Poly VBP 7301 Series Administrator Guide

14.1.1 | March 2015 | 3725-78312-001A

ADMINISTRATOR GUIDE

Polycom

®

Video Border Proxy

(VBP™) 7301

Copyright

©

language or format, or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the

express written permission of Polycom, Inc.

6001 America Center Drive

San Jose, CA 95002

USA

Trademarks Polycom

®

, the Polycom logo and the names and marks associated with Polycom products are

trademarks and/or service marks of Polycom, Inc. and are registered and/or common law marks in the United States

and various other countries.

All other trademarks are property of their respective owners. No portion hereof may be reproduced or transmitted in any

form or by any means, for any purpose other than the recipient's personal use, without the express written permission

of Polycom.

End User License Agreement By installing, copying, or otherwise using this product, you acknowledge that you

have read, understand and agree to be bound by the terms and conditions of the End User License Agreement for this

product. The EULA for this product is available on the Polycom Support page for the product.

Patent Information The accompanying product may be protected by one or more U.S. and foreign patents and/or

pending patent applications held by Polycom, Inc.

Open Source Software Used in this Product This product may contain open source software. You may receive

the open source software from Polycom up to three (3) years after the distribution date of the applicable product or

software at a charge not greater than the cost to Polycom of shipping or distributing the software to you. To receive

software information, as well as the open source software code used in this product, contact Polycom by email at

[email protected].

Disclaimer While Polycom uses reasonable efforts to include accurate and up-to-date information in this document,

Polycom makes no warranties or representations as to its accuracy. Polycom assumes no liability or responsibility for

any typographical or other errors or omissions in the content of this document.

Limitation of Liability Polycom and/or its respective suppliers make no representations about the suitability of the

information contained in this document for any purpose. Information is provided "as is" without warranty of any kind and

is subject to change without notice. The entire risk arising out of its use remains with the recipient. In no event shall

Polycom and/or its respective suppliers be liable for any direct, consequential, incidental, special, punitive or other

damages whatsoever (including without limitation, damages for loss of business profits, business interruption, or loss of

business information), even if Polycom has been advised of the possibility of such damages.

Customer Feedback We are striving to improve our documentation quality and we appreciate your feedback. Email

your opinions and comments to [email protected].

Polycom Support Visit the Polycom Support Center for End User License Agreements, software downloads,

product documents, product licenses, troubleshooting tips, service requests, and more.

Contents

About This Guide

Typographic Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Online Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Document Organization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

1

Getting Started

About the VBP 7301 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Accessing the VBP 7301 Web-Based GUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Connecting to the Polycom VBP 7301 for the First Time. . . . . . . . . . . . . . . . . . . . . . 5

2

System Administration

Using the Admin Page. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Viewing and Editing the License Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Where Do I Find My License Key? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

What If I Lose My License Key? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

How Do I Purchase an Upgrade License Key?. . . . . . . . . . . . . . . . . . . . . . . 10

Configuring Backup and Restore. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Creating a New Backup Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Restoring a Previous Backup Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Uploading a Backup Configuration File to Your Local Drive. . . . . . . . . . . . . . . 16

Downloading the Saved Configuration to a Local Computer . . . . . . . . . . . . . . . 16

Upgrading Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Automatic Firmware Recovery. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Configuring RADIUS Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

About RADIUS Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Using the RADIUS Settings Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Configuring TACACS+. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

About TACACS+ Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

TACACS+ and RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

TACACS+ Authentication Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

TACACS+ Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Enabling TACACS+ Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Configure TACACS+ Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

TACACS+ Authentication User File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Services Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

About SNMP Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Customizing Services Accessible on the VBP 7301 . . . . . . . . . . . . . . . . . . . . . . 29

Configuring SNMPv1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Polycom VBP 7301 Administrator Guide

Configuring SNMPv3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Configuring SNMP Common Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Configuring Remote System Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Managing the Source Address and Hostname . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Viewing System Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Configuring Time and Date Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Configuring Settings With User Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Rebooting the System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

3

Network Deployment

Using the Network Configuration Page. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Configuring WAN IPv6 Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

IPv6 Static IP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

IPv6 in IPv4 Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

Configuring WAN Interface IPv4 Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

IPv4 DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

IPv4 Static IP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

IPv4 VLAN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Configuring the Default Gateway. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Configuring DNS Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

