Course13:IT Advanced 2 - 03 IP-DECT

From innovaphone wiki
Jump to navigation Jump to search

This book describes the how to set up a DECT system.

Start configuration

Before you start this book please make sure you have a working PBX and App Platform. If not please read the book Setting up a PBX and App Platform and follow all necessary steps before you proceed with this book.

In this topic we will focus on how to set up a DECT system. This means that we need new hardware for this task. You need 2 IP1202 base stations, one IP64 and one IP65 for this course. If you have not already done so, please enter the MAC addresses in your Training Setup Device Definition.

Unfortunately, you will not have enough POE ports at your switch to run your two base stations. This means you need to unplug your IP811 because we don't need it in this topic anyway. There should be two free ports left on your switch afterwards. Please connect your two IP1202 to these ports. screenshot.png Your network should then look like this.

To ensure that your base stations (IP1202A and IP1202B) start with a new configuration, we will perform a factory reset. Resetting to factory settings can be done by pressing screenshot.png the reset button on the back of the IP1202 until the LED is steady yellow/orange. Afterwards you can power cycle the base station or in other words you can power it off by unplugging the LAN port and powering it on again.

(Further Hints) Device-specific information on the possible link_intern.png LED color indications can be found in the Wiki.

If you are using an IP1203 for this course, please complete the following steps before you proceed with the course:
  • Change the admin password of both your IP1203s to ip1202, otherwise your IP1203 cannot be accessed by moodle. You can find this option at General / Admin.
  • screenshot.png Add the default update URL ( to your IP1203, otherwise your device will not be able to connect to moodle and provisioning will fail. This is a consequence of the missing default update URL in the shipped firmware and is described in fish-help.png this wiki article.

As a next step please click the setting_up_dect load button. This load button will not affect your configuration, it will just load a new test suite with new configuration checks.

Adding a base station to devices

Now we will add our two IP1202 to our Devices App. For this purpose we are going to use provisioning. You most likely remember how to do this from your IT Connect training so we will just briefly repeat it. The gateway provisioning process works in three steps.
  • select a provisioning category for your IP1202
  • create a provisioning code
  • enter the code to the device
Before we start, we will create a new category in Devices for our DECT base stations. Of course we could also use hq gateway, which is the default category for all media gateways, but it might be useful to have a separate device category for our base stations. Imagine you schedule an update job for the system, but the PBX should not be restarted during working hours, but the base stations are less critical and could be updated ahead of time. In such a scenario, a category other than the PBX would allow you to perform an update without interfering with the PBX.

To achieve our task we go to the Categories tab in our Devices app and click the screenshot.png Add category button. We will screenshot.png give the category a name like hq DECT and tick the Provisioning category for device configuration deployment check-mark. This check-mark allows us to use the new category to configure a global NTP server or an Alarm Server through the Device configuration features of the Devices app for our DECT base stations. As soon as we click Ok screenshot.png the category is created.

The following steps have to be performed for both our IP1202A and IP1202B to add them to our Devices App.

  • To obtain the provisioning code for our base station, we need to go to the Devices tab in our Devices app and click the Provision a gateway link. Then we will screenshot.png select a category, which is our previously created category hq DECT. We will give the device a name and click on the Next button. Once you click on Next screenshot.png a provisioning code is created. We will use this provisioning code later when we are going through the Install on our IP1202.
  • Afterwards we will start the Install on ourIP1202A and IP1202B. By using these links we ensure that the Install is started in English and the correct firmware is used.
(Further Hints) In case you are using a IP1203 you screenshot.png need to enter the credentials again. This is necessary because we changed the default credentials before.
(Further Hints) The provisioning code is only valid for 10 minutes. You need to create a new provisioning code if the provisioning code expired.

Admin menu

All innovaphone DECT handsets have a hidden admin menu for system administrators. This admin menu can be useful for a variety of a tasks, such as:
  • Retrieve software and hardware information of the DECT handset
  • Retrieve the IPEI and user ID
  • Perform a Factory Reset
  • Error logging
  • Manage Site Survey tools
  • Retrieve DECT link and System Information
  • Configure System parameters although user protection is active
As said before this function is hidden, so you have to navigate to Menu->Call list->Call time and press the following combination on the keypad of your DECT handset.

> * < < * <

(Further Hints)
  • > means to press the right direction on the control pad of your DECT handset.
  • < means to press the left direction on the control pad of your DECT handset.
If your handset is not reset to factory settings, please enter the admin menu as described above and select the Factory reset setting, which is the last entry in the list. After you confirm the factory reset, the handset will restart and ask you for a language.


WinPDM is a software application for Microsoft Windows to manage your DECT handsets and chargers. To be more precise, it allows you to perform firmware updates, apply configuration templates or change advanced settings of the handset. A programming charger (DP1-UAAA in case of an IP64 and IP65) is needed to connect your DECT handset to your PC.

