: 0..255>
Specifies the path for obtaining the remote service status. Default: status
Example: xConfiguration Registration RestrictionPolicy Service Status Path: status
|
xConfiguration Registration RestrictionPolicy Service TLS CRLCheck Mode: <On/Off>
Controls certificate revocation list checking of the certificate supplied by the policy service. When enabled, the server's
X.509 certificate will be checked against the revocation list of the certificate authority of the certificate. Default: Off.
Example: xConfiguration Registration RestrictionPolicy Service TLS CRLCheck Mode: Off
|
xConfiguration Registration RestrictionPolicy Service TLS Verify Mode: <On/Off>
Controls X.509 certificate checking and mutual authentication between this Expressway and the policy service. When enabled,
the server's FQDN or IP address, as specified in the address field, must be contained within the server's X.509 certificate
(in either the Subject Common Name or the Subject Alternative Name attributes). Default: On.
Example: xConfiguration Registration RestrictionPolicy Service TLS Verify Mode: On
|
xConfiguration Registration RestrictionPolicy Service UserName: <S: 0,30>
Specifies the user name used by the Expressway to log in and query the remote service.
Example: xConfiguration Registration RestrictionPolicy Service UserName: "user123"
|
xConfiguration Remote Syslog [1..4] Address: <S: 0..128>
The IP address or Fully Qualified Domain Name (FQDN) of up to 4 remote syslog servers to which the log is written. These servers
must support the BSD or IETF syslog protocols.
Example: xConfiguration Remote Syslog 1 Address: "remote_server.example.com"
|
xConfiguration Remote Syslog [1..4] Crlcheck: <On/Off>
Controls whether the certificate supplied by the syslog server is checked against the certificate revocation list (CRL). Default:
Off.
Example: xConfiguration Remote Syslog 1 Crlcheck: Off
|
xConfiguration Remote Syslog [1..4] Format: <bsd/ietf>
The format in which remote syslog messages are written. Default: bsd.
Example: xConfiguration Remote Syslog 1 Format: bsd
|
xConfiguration Remote Syslog [1..4] Loglevel: <emergency/alert/critical/error/warning/notice/informational/debug>
Select the minimum severity of log messages to send to this syslog server. Default: informational.
Example: xConfiguration Remote Syslog 1 Loglevel: informational
|
xConfiguration Remote Syslog [1..4] Mode: <bsd/ietf/ietf_secure/user_defined>
Select the syslog protocol to use when sending messages to the syslog server, or choose user_defined to configure individually
the transport type, port and format. Default: bsd.
Example: xConfiguration Remote Syslog 1 Mode: bsd
|
xConfiguration Remote Syslog [1..4] Port: <1..65535>
The UDP/TCP destination port to use. Suggested ports: UDP=514 TCP/TLS=6514. Default : 514.
Example: xConfiguration Remote Syslog 1 Port: 514
|
xConfiguration Remote Syslog [1..4] Transport: <udp/tcp/tls>
The transport protocol to use when communicating with the syslog server. If you use TLS encryption, you must upload a suitable
CA certificate file. Default: UDP.
Example: xConfiguration Remote Syslog 1 Transport: udp
|
xConfiguration ResourceUsage Warning Activation Level: <0..100>
Controls if and when the Expressway will warn that it is approaching its maximum licensed capacity for calls or registrations.
The number represents the percentage of the maximum that, when reached, will trigger a warning. 0: Warnings will never appear.
Default: 90.
Example: xConfiguration ResourceUsage Warning Activation Level: 90
|
xConfiguration SIP Advanced SipMaxSize: <1..1048576>
Specifies the maximum size of a SIP message that can be handled by the server (in bytes). Default: 32768
Example: xConfiguration SIP Advanced SipMaxSize: 32768
|
xConfiguration SIP Advanced SipTcpConnectTimeout: <1..150>
Enter the maximum number of seconds to wait for an outgoing SIP TCP connection to be established. Default: 10.
Example: xConfiguration SIP Advanced SipTcpConnectTimeout: 10
|
xConfiguration SIP Advanced SipTlsDhKeySize: <1024/2048/3072>
Specifies the default key size for inbound connections that use Diffie-Hellman key exchange (in bits).
Default: 1024.
Note
|
You must restart the system for any changes to take effect.
|
Example: xConfiguration SIP Advanced SipTlsDhKeySize: 1024
|
xConfiguration SIP Advanced SipTlsVersions: <TLSv1/TLSv1.1/TLSv1.2/TLSv1:TLSv1.1/TLSv1:TLSv1.2/TLSv1.1:TLSv1.2/TLSv1:TLSv1.1:TLSv1.2>
Specifies the supported SIP TLS protocol versions. Default: TLSv1:TLSv1.1:TLSv1.2
Example: xConfiguration SIP Advanced SipTlsVersions: TLSv1.1:TLSv1.2
|
xConfiguration SIP Authentication Digest Nonce ExpireDelta: <30..3600>
Specifies the maximum time (in seconds) that a nonce may be re-used for. Default: 300.
Example: xConfiguration SIP Authentication Digest Nonce ExpireDelta: 300
|
xConfiguration SIP Authentication Digest Nonce Length: <32..512>
Length of nonce or cnonce to generate for use in SIP Digest authentication. Default: 60.
Example: xConfiguration SIP Authentication Digest Nonce Length: 60
|
xConfiguration SIP Authentication Digest Nonce Limit: <1..65535>
Maximum limit on the number of nonces to store. Default: 10000.
Example: xConfiguration SIP Authentication Digest Nonce Limit: 10000
|
xConfiguration SIP Authentication Digest Nonce Maximum Use Count: <1..1024>
Maximum number of times that a nonce generated by the Expressway may be used by a client. Default: 128.
Example: xConfiguration SIP Authentication Digest Nonce Maximum Use Count: 128
|
xConfiguration SIP Authentication NTLM Mode: <On/Off/Auto>
Controls when the Expressway will challenge endpoints using the NTLM protocol. Default: Auto.
Off: the Expressway will never send a challenge containing the NTLM protocol.
On: the Expressway will always include NTLM in its challenges.
Auto: the Expressway will decide based on endpoint type whether to challenge with NTLM.
Example: xConfiguration SIP Authentication NTLM Mode: Auto
|
xConfiguration SIP Authentication NTLM SA Lifetime: <30..43200>
Specifies the lifetime of NTLM security associations in seconds. Default: 28800.
Example: xConfiguration SIP Authentication NTLM SA Lifetime: 28800
|
xConfiguration SIP Authentication NTLM SA Limit: <1..65535>
Maximum number of NTLM security associations to store. Default: 10000.
Example: xConfiguration SIP Authentication NTLM SA Limit: 10000
|
xConfiguration SIP Authentication Retry Limit: <1..16>
The number of times a SIP UA will be challenged due to authentication failure before receiving a 403 Forbidden response. Note
that this applies only to SIP Digest challenges (not NTLM challenges). Default: 3.
Example: xConfiguration SIP Authentication Retry Limit: 3
|
xConfiguration SIP Domain [1..200] Authzone: <S: 0,128>
The traversal zone to use when delegating credential checks for SIP messages for this domain.
Example: xConfiguration SIP Domain 1 Authzone: "traversalzone"
|
xConfiguration SIP Domain [1..200] Edge: <On/Off>
Whether remote and mobile collaboration features are enabled. Default Off.
Example: xConfiguration SIP Domain 1 Edge: On
|
xConfiguration SIP Domain [1..200] Name: <S: 0,128>
Specifies a domain for which this Expressway is authoritative. The domain name can comprise multiple levels. Each level's
name can only contain letters, digits and hyphens, with each level separated by a period (dot). A level name cannot start
or end with a hyphen, and the final level name must start with a letter. An example valid domain name is "100.example-name.com".
Example: xConfiguration SIP Domain 1 Name: "100.example-name.com"
|
xConfiguration SIP Domain [1..200] Sip: <On/Off>
Specifies whether the Expressway will act as a SIP registrar for this domain, and will accept registration requests for any
SIP endpoints attempting to register with an alias that includes this domain. Default On.
Example: xConfiguration SIP Domain 1 Sip: On
|
xConfiguration SIP GRUU Mode: <On/Off>
Controls whether GRUU (RFC5627) support is active. Default: On.
Example: xConfiguration SIP GRUU Mode: On
|
xConfiguration SIP MediaRouting ICE Mode: <On/Off>
Controls whether the Expressway takes the media for an ICE to non-ICE call where the ICE participant is thought to be behind
a NAT device. Default: Off.
Example: xConfiguration SIP MediaRouting ICE Mode: Off
|
xConfiguration SIP Mode: <On/Off>
Determines whether or not the Expressway will provide SIP registrar and SIP proxy functionality. Default: Off.
Example: xConfiguration SIP Mode: On
|
xConfiguration SIP PreRoutedRouteHeader: <S:0,128>
Controls which Request Messages are allowed to go through the new pre-routed route header path.
As at X12.5, this flag is available only for the SIP REGISTER message.
Example: xConfiguration SIP PreRoutedRouteHeader: "REGISTER"
|
xConfiguration SIP Registration Call Remove: <Yes/No>
Specifies whether associated calls are dropped when a SIP registration expires or is removed. Default: No.
Example: xConfiguration SIP Registration Call Remove: No
|
xConfiguration SIP Registration Mode: <Off/On>
Determines whether or not the Expressway provides SIP registration. Default: On
Example: xConfiguration SIP Registration Mode: Off
|
xConfiguration SIP Registration Outbound Flow Timer: <0..600>
Specifies the value for the Flow-Timer header in Outbound registration responses. It defines the number of seconds after which
the server will consider the registration flow to be dead if no keep-alive is sent by the user agent. Default: 0 (no header
is added).
Example: xConfiguration SIP Registration Outbound Flow Timer: 0
|
xConfiguration SIP Registration Outbound Refresh Maximum: <30..7200>
The maximum allowed value for a SIP registration refresh period for Outbound registrations. Requests for a value greater than
this will result in a lower value (calculated according to the Outbound registration refresh strategy) being returned. Default:
3600 seconds.
Example: xConfiguration SIP Registration Outbound Refresh Maximum: 3600
|
xConfiguration SIP Registration Outbound Refresh Minimum: <30..7200>
The minimum allowed value for a SIP registration refresh period for Outbound registrations. Requests for a value lower than
this value will result in the registration being rejected with a 423 Interval Too Brief response. Default: 300 seconds.
Example: xConfiguration SIP Registration Outbound Refresh Minimum: 300
|
xConfiguration SIP Registration Outbound Refresh Strategy: <Maximum/Variable>
The method used to generate the SIP registration expiry period for Outbound registrations. Default: Variable.
Maximum: uses the lesser of the configured maximum refresh value and the value requested in the registration.
Variable: generates a random value between the configured minimum refresh value and the lesser of the configured maximum refresh value
and the value requested in the registration.
Example: xConfiguration SIP Registration Outbound Refresh Strategy: Variable
|
xConfiguration SIP Registration Proxy Mode: <Off/ProxyToKnownOnly/ProxyToAny>
Specifies how proxied registrations should be handled. Default: Off.
Off: registration requests will not be proxied.
ProxyToKnownOnly: registration requests will be proxied to neighbors only.
ProxyToAny: registration requests will be proxied in accordance with the Expressway’s existing call processing rules.
Example: xConfiguration SIP Registration Proxy Mode: Off
|
xConfiguration SIP Registration Standard Refresh Maximum: <30..7200>
The maximum allowed value for a SIP registration refresh period for standard registrations. Requests for a value greater than
this will result in a lower value being returned. That value is calculated according to the standard registration refresh
strategy. Default: 60 seconds.
Example: xConfiguration SIP Registration Standard Refresh Maximum: 60
|
xConfiguration SIP Registration Standard Refresh Minimum: <30..3600>
The minimum allowed value for a SIP registration refresh period for standard registrations. Requests for a value lower than
this value will result in the registration being rejected with a 423 Interval Too Brief response. Default: 45 seconds.
Example: xConfiguration SIP Registration Standard Refresh Minimum: 45
|
xConfiguration SIP Registration Standard Refresh Strategy: <Maximum/Variable>
The method used to generate the SIP registration expiry period for standard registrations. Default: Maximum.
Maximum: uses the lesser of the configured maximum refresh value and the value requested in the registration.
Variable: generates a random value between the configured minimum refresh value and the lesser of the configured maximum refresh value
and the value requested in the registration.
Example: xConfiguration SIP Registration Standard Refresh Strategy: Maximum
|
xConfiguration SIP Require Duo Video Mode: <On/Off>
Controls whether the Expressway requires the use of the com.tandberg.sdp.duo.enable extension for endpoints that support it.
Default: On.
Example: xConfiguration SIP Require Duo Video Mode: On
|
xConfiguration SIP Require UDP BFCP Mode: <On/Off>
Controls whether the Expressway will require the use of the com.tandberg.udp.bfcp extension for endpoints that support it.
Default: On.
Example: xConfiguration SIP Require UDP BFCP Mode: On
|
xConfiguration SIP Routes Route [1..20] Address: <S:0,39>
Specifies the IP address of the next hop for this route, where matching SIP requests will be forwarded. Note: this command
is intended for developer use only.
Example: xConfiguration SIP Routes Route 1 Address: "127.0.0.1"
|
xConfiguration SIP Routes Route [1..20] Authenticated: <On/Off>
Whether to forward authenticated requests. Default: Off. Note: this command is intended for developer use only.
On: only forward requests along route if incoming message has been authenticated.
Off: always forward messages that match this route.
