Beruflich Dokumente
Kultur Dokumente
Welcome to Aastra
Thank you for choosing this Aastra product. Our product meets the strictest requirements with regard to
quality and design.
The following user's guide will assist you in using the Aastra Mobile Client Plus application and answer
most of the questions that may arise.
If you require further technical support or information about other Aastra products, please refer to our
website at http://www.aastra.com. It provides additional notes and tips on the product.
1.1 Overview
The Aastra Mobile Client Controller brings system telephony features to your mobile telephone in
interaction with your PBX. After installation the Aastra Mobile Client Plus can be used immediately
without spending too much time learning it.
Disclaimer
This product was manufactured in accordance with ISO 9001 quality guidelines. The product and the
user information belonging to it have been produced with the utmost care. The product’s functions have
been tested and approved after comprehensive conformity tests. Nonetheless errors cannot be entirely
excluded. The warranty is limited to the replacement of defective hardware.
The manufacturers shall not be liable for any direct or indirect damage that may be caused by incorrect
handling, improper use, or any other faulty behaviour on the part of a product. Potential hazards are
mentioned in the relevant places in the user information. Liability for loss of profit shall be excluded in
any case.
2 Welcome to AMCC
This Getting Started Guide will help to setup and configure the Aastra Mobile Client Controller (AMCC).
Please read this guide in its entirety before starting to configure the server. It is also strongly
recommended to collect all the customer specific information prior to beginning the setup. To simplify
this, a one-page form is included in this document.
The guide will only help to setup the MX-ONE/AMCC so that basic call/functions can be made. For
additional settings, such as Corporate Phonebook, IM and Presence, refer to document Admin. Guide for
AMC Controller
The AMCC-30 and AMCC-130 server come pre-installed on the server and the VMware image is
downloadable from the AMC portal ready to be installed on a VM host. The AMCC is delivered with an
embedded operating system so no additional software is necessary to run the AMCC application.
(This document contains settings for WAN that is not an option for AMCC-30)
Note: The IT administrator should provide fixed IP-addresses that will be dedicated to the AMCC
installation.
The ports below are used by the AMCC and may need to be opened in the relevant firewall(s)
depending on the network configuration.
Ports that are used externally.
5061 and 5062 5061 for TCP (TLS) and 5062 (none
TLS).
448 TCP (for externally incoming HTTPS
requests, call back, Corporate Directory
etc.)
NOTE: A port range 35000-65000 (RTP/SRTP) is configurable on AMCC and will be used only as
part of a SIP session (default is 35000 to 35xxx), consider consistency with ports configured to be
open in the firewall. With a SIP- aware firewall/SBC no ports will have to be specifically opened.
1. Using the vSphere client connect to the host ESXi host machine.
2. Before starting to create the new machine the two .vmdk files must be uploaded to the datastore area
of the host machine which is to be found under Summary/Datastore. Right click on the datastore1 to
browse the datastore, and then in the new window which opens upload the two .vmdk files. Note: after
uploading the second file only one file is shown.
3. Now select “new virtual machine” from the Summary/commands menu and then use the following
steps:-
• Configuration – custom
• Name – give a name to the machine
• Datastore – select the datastore1
• Virtual Machine Version – Virtual Machine Version: 7
• Guest Operating System – Linux : Version – Other 2.6x Linux (32-bit)
• Number of virtual processors – select the number depending on the host (minimum 2 is
recommended)
• Memory Configuration – minimum 1GB, recommended 2GB)
• Networks connections – connect 2 NICs
Opening the console of the virtual machine, the boot sequence of the AMC controller can be seen.
NOTE.
At first start up the console shell will give some error printouts, disregard these, as they will not be
present on rebooting after the AMC controller has been configured.
Example:
NOTE. The VMware version of the AMCC requires a serial-number entry. If the AMCC sw is newly
ordered the download link will also have the serial number in it.
The serial number has to be entered within the WebGUI into the controller and the controller checks
online whether it is valid. (DNS has to be configured!)
