SmartNode™ 4562
Secure ISDN VoIP and VPN
Optimized for secure, IPsec-encrypted voice-and-data processing, the SmartNode 4562 voice-over-VPN router for ISDN users delivers cost-saving, revenue-generating VoIP to carriers and enterprises.



Need help? Call Patton at +1 301 975 1000 or email sales@patton.com.

Features & Benefits
--Image: Internet Telephony 2007 Excellence Award --
  • Accelerated Voice over VPN—Encrypts voice, signaling and data traffic over IP networks with IPsec, AES, 3DES and IKE. Complete access router with NAT, firewall, PPPoE, DHCP and DynDNS.
  • Full SIP and T.38 support—Complete range of industry standard signaling protocols supported: SIPv2, H.323v4, DSS1, Euro-ISDN, VN4, T.38 fax, fax and modem bypass, DTMF relay.
  • Toll-Quality VoIP—Advanced traffic management and shaping, combined with Patton’s patent-pending DownStream QoSTM enforce uninterrupted toll-quality voice over best-effort networks.
  • Transparent Telephony Features—Preserves ISDN features like caller ID and name (CLIP/CLIR), call transfer, hold, waiting, AOC and much more. Handles complex number manipulation for most seamless integration with existing infrastructure.
  • Management & Provisioning—Web-based management, SNMP, Command Line Interface. Automated Provisioning for easy large-scale deployments.


Overview
--Image: Internet Telephony 2007 Excellence Award -- Featuring hardware-accelerated voice encryption and software optimized for security processing, the SmartNode™ 4562 makes VoIP accessible to organizations that have been missing out on the cost-saving benefits of Internet telephony because of security concerns.

The SmartNode 4562 securely integrates remote or branch offices into the corporate voice and data network using state-of-the-art ISDN VoIP technology. With all inter office traffic secured by IPsec/AES strong encryption and Internet Key Exchange (IKE), users can replace expensive leased lines with low-cost Internet access. All RTP, SIP signaling and data communication are transported through the IPsec VPN tunnel, protecting them from wiretapping, sniffing, or attacks. Patton’s exclusive QoS features, including advanced traffic shaping, VLAN tagging, 802.1p/q and DSCP enforce toll-quality, uninterrupted voice, also inside the secure VPN tunnel.

Industry-leading call routing features include hard and soft communication fallback to the ISDN breakout port in the event of failure. A complete set of industry standard codecs deliver toll-quality voice while T.38 fax, fax bypass, and modem bypass features ensure that no services are interrupted when migrating to VoIP.



Applications
Model 4562 application diagram


Specifications

?Signaling

SIPv2
H.323v4
SIP call transfer, redirect
Overlap or en-bloc dialing
DTMF in-band, out-of-band
Configurable tones
Call Routing & Services Regular expression number matching
Regular expression number manipulation
Number blocking
Digit collection
ISDN

1 port NT, 1 port TE Euro-ISDN BRI So
Point-point and point-multipoint
Lifeline Bypass Relay
Optional QSIG support
Voice Processing G.711m/A-law
G.723.1 (6.4Kbps)
G.729, 729a, 729ab (8Kbps)
G.726 (16 ,24, 32, 40 Kbps)
G.168 echo cancellation (25ms)
Transparent ISDN data
Silence suppression and comfort noise
Adaptive and configurable dejitter buffer
Configurable packet length
Fax and Modem Support T.38 Fax over IP
Fax relay and bypass
Modem bypass
Security 12 simultaneous IPsec VPNs
Hardware accelerated encryption
3DES 192bit, DES, AES 256bit
Voice-over-VPN
IKE
IP Quality of Service Voice priority
DownStreamQoS™
Traffic Management, shaping policing
IEEE 802.1p, IEEE 802.1Q, 4096 VLANs (Tag insertion/deletion), TOS, DiffServ Labeling
LAN and IP Services 4-port 10/100Mbps LAN Switch
Dynamic and static NAT and NAPT
ACL Firewall
DNS, DynDNS
DHCP Server
SNTP Client
IGMP proxy
WAN Connectivity 10/100Base-T Ethernet WAN
Auto-MDI-X
DHCP Client
PPPoE Client (multi-session)
IP Multi-Netting
Management Web-based GUI
Fully Documented CLI
Telnet and HTTP access
TFTP configuration up- and download
TFTP firmware upgrade
SNMP (MIB II and private MIB)
Built-in diagnostic tools
Secure Auto-Provisioning
?Power & Packaging

