Configuring Network Usage. LifeSize Room 200, Express 200, Room Series, Team 200, Express Series, Team 220, Express 220, TEAM Series, Room 220
Below you will find brief information for video communication system Room 200, video communication system Room 220, video communication system Team 200, video communication system Team 220, video communication system Express 200, video communication system Express 220. The Room 200, Room 220, Team 200, Team 220, Express 200, and Express 220 systems are video communication systems for use in any type of conference room. The systems can connect to other LifeSize systems or systems from other manufacturers that support the H.323 or SIP protocols. The systems offer multiway calling features so that a number of users can participate in a call along with the option to share presentations during the call. Additionally the systems are compatible with various cameras and microphones. For example, the systems also support the option to share a presentation during the call. The systems support IPv4 and IPv6 addressing to connect to other devices using either protocol. The systems also support authentication using the 802.1x protocol for environments that require a high level of security.
Advertisement
Advertisement
Changing the Administrator Password
LifeSize recommends that you protect the administrator preferences with a secure password to prevent occasional users from changing them. To change the administrator password, follow these steps:
1. From the System Menu, access Administrator Preferences : Security : Passwords.
2. Enter a new password in the New Password field below Administrator Password and press OK.
Note: If you did not change the administrator password during initial configuration, the default password is 1 2 3 4.
3. Re-enter the new password in the Confirm Password field and press OK.
4. Select the Set New Password button and press OK.
Setting the User Password
You can set a user password to control access to User Preferences screens. By default, the user password is not set.
Note: If you set a user password, you can also access the User Preferences screens with the administrator password.
To set the user password, follow these steps:
1. From the System Menu, access Administrator Preferences : Security : Passwords.
2. Enter a new password in the New Password field below User Password and press
OK.
3. Re-enter the new password in the Confirm Password field and press OK.
4. Select the Set New Password button and press OK.
Configuring Network Usage
To configure preferences that affect how your LifeSize system functions with other servers and devices on your local network, access Administrator Preferences : Network :
General.
Note: A LifeSize video communications system cannot detect a change to its IP address if the change is due to a change in networks from a wiring closet or though software, such as a change to a router configuration. Reboot the
LifeSize system if the DNS changes.
LifeSize Video Communications Systems Administrator Guide 9
Specifying a Locally Configured IP Address
Dynamic Host Configuration Protocol (DHCP) is used to dynamically allocate and assign IP addresses. DHCP allows you to move network devices from one subnet to another without administrative attention. You can choose to enable DHCP if a DHCP server is present. If you disable DHCP, you must enter an IP address (the locally configured IP address if not assigned by a DHCP server), subnet mask (used to partition the IP address into a network and host identifier), and gateway (IP address of the default gateway the system uses).
Configuring LifeSize Systems Using DHCP
If a LifeSize video communications system obtains its IP address using DHCP (the default), it can accept an option from the DHCP server that specifies a location and file from which the system can obtain configuration information. The file can be located on a web server, trivial file transfer protocol (TFTP) server, or file transfer protocol (FTP) server. Each time the system boots, it attempts to fetch the configuration file specified by the option. If the configuration file has changed since the last time it was applied, the system applies the configuration file before the boot process continues. The following prerequisites must be met to enable this feature:
• The DHCP preference in Administrator Preferences : Network : General on the
LifeSize system must be set to Enabled.
• A LifeSize system accepts site-specific option 157 for this feature. You must configure this option on the DHCP server.
Note: If you configure a system using DHCP option 157 and specify a TFTP server as the source from which to obtain the configuration file, the system accepts the download through port 5351. Ensure that firewalls between the system and the
TFTP server are configured to allow the download through this port.
• A configuration file that contains LifeSize Automation Command Line Interface commands must exist at the location specified by the DHCP option. For more
Note: If FIPS 140-2 in Administrator Preferences : Security : General is set to
Enabled, the following commands, if included in the configuration file, fail: set system licensekey -i set system licensekey -u
To install or update a license key, the FIPS 140-2 preference must be set to
Disabled. For more information about the FIPS 140-2 preference, refer to
"Enabling FIPS 140-2 Security" on page 7.
10 LifeSize Video Communications Systems Administrator Guide
Configuring the DHCP Option
Specific configuration details of DHCP servers for use with this feature vary depending on the DHCP server used and your environment. The scope of this section is limited to describing the format of site-specific option 157, which LifeSize video communications systems can accept from a DHCP server to obtain a configuration file.
