Security, Registration and Authentication | Avaya 16-601443 manual

Network Requirements

Security

For information about toll fraud, see the DEFINITY®, Avaya Aura Communication Manager, or Avaya Aura Communication Manager Branch documents on the Avaya support Web site. The 1600 Series IP Telephones cannot guarantee resistance to all Denial of Service attacks.

However, there are checks and protections to resist such attacks while maintaining appropriate service to legitimate users.

You also have a variety of optional capabilities to restrict or remove how crucial network information is displayed or used. These capabilities are covered in more detail in Chapter 5: Server Administration.

●Support signaling channel encryption while registering, and when registered, with appropriately administered Avaya Media Servers.

Note:

Signaling and audio are not encrypted when unnamed registration is effective.

●Restricting the response of the 1600 Series IP Telephones to SNMP queries to only IP addresses on a list you specify.

●Specifying an SNMP community string for all SNMP messages the telephone sends.

●Restricting dialpad access to Local Administration Procedures, such as specifying IP addresses, with a password.

●Removing dialpad access to most Local Administration Procedures.

●Restricting the end user’s ability to use a telephone Options application to view network data.

As of Release 1.1, three existing security-related parameters can be administered on the call server and downloaded with encrypted signaling, in addition to unencrypted HTTP or encrypted HTTPS. Those parameters are SNMP community string, SNMP Source IP Addresses, and Craft Access Code (PROCPSWD).

Registration and Authentication

The Avaya Media Server supports using the extension and password to register and authenticate 1600 Series IP Telephones. For more information, see the current version of your call server administration manual.

