SDES Profile Configuration

An SDES profile specifies the parameter values offered or accepted during SDES negotiation.

To configure SDES profile parameters:

  1. From superuser mode, use the following command sequence to access sdes-profile configuration mode. 
    ORACLE# configure terminal
ORACLE(configure)# security
ORACLE(security)# media-security
ORACLE(media-security)# sdes-profile
ORACLE(sdes-profile)#
  2. Use the required name parameter to provide a unique identifier for this sdes-profile instance.

    name enables the creation of multiple sdes-profile instances.

  3. Use the crypto-suite parameter to select the encryption and authentication algorithms accepted or offered by this sdes-profile.

    Allowable values are:

    AES_CM_128_HMAC_SHA1_80 (the default value)

    supports AES/128 bit key for encryption and HMAC/SHA-1 80-bit digest for authentication

    AES_CM_128_HMAC_SHA1_32

    supports AES/128 bit key for encryption and HMAC/SHA-1 32-bit digest for authentication

  4. Use the srtp-auth parameter to enable or disable the authentication of SRTP packets.
  5. Use the srtp-encrypt parameter to enable or disable the encryption of RTP packets.

    With encryption enabled, the default condition, the Oracle Communications Session Border Controller offers RTP encryption, and rejects an answer that contains an UNENCRYPTED_SRTP session parameter in the crypto attribute.

    With encryption disabled, the Oracle Communications Session Border Controller does not offer RTP encryption and includes an UNENCRYPTED_SRTP session parameter in the SDP crypto attribute; it accepts an answer that contains an UNENCRYPTED_SRTP session parameter.

  6. Use the srtcp-encrypt parameter to enable or disable the encryption of RTCP packets.

    With encryption enabled, the default condition, the Oracle Communications Session Border Controller offers RTCP encryption, and rejects an answer that contains an UNENCRYPTED_SRTCP session parameter in the crypto attribute.

    With encryption disabled, the Oracle Communications Session Border Controller does not offer RTCP encryption and includes an UNENCRYPTED_SRTCP session parameter in the SDP crypto attribute; it accepts an answer that contains an UNENCRYPTED_SRTCP session parameter.

  7. Use the mki parameter to enable or disable the inclusion of the MKI:length field in the SDP crypto attribute.

    The master key identifier (MKI) is an optional field within the SDP crypto attribute that differentiates one key from another. MKI is expressed as a pair of decimal numbers in the form: |mki:mki_length| where mki is the MKI integer value and mki_length is the length of the MKI field in bytes. For hardware-based platforms, the length value can be up to 32 bytes. For software-based platforms, the length value is 4 bytes.

    The MKI field is necessary only in topologies that may offer multiple keys within the crypto attribute.

    Allowable values are enabled and disabled (the default).

    enabled – an MKI field is sent within the crypto attribute (16 bytes maximum)

    disabled – no MKI field is sent

  8. Use done, exit, and verify-config to complete configuration of this SDES profile instance.
  9. Repeat Steps 1 through 8 to configure additional SDES profiles.