A LifeSize system can accept site-specific option 157 from the DHCP server if you configure the option as a string with the following format:
“LifeSize: server=<path>” where <path> is a one or more URLs separated by a semicolon and that specifies the location to a configuration file. Supported protocols include TFTP, FTP, and HTTP. If the path contains more than one URL, the LifeSize system tries the URLs in the order listed and uses the first file that exists.
Example:
If the path is: http://example/config/fishtank.cfg;ftp://example/other/fishtank.cfg
the system attempts to obtain the configuration file fishtank.cfg from the web server at http://example/config/fishtank.cfg. If the file does not exist at that location, the system attempts to obtain the configuration from the FTP server at ftp://example/other/fishtank.cfg.
Note: If the server requires a username and password to access the file, for example to log into an FTP server, you can include the user name and password in the URL.
For example: ftp://<username>:<password>@example/other/fishtank.cfg
where <username> is the user name and <password> is the password required for the login. The user name and password must not contain a semicolon.
LifeSize Video Communications Systems Administrator Guide 11
Each URL can also contain the following escapes to make the configuration unique to the system:
Escape Replacement Value
#M
#S
Replaced with the MAC address using the underscore character to replace the colon between bytes. The MAC address resolves to a hexadecimal number with lower-case letters.
Replaced by the system model as follows: room express room2 team2 express2 room220 team220 express220
#I Replaced by the assigned IP address.
If a machine name or IP address is used alone as a path element, then the following path is substituted: tftp://<name>/#M.cfg;tftp://<name>/#S.cfg
where <name> is the IP address or DNS name in the path.
12 LifeSize Video Communications Systems Administrator Guide
Example:
For a LifeSize Room system with a MAC address of 00:13:FA:00:12:33 and an IP address of
10.10.22.77, the path: http://example/configs/fishtank.cfg;example;ftp://example/#I.cfg
resolves to search for a configuration file at the following locations:
1. http://example/configs/fishtank.cfg
2. tftp://example/00_13_fa_00_12_33.cfg
3. tftp://example/room.cfg
4. ftp://example/10.10.22.77.cfg
Note: The MAC address resolves to a hexadecimal number with lower-case letters. In the previous example, the MAC address 00:13:FA:00:12:33 is replaced with
00_13_fa_00_12_33. If you specify a path that uses the #M escape, ensure that the file name of the configuration file contains lower-case letters.
The first file found is used. If the checksum of the file is different from the last configuration file loaded into the system, then the new file is used.
Note: Setting preferences that result in a system reboot, for example port ranges or SIP preferences, may cause the system to reboot once the configuration file is loaded into the system. Because the checksum for the configuration file in this case is the same, the file is not loaded again. The actual configuration changes are applied when the system is fully booted. This may cause previous configuration preferences to appear in the user interface, for example a previous system name, before the configuration takes effect.
Creating the Configuration File
A configuration file consists of a series of command line interface commands in the same format as the output from the get config command or in a configuration file created from saving the system configuration from the web administration interface. For more information about using the command line interface, refer to the LifeSize Automation Command Line
Interface for LifeSize Video Communications Systems. This document is available from the
Support page of www.lifesize.com.
For more information about saving the system configuration from the web administration
interface, refer to "Saving and Restoring a System Configuration" on page 59.
LifeSize Video Communications Systems Administrator Guide 13
Specifying the Hostname and Domain Name Service (DNS) Servers
You can enter the hostname of the system and the IP addresses to configure DNS servers.
You can also enter the domain names to search when resolving hostnames. Domain Name
System (DNS) translates names of network nodes into addresses; specify this preference to use DNS to resolve the hostnames of devices to IP addresses.
Specifying Network Speed
If you choose an option other than Auto for the Administrator Preferences : Network :
Network Speed preference, ensure that it matches the speed and duplex configured on your network switch.
Note: If your Ethernet switch is configured for half duplex, you may experience poor quality video when placing calls greater than 512 Kb/s. To work around this issue, change your Ethernet switch configuration to a setting other than half duplex when using Auto for the Network Speed preference.
Specifying a VLAN Tag
If you have static virtual local area networks (VLANs) configured in your environment, you can configure your LifeSize system to apply a VLAN tag to outgoing packets and only accept incoming tagged packets that have the same VLAN identifier. To enable this feature, navigate to Administrator Preferences : Network : General : VLAN Tag and specify the
VLAN identifier of the VLAN to which the system is assigned. The value is a number in the range 1 through 4094.
