Poly VBP 7301 Series Administrator Guide

  • Hello! I am an AI chatbot trained to assist you with the Poly VBP 7301 Series Administrator Guide. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
14.1.1 | March 2015 | 3725-78312-001A
ADMINISTRATOR GUIDE
Polycom
®
Video Border Proxy
(VBP™) 7301
Copyright
©
2015, Polycom, Inc. All rights reserved. No part of this document may be reproduced, translated into another
language or format, or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the
express written permission of Polycom, Inc.
6001 America Center Drive
San Jose, CA 95002
USA
Trademarks Polycom
®
, the Polycom logo and the names and marks associated with Polycom products are
trademarks and/or service marks of Polycom, Inc. and are registered and/or common law marks in the United States
and various other countries.
All other trademarks are property of their respective owners. No portion hereof may be reproduced or transmitted in any
form or by any means, for any purpose other than the recipient's personal use, without the express written permission
of Polycom.
End User License Agreement By installing, copying, or otherwise using this product, you acknowledge that you
have read, understand and agree to be bound by the terms and conditions of the End User License Agreement for this
product. The EULA for this product is available on the Polycom Support page for the product.
Patent Information The accompanying product may be protected by one or more U.S. and foreign patents and/or
pending patent applications held by Polycom, Inc.
Open Source Software Used in this Product This product may contain open source software. You may receive
the open source software from Polycom up to three (3) years after the distribution date of the applicable product or
software at a charge not greater than the cost to Polycom of shipping or distributing the software to you. To receive
software information, as well as the open source software code used in this product, contact Polycom by email at
Disclaimer While Polycom uses reasonable efforts to include accurate and up-to-date information in this document,
Polycom makes no warranties or representations as to its accuracy. Polycom assumes no liability or responsibility for
any typographical or other errors or omissions in the content of this document.
Limitation of Liability Polycom and/or its respective suppliers make no representations about the suitability of the
information contained in this document for any purpose. Information is provided "as is" without warranty of any kind and
is subject to change without notice. The entire risk arising out of its use remains with the recipient. In no event shall
Polycom and/or its respective suppliers be liable for any direct, consequential, incidental, special, punitive or other
damages whatsoever (including without limitation, damages for loss of business profits, business interruption, or loss of
business information), even if Polycom has been advised of the possibility of such damages.
Customer Feedback We are striving to improve our documentation quality and we appreciate your feedback. Email
your opinions and comments to [email protected].
Polycom Support Visit the Polycom Support Center for End User License Agreements, software downloads,
product documents, product licenses, troubleshooting tips, service requests, and more.
© 2015 Polycom, Inc. All Rights Reserved. 1
Contents
About This Guide
Typographic Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Online Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Document Organization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
1
Getting Started
About the VBP 7301 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Accessing the VBP 7301 Web-Based GUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Connecting to the Polycom VBP 7301 for the First Time. . . . . . . . . . . . . . . . . . . . . . 5
2
System Administration
Using the Admin Page. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Viewing and Editing the License Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Where Do I Find My License Key? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
What If I Lose My License Key? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
How Do I Purchase an Upgrade License Key?. . . . . . . . . . . . . . . . . . . . . . . 10
Configuring Backup and Restore. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Creating a New Backup Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Restoring a Previous Backup Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Uploading a Backup Configuration File to Your Local Drive. . . . . . . . . . . . . . . 16
Downloading the Saved Configuration to a Local Computer . . . . . . . . . . . . . . . 16
Upgrading Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Automatic Firmware Recovery. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Configuring RADIUS Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
About RADIUS Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Using the RADIUS Settings Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Configuring TACACS+. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
About TACACS+ Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
TACACS+ and RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
TACACS+ Authentication Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
TACACS+ Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Enabling TACACS+ Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Configure TACACS+ Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
TACACS+ Authentication User File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Services Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
About SNMP Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Customizing Services Accessible on the VBP 7301 . . . . . . . . . . . . . . . . . . . . . . 29
Configuring SNMPv1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Polycom VBP 7301 Administrator Guide
2 © 2015 Polycom, Inc. All Rights Reserved.
