Transcription
AT&T CollaborateSMCustomer Configuration GuideJune 2019
ContentWelcome to the AT&T Collaborate Service, this guide will coverthe site configurations that need to be configured to work withAT&T Collaborate to deliver quality voice calls.Access connectionMobileRouters and FirewallsDesktop IPphoneAT&TCollaborate Voice Prioritization and Local Area Network (LAN) switchesAnother officeConferencephoneEnd user devicesHome officeNote: Blue 3is AT&T Blue2Contact Center
Configuration ReferenceDigital DevicesIP PhonesInternetor AVPNMobileFaxAnalog DevicesAlarmATMCredit CardElevatorAdditionalinformation can befound in the sectionlisted in this guide.AccessRouterFirewallVoicePrioritizationLAN SwitchAnalog TerminalAdaptors (ATAs)End DevicesAdequateinternet/AVPN (AT&TVirtual PrivateNetwork)bandwidth isneeded tosupport thenumber ofsimultaneouscallsRouter needsto beconfigured toallowappropriateroutes tocommunicatewith AT&TCollaborateFirewallneeds to beconfigured towork withAT&TCollaborateand NetworkAssessmentTool (NAT)Check if thereis voiceprioritizationon thetransportservice. VoicePrioritizationDevice* canbe added tooffer betterqualityEnsure thenetwork hasadequate:1) LAN portsfor wireddevices.2) Bandwidthand coveragefor wirelessdevices.ATAs* arerequired forAT&TCollaborate touse with allanalogdevices (e.g.fax, elevator,alarm, creditcard and ATMlines)Account forall end userdevices* andensure all arecompatibleto use withAT&TCollaborate.(See CertifiedEquipmentList)Note: Blue 3is AT&T BlueNote:*Equipment is available to purchase with AT&T, please see Certified Equipment ListContent is organized according to a sample configuration. Please review all information to ensure requirements are met for your specific configuration.3
Access ConnectionI. Overview The customer connects to the service using any internet service providerconnection (including internet service provided by AT&T) or AT&T VPN service.Blue 1 Adequate Internet/AVPN bandwidth is needed to support the number ofsimultaneous calls.RGB48/209/255 If you’re unsure if your network has enough bandwidth, please contactyourSales respective representative for your bandwidth requirements.II. Network Assessment Tool A Network Assessment tool helps to measure the network performance at thecustomer’s site and provides feedback to confirm its network is VoIP ready. Itmust be run from a personal computer/device connected across the same LANat the site where the service will be used, (see page 7 & 8 for firewall portconfiguration).III. Setup In many instances the customer owns and manages the router on their premiseused to connect to the facility. Both BGP (Border Gateway Protocol) and staticroutes can be used to connect the customer managed router. Any and all network interfaces for the internet connection will be supported forAT&T Collaborate.4IV. Quality of Service (QoS) Class of service is a method to prioritize the VoIP traffic higher than other data. Itis recommended for the transport equipment to support Quality of Service (QoS)Blue2Blueimpact5Blueof6 voicecapabilitiesforBluevoice3traffic since Blueother 4data traffic maythe qualitycalls.RGBRGBRGBRGBRGB 15/84/175packages/profiles are supported as part of the access service. It is recommendedthat AT&T Collaborate subscribers utilize multimedia high or multimedia standardpackages/profiles. Please contact your respective Sales representative with anyquestions. An order needs to be issued on the transport service to makeappropriate changes.V. Multiple access connectionsIf multiple access connections are being used in conjunction with a load balancer, allthe VoIP traffic must be sent over a single access connection.Note: Blue 3is AT&T Blue
Internet AccessCollaborate Platform4 5Collaborate PlatformBlue 1Blue 2Blue 3RGB48/209/255RGB24/185/2376Blue 4RGB0/159/21912 .253 .0 .0 /16Internet2DNS/NTP UDP 53/UDP 123Desktop Sharing TCP 8443File Sharing TCP 10811Internet RouterCustomerDHCP ServerNote: Blue 3is AT&T Blue53Configuration:1. NAT Tool IP’sBlue 5Blue 6144.160.20.0/24 &RGBRGB144.160.229.0/2410/110/19015/84/1752. Routerwill providesubnets from within12.253.0.0/163. Onsite DHCP server – Tellsphone IP address of DNSand NTP servers4. Phone queries DNS forCollaborate servers5. Phone queries NTP serverfor time sync6. Phone downloads properconfig and registers
AT&T Virtual Private Network (AVPN) AccessCollaborate PlatformBlue 1Collaborate PlatformBlue 2RGB48/209/2558RGB24/185/237Blue 3Blue 4RGB0/159/21912 .253 .0 .0 /1612 .194 .0 .0 /16AVPN22nd path required for AVPN6 71 3 45CustomerDHCP ServerInternetRouter6Note: Blue 3is AT&T BlueConfiguration:1. NAT Test Tool IP’sBlue 5Blue144.160.20.0/24& 6144.160.229.0/24RGBRGB2. AVPNrouterwillprovide10/110/19015/84/175six subnets from within12.253.0.0/16 and12.194.0.0/163. Default route must pointto the Internet4. Desktop sharing and filetransfers are routed outto the Internet5. Onsite DHCP server – Tellsphone IP address of DNSand NTP servers6. Phone queries DNS forCollaborate servers7. Phone queries NTP serverfor time sync8. Phone downloads properconfig and registers
