How to enable or disable Lync ALG on controller?

By AnandKumar Sukumar posted Jul 04, 2014 05:42 AM


Introduction :


Lync ALG is an implementation of a full-fledged ALG for Microsoft Lync software. Microsoft Lync provides enterprise users with the ability to make voice and video calls to each other and also enables applications like ‘Desktop Sharing’ and ‘File Transfer’.  The proposed ALG for Lync will allow Aruba to provide value-added services like QoS, Call Admission Control, Call Quality metrics and Prioritization for the various Lync applications. This solution also provides a dedicated visibility and debugging framework to fine-tune and troubleshoot Lync traffic flow on Aruba networks.


Feature Notes : Lync ALG feature is supported from AOS 6.3.


Environment : Microsoft Lync deployed by customer. Lync applications need to be prioritized are Voice, Video, file transfer and desktop sharing.


Network Topology : Lync clients <----> AP <--> Controller <----> Lync Server (with LNE plugin)


Configuration Steps :


Lync ALG has to be enabled globally in the firewall settings.

(Abilash-Lab-Cont-master-6.4) (config) #no firewall disable-stateful-sips-processing

(Abilash-Lab-Cont-master-6.4) (config) #show firewall | include SIPS
Stateful SIPS Processing                    Enabled

(Abilash-Lab-Cont-master-6.4) (config) #web-server
(Abilash-Lab-Cont-master-6.4) (Web Server Configuration) #?

captive-portal-cert     Certificate name configured under certificate manager
ciphers                 Configure cipher suite strength. Default is high
idp-cert                Certificate name configured under certificate manager
mgmt-auth               Configure management user's WebUI access method, either username/password authentication or certificate authentication or both. Default is username/password authentication
no                      Delete Command
session-timeout         Configure user's WebUI session timeout <30-3600> (seconds)
ssl-protocol            SSL/TLS Protocol Config
switch-cert             Certificate name configured under certificate manager
web-https-port-443      Enable WebUI access on HTTPS port (443)
web-lync-listen-port    Web Lync Listen Protocol/Port Config
web-max-clients         Configure web servers' maximum supported concurrent clients <25-320>

(Abilash-Lab-Cont-master-6.4) (Web Server Configuration) #web-lync-listen-port http 15000
WARNING: Disable 'classify-media' CLI in access-list for better performance.

(Abilash-Lab-Cont-master-6.4) (Web Server Configuration) #exit


Answer :


Once the applications get invoked, the Lync server shares the session-related information with the Lync Plugin, which, in turn, passes on this information to the controller through HTTP/ HTTPS based XML communication.


Verification :


(Abilash-Lab-Cont-master-6.4) #show firewall | include Statef
Stateful SIP Processing                     Enabled
Stateful H.323 Processing                   Enabled
Stateful SCCP Processing                    Enabled
Stateful VOCERA Processing                  Enabled
Stateful UA Processing                      Enabled
Stateful SIPS Processing                    Enabled

(Abilash-Lab-Cont-master-6.4) #



Troubleshooting :


There are a set of troubleshooting commands that have been introduced for analysing LYNC issues.

(Abilash-Lab-Cont-master-6.4) #show app lync ?

call-cdrs               Show CDR information for prioritized lync calls
call-quality            Show call quality information for prioritized lync calls
client-status           Show lync client status and calls information
tracebuf                Show lync calls tracebuf for first 256 entries
traffic-control         Lync Traffic Control Profile


1 comment


Jul 23, 2014 07:10 PM

Also refer to Lync SDN API Configuration guide on Aruba web site which provides configuration best practices, step-by-step Lync specific configurations and additional troubleshooting details -