30 Avaya 1600 Series IP Deskphones Administrator Guide

Image 30

Avaya 16-601443, 1600 Series manual Security, Registration and Authentication

Contents

Avaya 1600 Series IP Deskphones Security Introduction Avaya Aura Communication Manager Administration Telephone Software and Application Files Appendix C Sample Administration Forms 123 Index 133 Introduction About This Guide Document Organization Telephone Options Other Documentation Page Administration Overview and Requirements Series IP Telephones Dhcp LldpVlan Dhcp Use the change ip-network-map command to Avaya 1600 Series IP Deskphones Installation Administrative Process Parameter Data Precedence Administrative Checklist Application Files Telephone Initialization Process Telephone to Network Dhcp Server to Telephone Telephone and File ServerTelephone and the Call Server Error Conditions Page Network Requirements Network AssessmentHardware Requirements HTTP/HTTPS Server Server RequirementsDhcp Server Https Required Network Information From Other Network Considerations Snmp Reliability and Performance QoSIeee 802.1P and 802.1Q Network Audio Quality Display on 1600 Series IP Telephones IP Address Lists and Station Number PortabilityParameters in Real-Time Possible Values TCP/UDP Port Utilization Media Gateway or another IP endpoint Rtcp UDP/IP Snmp UDP/IPGatekeeper Voice Monitoring Manager Https Server Dhcp TCP/IPDhcp Server Http Server Registration and Authentication Security Avaya Aura Communication Manager Administration Switch Compatibility and Aliasing IP TelephonesCall Server Requirements Avaya Aura Communication Manager Administration Media Server Switch Administration IP Interface and Addresses UDP Port Selection Rsvp and Rtcp NAT Voice Mail Integration Series IP Telephones Aliased as 4600 Series IP Telephones Telephone Administration System-Wide AdministrationFeature-Related System Parameters Auto Hold Administering StationsFeatures Coverage Path Administering Features Aliasing 1600 Series IP Telephones Feature Buttons and Call Appearances For the 1616/1616-I IP Telephones Shuffling Conference Details Screen for Ad-Hoc Conferences Printing Button Labels Click Desi downloads Server Administration Software ChecklistDhcp and File Servers Dhcp Server Administration Dhcp Generic Setup Option 6 DNS servers address list Option 1 Subnet maskOption 3 Gateway router IP addresses Option 12 Host Name Option 52 Overload Option, if desired Option 53 Dhcp message typeOption 59 Dhcp lease rebind time Dhcp Server Administration Dhcpack Setting of System Values Set to Select Start--Settings--Control PanelWindows NT 4.0 Dhcp Server Select Start--Programs--Admin Tools--DHCP Manager Define the Telephone IP Address Range Set the Subnet Mask Click Edit Array Select Scope under Dhcp OptionsSelect the Global parameter under Dhcp Options Select Defaults from the DHCPOptions menu Activating the Leases Select Start--Programs--Administrative Tools--DHCP Windows 2000 Dhcp Server Completing the New Scope Wizard dialog box displays Under Predefined Options and Values, click Add Change the Data Type to String Http Generic Setup Activating the New Scope Http Configuration for Backup/Restore For IIS Web ServersSelect Properties DavLockDB/usr/local/apache2/var/DAVLock Web Configuration Tool DOT1XSTAT CnaportDOT1X Dhcpstd PHY1STAT PhnldlengthPhnol PHY2PRIO Telephone Software and Application Files General Download ProcessSoftware Choosing the Right Application File and Upgrade Script File Upgrade Script FileSeries IP Telephone Scripts and Application Files Settings File Contents of the Settings File Group System Value # ENDPage Administering Telephone Options Administering Options for the 1600 Series IP Telephones Appname Proxy Logoff. For more information, see Ieee 802.1X on LANG2FILE = EnhdialstatLANG1FILE = LANG3FILE = Event Log Severity Level one 0-8 Ascii numeric Internal extension telephone number length. Specifies Static Vlan Considerations Vlan Tagging Vlan Default Value and Priority Tagging Vlan Separation Vlan Separation Rules Then DNS Addressing Ieee 802.1X Pass-Through and Proxy Logoff 802.1X Supplicant Operation Link Layer Discovery Protocol Lldp MAC / PHY TIA Lldp MED LLDP-MED Bootname TIA Lldp MED Impact Vlan IDIeee 802.1 Vlan L2QSIG L2Q, L2QVLANL2QAUD Dscpaud Local Administrative Options Using the Telephone Dialpad Clear ProcedureMute 2 5 3 2 7 # Mute C L E a R # Disable/Enable Debug Mode Mute 3 3 2 8 4 # Mute D E B U G # Group Identifier Mute 4 7 6 8 7 Mute G R O U P Reset System Values Mute 7 3 7 3 8 # Mute R E S E T # Resetting values Restart the Telephone Interface Control Mute 4 6 8 # Mute I N T # PHY2=status *=change #=OK View Administrative Option Mute 8 4 3 9 # Mute V I E W # Parameter Values Name System Value FormatPWB SN Nnn.nnn.nnn.nnn Static Addressing Installation Filename.ext Mute 2 3 3 7 # Mute a D D R # Vlan ID=dddd New= Disable/Enable Event Logging Mute 5 6 4 # Mute L O G # Logoff Mute 5 6 4 6 3 3 # Mute L O G O F F # Self-Test Procedure Mute 8 3 7 8 # Mute T E S T # Language Selection Series Global Telephones Ascii Series International Telephones LANG1FILE=mlfgerman.txt and LANG2FILE=mlffrench.txt Ascii Administering Telephone Options Enhanced Local Dialing Backup/Restore Backup Backup File Formats Item/Data ValueBER1 Restore Backup/Restore Page Administering Applications and Options Application Status Flag Backup/Restore Parameters Backlight Parameters Application Status Flag Appstat Application Status Flags and Their Meaning Appstat Value Variable parameters for improving audio quality Administering Applications and Options Issue 5 April 2010 Administering Applications and Options Issue 5 April 2010 Audiosthd Audiosths Expanenhs Expanenhd Appendix a Glossary of Terms Channel SignalingMedia Encryption Appendix B Related Documentation Ietf Documents ITU Documents ISO/IEC, ANSI/IEEE Documents Page Appendix C Sample Administration Forms Station Form Basic Telephone Information Station Form Feature Options Issue 5 April 2010 Sample Administration Forms Feature-Related System Parameters Form IP Address Mapping Form IP Codec Set Form Inter-Network Region Connection Management Form IP Network Region Form IP-Options System Parameters Form Index Numerical ITU Documents TCP/UDP View Administrative Option