Configuring SNMPv3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Configuring SNMP Common Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Configuring Remote System Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Managing the Source Address and Hostname . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Viewing System Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Configuring Time and Date Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Configuring Settings With User Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Rebooting the System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
3
Network Deployment
Using the Network Configuration Page. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Configuring WAN IPv6 Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
IPv6 Static IP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
IPv6 in IPv4 Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Configuring WAN Interface IPv4 Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
IPv4 DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
IPv4 Static IP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
IPv4 VLAN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Configuring the Default Gateway. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Configuring DNS Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Configuring VLAN Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Enabling VLAN Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Creating a New VLAN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Configuring WAN VLAN Interface Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Enabling WAN VLAN Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Separating Data and Voice into Different VLANs. . . . . . . . . . . . . . . . . . . . . . . . 56
Configuring Additional WAN-side VLANs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Enabling the Management Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Configuring High Availability. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Configuring High Availability Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Managing Switch Ports Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Creating Static Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Configuring Dynamic DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Viewing Network Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Initiating a Network Restart. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Using Network Test Tools. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Performing a Ping Test. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Performing a Traceroute Test. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Configuring Firewall Traversal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Updating a Certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Viewing the Current Status of the Firewall Traversal Sub-System . . . . . . . . . . . 77
Contents
© 2015 Polycom, Inc. All Rights Reserved. 3
Firewall Traversal Operating Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Configuring Internal Client Mode Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Configuring External Server Mode Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Configuring the Static Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Configuring Diffie-Hellman Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Configuring Remote Client Mode Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Router Advertisement Server (IPv6) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
4
User Management
Managing User Accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
User Account Status Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Admin Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Locked Accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Access Server and SIP Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
User Account Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Filtering the User Accounts List. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Viewing User Account Details. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Adding a User. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Creating an Administrative/Management User. . . . . . . . . . . . . . . . . . . . . . 100
Adding An Administrative/Management User . . . . . . . . . . . . . . . . . . . . . . 100
Creating an Access Server User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Creating a SIP User. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Password Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Password Rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Support for Default Password Change and Strong Password Enforcement. . . . 104
Changing Password Complexity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Changing the Admin Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Changing the Root User Password. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Changing a User Account Password. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Managing VBP 7301 Login Session Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Managing Active Sessions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Configuring the Message of the Day (MOTD) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Configure MOTD Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
5
Configuring System Security
Understanding the System Firewall. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
VBP 7301 Security Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
H.323 Security Model. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
SIP Security Model. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
VBP 7301 Firewall Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Solving NAT issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Ports and Protocols Required . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Polycom VBP 7301 Administrator Guide
4 © 2015 Polycom, Inc. All Rights Reserved.
CERT Advisory CA-2004-01 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Configuring Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Firewall Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Managing Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Understanding the Certificate List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Understanding VoIP Traversal Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Creating Security Certificates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Generating a CSR for VoIP Traversal. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Creating a New VoIP Traversal Server Certificate. . . . . . . . . . . . . . . . . . . 134
Creating a New VoIP Traversal Client Certificate . . . . . . . . . . . . . . . . . . . 136
Downloading the VoIP Traversal Certificate and Key . . . . . . . . . . . . . . . . 137
Uploading a Signed Certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Configuring HTTPS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Configuring Trusted Hosts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
Adding a Host or Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
6
Configuring VoIP Settings
