STUN Based Media Classification
STUN based media classification requires the ACLs permitting signaling sessions without the
classify-media
flag. However, it requires an implicit deny firewall rule for User Datagram Protocol (UDP) to be activated. All
other traffic that should be allowed in the network must be explicitly configured using ACL rules.The IAP
automatically allows firewall sessions for voice and video calls made from Skype for Business and Apple
Facetime. For all other S4B and Facetime applications like desktop sharing and file transfer, the corresponding
ports must be explicitly opened by using ACL rules.
Before media transmission, a VOIP client initiates a Session Traversal Utilities for NAT (STUN) connectivity
check. Sessions created by STUN are subjected to media classification that classifies the media as Real-time
Transport Protocol (RTP) or non-RTP. The firewall automatically allows the RTP session on the IAP and denies
the non-RTP sessions.
The following CLI example shows the STUN based media classification for Skype for Business:
(Instant AP)(config)#wlan access-rule example_s4b_test
(Instant AP)(example_s4b_test)# rule alias <domain_name_for_S4B_server> match tcp 443 443
permit
(Instant AP)(example_s4b_test)# rule any any match tcp 5223 5223 permit
(Instant AP)(example_s4b_test)# rule any any match tcp 5061 5061 permit
(Instant AP)(example_s4b_test)# rule any any match any any any deny
(Instant AP)(example_s4b_test)# end
(Instant AP)# commit apply
The Type of Service (ToS) values for calls prioritized using the above mentioned media classification types will
always carry a ToS of 40 fora voice session and 48 for a video session.
Enabling Enhanced Voice Call Tracking
Aruba Instant provides seamless support for tracking VoIP calls in the network by using SNMP to send the
location details of the caller to the third-party server. This feature is currently applied for tracking Emergency
911 (E911) VoIP calls.
The Master IAP identifies the location from where the VoIP call was placed and sends the details of the location
to the third-party SNMP server. You must configure the third-party server as an SNMP host and enable SNMP
traps to activate the voice call tracking feature on the IAP. For more information on configuring a third-party
server as an SNMP host, see
.
The Master IAP will send the WLSXIAPVOICECLIENTLOCATIONUPDATE SNMP trap under the following
scenarios:
l
The VoIP call is successful.
l
The VoIP client roams from one IAP to another during an active call, the Master IAP will identify the
VoIP client and send out the WLSXIAPVOICECLIENTLOCATIONUPDATE trap to the emergency call server.
The trap sending feature is not supported for L3 mobility.
Aruba Instant 6.5.0.0-4.3.0.0 | User Guide
Voice and Video |
280