User's Manual
Table Of Contents
- 1 Introduction
- 2 IP Security
- 3 Configuration
- 3.1 Requirements
- 3.2 Access the GUI
- 3.3 GUI Web Access
- 3.4 Configure the Mobility Master
- 3.5 Configure the Standby Mobility Master
- 3.6 Configure the Pari Master
- 3.7 Configure the Standby Pari Master
- 3.8 Configure the Master
- 3.9 Configure the Standby Master
- 3.10 Plug and Play Configuration
- 3.11 Configure the Radio
- 3.12 Configure Deployment
- 3.13 Add Users
- 4 Operation
- 4.1.1 Name the IPBS and IPBL
- 4.1.2 Change User Name and Password
- 4.1.3 Centralized Management of Administrator and Auditor Accounts Using Kerberos
- 4.1.4 Configure the NTP Settings
- 4.1.5 Certificates
- 4.1.6 License
- 4.2.1 Set DHCP Mode
- 4.2.2 Set a Static IP Address
- 4.2.3 Dynamic IP address via DHCP
- 4.2.4 Link
- 4.2.5 Configure VLAN
- 4.2.6 View LAN Statistics
- 4.2.7 Enable RSTP (only for IPBL)
- 4.2.8 Deactivate LAN Port (only for IPBL)
- 4.3.1 Configure IP Settings
- 4.3.2 Routing
- 4.4.1 Configure LDAP Server
- 4.4.2 Check LDAP Server Status
- 4.4.3 Configure LDAP Replicator
- 4.4.4 Check LDAP Replicator Status
- 4.4.5 Expert tool
- 4.5.1 Change System Name and Password
- 4.5.2 Set Subscription Method
- 4.5.3 Configure Authentication Code
- 4.5.4 Select Tones
- 4.5.5 Set Default Language
- 4.5.6 Set Frequency Band
- 4.5.7 Enable Carriers
- 4.5.8 Local R-Key Handling
- 4.5.9 No Transfer on Hangup
- 4.5.10 No On-Hold Display
- 4.5.11 Display Original Called
- 4.5.12 Early Encryption
- 4.5.13 Configure Coder
- 4.5.14 Secure RTP
- 4.5.15 Configure Supplementary Services
- 4.5.16 Select Mode
- 4.5.17 Set Master Id
- 4.5.18 Enable PARI Function
- 4.5.19 Set Region Code
- 4.5.20 Configure Gatekeeper
- 4.5.21 Registration for Anonymous Devices
- 4.5.22 Conferencing Unit
- 4.5.23 Select Crypto Master Mode
- 4.5.24 Select Mobility Master Mode
- 4.5.25 Connect Mobility Master to other Mobility Master(s)
- 4.5.26 Disconnect Mobility Master from other Mobility Master(s)
- 4.5.27 Connect Mobility Master to a Crypto Master
- 4.5.28 Connect Master to a Mobility Master
- 4.5.29 Enable the Radio
- 4.5.30 Enter IP Address to the PARI Master and the Standby PARI Master
- 4.5.31 Multiple Radio Configuration
- 4.5.32 PARI
- 4.5.33 SARI
- 4.5.34 Configure Air Synchronization
- 4.6.1 Add instance id to the user registration with the IP-PBX
- 4.6.2 IP-PBX supports redirection of registration when registered to alternative proxy
- 4.6.3 Use local contact port as source port for TCP and TLS connections
- 4.6.4 Session Timer (initial value)
- 4.7.1 Configure Messaging
- 4.7.2 Device Management
- 4.7.3 Service Discovery
- 4.7.4 Send Status Log
- 4.7.5 Module Fault List
- 4.8.1 Configure Automatic Firmware Update
- 4.8.2 Configure Logging
- 4.8.3 Configure the HTTP settings
- 4.8.4 Configure the HTTP Client settings
- 4.8.5 SNMP
- 4.8.6 Phonebook
- 4.8.7 Configure IP-DECT to Connect to a Presence System Using ICP
- 4.9.1 Show all Registered Users in the IP-DECT System
- 4.9.2 Search for User Information
- 4.9.3 Add a User
- 4.9.4 Add a User Administrator
- 4.9.5 Export the Users to a csv file
- 4.9.6 Show Anonymous
- 4.10.1 Radios
- 4.10.2 RFPs
- 4.10.3 Sync Ring
- 4.10.4 Sync Ports
- 4.10.5 Air Sync
- 4.10.6 Sync Lost Counter in IPBS
- 4.11.1 Air Sync Overview
- 4.11.2 Disturbances
- 4.11.3 Status
- 4.12.1 Display All Ongoing Calls in the System
- 4.12.2 Display Calls
- 4.12.3 Handover
- 4.13.1 General
- 4.13.2 Interfaces
- 4.13.3 SIP Interfaces
- 4.13.4 Gatekeeper Interfaces
- 4.13.5 Routes – Configuration
- 4.13.6 Show Active Calls
- 4.15.1 Before Upgrading
- 4.15.2 Upgrading Sequence
- 4.15.3 Software Upgrade from 2.X.X
- 4.15.4 Software Upgrade
- 4.15.5 Configuration After Updating the Firmware From Software Version 2.X.X to Later