Routers and FirewallsI. Overview A firewall is a necessary element for general network security and to avoidpotential interference with the Collaborate service by only allowing SIPtrafficBlue1from the AT&T elements that the customer initiated communication with.However, it is possible that there may be firewalls or other local areaRGB48/209/255configuration parameters that will interfere with connectivity to the AT&Tnetwork.In general, to avoid several potential issues it is highly recommended thatthe secure communications option (TLS/SRTP) be set in the AdministratorPortal for any devices that support it. Refer to Appendix 1 for information on how to configure an AT&T DigitalInternet (ADI) router with Collaborate service. The secure communications option must be used in cases where an ADI routeris used. The only exceptions to enabling TLS/SRTP is that these protocols cannot beused with customers implementing the voice survivability option usingEdgeMarc devices for a specific location or customers using AVPN transport. Your firewall should be configured with:o Stateful packet inspection enabled. Your router must allowinbound SIP signaling only from the AT&T Session Border Controllers towhich it is registerso Configure a strong administrator password and disable remote access(should apply to firewalls and routers)7II. Criteria If the secure communications option is not used for all devices, then thefollowing criteria must be met for the service to work properly.Blue 2Blue 3Blue 4Blue 5Blue 6o The SIP ALG (Application Layer Gateway) must be disabled.RGBRGBo The UDP RGBtimeout must be setto greater than RGB180 seconds.0/159/2195/134/20310/110/190o FragmentationSupport – Thelocal network serviceprovider and15/84/175customerequipment must support the fragmentation requirements below.1. For outgoing packets from a phone where the payload is greater than1450 bytes, fragment the packet to something smaller than 1450 in eachpacket’s payload.2. For fragmented packets incoming to the CPE, accept packets withpayloads of 1450 bytes or less. If the customer desires to limit the outgoing traffic to the specific destinationsrequired for AT&T Collaborate, the rules can be set up with the source address as“inside” and the destination IPV4 addresses as:o 12.253.0.0/16o 12.194.0.0/16 (for AVPN access only)o 144.160.20.0/24 (for the Network Assessment Tool)o 144.160.229.0/24 (for the Network Assessment Tool)III. Rules or Access-ListsNote: Blue 3If there is an access-listused on the internet serial interface of the customeris AT&T Bluemanaged router, then allow the ports used for signaling and voice payload protocolsthat are shown in the table on page 8.
Routers and Firewalls For reference, the following table provides details of the signaling and voice payload protocols that will be used for the Collaborate service. If restrictive security policies are inplace, these must be allowed in the firewall rules. For specific information, consult your firewall vendor documentation. Additionally, many vendor websites provide easy to follow, step-by-step instructions.Blue 1Blue 2RGB48/209/255RGBTCP 443TCP 754324/185/237ProtocolHTTPs/TLS8PortsTCP 8543TCP 9543HTTPTCP 80SIP signalingTCP/UDP 5060TCP/UDP 5061TCP/UDP 5075TCP/UDP 5076RTP/SRTP mediaUDP 16384-49152NTPUDP 123DNSUDP 53XMPP (IM&P)TCP 5222HTTPS (Sharing)TCP 8443BroadWorks AssistantTCP 2208-2209XMPP (File Transfer Proxy)TCP 1081Network Assessment TestingTCP/UDP 20000TCP/UDP 20001UDP 8090Blue 3Blue 4Blue 5Blue Note: Blue 3is AT&T Blue
Voice Prioritization and LAN SwitchesI. Overview Check if voice prioritization is current on transport service. Voice Prioritization Device offers better voice quality. Each wired device needs a port. Ensure there are enough LAN ports for all the devices on the Customer site. For any devices connecting via wireless connectivity (e.g. Wi-Fi) on theLAN,1the Customeror theLANthe 4responsibilityto ensurethe LANBlueBlue2 Customer’sBlue3 Provider hasBlueBlue5Blue 6environment can support the additional load of the voice, video, communication traffic generated by the AT&T Collaborate service along with all other business traffic as thisRGBRGBRGBRGBRGBRGBis a shared communication 0/19015/84/175 If AT&T Collaborate service has performance issues due to the LAN infrastructure, it will be Customer’s responsibility to resolve these LAN issues directly or with the supportof Customer’s LAN provider. It is Customer’s responsibility to ensure the connection is secure if the Customer is using a Wi-Fi / shared connection for any of the AT&T Collaborate traffic.II. Quality of service (QOS) considerations Voice VLANs are recommended for a better customer experience, especially if you have more than 50 devices at the location. The voice traffic is competing with other data traffic. In general, most VoIP