Example: xConfiguration SIP Routes Route 1 Authenticated: On
|
xConfiguration SIP Routes Route [1..20] Header Name: <S:0,64>
Name of SIP header field to match (e.g. Event). Note: this command is intended for developer use only.
Example: xConfiguration SIP Routes Route 1 Header Name: "Event"
|
xConfiguration SIP Routes Route [1..20] Header Pattern: <S:0,128>
Regular expression to match against the specified SIP header field. Note: this command is intended for developer use only.
Example: xConfiguration SIP Routes Route 1 Header Pattern: "(my-event-package)(.*)"
|
xConfiguration SIP Routes Route [1..20] Method: <S:0,64>
SIP method to match to select this route (e.g. INVITE, SUBSCRIBE). Note: this command is intended for developer use only.
Example: xConfiguration SIP Routes Route 1 Method: "SUBSCRIBE"
|
xConfiguration SIP Routes Route [1..20] Port: <1..65534>
Specifies the port on the next hop for this route to which matching SIP requests will be routed. Default: 5060. Note: this
command is intended for developer use only.
Example: xConfiguration SIP Routes Route 1 Port: 22400
|
xConfiguration SIP Routes Route [1..20] Request Line Pattern: <S:0,128>
Regular expression to match against the SIP request line. Note: this command is intended for developer use only.
Example: xConfiguration SIP Routes Route 1 Request Line Pattern: ".*@(%localdomains%|%ip%)"
|
xConfiguration SIP Routes Route [1..20] Tag: <S:0,64>
Tag value specified by external applications to identify routes that they create. Note: this command is intended for developer
use only.
Example: xConfiguration SIP Routes Route 1 Tag: "Tag1"
|
xConfiguration SIP Routes Route [1..20] Transport: <UDP/TCP/TLS>
Determines which transport type will be used for SIP messages forwarded along this route. Default: TCP. Note: this command
is intended for developer use only.
Example: xConfiguration SIP Routes Route 1 Transport: TCP
|
xConfiguration SIP Session Refresh Minimum: <90..7200>
The minimum value the Expressway will negotiate for the session refresh interval for SIP calls. For more information see the
definition of Min-SE header in RFC 4028. Default: 500.
Example: xConfiguration SIP Session Refresh Minimum: 500
|
xConfiguration SIP Session Refresh Value: <90..86400>
The maximum time allowed between session refresh requests for SIP calls. For more information see the definition of Session-Expires
in RFC 4028. Default: 1800.
Example: xConfiguration SIP Session Refresh Value: 1800
|
xConfiguration SIP TCP Mode: <On/Off>
Determines whether incoming and outgoing SIP calls using the TCP protocol will be allowed. Default: Off.
Example: xConfiguration SIP TCP Mode: On
|
xConfiguration SIP TCP Outbound Port End: <1024..65534>
Specifies the upper port in the range to be used by outbound TCP/TLS SIP connections. Default: 29999.
Example: xConfiguration SIP TCP Outbound Port End: 29999
|
xConfiguration SIP TCP Outbound Port Start: <1024..65534>
Specifies the lower port in the range to be used by outbound TCP/TLS SIP connections. Default: 25000.
Example: xConfiguration SIP TCP Outbound Port Start: 25000
|
xConfiguration SIP TCP Port: <1024..65534>
Specifies the listening port for incoming SIP TCP calls. Default: 5060.
Example: xConfiguration SIP TCP Port: 5060
|
xConfiguration SIP TLS Certificate Revocation Checking CRL Mode: <On/Off>
Controls whether Certificate Revocation Lists (CRLs) are used to perform certificate revocation checking. CRLs can be loaded
manually onto the Expressway, downloaded automatically from pre-configured URIs, or downloaded automatically from a CRL distribution
point (CDP) URI contained in the X.509 certificate. Default: On.
Example: xConfiguration SIP TLS Certificate Revocation Checking CRL Mode: On
|
xConfiguration SIP TLS Certificate Revocation Checking CRL Network Fetch Mode: <On/Off>
Controls whether the download of CRLs from the CDP URIs contained in X.509 certificates is allowed. Default: On.
Example: xConfiguration SIP TLS Certificate Revocation Checking CRL Network Fetch Mode: On
|
xConfiguration SIP TLS Certificate Revocation Checking Mode: <On/Off>
Controls whether revocation checking is performed for certificates exchanged during SIP TLS connection establishment. Default:
Off.
Example: xConfiguration SIP TLS Certificate Revocation Checking Mode: Off
|
xConfiguration SIP TLS Certificate Revocation Checking OCSP Mode: <On/Off>
Controls whether the Online Certificate Status Protocol (OCSP) may be used to perform certificate revocation checking. To
use OCSP, the X.509 certificate to be checked must contain an OCSP responder URI. Default: On.
Example: xConfiguration SIP TLS Certificate Revocation Checking OCSP Mode: On
|
xConfiguration SIP TLS Certificate Revocation Checking Source Inaccessibility Behavior: <Ignore/Fail>
Controls the revocation checking behavior if the revocation source cannot be contacted. Default: Fail.
Fail: treat the certificate as revoked (and thus do not allow the TLS connection).
Ignore: treat the certificate as not revoked.
Example: xConfiguration SIP TLS Certificate Revocation Checking Source Inaccessibility Behavior: Fail
|
xConfiguration SIP TLS Mode: <On/Off>
Determines whether incoming and outgoing SIP calls using the TLS protocol will be allowed. Default: On.
Example: xConfiguration SIP TLS Mode: On
|
xConfiguration SIP TLS Port: <1024..65534>
Specifies the listening port for incoming SIP TLS calls. Default: 5061.
Example: xConfiguration SIP TLS Port: 5061
|
xConfiguration SIP UDP Mode: <On/Off>
Determines whether incoming and outgoing SIP calls using the UDP protocol will be allowed. Default: Off.
Example: xConfiguration SIP UDP Mode: On
|
xConfiguration SIP UDP Port: <1024..65534>
Specifies the listening port for incoming SIP UDP calls. Default: 5060.
Example: xConfiguration SIP UDP Port: 5060
|
xConfiguration SNMP CommunityName: <S: 0, 16>
The Expressway's SNMP community name. Default: public
Example: xConfiguration SNMP CommunityName: "public"
|
xConfiguration SNMP SystemContact: <S: 0, 70>
The name of the person who can be contacted regarding issues with the Expressway. Default: Administrator.
Example: xConfiguration SNMP SystemContact: Administrator
|
xConfiguration SNMP SystemLocation: <S: 0, 70>
The physical location of the system.
Example: xConfiguration SNMP SystemLocation: "Server Room 128"
|
xConfiguration SNMP V1Mode: <On/Off>
Enables or disables SNMP Version 1 support. Default: Off.
Example: xConfiguration SNMP V1Mode: Off
|
xConfiguration SNMP V2cMode: <On/Off>
Enables or disables SNMP Version 2c support. Default: On.
Example: xConfiguration SNMP V2cMode: On
|
xConfiguration SNMP V3AuthenticationMode: <On/Off>
Enables or disables SNMP Version 3 authentication. Default: On.
Example: xConfiguration SNMP V3AuthenticationMode: On
|
xConfiguration SNMP V3AuthenticationPassword: <S: 0,215>
Sets SNMP Version 3 authentication password. It must be at least 8 characters.
Example: xConfiguration SNMP V3AuthenticationPassword: "password123"
|
xConfiguration SNMP V3AuthenticationType: <MD5/SHA>
Sets SNMP Version 3 authentication type. Default: SHA.
Example: xConfiguration SNMP V3AuthenticationType: SHA
|
xConfiguration SNMP V3Mode: <On/Off>
Enables or disables SNMP Version 3 support. Default: On.
Example: xConfiguration SNMPV3 Mode: On
|
xConfiguration SNMP V3PrivacyMode: <On/Off>
Enables or disables SNMP Version 3 privacy. Default: On.
Example: xConfiguration SNMP V3PrivacyMode: On
|
xConfiguration SNMP V3PrivacyPassword: <S: 0,215>
Sets SNMP Version 3 privacy password. It must be at least 8 characters.
Example: xConfiguration SNMP V3PrivacyPassword: "password123"
|
xConfiguration SNMP V3PrivacyType: <AES>
Sets SNMP Version 3 privacy type. Default: AES.
Example: xConfiguration SNMP V3PrivacyType: AES
|
xConfiguration SNMP V3UserName: <S: 0,70>
Sets the username to use when using SNMP V3.
Example: xConfiguration SNMP V3UserName: "user123"
|
xConfiguration SystemUnit Maintenance Mode: <On/Off>
Sets the Expressway into maintenance mode. New calls and registrations are disallowed and existing calls and registrations
are allowed to expire. Default: Off.
Example: xConfiguration SystemUnit Maintenance Mode: Off
|
xConfiguration SystemUnit Name: <S:, 0, 50>
Defines the name of the Expressway. The system name appears in various places in the web interface and on the front panel
of the unit. Choose a name that uniquely identifies the system.
Example: xConfiguration SystemUnit Name: "MainHQ"
|
xConfiguration TimeZone Name: <S: 0, 64>
Sets the local time zone of the Expressway. Time zone names follow the POSIX naming convention e.g. Europe/London or America/New_York.
Default: GMT.
Example: xConfiguration TimeZone Name: "GMT"
|
xConfiguration Transform [1..100] Description: <S: 0,64>
A free-form description of the transform.
Example: xConfiguration Transform [1..100] Description: "Change example.net to example.com"
|
xConfiguration Transform [1..100] Pattern Behavior: <Strip/Replace>
How the alias is modified. Default: Strip.
Strip: removes the matching prefix or suffix from the alias.
Replace: substitutes the matching part of the alias with the text in replace string.
AddPrefix: prepends the replace string to the alias.
AddSuffix: appends the replace string to the alias.
Example: xConfiguration Transform 1 Pattern Behavior: Replace
|
xConfiguration Transform [1..100] Pattern Replace: <S: 0, 60>
The text string to use in conjunction with the selected Pattern behavior.
Example: xConfiguration Transform 1 Pattern Replace: "example.com"
|
xConfiguration Transform [1..100] Pattern String: <S: 0, 60>
The pattern against which the alias is compared.
Example: xConfiguration Transform 1 Pattern String: "example.net"
|
xConfiguration Transform [1..100] Pattern Type: <Exact/Prefix/Suffix/Regex>
How the pattern string must match the alias for the transform to be applied. Default: Prefix.
Exact: the entire string must exactly match the alias character for character.
Prefix: the string must appear at the beginning of the alias.
Suffix: the string must appear at the end of the alias.
Regex: the string is treated as a regular expression.
Example: xConfiguration Transform 1 Pattern Type: Suffix
|
xConfiguration Transform [1..100] Priority: <1..65534>
Assigns a priority to the specified transform. Transforms are compared with incoming aliases in order of priority, and the
priority must be unique for each transform. Default: 1 .
Example: xConfiguration Transform 1 Priority: 10
|
xConfiguration Transform [1..100] State: <Enabled/Disabled>
Indicates if the transform is enabled or disabled. Disabled transforms are ignored.
Example: xConfiguration Transform 1 State: Enabled
|
xConfiguration Traversal Media Port End: <1025..65533>
For traversal calls (where the Expressway takes the media as well as the signaling), specifies the upper port in the range
to use for the media. Ports are allocated from this range in pairs, the first of each being even. Thus the range must end
with an odd number. Default: 59999 .
Example: xConfiguration Traversal Media Port End: 59999
|
xConfiguration Traversal Media Port Start: <1024..65532>
For traversal calls (where the Expressway takes the media as well as the signaling), specifies the lower port in the range
to use for the media. Ports are allocated from this range in pairs, the first of each being even. Thus the range must start
with an even number. Default: 36000 .
Example: xConfiguration Traversal Media Port Start: 36000
|
xConfiguration Traversal Server H323 Assent CallSignaling Port: <1024..65534>
The port on the Expressway to use for Assent signaling. Default: 2776 .
Example: xConfiguration Traversal Server H323 Assent CallSignaling Port: 2777
|
xConfiguration Traversal Server H323 H46018 CallSignaling Port: <1024..65534>
The port on the Expressway to use for H460.18 signaling. Default: 2777 .
Example: xConfiguration Traversal Server H323 H46018 CallSignaling Port: 2777
|
xConfiguration Traversal Server TURN Authentication Realm: <S: 1,128>
The realm sent by the server in its authentication challenges. Default: TANDBERG .
Example: xConfiguration Traversal Server TURN Authentication Realm: "TANDBERG"
|
xConfiguration Traversal Server TURN Authentication Remote Mode: <On/Off>
Determines whether the server requires requests to be authenticated. When enabled the server will also authenticate its responses.
Default: On.
Example: xConfiguration Traversal Server TURN Authentication Remote Mode: On
|
xConfiguration Traversal Server TURN Media Port End: <1024..65534>
The upper port in the range used for TURN relays. Default: 61799.
Example: xConfiguration Traversal Server TURN Media Port End: 61799
|
xConfiguration Traversal Server TURN Media Port Start: <1024..65534>
The lower port in the range used for TURN relays. Default: 60000.
Example: xConfiguration Traversal Server TURN Media Port Start: 60000
|
xConfiguration Traversal Server TURN Mode: <On/Off>
Determines whether the Expressway offers TURN services to traversal clients. Default: Off .
Example: xConfiguration Traversal Server TURN Mode: Off
|
xConfiguration Traversal Server TURN Port: <1024..65534>
The listening port for TURN requests. Default: 3478.