VoIP ALG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Configuring VoIP ALG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Configuring the Access Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Modifying Bandwidth Settings for the Access Server . . . . . . . . . . . . . . . . . . . . 156
Viewing the Active Access Server Clients List. . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Configuring Access Proxy Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Configuring LAN-side Access Proxy Mode Settings. . . . . . . . . . . . . . . . . . . . . 163
Configuring WAN-side Access Proxy Mode Settings . . . . . . . . . . . . . . . . . . . . 165
Configuring H.323 Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
Configuring Embedded Gatekeeper Mode Settings. . . . . . . . . . . . . . . . . . . . . . 168
Configuring WAN-side Gatekeeper Mode Settings. . . . . . . . . . . . . . . . . . . . . . 174
Configuring LAN-Side Gatekeeper Mode Settings . . . . . . . . . . . . . . . . . . . . . . 177
Configuring Peering-Proxy Mode Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
Managing H.323 Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
Viewing the H.323 Activity Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
H.323 Call Activity Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
H.323 Alias Manipulation and Prefix Routing. . . . . . . . . . . . . . . . . . . . . . . . . . 192
Regular Expressions and Expression Examples . . . . . . . . . . . . . . . . . . . . . 194
Configuring H.323 Alias Manipulation Rules . . . . . . . . . . . . . . . . . . . . . . 195
Viewing Active H.323 Call Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
Terminating a Call. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Configuring H.323 Neighboring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Configuring H.323 Registration Rules - Whitelist/Blacklist Settings . . . . . . . . 203
Adding a New Blacklist Entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
Adding a New Whitelist Static-Only Entry. . . . . . . . . . . . . . . . . . . . . . . . . 205
Contents
© 2015 Polycom, Inc. All Rights Reserved. 5
Adding a New Whitelist Static/Dynamic Entry . . . . . . . . . . . . . . . . . . . . . 206
Configuring H.323 B2B Rules - Whitelist/Blacklist Settings . . . . . . . . . . . . . . 207
Adding a New B2B Blacklist Entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
Adding a New B2B Whitelist Entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
Managing the H.323 Clients List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Navigating to the H.323 Clients List. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Configuring SIP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Managing SIP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
None - SIP Settings Disabled . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
WAN-side SIP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
LAN-side SIP Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
Embedded SIP Server Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
Configuring VoIP SIP B2BUA Trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
Configuring Trunking Devices for the VBP 7301 . . . . . . . . . . . . . . . . . . . 224
Creating a New Trunking Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
Managing B2BUA Actions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Managing B2BUA Pattern and Digit Matching . . . . . . . . . . . . . . . . . . . . . 228
Managing B2BUA Credentials and Registration . . . . . . . . . . . . . . . . . . . . 231
Header Manipulation Language . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
Configuring SIP Settings - Whitelist/Blacklist. . . . . . . . . . . . . . . . . . . . . . . . . . 236
Configuring the SIP Blacklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
Configuring the SIP Whitelist. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
Configuring the SIP Clients List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
Viewing SIP Call Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242
Glossary
© 2015 Polycom, Inc. All Rights Reserved. 6
About This Guide
The Polycom
®
Video Border Proxy (VBP™) 7301 enables small and midsize
business (SMB) and Enterprise customers to deploy a single appliance for
secure and reliable video conferencing that enhances the communication
experience and improves productivity.
This guide provides instructions for using the VBP 7301 web-based
graphical user interface (GUI) to manage the appliance. You can configure
a wide range of network services and you can enable or disable specific
services based on the requirements of your network.
This guide is intended for network installers, network operators, and
system administrators, and assumes you have already installed and cabled
your device according to the instructions in the Polycom
®
Video Border
Proxy (VBP™) 7301 Hardware Installation Guide.
Typographic Conventions
This manual uses the following conventions:
User input is displayed in boldface type and can represent either keyboard
input, mouse selections in a browser window, and buttons on the GUI,
depending on the context. For example, the notation File > Open... means
that you first click the File menu and then select Open... from the
sub-menu in the GUI.
Command Line Interface (CLI) text is shown in
courier font.
Note
Notes highlight information that is important or that has special interest.
Tip
Tips provide additional information that is helpful in performing a particular
task but is not mandatory to perform the task.
Caution
Cautions alert you of actions or events that may cause system damage or
loss of data.
Warning
Warnings alert you of actions or events that may cause bodily harm.
Polycom VBP 7301 Administrator Guide
7 © 2015 Polycom, Inc. All Rights Reserved.
Online Help
The VBP 7301 GUI includes a Help link on each page which provides
information and tips for configuring settings on the page. The online help
may also include links to other GUI pages for performing related functions.
To access the online help, simply click the Help link at the top of the page.
Figure 1 VBP 7301 Online Help
Polycom VBP 7301 Administrator Guide About This Guide
© 2015 Polycom, Inc. All Rights Reserved. 8
Document Organization
Chapter Description
Chapter 3, Getting Started Provides an overview of the VBP 7301
features and instructions for how to access
the VBP 7301 web GUI and change the
admin and root user password.
Chapter 2, System
Administration
Describes common tasks performed by
system administrators and technical
support personnel to manage system
settings for the VBP 7301.
Chapter 3, Network
Deployment
Provides instructions for configuring the
VBP 7301 to support a wide range of
multimedia network services.
Chapter 4, User
Management
Provides instructions for managing user
accounts, configuring settings for log in
sessions, and configuring the message of
the day.
Chapter 5, Configuring
System Security
Describes how to configure security
features on the VBP 7301 including how to
configure basic WAN firewall settings,
managing certificates, configuring HTTPS,
and configuring trusted hosts.
Chapter 6, Configuring
VoIP Settings
Provides instructions for configuring the
Voice over IP (VoIP) Application Layer
Gateway (ALG) on the VBP 7301,
configuring Access Proxy, Access Proxy,
and H.323 settings, configuring SIP
protocol settings, and
configuring/managing the client list, client
policy, and client penalty box.