deployments use some kind of Quality of Service/Class of Service (CoS) methodology to providepriority to the voice traffic over the data traffic. Internet routers (that the Customer equipment connects to) are configured with CoS options to provide priority to the voicesignaling and media traffic destined to the CPE. The Customer router should be configured to provide 90% of the traffic for real time handling (DSCP markings of 46 for SIP and 46 for RTP packets). AT&T recommendsconfiguring routers and switches to give priority to voice traffic to help ensure a better experience when using AT&T Collaborate. The standard port for SIP is 5060 and RTPports are 16384-49152. (see the firewall rules for a complete port list).Note: Blue 3is AT&T Blue9
End Users DevicesI. Certified equipmentCertified equipment are available to purchase directly from AT&T, or from othersources. Purchasing from AT&T has the benefit that the device will be pre-configured,1where possible. Customer provided equipment must be from the certifiedBluelist. Thelist indicates which devices can be purchased from AT&TRGB48/209/255II. IP AddressingCustomer accessing AT&T collaborate via the internet must have registeredaddressing. If end users are using private addressing, the addresses must be NATed topublic addresses before the traffic is sent to the AT&T network.III. DNS (Domain Name System)Access to a public DNS server is required for devices to work with the AT&TCollaborate service (even if the customer is using AT&T VPN service to reach theservice). The SIP phone will be configured with FQDNs (Fully Qualified DomainNames) to access AT&T’s network. The SIP phone queries the DNS to resolve theFQDNs to configure their devices and perform registration.IV. NTP (Network Time Protocol)Access to an NTP server is required to provide time for the phones. By default thephones will need to reach the Internet (0.us.pool.ntp.org) for time, unless anothersource is specified via DHCP (Dynamic Host Configuration Protocol) option 42.10V. Phone Configuration Phones purchased from AT&T for the AT&T Collaborate service will be preconfigured.Blue2 the userBlue3 a device notBlue4Blue5 or being reusedBlue from6 WhenbringspurchasedfromAT&Tsome other service, the user needs to configure the phone followingRGBRGBRGBRGBRGBinstructions 84/175VI. Analog Terminal Adaptors (ATA)ATAs are required for AT&T Collaborate to use with all analog devices (e.g. fax,elevator, alarm, credit card and ATM lines)VII. DHCP (Dynamic Host Configuration Protocol)CPE will perform DHCP for the IP phones and data devices on the LAN.VIII. Codec SelectionThe default codec used for all SIP phones on Collaborate is G.722. If bandwidthissues exist, a codec having lower voice quality such as G.729 can be used toreduce bandwidth requirements. This is set per device in the Admin portal.
Cisco IP Phone ConfigurationNOTE: Only Cisco 3PCC (3rd Party Call Control) models will work on AT&T Collaborate. Look in the Product Information menu of the phone forthe Product name and Software version fields. The Product name must show “3PCC” and the Software version will need to be 11-x or higher forthe device to work on AT&T Collaborate. If these criteria are met, then the instructions below can be used to configure the device to work onBlue 1 it will showBlue“Model2Blueand3 “Active Load.”Blue 4Blue 5AT&T Collaborate. In devices that will not work, under Settings- Phone InformationNumber”RGBRGBRGBStep I: Reset the phone to factory configuration (only required if phone48/209/255was previously usedforanotherservice)24/185/2370/159/2191. Turn the phone on, but don’t connect it to the network or internet.2. Press the phone’s Applications button ().3. Scroll to “Device Administration” and press “Select” soft key.4. Scroll to “Factory Reset” and press “Select” soft key.5. Press “OK” soft key.6. Phone reboots to factory defaults.7. In “Set password” screen, press “Skip” soft key.Step II: Configure the phone1. Connect the phone to the network.2. Press the phone’s Applications button ().3. Scroll to “Device Administration” and press “Select” soft key.4. Scroll to “Profile rule” and press “Select” soft key.5. Enter the value: https://devicemgt.hcomm.att.net/dms/def/ PSN.xml Use 1 button to get to characters ‘.’ and ’/’ Use # button to get to ‘ ’6.Press “Resync” soft key. Phone may reboot during this resync process.11Note: Blue 3is AT&T BlueRGB5/134/203RGB10/110/190Blue 6RGB15/84/175