Example: xConfiguration Traversal Server TURN Port: 3478
|
xConfiguration Traversal Server TURN PortRangeEnd: <1024..65534>
The upper port in the range used for TURN requests. Default: 3483
Example: xConfiguration Traversal Server TURN PortRangeEnd: 3483
|
xConfiguration Traversal Server TURN PortRangeStart: <1024..65534>
The lower port in the range used for TURN requests. Default: 3478.
Example: xConfiguration Traversal Server TURN PortRangeStart: 3478
|
xConfiguration Traversal Server TURN ProtocolMode: <TCP/UDP/Both>
The permitted protocols for TURN requests. Default: Both.
Example: xConfiguration Traversal Server TURN ProtocolMode: Both
|
xConfiguration xConfiguration Traversal Server TURN Authentication Mode: <On/Off>>
Determines whether the server will require requests to be authenticated. When enabled the server will also authenticate its
responses. Default: On
Example: xConfiguration Traversal Server TURN Authentication Mode: On
|
xConfiguration XCP Config FcmService: <On/Off>
Controls whether FCM Push Notifications for Jabber Android Devices over MRA are enabled. Default: Off.
Example: xConfiguration XCP Config FcmService: On
|
xConfiguration XCP DelayedRestart EnableDelayedRestart: <On/Off>
Controls whether the Delayed Cisco XCP Router restart feature is enabled. Default: Off.
Example: xConfiguration DelayedRestart EnableDelayedRestart: On
|
xConfiguration XCP DelayedRestart EnableScheduledRestart: <On/Off>
Controls whether a scheduled restart of the Cisco XCP Router is enabled. Default: Off.
Example: xConfiguration XCP DelayedRestart EnableScheduledRestart: On
|
xConfiguration XCP DelayedRestart MultitenancyEnabled: <On/Off>
Turn on multitenancy to configure the delayed Cisco XCP Router restart. Default: Off.
Example: xConfiguration XCP DelayedRestart MultitenancyEnabled: On
|
xConfiguration XCP DelayedRestart ScheduledTime:
The time each day that the scheduled restart takes place.
Example: xConfiguration XCP DelayedRestart ScheduledTime: 01.00
|
xConfiguration XCP DelayedRestartNotify RestartTime:
Set the notification for the restart time.
Example: xConfiguration DelayedRestartNotify RestartTime: 01.00
|
xConfiguration XCP TLS Certificate CVS CertificateRevocationCheck: <On/Off>
Controls whether Certificate Revocation Lists (CRLs) are used to perform certificate revocation checking for XCP TLS connection.
CRLs can be loaded manually onto the Expressway, downloaded automatically from pre-configured URIs, or downloaded automatically
from a CRL distribution point (CDP) URI contained in the X.509 certificate as well as using OCSP. Default: Off.
Example: xConfiguration XCP TLS Certificate CVS CertificateRevocationCheck: Off
|
xConfiguration XCP TLS Certificate CVS ConvertIpToHostname: <On/Off>
Controls whether Expressway automatically converts XCP peer’s IP address to FQDN for certificate verification. Default: On.
Example: xConfiguration XCP TLS Certificate CVS ConvertIpToHostname: On
|
xConfiguration XCP TLS Certificate CVS CrlNetworkFetchEnabled: <On/Off>
Controls whether the Expressway is allowed to download CRLs from the CDP URIs contained in its X.509 certificate. Default:
On.
Example: xConfiguration XCP TLS Certificate CVS CrlNetworkFetchEnabled: On
|
xConfiguration XCP TLS Certificate CVS EnableCvs: <On/Off>
Controls whether or not to verify XCP peers' certificates during XCP TLS connection. When Off, all other XCP TLS Certificate CVS configuration options will have no effect. Default: On.
Example: xConfiguration XCP TLS Certificate CVS EnableCvs: On
|
xConfiguration XCP TLS Certificate CVS FailOnInaccessibleSource: <On/Off>
Controls the certificate verification behavior if the revocation source cannot be contacted.
On: treat the certificate as revoked (and thus do not allow the TLS connection).
Off: treat the certificate as not revoked.
Default: On.
Example: xConfiguration XCP TLS Certificate CVS FailOnInaccessibleSource: On
|
xConfiguration XCP TLS Certificate CVS UseCrl: <On/Off>
Controls whether Expressway checks its own CRL for revocation of certificates exchanged during establishment of XCP TLS connections.
Default: On.
Example: xConfiguration XCP TLS Certificate CVS UseCrl: On
|
xConfiguration XCP TLS Certificate CVS UseOcsp: <On/Off>
Controls whether the Expressway can use OCSP to check if the certificate is revoked. to perform certificate revocation checking.
To use OCSP, the X.509 certificate to be checked must contain an OCSP responder URI. Default: On.
Example: xConfiguration XCP TLS Certificate CVS UseOcsp: On
|
xConfiguration XCP TLS Certificate CVS VerifyHostname: <On/Off>
Controls whether the Expressway verifies the hostname from the XCP host's certificate against its own peer configuration.
Default: On.
Example: xConfiguration XCP TLS Certificate CVS VerifyHostname: On
|
xConfiguration Zones DefaultZone Authentication Mode: <DoNotCheckCredentials/TreatAsAuthenticated/CheckCredentials>
Controls how the Expressway authenticates incoming messages from this zone and whether they are subsequently treated as authenticated,
unauthenticated, or are rejected. The behavior varies for H.323 messages, SIP messages that originate from a local domain
and SIP messages that originate from non-local domains. Default: DoNotCheckCredentials.
Example: xConfiguration Zones DefaultZone Authentication Mode: DoNotCheckCredentials
|
xConfiguration Zones DefaultZone SIP Media Encryption Mode: <Off/On/BestEffort/Auto>
The media encryption policy applied by the Expressway for SIP calls (including interworked calls) to and from this zone. Default:
Auto.
On: All media must be encrypted.
Off: All media must be unencrypted.
BestEffort: Use encryption if available otherwise fallback to unencrypted media.
Auto: No media encryption policy is applied.
Example: xConfiguration Zones DefaultZone SIP Media Encryption Mode: Auto
|
xConfiguration Zones DefaultZone SIP Media ICE Support: <On/Off>
Controls whether ICE is supported by the devices in the zone. Default: Off
On: This zone supports ICE.
Off: This zone does not support ICE.
Example: xConfiguration Zones DefaultZone SIP Media ICE Support: On
|
xConfiguration Zones DefaultZone SIP Multistream Mode: <Off/On>
Controls if the Expressway allows Multistream to and from devices in this zone. Default: On
On: allow Multistream
Off: disallow Multistream.
Example: xConfiguration Zones DefaultZone SIP Multistream Mode: Off
|
xConfiguration Zones DefaultZone SIP Record Route Address Type: <IP/Hostname>
Controls whether the Expressway uses its IP address or host name in the Record-Route or Path headers of outgoing SIP requests
to this zone. Note: setting this value to hostname also requires a valid DNS system host name to be configured on the Expressway.
Default: IP.
Example: xConfiguration Zones DefaultZone SIP Record Route Address Type: IP
|
xConfiguration Zones DefaultZone SIP SipUpdateRefresh Support: <On/Off>
Determines whether session refresh by SIP UPDATE message is supported in this zone.
On: This zone sends SIP UPDATE messages for SIP session refresh.
Off: This zone does not send SIP UPDATE messages for SIP session refresh.
Default: Off.
Example: xConfiguration Zones DefaultZone SIP SipUpdateRefresh Support: Off
|
xConfiguration Zones DefaultZone SIP TLS Verify Mode: <On/Off>
Controls whether the hostname contained within the certificate presented by the external system is verified by the Expressway.
If enabled, the certificate hostname (also known as the Common Name) is checked against the patterns specified in the Default
Zone access rules. Default: Off.
Example: xConfiguration Zones DefaultZone SIP TLS Verify Mode: Off
|
xConfiguration Zones LocalZone DefaultSubZone Authentication Mode: <DoNotCheckCredentials/TreatAsAuthenticated/CheckCredentials>
Controls how the Expressway authenticates incoming messages from this subzone and whether they are subsequently treated as
authenticated, unauthenticated or are rejected. The behavior varies for H.323 messages, SIP messages that originate from a
local domain and SIP messages that originate from non-local domains. Default: DoNotCheckCredentials.
Example: xConfiguration Zones LocalZone DefaultSubZone Authentication Mode: DoNotCheckCredentials
|
xConfiguration Zones LocalZone DefaultSubZone Bandwidth PerCall Inter Limit: <1..100000000>
The bandwidth limit (in kbps) for any one call to or from an endpoint in the Default Subzone (applies only if the mode is
set to Limited). Default: 1920.
Example: xConfiguration Zones LocalZone DefaultSubZone Bandwidth PerCall Inter Limit: 1920
|
xConfiguration Zones LocalZone DefaultSubZone Bandwidth PerCall Inter Mode: <Limited/Unlimited/NoBandwidth>
Controls if there is a limit on the bandwidth for any one call to or from an endpoint in the Default Subzone.
NoBandwidth: no bandwidth available. No calls can be made to or from the Default Subzone.
Default: Unlimited.
Example: xConfiguration Zones LocalZone DefaultSubZone Bandwidth PerCall Inter Mode: Limited
|
xConfiguration Zones LocalZone DefaultSubZone Bandwidth PerCall Intra Limit: <1..100000000>
The bandwidth limit (in kbps) for any one call between two endpoints within the Default Subzone (applies only if the mode
is set to Limited). Default: 1920.
Example: xConfiguration Zones LocalZone DefaultSubZone Bandwidth PerCall Intra Limit: 1920
|
xConfiguration Zones LocalZone DefaultSubZone Bandwidth PerCall Intra Mode: <Limited/Unlimited/NoBandwidth>
Controls if there is a limit on the bandwidth for any one call between two endpoints within the Default Subzone.
NoBandwidth: no bandwidth available. No calls can be made within the Default Subzone.
Default: Unlimited.
Example: xConfiguration Zones LocalZone DefaultSubZone Bandwidth PerCall Intra Mode: Limited
|
xConfiguration Zones LocalZone DefaultSubZone Bandwidth Total Limit: <1..100000000>
Sets the total bandwidth limit (in kbps) of the Default Subzone (applies only if Mode is set to Limited). Default: 500000
.
Example: xConfiguration Zones LocalZone DefaultSubZone Bandwidth Total Limit: 500000
|
xConfiguration Zones LocalZone DefaultSubZone Bandwidth Total Mode: <Limited/Unlimited/NoBandwidth>
Controls if the Default Subzone has a limit on the total bandwidth being used by its endpoints at any one time.
NoBandwidth: no bandwidth available. No calls can be made to, from, or within the Default Subzone.
Default: Unlimited.
Example: xConfiguration Zones LocalZone DefaultSubZone Bandwidth Total Mode: Limited
|
xConfiguration Zones LocalZone DefaultSubZone Registrations: <Allow/Deny>
Controls whether registrations assigned to the Default Subzone are accepted. Default: Allow.
Example: xConfiguration Zones LocalZone DefaultSubZone Registrations: Allow
|
xConfiguration Zones LocalZone DefaultSubZone SIP Media Encryption Mode: <Off/On/BestEffort/Auto>
The media encryption policy applied by the Expressway for SIP calls (including interworked calls) to and from this subzone.
Default: Auto
On: All media must be encrypted.
Off: All media must be unencrypted.
BestEffort: Use encryption if available otherwise fallback to unencrypted media.
Auto: No media encryption policy is applied.
Example: xConfiguration Zones LocalZone DefaultSubZone SIP Media Encryption Mode: Auto
|
xConfiguration Zones LocalZone DefaultSubZone SIP Media ICE Support: <On/Off>
Controls whether ICE is supported by the devices in the zone. Default: Off
On: This zone supports ICE.
Off: This zone does not support ICE.
Example: xConfiguration Zones LocalZone DefaultSubZone SIP Media ICE Support: On
|
xConfiguration Zones LocalZone DefaultSubZone SIP Multistream Mode: <Off/On>
Controls if the Expressway allows Multistream to and from devices in this zone. Default: On
On: allow Multistream
Off: disallow Multistream.
Example: xConfiguration Zones LocalZone DefaultSubZone SIP Multistream Mode: Off
|
xConfiguration Zones LocalZone DefaultSubZone SIP SipUpdateRefresh Support: <On/Off>
Determines whether session refresh by SIP UPDATE message is supported in this zone.
On: This zone sends SIP UPDATE messages for SIP session refresh.
Off: This zone does not send SIP UPDATE messages for SIP session refresh.
Default: Off.
Example: xConfiguration Zones LocalZone DefaultSubZone SIP SipUpdateRefresh Support: On
|
xConfiguration Zones LocalZone SIP Record Route Address Type: <IP/Hostname>
Controls whether the Expressway uses its IP address or host name in the Record-Route or Path headers of outgoing SIP requests
to this zone. Note: setting this value to hostname also requires a valid DNS system host name to be configured on the Expressway.
Default: IP.
Example: xConfiguration Zones LocalZone SIP Record Route Address Type: IP
|
xConfiguration Zones LocalZone SubZones MembershipRules Rule [1..3000] Description: <S: 0,64>
A free-form description of the membership rule.
Example: xConfiguration Zones LocalZone SubZones MembershipRules Rule 1 Description: "Office-based staff"
|
xConfiguration Zones LocalZone SubZones MembershipRules Rule [1..3000] Name: <S: 0,50>
Assigns a name to this membership rule.
Example: xConfiguration Zones LocalZone SubZones MembershipRules Rule 1 Name: "Office Workers"
|
xConfiguration Zones LocalZone SubZones MembershipRules Rule [1..3000] Pattern String: <S: 0,60>
Specifies the pattern against which the alias is compared.
