Cisco Systems OL-12397-13 Provisioning Commands

2-4

Cisco BTS 10200 Softswitch SIP Feature and Provisioning Guide, Release 5.0

OL-12397-13

Chapter2 SIP Subscribers

SIP Registration and Security

To enable or disable SECURE_FQDN on a successful registered subscriber

1. Take AOR out of service to remove all registered contact.

2. Enable or disable SECURE_FQDN for the subscriber.

3. Bring AOR back In-Service.

4. Reboot the ATA.

A subscriber with the secure FQDN feature enabled has the following characteristics:

•One and only one AOR is associated with the endpoint.

•Does not have any static-contact associated with it.

•UserId and Password Authentication are supported.

•One FQDN (specified without service port).

•The DNS lookup of the FQDN should result in one and only one IP address.

•Cannot place or receive a call unless successfully registered.

Example

This example presents a case in which a VoIP subscriber (Subscriber 1) uses the following options for

the user ID, password, and phone number:

•user-id-1

•password-1

•phone-no-1

Without security, another VoIP subscriber, Subscriber 2, could access Subscriber 1’s information

(perhaps by getting a Cisco ATA configuration file with the encryption key in clear text, and then getting

the full configuration file with all the data). Subscriber 2 could then register to the BTS10200 with

Subscriber 1’s combination of user-id-1, password-1, and phone-no-1, as well as Subscriber 2’s own IP

address. Without the secure FQDN feature, the Cisco BTS 10200 would accept this information unless

specific measures were taken, and Subscriber 2 could steal service and make calls on behalf of

Subscriber 1.

Provisioning Commands

This section shows the CLI commands you need to provision a secure fully qualified domain name

(FQDN) of a SIP endpoint.

Note Use this procedure to provision subscribers on the BTS 10200. The procedure does not cover the security

of configuration files provisioned on the SIP adapter (for example, an ATA), which are the responsibility

of the service provider.

The SECURE_FQDN token is present in both the SUBSCRIBER and AOR2SUB tables. A non-null

value in the field indicates that the SECURE_FQDN validations apply to all SIP messages received from

the endpoint associated with that AOR.

•The SECURE_FQDN value can be specified on a subscriber only if the AOR for the subscriber is

OOS. When an AOR is taken administratively OOS, its registered contacts are deleted.

•A static contact cannot be specified for a SECURE_FQDN subscriber. Any existing static contact

record for an AOR must be deleted before the subscriber can be made a SECURE_FQDN SIP

endpoint.