An internet connection is required for registration, and that, once saved, the serial number can´t be
removed or edited. Please provide our support team with your systems revision number and MAC
address (lower right hand corner in the WebGUI ) if a serial number has to be removed.
__________________________________________________________________________________
Please note that without the serial number further updates of the AMCC, via Install / Update, will not be
possible.
__________________________________________________________________________________
Completing the installation of the AMCC consists of the following steps, which are covered in
this document:
1. Configuring MX-ONE with number plan, number conversion, extensions, SIP-trunk and routes.
2. Setting up the relevant parameters in the AMCC such as IP-address, gateway, PBX-endpoints and
users.
- In this example the AMCC is placed behind the company firewall. (See picture on page 12) This means
only the LAN interface shall be used and NAT activated. When placing the WAN interface directly on the
Internet, NAT should not be activated.
- Always update the AMCC to the latest firmware before starting the installation.
- All the MX-ONE configuration examples shown is based on MX-ONE 5.0
- MX-ONE 5.0 will need a free license for one SIP trunk.
- The examples for AMCC is based on version 10684.16.x
- To setup data for a client please see the Portal help doc. *(see paragraph 5)
4 Configure MX-ONE
1. Naming for the same number or number series may be different depending on the application you
are configuring.
2. DID numbers refer to the number series provided by the local service provider and are generally
used to create extension numbers and common numbers like main number or Help desk numbers. As an
example, if the service provider gives you a number series of 08 56867100-67200, we can see that the
08 is the area code and the 568 is the public exchange number. The last 5 digits are what the public
network is sending in to the exchange and also will be the DID number series used to differentiate
between internal extensions (67100-67200). You would then create a 5 digit numbering plan, where
67100-67200 would be the internal number series.
3. You could then decide to reserve 67100 as your main external number. Then, assuming you
have two attendant consoles, you would reserve 67101 and 67102 as attendant extension numbers. You
might want to reserve 67103 for future expansions. You would then use the remaining numbers for user
extensions and service numbers (e.g. Special FMC numbers). Remember that part of this series would
be for user extensions and the rest for the service numbers and help desk, GH and CTI groups. This is
particularly important when configuring DID number range as this range is will be used for defining the
extension numbers that will be used to create user extensions in the system (see 4 and 5 below for
details)
4. f a company has 45 users, they would exclude the 3 numbers mentioned above and user
extensions numbers would begin at 67104 to 67148. These would be the range of numbers used to
create user extensions. The rest of the numbers (67149-67200) can be used to define the special FMC
numbers, help desk numbers, conference bridge numbers, service numbers, common area numbers,
(conference rooms, reception areas, etc…), external access to Voice Mail services or auto-attendant
services.
5. Then there are internal service codes for dialling externally and reaching the attendant, which are
usually 1 or 2 digit codes like 0 and 9 or 00 and 09 respectively. These are defined as common for all
internal users in the system and applications. As an example, 00 would be dialled for accessing the
outside public network and 09 for dialling internally to the operator (attendant).
6. Then there is the international access code or prefix, used to inform the public exchange that you
are dialling an international number. In Europe, this code is 00, whereas in North America it is 011. As an
example, if you were dialling a number from Sweden to France (+33 1 4233 1234). The internal user
would dial the public access code 00 and then the international prefix 00 then the country code for
France (33) and finally the local number (1 4233 1234). So it would look like 00 00 33 1 4233 1234.
MX-ONE
IP-address: 10.103.61.13
SIP route destination for Call through 67149
This is a fictitious destination number used for LCR (Least Cost Routing).
Note: There are a handful of destination numbers which are Emergency numbers (000, 110, 112, 118,
119 and 911). Together with your mobile operators´ service numbers they will result in pure cellular calls
where AMC+ should be inactive. Please make sure these are not part of you number plan.
NOTE: For the MX-ONE, prior to release 5.0, it is possible to use dual forking (--max-terminals 2) for
AMC users but you cannot use 2 SIP extensions. Therefore initiate a password on the extension which is
not disclosed to the user. From MX-ONE 5.0 onwards it is possible to have up to 4 SIP terminals.