Example: xConfiguration Zones LocalZone SubZones MembershipRules Rule 1 Pattern String: "@example.com"
|
xConfiguration Zones LocalZone SubZones MembershipRules Rule [1..3000] Pattern Type: <Exact/Prefix/Suffix/Regex>
The way in which the pattern must match the alias.
Example: xConfiguration Zones LocalZone SubZones MembershipRules Rule 1 Pattern Type: Suffix
|
xConfiguration Zones LocalZone SubZones MembershipRules Rule [1..3000] Priority: <1..65534>
Determines the order in which the rules are applied (and thus to which subzone the endpoint is assigned) if an endpoint's
address satisfies multiple rules. The rules with the highest priority (1, then 2, then 3 and so on) are applied first. If
multiple Subnet rules have the same priority the rule with the largest prefix length is applied first. Alias Pattern Match
rules at the same priority are searched in configuration order. Default: 100.
Example: xConfiguration Zones LocalZone SubZones MembershipRules Rule 1 Priority: 100
|
xConfiguration Zones LocalZone SubZones MembershipRules Rule [1..3000] State: <Enabled/Disabled>
Indicates if the membership rule is enabled or disabled. Disabled membership rules are ignored. Default: Enabled.
Example: xConfiguration Zones LocalZone SubZones MembershipRules Rule 1 State: Enabled
|
xConfiguration Zones LocalZone SubZones MembershipRules Rule [1..3000] SubZoneName: <S: 0,50>
The subzone to which an endpoint is assigned if its address satisfies this rule.
Example: xConfiguration Zones LocalZone SubZones MembershipRules Rule 1 SubZoneName: "Branch Office"
|
xConfiguration Zones LocalZone SubZones MembershipRules Rule [1..3000] Subnet Address: <S: 0,39>
Specifies an IP address used (in conjunction with the prefix length) to identify this subnet.
Example: xConfiguration Zones LocalZone SubZones MembershipRules Rule 1 Subnet Address: "192.168.0.0"
|
xConfiguration Zones LocalZone SubZones MembershipRules Rule [1..3000] Subnet PrefixLength: <1..128>
The number of bits of the subnet address which must match for an IP address to belong in this subnet. Default: 32.
Example: xConfiguration Zones LocalZone SubZones MembershipRules Rule 1 Subnet PrefixLength: 32
|
xConfiguration Zones LocalZone SubZones MembershipRules Rule [1..3000] Type: <Subnet/AliasPatternMatch>
The type of address that applies to this rule.
Subnet: assigns the device if its IP address falls within the configured IP address subnet.
AliasPatternMatch: assigns the device if its alias matches the configured pattern.
Example: xConfiguration Zones LocalZone SubZones MembershipRules Rule 1 Type: Subnet
|
xConfiguration Zones LocalZone SubZones SubZone [1..1000] Authentication Mode: <DoNotCheckCredentials/TreatAsAuthenticated/CheckCredentials>
Controls how the Expressway authenticates incoming messages from this subzone and whether they are subsequently treated as
authenticated, unauthenticated or are rejected. The behavior varies for H.323 messages, SIP messages that originate from a
local domain and SIP messages that originate from non-local domains. See the Administrator Guide for further information.
Default: DoNotCheckCredentials.
Example: xConfiguration Zones LocalZone SubZones SubZone 1 Authentication Mode: DoNotCheckCredentials
|
xConfiguration Zones LocalZone SubZones SubZone [1..1000] Bandwidth PerCall Inter Limit: <1..100000000>
The bandwidth limit (in kbps) on any one call to or from an endpoint in this subzone (applies only if Mode is set to Limited).
Default: 1920.
Example: xConfiguration Zones LocalZone SubZones SubZone 1 Bandwidth PerCall Inter Limit: 1920
|
xConfiguration Zones LocalZone SubZones SubZone [1..1000] Bandwidth PerCall Inter Mode: <Limited/Unlimited/NoBandwidth>
Determines whether there is a limit on the bandwidth for any one call to or from an endpoint in this subzone. Default: Unlimited.
NoBandwidth: no bandwidth available. No calls can be made to or from this subzone.
Example: xConfiguration Zones LocalZone SubZones SubZone 1 Bandwidth PerCall Inter Mode: Limited
|
xConfiguration Zones LocalZone SubZones SubZone [1..1000] Bandwidth PerCall Intra Limit: <1..100000000>
The bandwidth limit (in kbps) for any one call between two endpoints within this subzone (applies only if the mode is set
to Limited). Default: 1920.
Example: xConfiguration Zones LocalZone SubZones SubZone 1 Bandwidth PerCall Intra Limit: 1920
|
xConfiguration Zones LocalZone SubZones SubZone [1..1000] Bandwidth PerCall Intra Mode: <Limited/Unlimited/NoBandwidth>
Determines whether there is a limit on the bandwidth for any one call between two endpoints within this subzone. Default:
Unlimited.
NoBandwidth: no bandwidth available. No calls can be made within this subzone.
Example: xConfiguration Zones LocalZone SubZones SubZone 1 Bandwidth PerCall Intra Mode: Limited
|
xConfiguration Zones LocalZone SubZones SubZone [1..1000] Bandwidth Total Limit: <1..100000000>
Sets the total bandwidth limit (in kbps) of this subzone (applies only if the mode is set to Limited). Default: 500000.
Example: xConfiguration Zones LocalZone SubZones SubZone 1 Bandwidth Total Limit: 500000
|
xConfiguration Zones LocalZone SubZones SubZone [1..1000] Bandwidth Total Mode: <Limited/Unlimited/NoBandwidth>
Controls if this subzone has a limit on the total bandwidth of calls being used by its endpoints at any one time. Default:
Unlimited.
NoBandwidth: no bandwidth available. No calls can be made to, from, or within this subzone.
Example: xConfiguration Zones LocalZone SubZones SubZone 1 Bandwidth Total Mode: Limited
|
xConfiguration Zones LocalZone SubZones SubZone [1..1000] Name: <S: 0, 50>
Assigns a name to this subzone.
Example: xConfiguration Zones LocalZone SubZones SubZone 1 Name: "BranchOffice"
|
xConfiguration Zones LocalZone SubZones SubZone [1..1000] Registrations: <Allow/Deny>
Controls whether registrations assigned to this subzone are accepted. Default: Allow.
Example: xConfiguration Zones LocalZone SubZones SubZone 1 Registrations: Allow
|
xConfiguration Zones LocalZone SubZones SubZone [1..1000] SIP Media Encryption Mode: <Off/On/BestEffort/Auto>
The media encryption policy applied by the Expressway for SIP calls (including interworked calls) to and from this subzone.
Default: Auto
On: All media must be encrypted.
Off: All media must be unencrypted.
BestEffort: Use encryption if available otherwise fallback to unencrypted media.
Auto: No media encryption policy is applied.
Example: xConfiguration Zones LocalZone SubZones SubZone 1 SIP Media Encryption Mode: Auto
|
xConfiguration Zones LocalZone SubZones SubZone [1..1000] SIP Media ICE Support: <On/Off>
Controls whether ICE is supported by the devices in the zone. Default: Off
On: This zone supports ICE.
Off: This zone does not support ICE.
Example: xConfiguration Zones LocalZone SubZones Subzone 1 SIP Media ICE Support: On
|
xConfiguration Zones LocalZone SubZones SubZone [1..1000] SIP Multistream Mode: <Off/On>
Controls if the Expressway allows Multistream to and from devices in this zone. Default: On
On: allow Multistream
Off: disallow Multistream.
Example: xConfiguration Zones LocalZone SubZones Subzone 1 SIP Multistream Mode: Off
|
xConfiguration Zones LocalZone Traversal H323 Assent Mode: <On/Off>
Determines whether or not H.323 calls using Assent mode for firewall traversal will be allowed. Applies to traversal-enabled
endpoints registered directly with the Expressway. Default: On .
Example: xConfiguration Zones LocalZone Traversal H323 Assent Mode: On
|
xConfiguration Zones LocalZone Traversal H323 H46018 Mode: <On/Off>
Controls whether H.323 calls using H460.18 mode for firewall traversal are allowed. Applies to traversal-enabled endpoints
registered directly with the Expressway. Default: On .
Example: xConfiguration Zones LocalZone Traversal H323 H46018 Mode: On
|
xConfiguration Zones LocalZone Traversal H323 H46019 Demultiplexing Mode: <On/Off>
Controls whether the Expressway operates in Demultiplexing mode for calls from traversal-enabled endpoints registered directly
with it. Default: Off .
On: allows use of the same two ports for all calls.
Off: each call will use a separate pair of ports for media.
Example: xConfiguration Zones LocalZone Traversal H323 H46019 Demultiplexing Mode: Off
|
xConfiguration Zones LocalZone Traversal H323 Preference: <Assent/H46018>
If an endpoint that is registered directly with the Expressway supports both Assent and H460.18 protocols, this setting determines
which the Expressway uses. Default: Assent.
Example: xConfiguration Zones LocalZone Traversal H323 Preference: Assent
|
xConfiguration Zones LocalZone Traversal H323 TCPProbe KeepAliveInterval: <1..65534>
Sets the interval (in seconds) with which a traversal-enabled endpoint registered directly with the Expressway will send a
TCP probe to the Expressway once a call is established, in order to keep the firewall’s NAT bindings open. Default: 20 .
Example: xConfiguration Zones LocalZone Traversal H323 TCPProbe KeepAliveInterval: 20
|
xConfiguration Zones LocalZone Traversal H323 TCPProbe RetryCount: <1..65534>
Sets the number of times traversal-enabled endpoints registered directly with the Expressway will attempt to send a TCP probe.
Default: 5 .
Example: xConfiguration Zones LocalZone Traversal H323 TCPProbe RetryCount: 5
|
xConfiguration Zones LocalZone Traversal H323 TCPProbe RetryInterval: <1..65534>
Sets the frequency (in seconds) with which traversal-enabled endpoints registered directly with the Expressway will send a
TCP probe. Default: 2 .
Example: xConfiguration Zones LocalZone Traversal H323 TCPProbe RetryInterval: 2
|
xConfiguration Zones LocalZone Traversal H323 UDPProbe KeepAliveInterval: <1..65534>
Sets the interval (in seconds) with which a traversal-enabled endpoint registered directly with the Expressway will send a
UDP probe to the Expressway once a call is established, in order to keep the firewall’s NAT bindings open. Default: 20 .
Example: xConfiguration Zones LocalZone Traversal H323 UDPProbe KeepAliveInterval: 20
|
xConfiguration Zones LocalZone Traversal H323 UDPProbe RetryCount: <1..65534>
Sets the number of times traversal-enabled endpoints registered directly with the Expressway will attempt to send a UDP probe.
Default: 5 .
Example: xConfiguration Zones LocalZone Traversal H323 UDPProbe RetryCount: 5
|
xConfiguration Zones LocalZone Traversal H323 UDPProbe RetryInterval: <1..65534>
Sets the frequency (in seconds) with which traversal-enabled endpoints registered directly with the Expressway will send a
UDP probe. Default: 2 .
Example: xConfiguration Zones LocalZone Traversal H323 UDPProbe RetryInterval: 2
|
xConfiguration Zones LocalZone TraversalSubZone Bandwidth PerCall Limit: <1..100000000>
The bandwidth limit (in kbps) applied to any one traversal call being handled by the Expressway (applies only if the mode
is set to Limited). Default: 1920 .
Example: xConfiguration Zones LocalZone TraversalSubZone Bandwidth PerCall Limit: 1920
|
xConfiguration Zones LocalZone TraversalSubZone Bandwidth PerCall Mode: <Limited/Unlimited/NoBandwidth>
Determines whether there is a limit on the bandwidth of any one traversal call being handled by the Expressway. Default: Unlimited.
NoBandwidth: no bandwidth available. No traversal calls can be made.
Example: xConfiguration Zones LocalZone TraversalSubZone Bandwidth PerCall Mode: Limited
|
xConfiguration Zones LocalZone TraversalSubZone Bandwidth Total Limit: <1..100000000>
The total bandwidth (in kbps) allowed for all traversal calls being handled by the Expressway (applies only if the mode is
set to Limited). Default: 500000 .
Example: xConfiguration Zones LocalZone TraversalSubZone Bandwidth Total Limit: 500000
|
xConfiguration Zones LocalZone TraversalSubZone Bandwidth Total Mode: <Limited/Unlimited/NoBandwidth>
Determines whether or not there is a limit to the total bandwidth of all traversal calls being handled by the Expressway.
Default: Unlimited.
NoBandwidth: no bandwidth available. No traversal calls can be made.
Example: xConfiguration Zones LocalZone TraversalSubZone Bandwidth Total Mode: Limited
|
xConfiguration Zones Policy Mode: <SearchRules/Directory>
The mode used when attempting to locate a destination. Default: SearchRules.
SearchRules: use the configured search rules to determine which zones are queried and in what order.
Directory: use the facilities of a directory service to direct the request to the correct zones.
Example: xConfiguration Zones Policy Mode: SearchRules
|
xConfiguration Zones Policy SearchRules Rule [1..2000] Authentication: <Yes/No>
Specifies whether this search rule applies only to authenticated search requests. Default: No.
Example: xConfiguration Zones Policy SearchRules Rule 1 Authentication: No
|
xConfiguration Zones Policy SearchRules Rule [1..2000] Description: <S: 0,64>
A free-form description of the search rule.