Note: If you set or modify the VLAN Tag preference, the system reboots when you navigate to another screen.
14 LifeSize Video Communications Systems Administrator Guide
Configuring 802.1x Authentication
LifeSize video communications systems support port-based mutual authentication based on the IEEE 802.1X standard using the EAP-TLS sub-protocol. The IEEE 802.1X standard provides port-based authentication involving communications between a supplicant, an authenticator (an 802.1X-capable Ethernet switch in this application), and an authentication server. The LifeSize codec attached to an 802.1X-controlled port on the switch performs the supplicant role. A back-end authentication server (typically, a RADIUS server) attached to a non-802.1X port on the switch usually performs the authentication server role. EAP packets flow between the supplicant (the codec) and the authenticator (the switch); RADIUS packets flow between the authenticator (switch) and the authentication server. Initially, 802.1X ports allow only 802.1X traffic; all other packets are blocked at the data link layer until the device attached to the port is authenticated.
By default, 802.1X authentication is disabled on a LifeSize system. Before you enable this feature using the 802.1x Authentication preference in Administrator Preferences :
Network : General or from the command line interface, ensure that your environment meets the following prerequisites:
• An authentication server that is installed with the CA certificate, the server certificate, and the server certificate private key exists in your environment. The server software is configured with the location of the certificate and private key files, and with the text of the server certificate private key passphrase.
• The authenticator is configured to access the authentication server and to allow one or more of its ports to provide 802.1X access control.
• A certificate authority has produced a CA certificate, a client certificate, a client key and a client key passphrase for the LifeSize system and you have installed these certificates, key, and key passphrase on the LifeSize system using the required commands in the LifeSize command line interface.
Note: If you do not install the CA certificate, client certificate, client key, and client key passphrase on the LifeSize system from the command line interface before enabling this feature, the LifeSize system fails to connect to the network when you enable the feature. You can access the system to disable the feature only through the user interface in this case.
For more information about configuring a LifeSize system for 802.1X support from the command line interface, refer to LifeSize Automation Command Line Interface for
LifeSize Video Communications Systems. This document is available on the Support page of www.lifesize.com.
LifeSize Video Communications Systems Administrator Guide 15
Specifying an NTP Server
The system date and time appear in the user interface and are automatically set if one of the following conditions exists:
• The Administrator Preferences : Network : General : DHCP preference is set to
Enabled, and the DHCP server can pass an NTP server address to your system.
- or -
• The hostname or IP address of an NTP server is specified in Administrator
Preferences : Network : General : NTP Server Hostname.
Note: An NTP server address that a DHCP server passes to your system overrides an
NTP server hostname or address specified in the NTP Server Hostname preference.
The System Information page displays the IP address of the NTP server that the system uses.
Note: The time zone is not set automatically. If you did not specify the time zone for your system during the initial configuration, the time that appears in the user interface
may not be correct. To specify the time zone manually, refer to "Manually Setting
System Date and Time" on page 27.
Enabling IPv6 Addressing
LifeSize systems support dual configuration of IPv4 and IPv6 addressing for the system IP address only. You cannot disable IPv4 addressing on your system. Calls placed with an IPv6 address use the H.323 protocol.
In addition to specifying a local IPv4 IP address (through either DHCP or by manually specifying a static IP address), you can assign an IPv6 address to your system if you are using IPv6 addressing on your network. Access Administrator Preferences : Network :
General and choose Enabled for the IPv6 preference.
If your IPv6 network sends router advertisements, select Auto for the IPv6 Configuration preference to automatically assign the IPv6 address to the system. The default option is
Auto. If you select Manual for this preference, you can specify a static IPv6 address for the system in the IPv6 Address preference and the address of your IPv6 router in the IPv6
Router preference.
Note: Enabling or disabling IPv6 causes the system to reboot after you exit the preference screen.
16 LifeSize Video Communications Systems Administrator Guide
The IP address that appears at the top of the main screen in the user interface is the IPv4 address.The IPv6 address of the system appears in the System Menu on the System
Information page.
All other configuration preferences that require an IP address (for example, the NTP and
DNS servers, H.323 gatekeeper, and SIP server) must be IPv4 addresses.
The directory supports IPv6 addresses. Users can also manually dial IPv6 addresses using the Video Call or Voice Call buttons on the main screen of the user interface and the 0x1a text entry method or screen keyboard. Refer to the LifeSize Video Communications Systems
User Guide for information about changing the text entry mode.