MDSH> auth_code –i
Then we need to define the IP-extensions, which are going to be used for outgoing calls.
MDSH> ip_extension -i -d 67104,67105
To verify your work, type the following command;
4.5 Routes
If no Route to the Public network exists then this is an example:
MDSH> ROCAP:ROU=1;
MDSH> RODAP:ROU=1;
MDSH> ROEDP:ROU=1,TRU=ALL;
MDSH> RODDP:DEST=068;
MDSH> LCDDI:TAB=ENT,ENTRY=0000468568671,TRC=10,CONF=N;
MDSH> LCDDI:TAB=ENT,ENTRY=0008568671,TRC=7,CONF=N;
MDSH> LCDDI:TAB=ENT,ENTRY=00568671,TRC=5,CONF=N;
Calls that are not internal, we route to the new route we created above. You are of course free to
use any in the system existing outgoing route.
MDSH> LCDDI:TAB=FDT,FRCT=1,PRE=068,TZONE=1;
MDSH> LCDDI:TAB=DNT2,ENTRY=00001,FRCT=1,TRC=2;
MDSH> LCDDI:TAB=DNT2,ENTRY=00002,FRCT=1,TRC=2;
MDSH> LCDDI:TAB=DNT2,ENTRY=00003,FRCT=1,TRC=2;
MDSH> LCDDI:TAB=DNT2,ENTRY=000040,FRCT=1,TRC=2;
MDSH> LCDDI:TAB=DNT2,ENTRY=000041,FRCT=1,TRC=2;
MDSH> LCDDI:TAB=DNT2,ENTRY=000042,FRCT=1,TRC=2;
MDSH> LCDDI:TAB=DNT2,ENTRY=000043,FRCT=1,TRC=2;
MDSH> LCDDI:TAB=DNT2,ENTRY=000044,FRCT=1,TRC=2;
MDSH> LCDDI:TAB=DNT2,ENTRY=000045,FRCT=1,TRC=2;
MDSH> LCDDI:TAB=DNT2,ENTRY=000046,FRCT=1,TRC=6,pre=0; (Sweden national nr)
MDSH> LCDDI:TAB=DNT2,ENTRY=000047,FRCT=1,TRC=2;
MDSH> LCDDI:TAB=DNT2,ENTRY=000048,FRCT=1,TRC=2;
MDSH> LCDDI:TAB=DNT2,ENTRY=000049,FRCT=1,TRC=2;
MDSH> LCDDI:TAB=DNT2,ENTRY=00005,FRCT=1,TRC=2;
MDSH> LCDDI:TAB=DNT2,ENTRY=00006,FRCT=1,TRC=2;
MDSH> LCDDI:TAB=DNT2,ENTRY=00007,FRCT=1,TRC=2;
MDSH> LCDDI:TAB=DNT2,ENTRY=00008,FRCT=1,TRC=2;
MDSH> LCDDI:TAB=DNT2,ENTRY=00009,FRCT=1,TRC=2;
MDSH> LCDDI:TAB=DNT2,ENTRY=0001,FRCT=1,TRC=2;
MDSH> LCDDI:TAB=DNT2,ENTRY=0002,FRCT=1,TRC=2;
MDSH> LCDDI:TAB=DNT2,ENTRY=0003,FRCT=1,TRC=2;
MDSH> LCDDI:TAB=DNT2,ENTRY=0004,FRCT=1,TRC=2;
MDSH> LCDDI:TAB=DNT2,ENTRY=0005,FRCT=1,TRC=2;
MDSH> LCDDI:TAB=DNT2,ENTRY=0006,FRCT=1,TRC=2;
MDSH> LCDDI:TAB=DNT2,ENTRY=0007,FRCT=1,TRC=2;
MDSH> LCDDI:TAB=DNT2,ENTRY=0008,FRCT=1,TRC=2;
MDSH> LCDDI:TAB=DNT2,ENTRY=0009,FRCT=1,TRC=2;
MDSH> LCDDI:TAB=DNT2,ENTRY=001,FRCT=1,TRC=2;
MDSH> LCDDI:TAB=DNT2,ENTRY=002,FRCT=1,TRC=2;
MDSH> LCDDI:TAB=DNT2,ENTRY=003,FRCT=1,TRC=2;
MDSH> LCDDI:TAB=DNT2,ENTRY=004,FRCT=1,TRC=2;
MDSH> LCDDI:TAB=DNT2,ENTRY=005,FRCT=1,TRC=2;
MDSH> LCDDI:TAB=DNT2,ENTRY=006,FRCT=1,TRC=2;
MDSH> LCDDI:TAB=DNT2,ENTRY=007,FRCT=1,TRC=2;
MDSH> LCDDI:TAB=DNT2,ENTRY=008,FRCT=1,TRC=2;
MDSH> LCDDI:TAB=DNT2,ENTRY=009,FRCT=1,TRC=2;
MDSH> LCDDP:TAB=ENT;
MDSH> LCDDP:TAB=DNT2;
Received national and international A-number number conversion for internal number presentation.