Example: xConfiguration Zones Policy SearchRules Rule 1 Description: "Send query to the DNS zone"
|
xConfiguration Zones Policy SearchRules Rule [1..2000] Mode: <AliasPatternMatch/AnyAlias/AnyIPAddress>
Determines whether a query is sent to the target zone. Default: AnyAlias.
AliasPatternMatch: queries the zone only if the alias matches the corresponding pattern type and string.
AnyAlias: queries the zone for any alias (but not IP address).
AnyIPAddress: queries the zone for any given IP address (but not alias).
Example: xConfiguration Zones Policy SearchRules Rule 1 Mode: AnyAlias
|
xConfiguration Zones Policy SearchRules Rule [1..2000] Name: <S: 0,50>
Descriptive name for the search rule.
Example: xConfiguration Zones Policy SearchRules Rule 1 Name: "DNS lookup"
|
xConfiguration Zones Policy SearchRules Rule [1..2000] Pattern Behavior: <Strip/Leave/Replace>
Determines whether the matched part of the alias is modified before being sent to the target zone. (Applies to Alias Pattern
Match mode only.) Default: Strip.
Leave: the alias is not modified.
Strip: the matching prefix or suffix is removed from the alias.
Replace: the matching part of the alias is substituted with the text in the replace string.
Example: xConfiguration Zones Policy SearchRules Rule 1 Pattern Behavior: Strip
|
xConfiguration Zones Policy SearchRules Rule [1..2000] Pattern Replace: <S: 0,60>
The string to substitute for the part of the alias that matches the pattern. (Applies to Replace pattern behavior only.)
Example: xConfiguration Zones Policy SearchRules Rule 1 Pattern Replace: "@example.net"
|
xConfiguration Zones Policy SearchRules Rule [1..2000] Pattern String: <S: 0,60>
The pattern against which the alias is compared. (Applies to Alias Pattern Match mode only.)
Example: xConfiguration Zones Policy SearchRules Rule 1 Pattern String: "@example.com"
|
xConfiguration Zones Policy SearchRules Rule [1..2000] Pattern Type: <Exact/Prefix/Suffix/Regex>
How the pattern string must match the alias for the rule to be applied. (Applies to Alias Pattern Match mode only.) Default:
Prefix.
Exact: the entire string must exactly match the alias character for character.
Prefix: the string must appear at the beginning of the alias.
Suffix: the string must appear at the end of the alias.
Regex: the string is treated as a regular expression.
Example: xConfiguration Zones Policy SearchRules Rule 1 Pattern Type: Suffix
|
xConfiguration Zones Policy SearchRules Rule [1..2000] Priority: <1..65534>
The order in the search process that this rule is applied, when compared to the priority of the other search rules. All Priority
1 search rules are applied first, followed by all Priority 2 search rules, and so on. Default: 100.
Example: xConfiguration Zones Policy SearchRules Rule 1 Priority: 100
|
xConfiguration Zones Policy SearchRules Rule [1..2000] Progress: <Continue/Stop>
Specifies the ongoing search behavior if the alias matches this search rule. If 'stop' is selected, any rules with the same
priority level as this rule are still applied. Default: Continue.
Continue: continue applying the remaining search rules (in priority order) until the endpoint identified by the alias is found.
Stop: do not apply any more search rules, even if the endpoint identified by the alias is not found in the target zone.
Example: xConfiguration Zones Policy SearchRules Rule 1 Progress: Continue
|
xConfiguration Zones Policy SearchRules Rule [1..2000] Protocol: <Any/H323/SIP>
The source protocol required for the rule to match.
Example: xConfiguration Zones Policy SearchRules Rule 1 Protocol: Any
|
xConfiguration Zones Policy SearchRules Rule [1..2000] Source Mode: <Any/AllZones/LocalZone/Named>
The sources of the requests for which this rule applies. Default: Any.
Any: locally registered devices, neighbor or traversal zones, and any non-registered devices.
All zones: locally registered devices plus neighbor or traversal zones.
Local Zone: locally registered devices only.
Named: A specific Zone or SubZone.
Example: xConfiguration Zones Policy SearchRules Rule 1 Source Mode: Any
|
xConfiguration Zones Policy SearchRules Rule [1..2000] Source Name: <S: 0..50>
The name of the source (Sub)Zone for which this rule applies.
Example: xConfiguration Zones Policy SearchRules Rule 1 Source Name: "Local Office"
|
xConfiguration Zones Policy SearchRules Rule [1..2000] State: <Enabled/Disabled>
Indicates if the search rule is enabled or disabled. Disabled search rules are ignored. Default: Enabled .
Example: xConfiguration Zones Policy SearchRules Rule 1 State: Enabled
|
xConfiguration Zones Policy SearchRules Rule [1..2000] Target Name: <S: 0,50>
The zone or policy service to query if the alias matches the search rule.
Example: xConfiguration Zones Policy SearchRules Rule 1 Target Name: "Sales Office"
|
xConfiguration Zones Policy SearchRules Rule [1..2000] Target Type: <Zone/PolicyService>
The type of target this search rule applies to.
Example: xConfiguration Zones Policy SearchRules Rule 1 Target Type: Zone
|
xConfiguration Zones Zone [1..1000] DNS IncludeAddressRecord: <On/Off>
Determines whether, if no NAPTR (SIP) or SRV (SIP and H.323) records have been found for the dialed alias via this zone, the
Expressway will then query for A and AAAA DNS Records. Default: Off .
Example: xConfiguration Zones Zone 1 DNS IncludeAddressRecord: Off
|
xConfiguration Zones Zone [1..1000] DNS Interworking SIP Audio DefaultCodec: <G711u/G711a/G722_48/G722_56/G722_64/G722_1_16/G722_1_24/G722_1_32/G722_1_48/G723_1/G728/G729/AACLD_48/AACLD_56/AACLD_64/AMR>
Specifies which audio codec to use when empty INVITEs are not allowed. Default: G711u .
Example: xConfiguration Zones Zone 1 DNS Interworking SIP Audio DefaultCodec: G711u
|
xConfiguration Zones Zone [1..1000] DNS Interworking SIP EmptyInviteAllowed: <On/Off>
Controls if the Expressway will generate a SIP INVITE message with no SDP to send to this zone. INVITEs with no SDP mean that
the destination device is asked to initiate the codec selection, and are used when the call has been interworked locally from
H.323. Default: On.
On: SIP INVITEs with no SDP will be generated and sent to this neighbor.
Off: SIP INVITEs will be generated and a pre-configured SDP will be inserted before the INVITEs are sent to this neighbor.
Example: xConfiguration Zones Zone 1 DNS Interworking SIP EmptyInviteAllowed: On
|
xConfiguration Zones Zone [1..1000] DNS Interworking SIP Video DefaultBitrate: <64..65535>
Specifies which video bit rate to use when empty INVITEs are not allowed. Default: 384 .
Example: xConfiguration Zones Zone 1 DNS Interworking SIP Video DefaultBitrate: 384
|
xConfiguration Zones Zone [1..1000] DNS Interworking SIP Video DefaultCodec: <None/H261/H263/H263p/H263pp/H264>
Specifies which video codec to use when empty INVITEs are not allowed. Default: H263 .
Example: xConfiguration Zones Zone 1 DNS Interworking SIP Video DefaultCodec: H263
|
xConfiguration Zones Zone [1..1000] DNS Interworking SIP Video DefaultResolution: <None/QCIF/CIF/4CIF/SIF/4SIF/VGA/SVGA/XGA>
Specifies which video resolution to use when empty INVITEs are not allowed. Default: CIF .
Example: xConfiguration Zones Zone 1 DNS Interworking SIP Video DefaultResolution: CIF
|
xConfiguration Zones Zone [1..1000] DNS SIP Default Transport: <UDP/TCP/TLS>
Determines which transport type is used for SIP calls from the DNS zone, when DNS NAPTR records and SIP URI parameters do
not provide the preferred transport information. RFC 3263 suggests that UDP should be used. Default: UDP.
Example: xConfiguration Zones Zone [1..1000] DNS SIP Default Transport: UDP
|
xConfiguration Zones Zone [1..1000] DNS SIP Media AesGcm Support: <Off/On>
Enables AES GCM algorithms to encrypt/decrypt media passing through this zone. Default: Off.
Example: xConfiguration Zones Zone 1 DNS SIP Media AesGcm Support: On
|
xConfiguration Zones Zone [1..1000] DNS SIP SipUpdateRefresh Support: <Off/On>
Determines whether session refresh by SIP UPDATE message is supported in this zone.
On: This zone sends SIP UPDATE messages for SIP session refresh.
Off: This zone does not send SIP UPDATE messages for SIP session refresh.
Default: Off.
Example: xConfiguration Zones Zone 1 DNS SIP SipUpdateRefresh Support: On
|
xConfiguration Zones Zone [1..1000] DNS SIP Media Encryption Mode: <Off/On/BestEffort/Auto>
The media encryption policy applied by the Expressway for SIP calls (including interworked calls) to and from this zone. Default:
Auto.
On: All media must be encrypted.
Off: All media must be unencrypted.
BestEffort: Use encryption if available otherwise fallback to unencrypted media.
Auto: No media encryption policy is applied.
Example: xConfiguration Zones Zone 1 DNS SIP Media Encryption Mode: Auto
|
xConfiguration Zones Zone [1..1000] DNS SIP Media ICE Support: <On/Off>
Controls whether ICE is supported by the devices in the zone. Default: Off.
On: This zone supports ICE.
Off: This zone does not support ICE.
Example: xConfiguration Zones Zone 1 DNS SIP Media ICE Support: Off
|
xConfiguration Zones Zone [1..1000] DNS SIP Media ICEPassThrough Support: <On/Off>
Controls whether ICE Pass Through is supported by the devices in the zone. Default: Off
On: This zone supports ICE Pass Through.
Off: This zone does not support ICE Pass Through.
Example: xConfiguration Zones Zone 1 DNS SIP Media ICEPassThrough Support: On
|
xConfiguration Zones Zone [1..1000] DNS SIP Poison Mode: <On/Off>
Determines whether SIP requests sent out to this zone will be "poisoned" such that if they are received by the local Expressway
again they will be rejected. Default: Off .
On: SIP requests sent out via this zone that are received again by this Expressway will be rejected.
Off: SIP requests sent out via this zone that are received by this Expressway again will be processed as normal.
Example: xConfiguration Zones Zone 1 DNS SIP Poison Mode: Off
|
xConfiguration Zones Zone [1..1000] DNS SIP PreloadedSipRoutes Accept: <Off/On>
Switch Preloaded SIP routes support On to enable this zone to process SIP INVITE requests that contain the Route header. Switch
Preloaded SIP routes support Off if you want the zone to reject SIP INVITE requests containing this header.
Example: xConfiguration Zones Zone 3 Neighbor SIP PreloadedSipRoutes Accept: On
|
xConfiguration Zones Zone [1..1000] DNS SIP Record Route Address Type: <IP/Hostname>
Controls whether the Expressway uses its IP address or host name in the Record-Route or Path headers of outgoing SIP requests
to this zone. Note: setting this value to Hostname also requires a valid DNS system host name to be configured on the Expressway.
Default: IP.
Example: xConfiguration Zones Zone 1 DNS SIP Record Route Address Type: IP
|
xConfiguration Zones Zone [1..1000] DNS SIP SearchAutoResponse: <On/Off>
Controls what happens when the Expressway receives a SIP search that originated as an H.323 search, destined for this zone.
Default: Off .
Off: a SIP OPTION message will be sent to the zone.
On: searches will be responded to automatically, without being forwarded to the zone.
Example: xConfiguration Zones Zone 1 DNS SIP SearchAutoResponse: Off
|
xConfiguration Zones Zone [1..1000] DNS SIP TLS Verify Mode: <On/Off>
Controls X.509 certificate checking between this Expressway and the destination system server returned by the DNS lookup.
When enabled, the domain name submitted to the DNS lookup must be contained within the server's X.509 certificate (in either
the Subject Common Name or the Subject Alternative Name attributes).
Default: Off.
Example: xConfiguration Zones Zone 1 DNS SIP TLS Verify Mode: On
|
xConfiguration Zones Zone [1..1000] DNS SIP TLS Verify Subject Name: <S: 0..128>
The certificate holder's name to look for in the traversal client's X.509 certificate (must be in either the Subject Common
Name or the Subject Alternative Name attributes). If empty then the domain portion of the resolved URI is used.
Example: xConfiguration Zones Zone 1 DNS SIP TLS Verify Subject Name: "example.com"
|
xConfiguration Zones Zone [1..1000] DNS SIP UDP BFCP Filter Mode: <On/Off>
Determines whether INVITE requests sent to this zone filter out UDP/BFCP. This option may be required to enable interoperability
with SIP devices that do not support the UDP/BFCP protocol. Default: Off .
On: any media line referring to the UDP/BFCP protocol is replaced with TCP/BFCP and disabled.
Off: INVITE requests are not modified.
Example: xConfiguration Zones Zone 1 DNS SIP UDP BFCP Filter Mode: Off
|
xConfiguration Zones Zone [1..1000] DNS ZoneProfile: <Default/Custom/CiscoUnifiedCommunicationsManager/CiscoUnifiedCommunicationsManagerBFCP/NortelCS1000/NonRegisteringDevice/LocalB2BUAService>
Determines how the zone's advanced settings are configured.
Default: uses the factory defaults.
Custom: allows you to configure each setting individually.
Preconfigured profiles: alternatively, choose one of the preconfigured profiles to automatically use the appropriate settings required for connections
to that type of system.