- 4.15.6 Configuration After Updating the Firmware From Software Version 3.X.X to Later
- 4.21.1 Update Configuration
- 4.21.2 Update Firmware
- 4.21.3 Update the Boot File
- 4.21.4 Update the RFPs
- 4.26.1 Logging
- 4.26.2 Tracing
- 4.26.3 Alarms
- 4.26.4 Events
- 4.26.5 Performance
- 4.26.6 Config Show
- 4.26.7 Ping
- 4.26.8 Traceroute
- 4.26.9 Environment
- 4.26.10 RFP Scan
- 4.26.11 Service Report
- 4.27.1 Idle Reset
- 4.27.2 Immediate Reset
- 4.27.3 TFTP Mode
- 4.27.4 Boot
- 5 Commissioning
- 6 Troubleshooting
- 7 Related Documents
- Document History
- Appendix A: How to Configure and Use the Update Server
- Appendix B: Local R-Key Handling
- Appendix C: Database Maintenance
- Appendix D: Load Balancing
- Appendix E: Update Script for Configuration of Kerberos Clients
- Appendix F: Install Certificate in the Web Browser
- Appendix G: Used IP Ports
- Appendix H: Configure DHCP Options
TD 92579EN
15 October 2014 / Ver. M
Installation and Operation Manual
IP-DECT Base Station & IP-DECT Gateway (software version 7.2.X)
31
(recommended).
Enable AES and RC4: Select the Enable A
ES and RC4 check box.
Overwrite existing: Select the Ov
erwrite existing check box (optional).
5Go to the Authentication Se
rvers section.
6In the Realm/Domain
text field, enter the realm name specified in the Kerberos
server.
7In the Address
text field, enter the IP address of the Kerberos server. In the Kerberos
server enter 127.0.0.1 (localhost) as the IP address. The Port and the Admin Port
text fields are filled out automatically with default ports. Note: If other than default
ports are used, in the text fields replace the default ports with the other ports.
8In the Seco
ndary Address text field, enter the IP address of the secondary Kerberos
server. In the secondary Kerberos server enter 127.0.0.1 (localhost) as the IP
address. The Secondary Port and the Secondary Admin Port text fields are filled out
automatically with default ports. Note: If other than default ports are used, in the
text fields replace the default ports with the other ports.
9 Click "OK".
Log in using Kerberos
1 Make sure that secure HTTPS protocol is used when logging in.
2 Login on the client using a server account. When prompted for user name, the
n
ame of the realm has to be entered in front of the user name, separated by a
backslash in the following way: REALM\username or username@REALM.
Disable local authentication
It is recommended to disable
local authentication after Kerberos authentication is
configured. It provides additional security and it is much easier to change the password of
a user account or delete a compromised user account on the Kerberos server than
changing the local user accounts on each IPBS/IPBL.
IMPORTANT: Make
sure that the Kerberos authentication is working properly before
disabling local authentication. If the Kerberos authentication is not
working and local authentication is disabled it is not possible to access the
IPBS/IPBL in any other way.
1In the Delegat
ed Authentication section select the Disable local authentication
check box.
2 Click "OK".
Configure cross-realm authentication
Cross-realm authentication is used to authent
icate users from another trusted realm. In
this way it is possible for IP-DECT users to login to the IPBS/IPBL using their Windows user
name and password in the Active Directory (AD). Security policies of the AD can then be
used in IP-DECT. The trust relationship between the two realms is confirmed by
configuring a shared password on both servers in the realms. This password is used to
encrypt communication between the realms. To configure cross-realm authentication, do
the following:
Requirements for IPBS1, IPBS2 and IPBL:
• Software version 6.1.X and later
• NTP configured