Glossary Provides definitions of commonly-used
acronyms and terms used in this guide.
© 2015 Polycom, Inc. All Rights Reserved. 9
1
Getting Started
This chapter will help you get started using the Polycom
®
Video Border
Proxy (VBP™) 7301.
About the VBP 7301
Accessing the VBP 7301 Web-Based GUI
Connecting to the Polycom VBP 7301 for the First Time
About the VBP 7301
Standards-based SIP and H.323 Support
The VBP 7301 provides standards-based SIP and H.323 protocol support
with SIP/H.460 far-end NAT traversal to facilitate mobile and remote users
to seamlessly and securely communicate from any location using any
available network access. It supports both SIP and H.323 signaling for local
call control or secure proxy support for external call control elements.
Standards-Based Firewall and NAT Traversal
The VBP 7301 provides a complete NAT and firewall traversal solution and
simplified secure remote access for seamless video communications from
any location and device. Media handling features enable VBP 7301 to use
shortest path media routing and media relay when NAT traversal is
necessary.
Managed Security Policy
A dynamic and managed security policy provides flexibility for VBP 7301 to
integrate within an existing network security infrastructure or to function
as an independent security device to meet critical Enterprise security
requirements.
Polycom VBP 7301 Administrator Guide
10 © 2015 Polycom, Inc. All Rights Reserved.
WAN and LAN side Gatekeeper
The VBP 7301 supports WAN or LAN side gatekeeper configurations to
ensure interoperability for networks with existing multi-vendor endpoints
or gatekeeper environments, providing flexibility to choose from best of
breed technology for service delivery.
Access Server
The VBP 7301 Access Server provides Polycom dynamic mobility endpoint
provisioning:
Support for signed VeriSign or Go-Daddy certificates
WAN or LAN-side provisioning
Device-specific bandwidth settings
Real Presence mobile IOS/Android
Real Presence Desktop
Real Presence Group Series
HDX
VBP 7301 User Management
Administrator and Access Server accounts are created and managed with
the VBP 7301 User Management interface page:
Figure 1-1 User Management Interface
The default admin user has full access to the system. The Access Server
user has no UI management access. This user is created for Polycom
endpoint authentication to the Access Server for provisioning. The root
user is for CLI terminal sessions only.
User management settings control terminal or UI inactivity timeouts (for
example, auto-log out). Account settings allow the administrator to define
failed login attempts and how long the user account is locked out.
Password complexity settings allow the admin to define user password
requirements. These settings reflect the Administrator and user only for
system management. The Access Server user has no system management
access and therefore is not bound these rules sets.
Polycom VBP 7301 Administrator Guide Getting Started
© 2015 Polycom, Inc. All Rights Reserved. 11
Figure 1-2 Session/User Management Page
VBP 7301 Deployment
The VBP 7301 supports multiple deployment scenarios: home office,
remote office, mobile, partners, and services. VBP 7301 configuration is
based on the deployment scenario, VoIP topology, and presence of other
networking equipment such as firewalls or DHCP servers. Refer to
Figure 3-3.
Polycom VBP 7301 Administrator Guide
12 © 2015 Polycom, Inc. All Rights Reserved.
Figure 1-3 Polycom VBP 7301 Deployment Scenarios
Polycom VBP 7301 Administrator Guide Getting Started
© 2015 Polycom, Inc. All Rights Reserved. 13
Accessing the VBP 7301 Web-Based GUI
The VBP 7301 uses VoIP Operating System (VOS), a secure web-based
management interface which makes setting up, configuring, and operating
your VBP 7301 easy. The VOS interface includes intuitive menus and
options for:
System administration
Network configuration and management
User management
Security
VoIP ALG
The VBP 7301 GUI interface is accessible through a web browser. You will
need to configure the system WAN interface with the IP address, default
gateway, and valid Primary and Secondary DNS server’s address or
credentials assigned by your Internet Services Provider (ISP). Refer to the
Polycom
®
Video Border Proxy (VBP™) 7301 Hardware Installation Guide
for details on how to install the VBP 7301.
Support documentation is available from the Polycom Support Center.
Connecting to the Polycom VBP 7301 for the
First Time
The Polycom VBP 7301 is pre-configured with the IP address 192.168.1.1
on the LAN interface port (Port 1).