Polycom IP Phone ConfigurationNote that SoundPoint and SoundStation phones can only be used on Collaborate ifthey have manufacturer signed security certificates (2010 or newer phones). Thiscan be checked via the phone menu by selecting Menu- Status- Platform and thenscrolling down. Usable phones will show - Device Certificate: Factory InstalledBlue 1RGBStep I: Reset the phone to factory configuration (only required if phonewas48/209/255previously used for another service) . Note that if the SoundPoint /Soundstationphone is not up to firmware level UCS 4.0 or if the Admin password is unknown,the special instructions in page 13 must be used.1. Turn the phone on, but don't connect it to the network or Internet.2. Press the phone’s Menu button.3. Scroll to Settings, and then press the Select soft key.4. Scroll to Advanced, and then press the Select soft key.5. Enter the administrator password (default 456), then press the Enter soft key.6. When Admin Settings appears, press the Select soft key.7. Scroll to Reset to Defaults, and then press the Select soft key.8. Scroll to Reset to Factory, and then press the Select soft key.9. Press the Yes soft key.Step II: Set up the phone for configuration DHCP Options1. Turn the phone on, but don't connect it to the network or Internet.2. Press the phone’s Menu button.3. Scroll to Settings, and then press the Select soft key.4. Scroll to Advanced, and then press the Select soft key.5. Enter the administrator password (default 456), then press the Enter soft key.126. When Admin Settings appears, press the Select soft key.7. When Network Configuration appears, press the Select soft key.8. When Prov. Server appears, press the Select soft key.9. When DHCP Menu appears, press the Select soft key.10. Scroll to Boot Server, and then press the Edit soft key.11. Change to Static. Scroll through the options by pressing the or buttons (onphone models without these, press the up or down arrow keys or press theChange soft key). When Static appears in the Boot Server field, press the OK softkey.12. Press the Exit or Back soft key to return to Prov. Server menu.Step III: Complete the process1. Scroll to Server Type, and then press the Edit soft key.2. Scroll through the protocol options and select HTTPS, and then press the OKsoft key. To locate HTTPS, press the or buttons (on phone models withoutthese, press the up or down arrow keys or the Change soft key).3. Scroll to Server Address, and then press the Edit soft key.4. Enter this value: https://devicemgt.hcomm.att.net/dms/def Note that characters you enter overwrite existing characters. Verify that the mode shown on the screen is a. If not, press the Edit soft keyand select a. Enter a period (.) or colon (:) by pressing the star (*) or pound (#) key. Enter a slash (/) by pressing the pound (#) key until the slash (/) appears. Backspace is the x key or the softkey depending on model.
Polycom IP Phone ConfigurationStep III: Complete the process (continues)5. When you've entered the correct value (shown in step 4), press the OK softkey.Blue 16. Scroll to Tag SN to UA, and change the value to Enabled, if not already set tothat value (this ensures the MAC address of the device is sent to enableretrievalRGBof configuration files).48/209/2557. Press the Exit or Back soft key to return to the Network Configuration menu.8. Press the Exit or Back soft key to return to the Network Admin Settingsmenu.9. Connect the phone to the network.10. To save your changes, scroll to Save Config, and then press the Select softkey. To discard your changes, select exit without saving. Note that you mustsave or your changes will be lost. Also note that the wording of these choicesmay vary on different models.11. The phone automatically reboots several times. Be patient. The phone maysit without any indication of activity for one or two minutes between reboots12. f the phone is not working properly, may need to reboot several times.If the SoundPoint/SoundStation device is on a firmware version lower than UCS4.0, then follow the steps given on Step I & II (page 12) and use step III shownbelow.BlueBlue 3Blue 4Blue 5Blue 6Step2 III1. Scroll to Server Type, and then press the Edit soft nsandselectHTTP,andthenpressthe oft key. To locate HTTP, press the or buttons (on phone models without these,press the up or down arrow keys or the Change soft key).3. Scroll to Server Address, and then press the Edit soft key.4. Enter this value: http://upgrade.hcomm.att.net Note that characters you enter overwrite existing characters. Verify that the mode shown on the screen is a. If not, press the Edit soft keyand select a. Enter a period (.) by pressing the star (*) key. Enter a slash (/) by pressing the pound (#) key until the slash (/) appears.5. When you've entered the correct value (shown in step 4), press the OK soft key.6. Scroll to Tag SN to UA, and change the value to Enabled, if not already set tothat value (this ensures the MAC address of the device is sent to enable retrieval ofconfiguration files).7. Press the Exit or Back soft key to return to the Network Configuration menuNote: Blue 3is AT&T Blue13
Polycom IP Phone Configuration8. Press the Exit or Back sof
customer’s site and provides feedback to confirm its network is VoIP ready. It must be run from a personal computer/device connected across the same LAN at the site where the service will be used, (see page 7 & 8 for firewall port configuration). III. Setup In many instances