Example: xConfiguration Zones Zone 1 DNS ZoneProfile: Default
|
xConfiguration Zones Zone [1..1000] ENUM DNSSuffix: <S: 0, 128>
The DNS zone to append to the transformed E.164 number to create an ENUM host name which this zone is then queried for.
Example: xConfiguration Zones Zone 2 ENUM DNSSuffix: "e164.arpa"
|
xConfiguration Zones Zone [1..1000] H323 Mode: <On/Off>
Determines whether H.323 calls will be allowed to and from this zone. Default: On .
Example: xConfiguration Zones Zone 2 H323 Mode: On
|
xConfiguration Zones Zone [1..1000] HopCount: <1..255>
Specifies the hop count to be used when sending an alias search request to this zone. Note: if the search request was received
from another zone and already has a hop count assigned, the lower of the two values will be used. Default: 15 .
Example: xConfiguration Zones Zone 2 HopCount: 15
|
xConfiguration Zones Zone [1..1000] Name: <S: 1, 50>
Assigns a name to this zone.
Example: xConfiguration Zones Zone 3 Name: "UK Sales Office"
|
xConfiguration Zones Zone [1..1000] Neighbor Authentication Mode: <DoNotCheckCredentials/TreatAsAuthenticated/CheckCredentials>
Controls how the Expressway authenticates incoming messages from this zone and whether they are subsequently treated as authenticated,
unauthenticated, or are rejected. The behavior varies for H.323 messages, SIP messages that originate from a local domain
and SIP messages that originate from non-local domains. Default: DoNotCheckCredentials.
Example: xConfiguration Zones Zone 3 Neighbor Authentication Mode: DoNotCheckCredentials
|
xConfiguration Zones Zone [1..1000] Neighbor H323 CallSignaling Port: <1024..65534>
The port on the neighbor to use for H.323 calls to and from this Expressway. Default: 1720 .
Example: xConfiguration Zones Zone 3 Neighbor H323 CallSignaling Port: 1720
|
xConfiguration Zones Zone [1..1000] Neighbor H323 Port: <1024..65534>
The port on the neighbor to use for H.323 searches to and from this Expressway. Default: 1719 .
Example: xConfiguration Zones Zone 3 Neighbor H323 Port: 1719
|
xConfiguration Zones Zone [1..1000] Neighbor H323 SearchAutoResponse: <On/Off>
Determines what happens when the Expressway receives a H323 search, destined for this zone. Default: Off.
Off: an LRQ message will be sent to the zone.
On: searches will be responded to automatically, without being forwarded to the zone.
Example: xConfiguration Zones Zone 3 Neighbor H323 SearchAutoResponse: Off
|
xConfiguration Zones Zone [1..1000] Neighbor Interworking SIP Audio DefaultCodec: <G711u/G711a/G722_48/G722_56/G722_64/G722_1_16/G722_1_24/G722_1_32/G722_1_48/G723_1/G728/G729/AACLD_48/AACLD_56/AACLD_64/AMR>
Specifies which audio codec to use when empty INVITEs are not allowed. Default: G711u .
Example: xConfiguration Zones Zone 3 Neighbor Interworking SIP Audio DefaultCodec: G711u
|
xConfiguration Zones Zone [1..1000] Neighbor Interworking SIP EmptyInviteAllowed: <On/Off>
Determines whether the Expressway will generate a SIP INVITE message with no SDP to send to this zone. INVITEs with no SDP
mean that the destination device is asked to initiate the codec selection, and are used when the call has been interworked
locally from H.323. Default: On .
On: SIP INVITEs with no SDP will be generated and sent to this neighbor.
Off: SIP INVITEs will be generated and a pre-configured SDP will be inserted before the INVITEs are sent to this neighbor.
Example: xConfiguration Zones Zone 3 Neighbor Interworking SIP EmptyInviteAllowed: On
|
xConfiguration Zones Zone [1..1000] Neighbor Interworking SIP Encryption EncryptSRTCP: <Yes/No>
Controls if the Expressway offers encrypted SRTCP in calls to this zone. The Expressway will send an INFO request. Default:
No.
Example: xConfiguration Zones Zone 3 Neighbor Interworking SIP Encryption EncryptSRTCP: No
|
xConfiguration Zones Zone [1..1000] Neighbor Interworking SIP Search Strategy: <Options/Info>
Determines how the Expressway will search for SIP endpoints when interworking an H.323 call. Default: Options .
Options: the Expressway will send an OPTIONS request.
Info: the Expressway will send an INFO request.
Example: xConfiguration Zones Zone 3 Neighbor Interworking SIP Search Strategy: Options
|
xConfiguration Zones Zone [1..1000] Neighbor Interworking SIP Video DefaultBitrate: <64..65535>
Specifies which video bit rate to use when empty INVITEs are not allowed. Default: 384 .
Example: xConfiguration Zones Zone 3 Neighbor Interworking SIP Video DefaultBitrate: 384
|
xConfiguration Zones Zone [1..1000] Neighbor Interworking SIP Video DefaultCodec: <None/H261/H263/H263p/H263pp/H264>
Specifies which video codec to use when empty INVITEs are not allowed. Default: H263 .
Example: xConfiguration Zones Zone 3 Neighbor Interworking SIP Video DefaultCodec: H263
|
xConfiguration Zones Zone [1..1000] Neighbor Interworking SIP Video DefaultResolution: <None/QCIF/CIF/4CIF/SIF/4SIF/VGA/SVGA/XGA>
Specifies which video resolution to use when empty INVITEs are not allowed. Default: CIF .
Example: xConfiguration Zones Zone 3 Neighbor Interworking SIP Video DefaultResolution: CIF
|
xConfiguration Zones Zone [1..1000] Neighbor Monitor: <Yes/No>
Specifies whether the zone monitors the aliveness of its neighbor peers. H323 LRQs and/or SIP OPTIONS will be periodically
sent to the peers. If any peer fails to respond, that peer will be marked as inactive. If no peer manages to respond the zone
will be marked as inactive. Default: Yes.
Example: xConfiguration Zones Zone 3 Neighbor Monitor: Yes
|
xConfiguration Zones Zone [1..1000] Neighbor Peer [1..6] Address: <S:0,128>
Specifies the IP address or Fully Qualified Domain Name (FQDN) of the neighbor. If the neighbor zone is an Expressway cluster,
this will be one of the peers in that cluster.
Example: xConfiguration Zones Zone 3 Neighbor Peer 1 Address: "192.44.0.18"
|
xConfiguration Zones Zone [1..1000] Neighbor Registrations: <Allow/Deny>
Controls whether proxied SIP registrations routed through this zone are accepted. Default: Allow .
Example: xConfiguration Zones Zone 3 Neighbor Registrations: Allow
|
xConfiguration Zones Zone [1..1000] Neighbor RetainConnectionOnParseErrorMode: <mode>
Controls how tolerant the system is of malformed or corrupt SIP messages.
DropAll: The system closes the SIP connection when it receives a malformed or corrupt SIP message.
RetainSome: The system maintains the SIP connection when it receives a SIP message with malformed, non-mandatory headers. It closes
the connection if any mandatory headers are malformed.
RetainAll: The system maintains the SIP connection when it receives a SIP message with any malformed headers (including mandatory headers).
Default: DropAll.
Note
|
-
The Content-Length header is an exception. If this header is missing or malformed, the connection is always closed, regardless of the mode.
-
The connection is also always closed, regardless of the mode, if the Expressway receives more than 10 consecutive malformed
messages.
-
For CMR Cloud deployments, we recommend configuring RetainAll mode.
|
Example: xConfiguration Zones Zone 3 RetainConnectionOnParseErrorMode: RetainSome
|
xConfiguration Zones Zone [1..1000] Neighbor SIP Authentication Trust Mode: <On/Off>
Controls if authenticated SIP messages (ones containing a P-Asserted-Identity header) from this zone are trusted. Default:
Off .
On: messages are trusted without further challenge.
Off: messages are challenged for authentication.
Example: xConfiguration Zones Zone 3 Neighbor SIP Authentication Trust Mode: On
|
xConfiguration Zones Zone [1..1000] Neighbor SIP B2BUA Refer Mode: <Forward/Terminate>
Determines how SIP REFER requests are handled.
Forward: SIP REFER requests are forwarded to the target.
Terminate: SIP REFER requests are terminated by the Expressway.
Default: Forward
Example: xConfiguration Zones Zone 3 Neighbor SIP B2BUA Refer Mode: Terminate
|
xConfiguration Zones Zone [1..1000] Neighbor SIP B2BUA Replaces Mode: <Forward/Terminate>
Enables the Expressway to process load balancing INVITE messages from Meeting Server call bridge groups. Default: Forward
Terminate: Expressway B2BUA processes the INVITEs from the Meeting Server. Required to enable load balancing for endpoints that are
registered to this Expressway, or to a neighboring VCS or Expressway.
Forward: Expressway proxies the INVITEs from the Meeting Server. This is an option if your endpoints are registered to Unified CM,
because Unified CM could process those INVITEs instead.
Example: xConfiguration Zones Zone 3 Neighbor SIP B2BUA Replaces Mode: Terminate
|
xConfiguration Zones Zone [1..1000] Neighbor SIP B2BUA Service Identifier: <0..64>
The identifier that represents an instance of a local SIP Back-to-Back User Agent service.
Example: xConfiguration Zones Zone 3 Neighbor SIP B2BUA Service Identifier: 1
|
xConfiguration Zones Zone [1..1000] Neighbor SIP ClassFiveResponseLiveness: <Yes/No>
Specifies whether Class 5 SIP responses from neighbor peers result in the zone being considered alive for use. Default: Yes.
Example: xConfiguration Zones Zone 3 Neighbor SIP ClassFiveResponseLiveness: Yes
|
xConfiguration Zones Zone [1..1000] Neighbor SIP Encryption Mode: <Auto/Microsoft/Off>
Determines how the Expressway handles encrypted SIP calls on this zone. Default: Auto.
Auto: SIP calls are encrypted if a secure SIP transport (TLS) is used.
Microsoft: SIP calls are encrypted using MS-SRTP.
Off: SIP calls are never encrypted.
Example: xConfiguration Zones Zone 3 Neighbor SIP Encryption Mode: Auto
|
xConfiguration Zones Zone [1..1000] Neighbor SIP MIME Strip Mode: <On/Off>
Controls whether multipart MIME stripping is performed on requests from this zone. This must be set to On for connections
to a Microsoft Office Communications Server 2007. Default: Off.
Example: xConfiguration Zones Zone 3 Neighbor SIP MIME Strip Mode: Off
|
xConfiguration Zones Zone [1..1000] Neighbor SIP Media AesGcm Support: <Off/On>
Enables AES GCM algorithms to encrypt/decrypt media passing through this zone. Default: Off.
Example: xConfiguration Zones Zone 1 Neighbor SIP Media AesGcm Support: On
|
xConfiguration Zones Zone [1..1000] Neighbor SIP Media Encryption Mode: <Off/On/BestEffort/Auto>
The media encryption policy applied by the Expressway for SIP calls (including interworked calls) to and from this zone. Default:
Auto
On: All media must be encrypted.
Off: All media must be unencrypted.
BestEffort: Use encryption if available otherwise fallback to unencrypted media.
Auto: No media encryption policy is applied.
Example: xConfiguration Zones Zone 3 Neighbor SIP Media Encryption Mode: Auto
|
xConfiguration Zones Zone [1..1000] Neighbor SIP Media ICE Support: <On/Off>
Controls whether ICE is supported by the devices in the zone. Default: Off
On: This zone supports ICE.
Off: This zone does not support ICE.
Example: xConfiguration Zones Zone 3 Neighbor SIP Media ICE Support: On
|
xConfiguration Zones Zone [1..1000] Neighbor SIP Media ICEPassThrough Support: <On/Off>
Controls whether ICE Pass Through is supported by the devices in the zone. Default: Off
On: This zone supports ICE Pass Through.
Off: This zone does not support ICE Pass Through.
Example: xConfiguration Zones Zone 3 Neighbor SIP Media ICEPassThrough Support: On
|
xConfiguration Zones Zone [1..1000] Neighbor SIP MediaRouting Mode: <Auto/Signaled/Latching>
How the Expressway handles media for calls to and from this neighbor, and where it will forward the media destined for this
neighbor. Default: Auto. .
Signaled: media is always taken for calls to and from this neighbor. It will be forwarded as signaled in the SDP received from this
neighbor.
Latching: media is always taken for calls to and from this neighbor. It will be forwarded to the IP address and port from which media
from this neighbor is received.
Auto: media is only taken if the call is a traversal call. If this neighbor is behind a NAT the Expressway will forward the media
to the IP address and port from which media from this zone is received (latching). Otherwise it will forward the media to
the IP address and port signaled in the SDP (signaled).
Example: xConfiguration Zones Zone 3 Neighbor SIP MediaRouting Mode: Auto
|
xConfiguration Zones Zone [1..1000] Neighbor SIP Multistream Mode: <Off/On>
Controls if the Expressway allows Multistream to and from devices in this zone. Default: On
On: allow Multistream
Off: disallow Multistream.
Example: xConfiguration Zones Zone 1 Neighbor SIP Multistream Mode: Off
|
xConfiguration Zones Zone [1..1000] Neighbor SIP Poison Mode: <On/Off>
Controls whether SIP requests sent out to this zone will be "poisoned" such that if they are received by the local Expressway
again they will be rejected. Default: Off .
On: SIP requests sent out via this zone that are received again by this Expressway will be rejected.
Off: SIP requests sent out via this zone that are received by this Expressway again will be processed as normal.