(none SIP extensions)
This entry is to format national and international incoming number into numbers that can be dialled
from the PBX.
Example; An incoming call from Denmark (international number) would be presented to the PBX as this:
45 6 4114XXX, so now we need to add the leading 4 zeros (00=LCR access, 00=international access
code) to make possible to call back. We also need to take care of incoming national numbers and add 3
zeros (00=LCR access, 0 national access code).
Received national A-number number conversion for internal number presentation (SIP extensions) into
international format.
Initiate a trunk.
MDSH> roeqi:rou=2,tru=1-1;
MDSH> rocap:rou=2;
MDSH> rodap:rou=2;
MDSH> sip_route –print –route 2;
MDSH> roedp:rou=2,tru=all;
-----------------------------------------------------------------------------------------------------
Destinations to AMCC
In this case 2 FMC numbers are to be routed into the AMCC Controller.
MDSH> roddp:dest=67149&67150;
Internal calls to AMC client, not in Wi-Fi, should be present with complete public number.
Make received national mobile A-numbers into international format before being sent over the SIP Route
to the AMCC.
This is used if GSM numbers in the AMC Controller are defined in international format (+).
e.g. Mobile numbers 7xxxxxxx received from PSTN are numbertype 2 (national ).
67149 and 67150 is Call through number and SIM change number.
The LAN1 interface of the Aastra AMC Controller is configured to the following parameters by default.
Network protocol: TCP/IP
IP-Address: 10.0.0.205
Subnet mask: 255.255.255.0
Therefore in order to be able to communicate with the AMC Controller a connection has to be
established between web browser on a PC and the controller. This may be done in two ways
1. Change the default IP-address of the controller, via the console interface, to a valid address for the
network. This may be done through the VMware console in the vSphere client or via a locally connected
terminal/screen on the AMCC-30/AMCC-130; logging in with user: root and password: sesam.
From the main menu select “1: Configure first LAN interface” then from the next menu select “2: Change
IP address”. Enter the new IP address, select “S: Save and back to previous menu” and then importantly
select “A: Apply configuration”. It is also required to “Configure Routing”.
After configuring IP address and routing, use the Web Gui. https://10.103.61.93 . Now you will be forced
to initiate a new password. Apply configuration and continue with 5.4
For security reasons, the password has to be changed directly. Set a new password (Apply Config) and
log into the Controller again. NOTE: You have to change the LAN cable to ETH 1.
After having logged in successfully the HTML front end of the Aastra AMC Controller should be seen.
- Select your language. ENGLISH/DEUTSCH
Now you can disconnect the temporary LAN cable and connect the controller to the company LAN.
Via a web browser, enter Ex. https://10.102.61.93
Select “Add” and configure the available NTP server(s). Select “preferred” to grant the server priority
over any others. This server may be your PBX master server or any other available NTP server; use
hostnames or IP addresses. Tick “Active” to activate the NTP service.