Desktop plastic enclosure
Dimensions: 4.2W x 1.5H x 5.0D in.
(10.6W x 3.9H x 12.7D cm)
Power consumption < 4W
Operating Environment Operating temperature: 32 - 104°F (0 - 40°C)
Operating humidity: Up to 90% (non condensing)
Compliance FCC Part 15 Class A (US EMC)
CE per RTTE 99/5/EC (EMC and LVD)
Safety - EN60950
TBR-3 (ISDN BRI/So)



Ordering Information Email: sales@patton.com    Tel: +1 301-975-1000
SN4562/2BIS/EUI SmartNode 2 BRI Voice over VPN Router, 10/100baseTX WAN, integrated 4-port 10/100bTX LAN switch, Includes VPN license key. Specify SIP or H.323, External UI Power.
 

Related Information
Articles (PDF) -- Requires Adobe Acrobat to view
Patton Brings Unified Communications to Boy Scouts of America Campground October 31, 2007
SmartNode™ Delivers VoIP-over-VPN Network with Secure, Encrypted Voice for 1200-Site Retail Chain August 08, 2007

Catalogs (PDF) -- Requires Adobe Acrobat to view
Patton Electronics Product Line Catalog #21 (High resolution, print quality) August 25, 2008
Patton Electronics Product Line Catalog #21 (Low resolution, for dial-up users) August 25, 2008

Certifications (PDF) -- Requires Adobe Acrobat to view
Declaration of Conformity - SmartNode™ Model SN4564 July 29, 2008

Data Sheets (PDF) -- Requires Adobe Acrobat to view
SmartNode 4562 Datasheet October 23, 2009
SmartNode 4562 Datasheet (A4 page size) October 23, 2009

Manuals (PDF) -- Requires Adobe Acrobat to view
SmartWare R5.6 Software Configuration Guide July 20, 2010
SmartWare R5.5 Software Configuration Guide March 16, 2010
SmartWare R5.3 Software Configuration Guide January 29, 2009
SmartNode 4552 and 4562 Guide, Getting Started October 22, 2008
SmartWare R5.2 Software Configuration Guide August 07, 2008
SmartWare R5.1 Software Configuration Guide February 06, 2008
SmartWare R4.2 Software Configuration Guide August 17, 2007
SmartWare R4.1 Software Configuration Guide April 05, 2007
SmartWare R3.21 Software Configuration Guide April 05, 2007

News Releases
Patton's New VoIP IAD Wins Unified Communications 2007 Product of the Year March 17, 2008
Patton-Inalp Joins Triple Play Alliance, Promotes Multi-Vendor Interoperability October 01, 2007
Patton Receives INTERNET TELEPHONY Excellence Award September 12, 2007
With Over 1,000 Networking Products to Offer, Patton Publishes Dual Catalogs May 22, 2007
SmartNode™ Delivers VoIP and Data Survivability with Dial Backup and IP Link Redundancy May 09, 2007
Patton Launches High-Performance PRI VoIP Gateway August 14, 2006
SmartNode™ VoIP CPEs Now Certified for Interoperability by Cirpack® July 31, 2006
Voice-VPN Router Delivers Secure, Encrypted VoIP for ISDN Users July 20, 2006
Patton Unveils Industrial First-mile-Ethernet and Outdoor-VoIP Equipment at GlobalComm 2006 June 06, 2006
Patton Hardens Communication Products April 05, 2006
Patton and BroadSoft Deliver Interoperability to Carriers March 06, 2006
Patton Adds Voice-Encryption to SmartNode™ VoIP Routers February 22, 2006
Patton Receives Technology Champion Award February 01, 2006