Configuring VLAN Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

Enabling VLAN Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

Creating a New VLAN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

Configuring WAN VLAN Interface Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

Enabling WAN VLAN Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

Separating Data and Voice into Different VLANs. . . . . . . . . . . . . . . . . . . . . . . . 56

Configuring Additional WAN-side VLANs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Enabling the Management Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Configuring High Availability. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

Configuring High Availability Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

Managing Switch Ports Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

Creating Static Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Configuring Dynamic DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

Viewing Network Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

Initiating a Network Restart. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Using Network Test Tools. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Performing a Ping Test. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

Performing a Traceroute Test. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

Configuring Firewall Traversal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Updating a Certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Viewing the Current Status of the Firewall Traversal Sub-System . . . . . . . . . . . 77

Contents

Firewall Traversal Operating Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

Configuring Internal Client Mode Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

Configuring External Server Mode Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

Configuring the Static Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

Configuring Diffie-Hellman Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

Configuring Remote Client Mode Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

Router Advertisement Server (IPv6) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

4

User Management

Managing User Accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

User Account Status Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

Admin Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

Locked Accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

Access Server and SIP Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

User Account Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

Filtering the User Accounts List. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

Viewing User Account Details. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

Adding a User. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

Creating an Administrative/Management User. . . . . . . . . . . . . . . . . . . . . . 100

Adding An Administrative/Management User . . . . . . . . . . . . . . . . . . . . . . 100

Creating an Access Server User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

Creating a SIP User. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102

Password Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

Password Rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

Support for Default Password Change and Strong Password Enforcement. . . . 104

Changing Password Complexity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

Changing the Admin Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

Changing the Root User Password. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108

Changing a User Account Password. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

Managing VBP 7301 Login Session Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

Managing Active Sessions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

Configuring the Message of the Day (MOTD) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

Configure MOTD Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

5

Configuring System Security

Understanding the System Firewall. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

VBP 7301 Security Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

H.323 Security Model. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

SIP Security Model. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

VBP 7301 Firewall Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

Solving NAT issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

Ports and Protocols Required . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

Polycom VBP 7301 Administrator Guide

CERT Advisory CA-2004-01 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

Configuring Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

Firewall Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

Managing Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

Understanding the Certificate List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

Understanding VoIP Traversal Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

Creating Security Certificates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

Generating a CSR for VoIP Traversal. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

Creating a New VoIP Traversal Server Certificate. . . . . . . . . . . . . . . . . . . 134

Creating a New VoIP Traversal Client Certificate . . . . . . . . . . . . . . . . . . . 136

Downloading the VoIP Traversal Certificate and Key . . . . . . . . . . . . . . . . 137

Uploading a Signed Certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

Configuring HTTPS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

Configuring Trusted Hosts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

Adding a Host or Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

6

Configuring VoIP Settings

VoIP ALG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

Configuring VoIP ALG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144

Configuring the Access Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

Modifying Bandwidth Settings for the Access Server . . . . . . . . . . . . . . . . . . . . 156

Viewing the Active Access Server Clients List. . . . . . . . . . . . . . . . . . . . . . . . . . . . 158

Configuring Access Proxy Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161

Configuring LAN-side Access Proxy Mode Settings. . . . . . . . . . . . . . . . . . . . . 163

Configuring WAN-side Access Proxy Mode Settings . . . . . . . . . . . . . . . . . . . . 165

Configuring H.323 Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168

Configuring Embedded Gatekeeper Mode Settings. . . . . . . . . . . . . . . . . . . . . . 168

Configuring WAN-side Gatekeeper Mode Settings. . . . . . . . . . . . . . . . . . . . . . 174

Configuring LAN-Side Gatekeeper Mode Settings . . . . . . . . . . . . . . . . . . . . . . 177

Configuring Peering-Proxy Mode Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183

Managing H.323 Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187

Viewing the H.323 Activity Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187

H.323 Call Activity Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189

H.323 Alias Manipulation and Prefix Routing. . . . . . . . . . . . . . . . . . . . . . . . . . 192

Regular Expressions and Expression Examples . . . . . . . . . . . . . . . . . . . . . 194

Configuring H.323 Alias Manipulation Rules . . . . . . . . . . . . . . . . . . . . . . 195