Activate APN – Apple Push Notification, to activate a pop-up asking the user if AMC+ should be fronted
in the GUI via the OS on iPhones. For this to work, the Settings - Notifications - settings for AMC+ on the
phone as such must allow and trust them. Notification requests require valid Apple Push Notification
certificates on the AMC Controller. For Apple Push Notifications to work ports 2195 and 2196 have to be
opened in the firewall. NOTE: On iPhone Client 3.5 (AMC3) this is not needed but make sure that all
phones are upgraded before you remove the setting.
Process rinstance tag – to handle the rinstance parameter in the SIP contact header
Number of Cellular-digits to match – default is 10; if the number of digits received from the PSTN side or
the format differs a configuration to fit your needs is possible here.
Don’t send P-Asserted Identity – do not include the P-asserted identity header in the signalling towards
the PBX.
Don’t send P-Preferred Identity – do not include the P-preferred identity header in the signalling towards
the PBX.
Don’t send Remote Party-ID – do not include the Remote Party-ID header in the signalling towards the
PBX.
Don’t send Diversion for SR over reg. - If no SIP Trunk is used, the controller sends a Diversion Header
for Static Roaming calls. Do not include.
RTP Session Timeout – consider reducing this setting if you experience no speech in calls at times of
high load. Default value: blank.
Preferred Codec – first codec offered in the INVITE e.g. g711alaw 20ms (Use 20ms to avoid additional
delays due to trans coding in the controller)
Outbound Proxy – Enables you to statically specify the next hop for all SIP messages towards an
endpoint. A static route header to accommodate statically defined next hop.
NOTE. Also remember to have the same packetization-time for the default “ip_domain” in MX-ONE to
which the AMCC belongs. If there is other equipment that requires 30ms, it needs to belong to another
“ip_domain”.
!
Remember to press “+” to save!
Under System/Rollback there is a possibility to make a backup of the system using “Save Configuration”.
Saves locally on the Controller and can be used for rollback of the latest data.
Apply Configuration and Restart will automatically create a backup.
In the AMC client, if a number is entered with a +, the client will translate this to #* in front of the number
in order to send it as DTMF since, of course, there is no DTMF for +. The #* is then replaced with +
again in the controller before sending it to the PBX.
For iPhone Apple has limited what characters sent from an external application will be accepted by the
telephony application. Instead of the non allowed characters * and #, the client in this case will insert
0000 in front of the number so we have to do a number conversion to convert back again to +.
As mentioned in the overview there are several methods of configuring the AMCC and the network to
provide secure internet access without compromising the security of the network
For the cases where only one network interface is used, like for AMCC-30 which has only got one, it is
LAN Int1 that is used together with an external firewall and the example below is not valid.
The AMCC can be connected directly to the internet on the WAN port (eth0) and firewall and routing
rules are set up to provided/restrict access. Firstly the WAN port has to be configured under
Network/WAN Int. Here the public IP address is configured together with the net mask and default
gateway. Address xxx.xxx.xxx.113
Next some firewall rules need to be configured to allow the clients’ access to the LAN via the WAN.
In this case three protocols are enabled through the WAN – UDP and TCP on port 5062 and TCP/TLS
on port 5061. In most cases only one is required when it is decided which is to be used in the clients.
Since the client is in the public domain, the source IP and port can be anything - these are left fully open.
However we know the destination IP address is the public IP address of the WAN and which port to be
used.
Two additional protocols are enabled for the Apple Push Notification communication with Apple via ports
2195 and 2196. This is required to display a pop-up in on iPhone to front AMC+, if so desired by the
user. The alternative is to manually front AMC+ on the display.
The above settings will allow connection through the WAN interface to the LAN interface for client
registration and calls from the public internet.
In the case we are using a host name in the client such that when the client is in the local Wi-Fi network
the internal DNS will resolve the hostname to the internal (LAN) IP address and thus register locally.