Example: xConfiguration Zones Zone 3 Neighbor SIP Poison Mode: Off
|
xConfiguration Zones Zone [1..1000] Neighbor SIP Port: <1024..65534>
Specifies the port on the neighbor to be used for SIP calls to and from this Expressway. Default: 5061 .
Example: xConfiguration Zones Zone 3 Neighbor SIP Port: 5061
|
xConfiguration Zones Zone [1..1000] Neighbor SIP PreloadedSipRoutes Accept: <Off/On>
Switch Preloaded SIP routes support On to enable this zone to process SIP INVITE requests that contain the Route header. Switch
Preloaded SIP routes support Off if you want the zone to reject SIP INVITE requests containing this header.
Example: xConfiguration Zones Zone 3 Neighbor SIP PreloadedSipRoutes Accept: On
|
xConfiguration Zones Zone [1..1000] Neighbor SIP ProxyRequire Strip List: <S: 0,255>
A comma separated list of option tags to search for and remove from Proxy-Require headers in SIP requests received from this
zone. By default, no option tags are specified.
Example: xConfiguration Zones Zone 3 Neighbor SIP ProxyRequire Strip List: "com.example.something,com.example.somethingelse"
|
xConfiguration Zones Zone [1..1000] Neighbor SIP RFC3327 Enabled: <Yes/No>
Controls whether the Expressway will insert RFC3327 Path headers when proxying REGISTER messages toward this zone. If disabled
the Expressway will instead rewrite the contact header to allow interworking with SIP registrars that do not support RFC3327.
Default: Yes.
Example: xConfiguration Zones Zone [1..1000] Neighbor SIP RFC3327 Enabled: Yes
Note
|
In version X8.9 we introduced a toggle that controls this feature for the automatically created neighbor zones used for MRA.
In that version, on those zones, the default is No. See xConfiguration CollaborationEdge RFC3327Enabled .
|
|
xConfiguration Zones Zone [1..1000] Neighbor SIP Record Route Address Type: <IP/Hostname>
Controls whether the Expressway uses its IP address or host name in the Record-Route or Path headers of outgoing SIP requests
to this zone. Note: setting this value to Hostname also requires a valid DNS system host name to be configured on the Expressway.
Default: IP.
Example: xConfiguration Zones Zone 3 Neighbor SIP Record Route Address Type: IP
|
xConfiguration Zones Zone [1..1000] Neighbor SIP SearchAutoResponse: <On/Off>
Controls what happens when the Expressway receives a SIP search that originated as an H.323 search, destined for this zone.
Default: Off .
Off: a SIP OPTION message will be sent to the zone.
On: searches will be responded to automatically, without being forwarded to the zone.
Example: xConfiguration Zones Zone 3 Neighbor SIP SearchAutoResponse: Off
|
xConfiguration Zones Zone [1..1000] Neighbor SIP SipUpdateRefresh Support: <On/Off>
Determines whether session refresh by SIP UPDATE message is supported in this zone.
On: This zone sends SIP UPDATE messages for SIP session refresh.
Off: This zone does not send SIP UPDATE messages for SIP session refresh.
Default: Off
Example: xConfiguration Zones Zone 3 Neighbor SIP SipUpdateRefresh Support: Off
|
xConfiguration Zones Zone [1..1000] Neighbor SIP TLS Verify Mode: <On/Off>
Controls X.509 certificate checking and mutual authentication for inbound and outbound connections between this Expressway
and the neighbor system. When enabled, the neighbor system's FQDN or IP address, as specified in the Peer address field, must
be contained within the neighbor's X.509 certificate (in either the Subject Common Name or the Subject Alternative Name attributes).
Default: Off .
Example: xConfiguration Zones Zone 3 Neighbor SIP TLS Verify Mode: On
|
xConfiguration Zones Zone [1..1000] Neighbor SIP Transport: <UDP/TCP/TLS>
Determines which transport type will be used for SIP calls to and from this neighbor. Default: TLS .
Example: xConfiguration Zones Zone 3 Neighbor SIP Transport: TLS
|
xConfiguration Zones Zone [1..1000] Neighbor SIP UDP BFCP Filter Mode: <On/Off>
Determines whether INVITE requests sent to this zone filter out UDP/BFCP. This option may be required to enable interoperability
with SIP devices that do not support the UDP/BFCP protocol. Default: Off .
On: any media line referring to the UDP/BFCP protocol is replaced with TCP/BFCP and disabled.
Off: INVITE requests are not modified.
Example: xConfiguration Zones Zone 3 Neighbor SIP UDP BFCP Filter Mode: Off
|
xConfiguration Zones Zone 1 Neighbor SIP UDP IX Filter Mode: <On/Off>
Determines whether INVITE requests sent to this zone filter out UDP/UDT/IX or UDP/DTLS/UDT/IX.
This option may be required to enable interoperability with SIP devices that do not support the UDP/UDT/IX or UDP/DTLS/UDT/IX
protocol. Default: Off.
On: any media line referring to the UDP/UDT/IX or UDP/DTLS/UDT/IX protocol is replaced with RTP/AVP and disabled.
Off: INVITE requests are not modified.
Example: xConfiguration Zones Zone 1 neighbor SIP UDP IX Filter Mode: On
|
xConfiguration Zones Zone [1..1000] Neighbor SIP UPDATE Strip Mode: <On/Off>
Determines whether the Expressway strips the UPDATE method from the Allow header of all requests and responses going to and
from this zone. Default: Off .
Example: xConfiguration Zones Zone 3 Neighbor SIP UPDATE Strip Mode: Off
|
xConfiguration Zones Zone [1..1000] Neighbor SignalingRouting Mode: <Auto/Always>
Specifies how the Expressway handles the signaling for calls to and from this neighbor. Default: Auto.
Auto: Signaling will be taken as determined by the Call Routed Mode configuration.
Always: Signaling will always be taken for calls to or from this neighbor, regardless of the Call Routed Mode configuration.
Example: xConfiguration Zones Zone 3 Neighbor SignalingRouting Mode: Auto
|
xConfiguration Zones Zone [1..1000] Neighbor ZoneProfile: <Default/Custom/CiscoUnifiedCommunicationsManager/CiscoUnifiedCommunicationsManagerBFCP/NortelCS1000/NonRegisteringDevice/LocalB2BUAService>
Determines how the zone's advanced settings are configured.
Default: uses the factory defaults.
Custom: allows you to configure each setting individually.
Preconfigured profiles: alternatively, choose one of the preconfigured profiles to automatically use the appropriate settings required for connections
to that type of system.
Example: xConfiguration Zones Zone 3 Neighbor ZoneProfile: Default
|
xConfiguration Zones Zone [1..1000] SIP Mode: <On/Off>
Determines whether SIP calls will be allowed to and from this zone. Default: On.
Example: xConfiguration Zones Zone 3 SIP Mode: On
|
xConfiguration Zones Zone [1..1000] TraversalClient Authentication Mode: <DoNotCheckCredentials/TreatAsAuthenticated/CheckCredentials>
Controls how the Expressway authenticates incoming messages from this zone and whether they are subsequently treated as authenticated,
unauthenticated, or are rejected. The behavior varies for H.323 messages, SIP messages that originate from a local domain
and SIP messages that originate from non-local domains. Default: DoNotCheckCredentials.
Example: xConfiguration Zones Zone 4 TraversalClient Authentication Mode: DoNotCheckCredentials
|
xConfiguration Zones Zone [1..1000] TraversalClient Authentication Password: <S: 0,215>
The password used by the Expressway when connecting to the traversal server. The maximum plaintext length is 128 characters,
which is then encrypted.
Example: xConfiguration Zones Zone 4 TraversalClient Authentication Password: "password123"
|
xConfiguration Zones Zone [1..1000] TraversalClient Authentication UserName: <S: 0,128>
The user name used by the Expressway when connecting to the traversal server.
Example: xConfiguration Zones Zone 4 TraversalClient Authentication UserName: "clientname"
|
xConfiguration Zones Zone [1..1000] TraversalClient H323 Port: <1024..65534>
The port on the traversal server to use for H.323 firewall traversal calls from this Expressway. If the traversal server is
an Expressway-E, this must be the port number that is configured on the Expressway-E's traversal server zone associated with
this Expressway.
Example: xConfiguration Zones Zone 4 TraversalClient H323 Port: 2777
|
xConfiguration Zones Zone [1..1000] TraversalClient H323 Protocol: <Assent/H46018>
Determines which of the two firewall traversal protocols will be used for calls to and from the traversal server. Note: the
same protocol must be set on the server for calls to and from this traversal client. Default: Assent.
Example: xConfiguration Zones Zone 4 TraversalClient H323 Protocol: Assent
|
xConfiguration Zones Zone [1..1000] TraversalClient Peer [1..6] Address: <S:0,128>
Specifies the IP address or Fully Qualified Domain Name (FQDN) of the traversal server. If the traversal server is an Expressway-E
cluster, this will be one of the peers in that cluster.
Example: xConfiguration Zones Zone 4 TraversalClient Peer 1 Address: "10.192.168.1"
|
xConfiguration Zones Zone [1..1000] TraversalClient Registrations: <Allow/Deny>
Controls whether proxied SIP registrations routed through this zone are accepted. Default: Allow.
Example: xConfiguration Zones Zone 4 TraversalClient Registrations: Allow
|
xConfiguration Zones Zone [1..1000] TraversalClient RetryInterval: <1..65534>
The interval (in seconds) with which a failed attempt to establish a connection to the traversal server should be retried.
Default: 120.
Example: xConfiguration Zones Zone 4 TraversalClient RetryInterval: 120
|
xConfiguration Zones Zone [1..1000] TraversalClient SIP SipUpdateRefresh Support: <Off/On>
Determines whether session refresh by SIP UPDATE message is supported in this zone.
On: This zone sends SIP UPDATE messages for SIP session refresh.
Off: This zone does not send SIP UPDATE messages for SIP session refresh.
Default: Off
Example: xConfiguration Zones Zone 1 TraversalClient SIP SipUpdateRefresh Support: On
|
xConfiguration Zones Zone [1..1000] TraversalClient SIP Media AesGcm Support: <Off/On>
Enables AES GCM algorithms to encrypt/decrypt media passing through this zone. Default: Off.
Example: xConfiguration Zones Zone 1 TraversalClient SIP Media AesGcm Support: On
|
xConfiguration Zones Zone [1..1000] TraversalClient SIP Media Encryption Mode: <Off/On/BestEffort/Auto>
The media encryption policy applied by the Expressway for SIP calls (including interworked calls) to and from this zone. Default:
Auto.
On: All media must be encrypted.
Off: All media must be unencrypted.
BestEffort: Use encryption if available otherwise fallback to unencrypted media.
Auto: No media encryption policy is applied.
Example: xConfiguration Zones Zone 4 TraversalClient SIP Media Encryption Mode: Auto
|
xConfiguration Zones Zone [1..1000] TraversalClient SIP Media ICE Support: <On/Off>
Controls whether ICE is supported by the devices in the zone. Default: Off
On: This zone supports ICE.
Off: This zone does not support ICE.
Example: xConfiguration Zones Zone 4 TraversalClient SIP Media ICE Support: On
|
xConfiguration Zones Zone [1..1000] TraversalClient SIP Media ICEPassThrough Support: <On/Off>
Controls whether ICE Pass Through is supported by the devices in the zone. Default: Off
On: This zone supports ICE Pass Through.
Off: This zone does not support ICE Pass Through.
Example: xConfiguration Zones Zone 4 TraversalClient SIP Media ICEPassThrough Support: On
|
xConfiguration Zones Zone [1..1000] TraversalClient SIP Multistream Mode: <Off/On>
Controls if the Expressway allows Multistream to and from devices in this zone. Default: On
On: allow Multistream
Off: disallow Multistream.
Example: xConfiguration Zones Zone 1 TraversalClient SIP Multistream Mode: Off
|
xConfiguration Zones Zone [1..1000] TraversalClient SIP Poison Mode: <On/Off>
Controls whether SIP requests sent out to this zone are "poisoned" such that if they are received by the local Expressway
again they will be rejected. Default: Off .
On: SIP requests sent out via this zone that are received again by this Expressway will be rejected.
Off: SIP requests sent out via this zone that are received by this Expressway again will be processed as normal.
Example: xConfiguration Zones Zone 4 TraversalClient SIP Poison Mode: Off
|
xConfiguration Zones Zone [1..1000] TraversalClient SIP Port: <1024..65534>
Specifies the port on the traversal server to be used for SIP calls from this Expressway. If your traversal server is an Expressway-E,
this must be the port number that has been configured in the traversal server zone for this Expressway.
Example: xConfiguration Zones Zone 4 TraversalClient SIP Port: 5061
|
xConfiguration Zones Zone [1..1000] TraversalClient SIP PreloadedSipRoutes Accept: <Off/On>
Switch Preloaded SIP routes support On to enable this zone to process SIP INVITE requests that contain the Route header. Switch
Preloaded SIP routes support Off if you want the zone to reject SIP INVITE requests containing this header.
Example: xConfiguration Zones Zone 3 Neighbor SIP PreloadedSipRoutes Accept: On
|
xConfiguration Zones Zone [1..1000] TraversalClient SIP Protocol: <Assent/TURN/ICE>
Determines which firewall traversal protocol will be used for SIP calls to and from the traversal server. Note: the same protocol
must be set on the server for calls to and from this traversal client. Default: Assent.