Viewing Active H.323 Call Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198

Terminating a Call. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199

Configuring H.323 Neighboring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199

Configuring H.323 Registration Rules - Whitelist/Blacklist Settings . . . . . . . . 203

Adding a New Blacklist Entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204

Adding a New Whitelist Static-Only Entry. . . . . . . . . . . . . . . . . . . . . . . . . 205

Contents

Adding a New Whitelist Static/Dynamic Entry . . . . . . . . . . . . . . . . . . . . . 206

Configuring H.323 B2B Rules - Whitelist/Blacklist Settings . . . . . . . . . . . . . . 207

Adding a New B2B Blacklist Entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209

Adding a New B2B Whitelist Entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210

Managing the H.323 Clients List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211

Navigating to the H.323 Clients List. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211

Configuring SIP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214

Managing SIP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214

None - SIP Settings Disabled . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214

WAN-side SIP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215

LAN-side SIP Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220

Embedded SIP Server Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222

Configuring VoIP SIP B2BUA Trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223

Configuring Trunking Devices for the VBP 7301 . . . . . . . . . . . . . . . . . . . 224

Creating a New Trunking Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224

Managing B2BUA Actions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225

Managing B2BUA Pattern and Digit Matching . . . . . . . . . . . . . . . . . . . . . 228

Managing B2BUA Credentials and Registration . . . . . . . . . . . . . . . . . . . . 231

Header Manipulation Language . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234

Configuring SIP Settings - Whitelist/Blacklist. . . . . . . . . . . . . . . . . . . . . . . . . . 236

Configuring the SIP Blacklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236

Configuring the SIP Whitelist. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238

Configuring the SIP Clients List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240

Viewing SIP Call Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242

Glossary

About This Guide

The Polycom

®

Video Border Proxy (VBP™) 7301 enables small and midsize

business (SMB) and Enterprise customers to deploy a single appliance for

secure and reliable video conferencing that enhances the communication

experience and improves productivity.

This guide provides instructions for using the VBP 7301 web-based

graphical user interface (GUI) to manage the appliance. You can configure

a wide range of network services and you can enable or disable specific

services based on the requirements of your network.

This guide is intended for network installers, network operators, and

system administrators, and assumes you have already installed and cabled

your device according to the instructions in the Polycom

®

Video Border

Proxy (VBP™) 7301 Hardware Installation Guide.

Typographic Conventions

This manual uses the following conventions:

User input is displayed in boldface type and can represent either keyboard

input, mouse selections in a browser window, and buttons on the GUI,

depending on the context. For example, the notation File > Open... means

that you first click the File menu and then select Open... from the

sub-menu in the GUI.

Command Line Interface (CLI) text is shown in

courier font.

Note

Notes highlight information that is important or that has special interest.

Tip

Tips provide additional information that is helpful in performing a particular

task but is not mandatory to perform the task.

Caution

Cautions alert you of actions or events that may cause system damage or

loss of data.

Warning

Warnings alert you of actions or events that may cause bodily harm.

Polycom VBP 7301 Administrator Guide

Online Help

The VBP 7301 GUI includes a Help link on each page which provides

information and tips for configuring settings on the page. The online help

may also include links to other GUI pages for performing related functions.

To access the online help, simply click the Help link at the top of the page.

Figure 1 VBP 7301 Online Help

Polycom VBP 7301 Administrator Guide About This Guide

Document Organization

Chapter Description

Chapter 3, Getting Started Provides an overview of the VBP 7301

features and instructions for how to access

the VBP 7301 web GUI and change the

admin and root user password.

Chapter 2, System

Administration

Describes common tasks performed by

system administrators and technical

support personnel to manage system

settings for the VBP 7301.

Chapter 3, Network

Deployment

Provides instructions for configuring the

VBP 7301 to support a wide range of

multimedia network services.

Chapter 4, User

Management

Provides instructions for managing user

accounts, configuring settings for log in

sessions, and configuring the message of

the day.

Chapter 5, Configuring

System Security

Describes how to configure security

features on the VBP 7301 including how to

configure basic WAN firewall settings,

managing certificates, configuring HTTPS,

and configuring trusted hosts.