1. Connect the 3-pin female power cord plug to the power socket on the
VBP 7301. Connect the other end to an AC wall outlet.
2. Turn on the 7301 power switch.
3. Make sure that the power and status LEDs on the front panel are solid
green after the 7301 powers on.
4. Connect a computer to the LAN interface port (Port 1) using an
Ethernet cable or connect to an Ethernet switch (using the IP address
192.168.1.2 and subnet mask 255.255.255.0).
5. Launch a web browser on the computer and enter the URL string
http://192.168.1.1.
6. Press Return. The Polycom VBP 7301 VoIP Operating System (VOS) log
in window opens:
Polycom VBP 7301 Administrator Guide
14 © 2015 Polycom, Inc. All Rights Reserved.
7. Enter the following credentials:
Username: admin
Password: default
8. Click Login. The password change window opens.
9. Enter credentials that meet the guidelines listed in red and click
Change Password.
10. When prompted, click the link to log on with your new password.
Polycom VBP 7301 Administrator Guide Getting Started
© 2015 Polycom, Inc. All Rights Reserved. 15
11. Enter your new password and click Login. The Polycom VBP 7301 VOS
Admin page opens.
Figure 1-4 VBP 7301 Admin Page
12. Proceed to System Administration.
© 2015 Polycom, Inc. All Rights Reserved. 16
2
System Administration
This chapter includes common tasks performed by Polycom
®
Video Border
Proxy (VBP™) 7301 system administrators and technical support.
Using the Admin Page
Configuring Backup and Restore
Upgrading Firmware
Configuring RADIUS Settings
Configuring TACACS+
Services Configuration
Viewing System Information
Configuring Time and Date Settings
Configuring Settings With User Commands
Rebooting the System
Using the Admin Page
The Admin page is the landing page when you log in to the system. This
page provides the most common information requested by technical
support such as the VBP 7301 software version, hardware platform, and
LAN MAC address.
The Admin page shows Application Layer Gateway (ALG) registration
status. The licensed ALG feature allows the VBP 7301 to recognize and
register network devices for call control. The ALG feature requires a license
key, is included on a card in the VBP 7301 shipping container. Refer to
Viewing and Editing the License Key for information about managing your
ALG license key.
Figure 2-1 shows the main Admin page.
Polycom VBP 7301 Administrator Guide
17 © 2015 Polycom, Inc. All Rights Reserved.
Figure 2-1 Admin Page
Table 2-1 describes Admin page fields and settings.
Table 2-1 Admin Page Information
Item Description
Login Info Shows the timestamp for the last login, last failed
login, and the number of failed attempts.
Software
Version
VBP 7301 firmware version. To upgrade firmware,
see Upgrading Firmware.
Hostname Displays the hostname assigned to this VBP 7301.
By default, the hostname is the system type (for
example, “VBP 7301”). The hostname can be a
unique identifying string of alphanumeric
characters.
To change the system hostname, choose Admin >
Services Configuration and enter a new
hostname in the Set Hostname field. Refer to
Managing the Source Address and Hostname.
Model Displays the model and associated support. For
example, VBP 7301 with IPv6 support.
Vendor The vendor displays as “Polycom.
System Administration
© 2015 Polycom, Inc. All Rights Reserved. 18
Viewing and Editing the License Key
Your VBP 7301 license key is installed on the appliance when it arrives from
Polycom.
Where Do I Find My License Key?
A card which contains your license key is included in the VBP 7301 shipping
container for your reference.
What If I Lose My License Key?
If you lose the card that contains the license key, request a replacement by
contacting the Polycom Support Center. that includes the system LAN MAC
address.
How Do I Purchase an Upgrade License Key?
If you would like to purchase an upgrade license key to add specific
features, contact the Polycom Support Center.
LAN Interface
MAC Address
Displays LAN MAC address information. Use this
information when requesting a new or replacement
license key. See Viewing and Editing the License
Key.
Registration
Status—View
License Key
Displays whether the ALG feature is registered using
a valid license key. Click the License Key link to
navigate to the license key page to view the license
key and features which have been enabled on the
system.
See Viewing and Editing the License Key.
System Date Displays the current date and time in Coordinated
Universal Time (UTC).
To manage date and time settings, choose Admin >
Time Settings and refer to Configuring Time and
Date Settings.
Table 2-1 Admin Page Information (continued)
Item Description
/