Example: xConfiguration Zones Zone 4 TraversalClient SIP Protocol: Assent
|
xConfiguration Zones Zone [1..1000] TraversalClient SIP TLS Verify Mode: <On/Off>
Controls X.509 certificate checking and mutual authentication between this Expressway and the traversal server. When enabled,
the server's FQDN or IP address, as specified in the Peer address field, must be contained within the server's X.509 certificate
(in either the Subject Common Name or the Subject Alternative Name attributes). Default: Off.
Example: xConfiguration Zones Zone 4 TraversalClient SIP TLS Verify Mode: On
|
xConfiguration Zones Zone [1..1000] TraversalClient SIP Transport: <TCP/TLS>
Determines which transport type will be used for SIP calls to and from the traversal server. Default: TLS .
Example: xConfiguration Zones Zone 4 TraversalClient SIP Transport: TLS
|
xConfiguration Zones Zone [1..1000] TraversalServer Authentication Mode: <DoNotCheckCredentials/TreatAsAuthenticated/CheckCredentials>
Controls how the Expressway authenticates incoming messages from this zone and whether they are subsequently treated as authenticated,
unauthenticated, or are rejected. The behavior varies for H.323 messages, SIP messages that originate from a local domain
and SIP messages that originate from non-local domains. Default: DoNotCheckCredentials.
Example: xConfiguration Zones Zone 5 TraversalServer Authentication Mode: DoNotCheckCredentials
|
xConfiguration Zones Zone [1..1000] TraversalServer Authentication UserName: <S: 0,128>
The name used by the traversal client when authenticating with the traversal server. If the traversal client is an Expressway,
this must be the Expressway’s authentication user name. If the traversal client is a gatekeeper, this must be the gatekeeper’s
System Name.
Example: xConfiguration Zones Zone 5 TraversalServer Authentication UserName: "User123"
|
xConfiguration Zones Zone [1..1000] TraversalServer H323 H46019 Demultiplexing Mode: <On/Off>
Determines whether the Expressway will operate in demultiplexing mode for calls from the traversal client. Default: Off .
On: allows use of the same two ports for all calls.
Off: each call will use a separate pair of ports for media.
Example: xConfiguration Zones Zone 5 TraversalServer H323 H46019 Demultiplexing Mode: Off
|
xConfiguration Zones Zone [1..1000] TraversalServer H323 Port: <1024..65534>
Specifies the port on the Expressway being used for H.323 firewall traversal from this traversal client. Default: 6001, incrementing
by 1 for each new zone.
Example: xConfiguration Zones Zone 5 TraversalServer H323 Port: 2777
|
xConfiguration Zones Zone [1..1000] TraversalServer H323 Protocol: <Assent/H46018>
Determines which of the two firewall traversal protocols will be used for calls to and from the traversal client. Note: the
same protocol must be set on the client for calls to and from this traversal server. Default: Assent .
Example: xConfiguration Zones Zone 5 TraversalServer H323 Protocol: Assent
|
xConfiguration Zones Zone [1..1000] TraversalServer Registrations: <Allow/Deny>
Controls whether proxied SIP registrations routed through this zone are accepted. Default: Allow .
Example: xConfiguration Zones Zone 5 TraversalServer Registrations: Allow
|
xConfiguration Zones Zone [1..1000] TraversalServer SIP SipUpdateRefresh Support: <Off/On>
Determines whether session refresh by SIP UPDATE message is supported in this zone.
On: This zone sends SIP UPDATE messages for SIP session refresh.
Off: This zone does not send SIP UPDATE messages for SIP session refresh.
Default: Off.
Example: xConfiguration Zones Zone 1 TraversalServer SIP SipUpdateRefresh Support: On
|
xConfiguration Zones Zone [1..1000] TraversalServer SIP Media AesGcm Support: <Off/On>
Enables AES GCM algorithms to encrypt/decrypt media passing through this zone. Default: Off.
Example: xConfiguration Zones Zone 1 TraversalServer SIP Media AesGcm Support: On
|
xConfiguration Zones Zone [1..1000] TraversalServer SIP Media Encryption Mode: <Off/On/BestEffort/Auto>
The media encryption policy applied by the Expressway for SIP calls (including interworked calls) to and from this zone. Default:
Auto
On: All media must be encrypted.
Off: All media must be unencrypted.
BestEffort: Use encryption if available otherwise fallback to unencrypted media.
Auto: No media encryption policy is applied.
Example: xConfiguration Zones Zone 5 TraversalServer SIP Media Encryption Mode: Auto
|
xConfiguration Zones Zone [1..1000] TraversalServer SIP Media ICE Support: <On/Off>
Controls whether ICE is supported by the devices in the zone. Default: Off
On: This zone supports ICE.
Off: This zone does not supports ICE.
Example: xConfiguration Zones Zone 5 TraversalServer SIP Media ICE Support: On
|
xConfiguration Zones Zone [1..1000] TraversalServer SIP Media ICEPassThrough Support: <On/Off>
Controls whether ICE Pass Through is supported by the devices in the zone. Default: Off
On: This zone supports ICE Pass Through.
Off: This zone does not supports ICE Pass Through.
Example: xConfiguration Zones Zone 5 TraversalServer SIP Media ICEPassThrough Support: On
|
xConfiguration Zones Zone [1..1000] TraversalServer SIP Multistream Mode: <Off/On>
Controls if the Expressway allows Multistream to and from devices in this zone. Default: On
On: allow Multistream
Off: disallow Multistream.
Example: xConfiguration Zones Zone 1 TraversalServer SIP Multistream Mode: Off
|
xConfiguration Zones Zone [1..1000] TraversalServer SIP Poison Mode: <On/Off>
Controls whether SIP requests sent out to this zone are "poisoned" such that if they are received by the local Expressway
again they will be rejected. Default: Off .
On: SIP requests sent out via this zone that are received again by this Expressway will be rejected.
Off: SIP requests sent out via this zone that are received by this Expressway again will be processed as normal.
Example: xConfiguration Zones Zone 5 TraversalServer SIP Poison Mode: Off
|
xConfiguration Zones Zone [1..1000] TraversalServer SIP Port: <1024..65534>
The port on the Expressway being used for SIP firewall traversal from this traversal client. Default: 7001, incrementing by
1 for each new zone.
Example: xConfiguration Zones Zone 5 TraversalServer SIP Port: 5061
|
xConfiguration Zones Zone [1..1000] TraversalServer SIP PreloadedSipRoutes Accept: <Off/On>
Switch Preloaded SIP routes support On to enable this zone to process SIP INVITE requests that contain the Route header. Switch
Preloaded SIP routes support Off if you want the zone to reject SIP INVITE requests containing this header.
Example: xConfiguration Zones Zone 3 Neighbor SIP PreloadedSipRoutes Accept: On
|
xConfiguration Zones Zone [1..1000] TraversalServer SIP Protocol: <Assent/TURN/ICE>
Determines which firewall traversal protocol will be used for SIP calls to and from the traversal client. Note: the same protocol
must be set on the client for calls to and from this traversal server. Default: Assent.
Example: xConfiguration Zones Zone 5 TraversalServer SIP Protocol: Assent
|
xConfiguration Zones Zone [1..1000] TraversalServer SIP TLS Verify Mode: <On/Off>
Controls X.509 certificate checking and mutual authentication between this Expressway and the traversal client. If enabled,
a TLS verify subject name must be specified. Default: Off.
Example: xConfiguration Zones Zone 5 TraversalServer SIP TLS Verify Mode: On
|
xConfiguration Zones Zone [1..1000] TraversalServer SIP TLS Verify Subject Name: <S: 0,128>
The certificate holder's name to look for in the traversal client's X.509 certificate (must be in either the Subject Common
Name or the Subject Alternative Name attributes).
Example: xConfiguration Zones Zone 5 TraversalServer SIP TLS Verify Subject Name: "myclientname"
|
xConfiguration Zones Zone [1..1000] TraversalServer SIP Transport: <TCP/TLS>
Determines which of the two transport types will be used for SIP calls between the traversal client and Expressway. Default:
TLS .
Example: xConfiguration Zones Zone 5 TraversalServer SIP Transport: TLS
|
xConfiguration Zones Zone [1..1000] TraversalServer TCPProbe KeepAliveInterval: <1..65534>
Sets the interval (in seconds) with which the traversal client will send a TCP probe to the Expressway once a call is established,
in order to keep the firewall’s NAT bindings open. Default: 20.
Example: xConfiguration Zones Zone 5 TraversalServer TCPProbe KeepAliveInterval: 20
|
xConfiguration Zones Zone [1..1000] TraversalServer TCPProbe RetryCount: <1..65534>
Sets the number of times the traversal client will attempt to send a TCP probe to the Expressway. Default: 5 .
Example: xConfiguration Zones Zone 5 TraversalServer TCPProbe RetryCount: 5
|
xConfiguration Zones Zone [1..1000] TraversalServer TCPProbe RetryInterval: <1..65534>
Sets the frequency (in seconds ) with which the traversal client will send a TCP probe to the Expressway. Default: 2 .
Example: xConfiguration Zones Zone 5 TraversalServer TCPProbe RetryInterval: 2
|
xConfiguration Zones Zone [1..1000] TraversalServer UDPProbe KeepAliveInterval: <1..65534>
Sets the interval (in seconds) with which the traversal client will send a UDP probe to the Expressway once a call is established,
in order to keep the firewall’s NAT bindings open. Default: 20.
Example: xConfiguration Zones Zone 5 TraversalServer UDPProbe KeepAliveInterval: 20
|
xConfiguration Zones Zone [1..1000] TraversalServer UDPProbe RetryCount: <1..65534>
Sets the number of times the traversal client will attempt to send a UDP probe to the Expressway. Default: 5.
Example: xConfiguration Zones Zone 5 TraversalServer UDPProbe RetryCount: 5
|
xConfiguration Zones Zone [1..1000] TraversalServer UDPProbe RetryInterval: <1..65534>
Sets the frequency (in seconds) with which the traversal client will send a UDP probe to the Expressway. Default: 2.
Example: xConfiguration Zones Zone 5 TraversalServer UDPProbe RetryInterval: 2
|
xConfiguration Zones Zone [1..1000] Type: <Neighbor/TraversalClient/TraversalServer/ENUM/DNS>
Determines the nature of the specified zone, in relation to the local Expressway.
Neighbor: the new zone will be a neighbor of the local Expressway.
TraversalClient: there is a firewall between the zones, and the local Expressway is a traversal client of the new zone.
TraversalServer: there is a firewall between the zones and the local Expressway is a traversal server for the new zone.
ENUM: the new zone contains endpoints discoverable by ENUM lookup.
DNS: the new zone contains endpoints discoverable by DNS lookup.
Example: xConfiguration Zones Zone 3 Type: Neighbor
|
xConfiguration license smart debug: <error/trace/debug/all>
Enables debugging for Smart Licensing. Default: Error.
Error: Logs errors encountered in Smart Licensing.
Trace: Logs trace messages during normal Smart Licensing operations.
Debug: Logs debug messages.
All: Enables all three levels. (Peer-specific)
Example: xConfiguration license smart debug: all
|
xConfiguration license smart deregister: <On/Off>
The product reverts to evaluation mode providing the evaluation period has not expired. All license entitlements used for
the product are released immediately to the virtual account and are available for other product instances to use it. (Peer-specific)
Example: xConfiguration license smart deregister: On
|
xConfiguration license smart enable mode: <On/Off>
Enables Smart Licensing on this product instance. Default: Off.
On: Smart Licensing is used for managing the licenses.
Off: Traditional PAK-based licensing is used for managing the licenses. Once Smart Licensing is set to On, it cannot be set to
Off using the web interface. To disable Smart Licensing and use traditional licensing, do a system reset. Default: Off. (Peer-specific)
Example: xConfiguration license smart enable: On
|
xConfiguration license smart privacy: <none/all/hostname/version>
Use if hostname and IP address of this product instance must not be exchanged with the Cisco Smart Software Manager or Cisco
Smart Software Manager Satellite. (Peer-specific)
Example: xConfiguration license smart privacy: all
|
xConfiguration license smart register idtoken: <String>
Use the Product Instance Registration token that you generated from Smart Software Manager or your Smart Software Manager
satellite to register the product. (Peer-specific)
Example: xConfiguration license smart register idtoken: <Token>
|
xConfiguration license smart renew ID: <On/Off>
Perform this operation if automatic registration renewal fails due to network connectivity issues with Cisco Smart Software
Manager. (Peer-specific)
Example: xConfiguration license smart renew ID: On
|
xConfiguration license smart renew auth: <On/Off>
Perform this operation if automatic authorization status renewal failed due to network connectivity issues with Cisco Smart
Software Manager. (Peer-specific)
Example: xConfiguration license smart renew auth: On
|
xConfiguration license smart transport: <direct/satellite>
Determines how this product instance communicate with Cisco Smart Software Manager to send and receive usage information.
Direct: Communicates directly over the internet to the Cisco Smart Software Manager.
Satellite: Communicates through a Smart Software Manager satellite deployed on your premises.
Example: xConfiguration license smart transport: direct
|
xConfiguration license smart reregister: <String>
Perform this operation to reregister the product instance in the following cases: Previous registration attempt of this product
instance failed due to network connectivity issue and you want to reregister after resolving this issue. To reregister the
product instance, already registered with a virtual account, to a different virtual account. (Peer-specific)
Example: xConfiguration license smart reregister: <Token>
|
xConfiguration license smart url: <String>
Enter the URL of the Cisco Smart Software Manager satellite server. (Peer-specific)
Example: xConfiguration license smart url: http://www.alpha.crate.cisco.com/Transport gateway
|