Tech Notes
Understanding Echo Problems - (PDF) September 19, 2007

White Papers (PDF) -- Requires Adobe Acrobat to view
VoIP in Industrial Networks - Implementing QoS for reliable voice over industrial Ethernet November 10, 2006
 
Frequently Asked Questions
 SmartNode VoIP/ToIP 
 Call Routing 
 How can I remove or restrict Caller-ID (CLIP)? 
 There are two possibilities:
1. Set the ISDN Presentation Indicator (PI) to restricted:
172.16.40.125(ctx-cs)[switch]#mapping-table pi to pi MT-PI-TEST
172.16.40.125(map-tab)[MT-PI-T~]#map default to restricted

2. Delete the Calling-Party Nummer using a E.164 mapping table:
172.16.40.125(map-tab)[MT-PI-T~]#ble calling-e164 to calling-e164 MT-CNPN-TEST
172.16.40.125(map-tab)[MT-CNPN~]#map default to "" 
 Codecs 
 Why do I hear a crackling noise when using the G.729 codec? 
 On the SmartNodes (4110, 4520, 463X, 465X 4830, 491X, 492X, 493X, IC-4FXS) is not possible to use two low-bit-rate codecs at the same time on an FXS port. Thus you must choose to use either G.723 or G.729. G.711 is always supported.
Try this:

enable
configure
system

ic voice 0
low-bitrate-codec g729

In your VOIP profiles, we suggest you use either the G.723 codec or the G.729 codec, but not both, and it should match your low-bitrate-codec selection. 
 Debug and Logging 
 How do I debug QoS? 
 Debugging QoS is different from any other debug commands. It is a two step process. You must be in configuration mode.
1) Go into your service policy and specify "debug queue statistics detail 7"
2) Then do a show command: "show service-policy interface eth0". You can repeat this command as often as you want to view the current statistics. 
 How do I use the ACL debugs to debug a VPN Connection? 
 Debugging VPNs and ACLs is a bit different than using the other debug commands. It is a two step process to enable ACL debugging. You must first be in configuration mode.
1) Go into "context ip" and then into the ethernet interface and type the following debug commands:
"debug acl in"
"debug acl out"

2) Then you can enable and disable debugging of the ACLs by the using the command "debug acl" or "no debug acl".
Note: VPNs tunnels only work between the two networks configured as a VPN (usually two private networks on eth1 like 192.168.1.0 and 192.168.2.0). You cannot ping or test the VPN from the console port or the SmartNode administrator command. You must test between PCs on the two private networks. For instance, a PC at 192.168.1.10 should be able to ping a PC at 192.168.2.10 through the VPN tunnel. You cannot PING a PC on one of the VPN tunnels from the console or admisistrator account.

Additionally, "debug ipsec" provides the IPSEC debug monitor which is normal a one-step debug command.

See the command "terminal monitor-filter" to allow you to filter out the ACLs you want to see. For example, to see only the packets to an IP address 123, you can simply use the command: terminal monitor-filter .*123.* 
 Upgrading/TFTP 
 Using Encrypted TFTP 
 

Encrypted Configuration Download

- An external encryption tool on the PC is used to encrypt the configuration file:

enctool encrypt <plain-config-file> <enc-config-file> [<key>]

- The encrypted confiugration file can then be downloaded with TFTP triggered by

- the CLI copy command:

copy tftp://<host>/<path> <config-file>

- Auto Provisioning

- SNMP

- HTTP

- On the SmartNode the encryption is detected and the configuration file is automatically decrypted

before stored to flash.

- A custom encryption key can be

- downloaded to the SmartWare

- specified with the PC encryption tool

- The encryption key may include the MAC address and/or serial number of the SmartNode using the

placeholders $(system.mac) and $(system.serial) resp.