Enabling Network Address Translation (NAT)
Network Address Translation (NAT) enables communication between devices on your LAN that have private IP addresses and devices that are accessed through a public IP network.
Static NAT ensures that the same public IP address always maps to a system’s private IP address so that data from the public network intended for the private system can be routed to the system reliably.
If you are using static NAT to associate a public IP address with the private IP address of your LifeSize system, you must configure your LifeSize system to work with your static NAT server. Access Administrator Preferences : Network : NAT and select Enabled for the
Static NAT preference. Enter the public IP address, hostname, or fully qualified domain name of your system in NAT Public IP Address. The default entry method for this preference is numeric. To enter text, use the key on the remote control to change the entry method to text.
Note: If you are using a static firewall or NAT with fixed ports, you cannot register to a public gatekeeper. If you configure H.323 settings and enable H.460 support, the system ignores preferences in Administrator Preferences : Network : NAT. Refer
to "Enabling H.460 Support for H.323 Calls" on page 25 for more information.
The following functions are not supported if your system is accessed from a web browser outside a firewall and static NAT is enabled:
• System Upgrade
• Directory Import
• LifeSize Networker upgrade and reboot
• Background Image Import
To work around this issue, execute these functions from within the firewall.
LifeSize Video Communications Systems Administrator Guide 17
Restricting Reserved Ports
By default, LifeSize systems communicate through TCP and UDP ports in the range 60000 -
64999 for video, voice, presentations, and camera control. LifeSize systems use only a small number of these ports during a call. The exact number depends on the number of participants in the call, the protocol used, and the number of ports required for the type
(video or voice) of call.
To minimize the number of UDP and TCP ports that are available for communication, you can restrict the range by entering values in Administrator Preferences : Network :
Reserved Ports. LifeSize recommends that the range you choose, if other than a subset of the default range, begins with a port number greater than 10000.
Note: Changing the TCP range causes an automatic reboot of the system.
An H.323 video call with a presentation requires more ports than other types of calls. The following table identifies the number of UDP and TCP ports needed for an H.323 video call with a presentation based on the maximum number of connections that LifeSize systems support. Depending on the maximum number of connections that your LifeSize system supports, use this information as a guide when determining the range of port numbers to enter in the Reserved Ports preferences.
Maximum Connections Required Ports for an H.323 Call
Eight-way video call and a presentation
Six-way video call and a presentation
Four-way video call and a presentation
Two-way video call with a presentation and an audio call
56 UDP
14 TCP
40 UDP
10 TCP
24 UDP
6 TCP
10 UDP
4 TCP
18 LifeSize Video Communications Systems Administrator Guide
The following tables identify the number of ports required per connection by protocol and the type (video or voice) of call. Use this information if you need to further restrict the port range.
H.323 two-way call required ports:
Call Type Number of Required UDP and TCP Ports
Video a 8 UDP ports (6 if presentations are disabled)
2 TCP ports
Voice b 2 UDP ports
2 TCP ports a. Each additional video participant requires 8 UDP ports and 2 TCP ports.
b. Each additional voice participant requires 2 UDP and 2 TCP ports.
SIP two-way call required ports:
Call Type Number of Required UDP Ports
Video a
Voice b
6 UDP ports
2 UDP ports a. Each additional video participant requires 6 UDP ports.
b. Each additional voice participant requires 2 UDP ports.
Configuring Firewall Settings
If your LifeSize system communicates with other systems through a firewall, you must configure your firewall to allow incoming and outgoing traffic to the system through:
• TCP port 1720 (for H.323 call setup)
• UDP port 5060 (for SIP call setup)
• TCP port 5060 (for SIP call setup if TCP signaling is enabled for SIP calls). Refer to
"Configuring SIP Settings" on page 25.
• TCP port 5061 (for TLS signaling in SIP calls if TLS signaling is enabled). Refer to
"Configuring SIP Settings" on page 25.
• Required TCP and UDP ports in the range specified in Administrator Preferences :
Network : Reserved Ports. For more information about specifying the range of required
TCP and UDP ports, refer to "Restricting Reserved Ports" on page 18.
LifeSize Video Communications Systems Administrator Guide 19
Advertisement
Key features
- Support for H.323 & SIP
- Multiway calling
- Presentation sharing
- IPv4 & IPv6 addressing
- 802.1x authentication
- FIPS 140-2 security
- H.235 AES security
- System administration through web browser
- System administration through SSH
- System administration through telnet