Chapter 6, Configuring

VoIP Settings

Provides instructions for configuring the

Voice over IP (VoIP) Application Layer

Gateway (ALG) on the VBP 7301,

configuring Access Proxy, Access Proxy,

and H.323 settings, configuring SIP

protocol settings, and

configuring/managing the client list, client

policy, and client penalty box.

Glossary Provides definitions of commonly-used

acronyms and terms used in this guide.

1

Getting Started

This chapter will help you get started using the Polycom

®

Video Border

Proxy (VBP™) 7301.

 About the VBP 7301

 Accessing the VBP 7301 Web-Based GUI

 Connecting to the Polycom VBP 7301 for the First Time

About the VBP 7301

Standards-based SIP and H.323 Support

The VBP 7301 provides standards-based SIP and H.323 protocol support

with SIP/H.460 far-end NAT traversal to facilitate mobile and remote users

to seamlessly and securely communicate from any location using any

available network access. It supports both SIP and H.323 signaling for local

call control or secure proxy support for external call control elements.

Standards-Based Firewall and NAT Traversal

The VBP 7301 provides a complete NAT and firewall traversal solution and

simplified secure remote access for seamless video communications from

any location and device. Media handling features enable VBP 7301 to use

shortest path media routing and media relay when NAT traversal is

necessary.

Managed Security Policy

A dynamic and managed security policy provides flexibility for VBP 7301 to

integrate within an existing network security infrastructure or to function

as an independent security device to meet critical Enterprise security

requirements.

Polycom VBP 7301 Administrator Guide

WAN and LAN side Gatekeeper

The VBP 7301 supports WAN or LAN side gatekeeper configurations to

ensure interoperability for networks with existing multi-vendor endpoints

or gatekeeper environments, providing flexibility to choose from best of

breed technology for service delivery.

Access Server

The VBP 7301 Access Server provides Polycom dynamic mobility endpoint

provisioning:

 Support for signed VeriSign or Go-Daddy certificates

 WAN or LAN-side provisioning

 Device-specific bandwidth settings

 Real Presence mobile IOS/Android

 Real Presence Desktop

 Real Presence Group Series

 HDX

VBP 7301 User Management

Administrator and Access Server accounts are created and managed with

the VBP 7301 User Management interface page:

Figure 1-1 User Management Interface

The default admin user has full access to the system. The Access Server

user has no UI management access. This user is created for Polycom

endpoint authentication to the Access Server for provisioning. The root

user is for CLI terminal sessions only.

User management settings control terminal or UI inactivity timeouts (for

example, auto-log out). Account settings allow the administrator to define

failed login attempts and how long the user account is locked out.

Password complexity settings allow the admin to define user password

requirements. These settings reflect the Administrator and user only for

system management. The Access Server user has no system management

access and therefore is not bound these rules sets.

Polycom VBP 7301 Administrator Guide Getting Started

Figure 1-2 Session/User Management Page

VBP 7301 Deployment

The VBP 7301 supports multiple deployment scenarios: home office,

remote office, mobile, partners, and services. VBP 7301 configuration is

based on the deployment scenario, VoIP topology, and presence of other

networking equipment such as firewalls or DHCP servers. Refer to

Figure 3-3.

Polycom VBP 7301 Administrator Guide

Figure 1-3 Polycom VBP 7301 Deployment Scenarios

Polycom VBP 7301 Administrator Guide Getting Started

Accessing the VBP 7301 Web-Based GUI

The VBP 7301 uses VoIP Operating System (VOS), a secure web-based

management interface which makes setting up, configuring, and operating

your VBP 7301 easy. The VOS interface includes intuitive menus and

options for:

 System administration

 Network configuration and management

 User management

 Security

 VoIP ALG

The VBP 7301 GUI interface is accessible through a web browser. You will

need to configure the system WAN interface with the IP address, default

gateway, and valid Primary and Secondary DNS server’s address or

credentials assigned by your Internet Services Provider (ISP). Refer to the

Polycom

®

Video Border Proxy (VBP™) 7301 Hardware Installation Guide

for details on how to install the VBP 7301.

Support documentation is available from the Polycom Support Center.

Connecting to the Polycom VBP 7301 for the

First Time

The Polycom VBP 7301 is pre-configured with the IP address 192.168.1.1

on the LAN interface port (Port 1).

