Introduction

Security is very important in VoIP installations, the Hybird 120 GE has different security mechanism, here we explain the most important information needed for VoIP security.

  • Only Registrations from Private networks are allowed. (A & B)
    • 192.168.0.0 - 192.168.255.255
    • 172.16.0.0 - 172.31.255.255
    • 10.0.0.0 - 10.255.255.255
  • SIP registrations from the Internet are not allowed (B)
  • If SIP registration is not expired then a new SIP registration from different IP address is not allowed. (A)

 

By default the system will not allow any SIP registrations from the Internet and therefore the highest security against Hackers.

 

 

Important

When a VoIP devices is registered to the PBX and the device restarts, it can happen that the DHCP server will give a new IP address to this device. The device will then try again the register itself but the following can happen.

  • Registration is not expired, new Registration will be blocked.
  • Registration is expired, new Registration is accepted.

This behaviour is mostly seen when the DHCP server is not the Hybird 120 GE. When the Hybird 120 Gigaset edition is the DHCP server then the device will get the same IP address and then there is no problem.

To solve this you can:

  • Make sure that DHCP leases are done and the device will always get the same IP address.
  • Decrease the SIP registration timer to 60 seconds.
  • Reboot the System to make registration possible again.

 

The above default settings can be changed in the system.

Locations

In the VoIP->Settings->Locations menu you configure the locations of the VoIP subscribers who have been configured on your system, and define the bandwidth management for the VoIP traffic.

Individual locations can be set up for using the bandwidth management. A location is identified from its fixed IP address or DynDNS address or from the interface to which the device is connected. The available VoIP bandwidth (up- and downstream) can then be set up for
each location.

VoIP->Settings->Locations
Fields in the Registration behavior for VoIP subscribers without assigned location menu.

FieldDescription
Default Behavior

Specify how the system is to proceed when registering VoIP subscribers for whom no location has been defined.
Possible values:
Registration for private Networks Only (default value): The VoIP subscriber is only registered if located within
the private network.
No Registration: The VoIP subscriber is never registered.
Unrestricted Registration The VoIP subscriber is always registered.

 

Edit or New

VoIP->Settings->Locations->New

The menu VoIP->Settings->Locations->New consists of the following fields:

FieldDescription
DescriptionEnter the description of the entry.
Parent Location

You can cascade the SIP locations as you wish. Define here which SIP location that has been defined constitutes the high level node for the SIP location to be configured here.

Type

Select whether the location is to be defined through IP addresses / DNS names or interfaces.
Possible values:
Addresses (default value): The SIP location is defined via IP addresses or DNS names.
Interfaces: The SIP location is defined via the available interfaces.

Addresses

Only for Type = Addresses

Enter the IP addresses of the devices at the SIP locations.

Click Add to configure new addresses.

Enter the IP address or DNS name that you want under IP Address/DNS Name.

Also enter the required Netmask.

Interfaces

Only for Type = Interfaces

Indicate the interfaces to which the devices of a SIP location are connected.

Click Add to select a new interface.

Under Interface, select the interface you want.

Upstream Bandwidth Limitation

Determine whether the upstream bandwidth is to be restricted.

The bandwidth is reduced with Enabled.

The function is disabled by default.

Maximum Upstream Bandwidth

Enter the maximum data rate in the send direction in kBits per second.

Downstream Bandwidth Limitation

Determine whether the downstream bandwidth is to be restricted.

The bandwidth is reduced with Enabled.

The function is disabled by default.

Maximum Downstream Bandwidth

Enter the maximum data rate in the receive direction in kBits per second.

DSCP Settings for rtp Traffic

Select the Type of Service (TOS) for RTP data.
Possible values:
DSCP Binary Value: Differentiated Services Code Point according to RFC 3260 is used to signal the priority of IP packets (indicated in binary format, 6 bit).
DSCP Decimal Value: Differentiated Services Code Point according to RFC 3260 is used to signal the priority of IP packets (indicated in decimal format).
DSCP Hexadecimal Value: Differentiated Services Code Point according to RFC 3260 is used to signal the priority of IP packets (indicated in hexadecimal format).
TOS Binary Value: The TOS value is specified in binary format, e.g. 00111111.
TOS Decimal Value: The TOS value is specified in decimal format, e.g. 63.
TOS Hexadecimal Value: The TOS value is specified in hexadecimal format, e.g. 3F.

 

 

  • No labels