When in the public network the public DNS will resolve the hostname to the public IP address of the
WAN port.
However to allow access through the WAN it is necessary to configure the AMCC so that it knows to
which domain it belongs. This is configured under Features/FMC Domains.
Define the routing rules now that public access is available via the WAN interface, it may be desirable to
modify the routing rules which were initially configured.
The initial setting allowed access to all IP addresses; we now limit the exposure to only the xxx.xxx.y.y
network. This could be defined even further to only allow access to the IP address of the PBX but this
could create problems when calling other SIP terminals if direct media is used.
Note: With multi gateway systems you probably will need to allow the IP addresses of each gateway
through, especially if load distribution is used.
To generate a private key and a Certificate Signing Request to be sent to a trusted Certificate Authority
you have to logon to the AMC Controller via command line. In the example below we do the work with
the certificates in a separate directory created for this purpose, the directory can be named to anything –
in this case /root/amcc-cert/. File names used below are only examples of names, chosen to explain the
content as much as possible. They can just as the directory, have any name you like.
Go to directory /root/amcc-cert/ and run the commands in bold:
create a password file, for example; echo “password” > password.txt
generate the private key; openssl genrsa –out private.key –passout file:password.txt –des3 2048
generate the CSR; openssl req –out certificate_request.csr –new -key private.key -passin
file:password.txt
For the last command some information has to be supplied:
Country: countryOfHeadOffice
State: stateOfHeadOffice
City: cityOfHeadOffice
Common name: amccDomainName
Organzation and Organizational Unit Fields: CompanyName
Send in the CSR to the Certificate Authority and make sure you keep all the files you have worked with
above, for future use!
When you download the certificate from the Certificate Authority, and if an intermediate
certificate/certificate chain is also supposed to be downloaded (different certificate providers have
different setup), they are normally in text format. The file extensions used below follow the convention for
certificates encoded as ASCII PEM. “.crt” has been used to represent certificate files of this type.
As AMCC cannot handle a password protected private key, before the received certificate can be
uploaded via the web GUI on AMCC, the password needs to be removed from the private key. Do this
from the command level on the AMC Controller. Again go to the directory where you work with the
certificates. For example /root/amcc-cert/ and run the commands in bold:
remove the password from the key; openssl rsa -in private.key -out privatenopass.key
verify/display the key; openssl rsa -in privatenopass.key -noout –text
Now move to the web GUI, and browse to get the paths to the file containing the private key without
password, for example privatenopass.key and the file containing the server certificate from the
Certificate Authority, for example certificate.crt, in the WebGUI and press “Upload” for the “Private
Key/Certificate”.
Browse to the path of the file containing the intermediate or certificate chain, if you were supposed to
download these as well from your Certificate Authority. Below this file has been called certchain.crt.
Press “Upload” for the “Add CA Certificate” and it will be uploaded.
Press “Apply the configuration” to get the certificates activated.
You might need to restart your web browser before you can connect to the web GUI again, and now use
the AMCC domain name if you earlier used an IP-address.
e.g. Remote ext. number received from PSTN are numbertype 2 (national ).
7 Troubleshooting.
SIP extension registered but when I call the ext. the mobile phone is not ringing (AMC
Client).
- GSM Numbers (p 41). Check that the mobile number is correct.
- Number Conversion (p 26).
Client is registered (blue) but I cannot make any AMC calls from it.
- GSM Numbers (p 41). Check that the mobile number is correct and in right format.
(Diagnostic/Network trace on AMCC. Check that right mobile number is coming in)
- Call through number could be a DID number. (In the Portal it is named PBX dialling-in no.)
- Number Conversion (p 28).
- Check ports in Firewall.
Acronyms
Copyright
© Copyright Aastra Technologies Limited 2011. All rights reserved.
Disclaimer
No part of this document may be reproduced in any form without the written permission of the
copyright owner.
The contents of this document are subject to revision without notice due to continued progress
in methodology, design and manufacturing. Aastra shall have no liability for any error or
damage of any kind resulting from the use of this document.
.