- An encrypted configuration file can be uploaded to a TFTP server on request, specifying the encrypted

flag:

copy <config-file> tftp://<host>/<path> encrypted

- On the PC the encryption tool can be used to decrypt the file:

enctool decrypt <enc-config-file> <plain-config-file> [<key>]

- A log file lists the last up/downloads:

show log file-transfer


Use Cases

Install a custom encryption key (optional)

You can install a custom encryption key with the SmartNode. The encryption key is used to automatically

decrypt an encrypted configuration file that is downloaded later. A default encryption key is already

installed on the SmartNode.

To install an encryption key you have to create a file on your TFTP server that contains the key. Then you

have to download this key file to the SmartNode using the ‘copy’ command of the SmartNode:

The key file shall contain a key string of at most 24 characters on a single line. Spaces, tabs and LF/CR

characters are trimmed. The key must not contain LF/CR or the null character and must not start or end

with a space or tab. If the key contains more than 24 characters, only the first 24 characters are

considered.

Part Nr. 80-0165, Rev. 1.13 12-07-05 49/54

The key may contain variables that are resolved when the key file is downloaded to a SmartNode. Using

this mechanism you can specify device-specific encryption keys. We currently support the following

variables:

- $(system.mac): The MAC address of the first ethernet port. Execute the show port ethernet

command on a SmartNode to display the MAC address of a SmartNode. This value without the colon

separators and with all lower-case hexadecimal letters is used instad of the variable on the SmartNode.

- $(system.serial): The serial number of the SmartNode. Execte the show version command on

the SmartNode to display the serial number.

When your key file contains the following line…

123$(system.serial)abc$(system.mac)XYZ

show port ethernet shows the following…

Ethernet Configuration

-------------------------------------

Port : ethernet 0 0 0

State : OPENED

MAC Address : 00:0C:F1:87:D9:09

Speed : 10MBit/s

Duplex : Half

Encapsulation : ip

Binding : interface eth0 router

and show version the following….

Productname : SN1200

Software Version : R3.20 TB2005-06-24_MEYER SIP

Supplier :

Provider :

Subscriber :

Information for Slot 0:

SN1200

Hardware Version : 0004, 0001

Serial number : 100000020002

Software Version : R3.20 TB2005-06-24_MEYER SIP

the encryption key on this SmartNode will be interpreted as…

123100000020002abc000cf187d909XYZ

Then you have to download the created key file to the SmartNode. Open a telnet session and type in the

following commands:


>enable

#copy tftp://<ip>/<path> key:

where <ip> is the IP address of your TFTP server and <path> is the path to the key file relative to the

TFTP root.


Encrypt a configuration file

Use the encryption tool to encrypt a configuration file on your PC. Therefore you have to enter the

following command.


enctool encrypt <plain-file> <encrypted-file> [<key>]

where <plain-file> is the path of the non-encrypted input configuration file and <encrypted-file> is the path

of the encrypted output configuration file. <key> specifies the encryption key which shall be used to

encrypt the configuration file. If ommitted the default key is used.


Download an encrypted configuration file

Now you can download the configuration file as usual using the CLI copy-command, the autoprovisioning

feature, HTTP or SNMP download. The SmartNode automatically detects that a downloaded

file is encrypted and tries to decrypt the file using the pre-installed key.


Upload an encrypted configuration file

The SmartNode immediately decrypts a configuration file after downloading it. This is the configuration

file is stored non-encrypted in the flash memory. Thus when you upload a configuration it is uploaded

non-encrypted.

You may upload an encrypted configuration file specifying the encrypted flag at the end of the copy

command:


#copy startup-config tftp://<ip>/<path> encrpted

This encrypts the configuration file before sending it to the TFTP server. Use the enctool decrypt

command on the PC to regain the original configuration.


File Transfer Logs

We introduced an additional log file that stores the history of all file transfers (up to 50 entries). To show

all recently executed file transfer operations enter the following command:


#show log file-transfer