1. Connect the 3-pin female power cord plug to the power socket on the

VBP 7301. Connect the other end to an AC wall outlet.

2. Turn on the 7301 power switch.

3. Make sure that the power and status LEDs on the front panel are solid

green after the 7301 powers on.

4. Connect a computer to the LAN interface port (Port 1) using an

Ethernet cable or connect to an Ethernet switch (using the IP address

192.168.1.2 and subnet mask 255.255.255.0).

5. Launch a web browser on the computer and enter the URL string

http://192.168.1.1.

6. Press Return. The Polycom VBP 7301 VoIP Operating System (VOS) log

in window opens:

Polycom VBP 7301 Administrator Guide

7. Enter the following credentials:

Username: admin

Password: default

8. Click Login. The password change window opens.

9. Enter credentials that meet the guidelines listed in red and click

Change Password.

10. When prompted, click the link to log on with your new password.

Polycom VBP 7301 Administrator Guide Getting Started

11. Enter your new password and click Login. The Polycom VBP 7301 VOS

Admin page opens.

Figure 1-4 VBP 7301 Admin Page

12. Proceed to System Administration.

2

System Administration

This chapter includes common tasks performed by Polycom

®

Video Border

Proxy (VBP™) 7301 system administrators and technical support.

 Using the Admin Page

 Configuring Backup and Restore

 Upgrading Firmware

 Configuring RADIUS Settings

 Configuring TACACS+

 Services Configuration

 Viewing System Information

 Configuring Time and Date Settings

 Configuring Settings With User Commands

 Rebooting the System

Using the Admin Page

The Admin page is the landing page when you log in to the system. This

page provides the most common information requested by technical

support such as the VBP 7301 software version, hardware platform, and

LAN MAC address.

The Admin page shows Application Layer Gateway (ALG) registration

status. The licensed ALG feature allows the VBP 7301 to recognize and

register network devices for call control. The ALG feature requires a license

key, is included on a card in the VBP 7301 shipping container. Refer to

Viewing and Editing the License Key for information about managing your

ALG license key.

Figure 2-1 shows the main Admin page.

Polycom VBP 7301 Administrator Guide

Figure 2-1 Admin Page

Table 2-1 describes Admin page fields and settings.

Table 2-1 Admin Page Information

Item Description

Login Info Shows the timestamp for the last login, last failed

login, and the number of failed attempts.

Software

Version

VBP 7301 firmware version. To upgrade firmware,

see Upgrading Firmware.

Hostname Displays the hostname assigned to this VBP 7301.

By default, the hostname is the system type (for

example, “VBP 7301”). The hostname can be a

unique identifying string of alphanumeric

characters.

To change the system hostname, choose Admin >

Services Configuration and enter a new

hostname in the Set Hostname field. Refer to

Managing the Source Address and Hostname.

Model Displays the model and associated support. For

example, VBP 7301 with IPv6 support.

Vendor The vendor displays as “Polycom.”

System Administration

Viewing and Editing the License Key

Your VBP 7301 license key is installed on the appliance when it arrives from

Polycom.

Where Do I Find My License Key?

A card which contains your license key is included in the VBP 7301 shipping

container for your reference.

What If I Lose My License Key?

If you lose the card that contains the license key, request a replacement by

contacting the Polycom Support Center. that includes the system LAN MAC

address.

How Do I Purchase an Upgrade License Key?

If you would like to purchase an upgrade license key to add specific

features, contact the Polycom Support Center.

LAN Interface

MAC Address

Displays LAN MAC address information. Use this

information when requesting a new or replacement

license key. See Viewing and Editing the License

Key.

Registration

Status—View

License Key

Displays whether the ALG feature is registered using

a valid license key. Click the License Key link to

navigate to the license key page to view the license

key and features which have been enabled on the

system.

See Viewing and Editing the License Key.

System Date Displays the current date and time in Coordinated

Universal Time (UTC).

To manage date and time settings, choose Admin >

Time Settings and refer to Configuring Time and

Date Settings.

Table 2-1 Admin Page Information (continued)

Item Description

Page is loading ...

Poly VBP 7301 Series Administrator Guide

Poly VBP 7301 Series Administrator Guide

Related papers

Other documents