You can find the WinPDM installation files together with a detailed explanation on how to use the software, inside the WinPDM download folder located at the software segment on link_intern.png release/download.htm. All DECT handset firmware files can also be found on the same page.

Let's do a little exercise and upgrade the software of our DECT handsets.

DECT overall Design

Before we start with the configuration, we will take a closer look at the logical building blocks of a DECT system and the relevant terms you have to be familiar with. The graphical representation helps us to put the terms into context.


RFP is the shorthand for Radio Fixed Part and describes the radio part of a DECT base station.


Every RFP repeatedly transmits the RFPI (Radio Fixed Part Identity), which contains the PARI and a RPN. The RFPI is therefore used to identify the RFP and is the basis for granting or denying access to the DECT system.
  • RPN: RPN is short for Radio Fixed Part Number and specifies the number of the base station within a DECT system
  • PARI: The Primary Access Rights Identity is a unique ID to identify the RFP. The PARI master automatically assigns this ID to an IP1202 in the DECT system.

DECT Handsets

A DECT Handset, like an IP64 or IP65, needs to be subscribed to a DECT system. As soon as it is subscribed, it listens to the signal strength of DECT radios within range and selects the radio with the best signal strength to establish a connection.


The DECT radio is responsible for converting signalling and voice data between DECT radio signals and IP packets. The radio registers at the DECT master and H.323 is used as IP based signalling protocol. Each IP1202 has a radio part built-in that can be activated and handle up to 8 simultaneous calls for DECT handsets connected to this radio.

PARI Master

The PARI master is a function of the IP-DECT master which has to be activated specifically. The PARI master is responsible for assigning PARIs to all RFPs of the DECT system. It can manage up to 1023 radios. The PARI master has a database of all RFPIs and the matching MAC addresses. This way the PARI master knows each radio. Since this function is centralized there can only be one PARI master per site (except for a standby instance).

IP-DECT Master

The IP-DECT master is responsible for maintaining an H.323 registration for each user with a handset subscription to the PBX. Since the radio registers at the IP-DECT master the IP-DECT master works as a Gatekeeper for the radios. Furthermore it routes H.323 signalling traffic from the PBX to the proper radio and vice versa.

The IP-DECT master maintains a database (Home Location Database - HDB) which contains the authentication information for each DECT handset. The IP-DECT master can handle up to 1000 DECT users. A DECT system can have more than one IP-DECT master but in that case you need a mobility master which is explained in the next chapter.

In addition, the IP-DECT master is responsible for handling DTMF Feature Codes.

Voice traffic

Once the call is established, RTP traffic is sent from IP endpoint to IP endpoint. In a DECT system the radio is the IP endpoint. A bidirectional radio channel is then used to transmit voice over the air to the DECT handset. These calls on the DECT link are encrypted by a cipher key. Depending on your configuration, voice traffic on the IP link can be SRTP encrypted.



The process of moving a DECT handset from one base station to another during an active call is called Handover. In such a case the PARI master notices that the IP endpoint of DECT handset has to change. Since the PARI master manages the base stations, it notifies the base station that originally established the RTP connection to act as an RTP proxy and to forward RTP traffic to the new base station the handset has traveled to. The remote party does not notice any change and keeps the RTP connection to the radio that established the call in the first place.


The process of moving the handset from one location to another and still being able to make and receive calls is known as roaming.

Early Encryption

If you activate the Early Encryption feature, data such as the caller ID or dialed digits are protected before the encryption of the handset's private cipher key on the DECT link can start. As soon as the handset subscribes, it receives a token from the IP-DECT master which enables it to calculate a key which is used for encryption. For security reasons we recommend to activate this feature which is available at DECT / Config / System on your active IP-DECT master. Keep in mind that you need a Crypto Master as well as a Mobility Master for this function, in case you have multiple IP-DECT master.

Multiple IP-DECT Master

If your system design requires you to have multiple IP-DECT masters, either because you have a screenshot.png multi-site installation or screenshot.png a single site installation with more than 1000 users, you need to have a mobility master in your DECT system. Please note that you can have only one PARI master in a single site installation although you have multiple IP-DECT masters.

The DECT system object which is required for each IP-DECT master can be located either on the same PBX or on a different PBX.

Mobility Master

The mobility master enables handover and roaming in a multiple IP-DECT master system. The mobility master has its own Home location Database (HDB) which it receives from each IP-DECT master in the Installation. This way it has the authentication information of each DECT handset from every IP-DECT master in the system.

It could be even necessary to have multiple mobility master in case you need to distribute load. In such a case the mobility masters need to be interconnected to each other.

Crypto Master

You need to configure a Crypto Master if you activated Early Encryption and you are using a mobility master. Each handset has to have a unique crypto token in the system. The Crypto master ensures there is no conflict of the Crypto token although you have multiple IP-DECT master.

DECT Master

We will start to configure our IP1202A screenshot.png by selecting a mode for the IP-DECT master. For now, we will use the Active mode for our IP1202A. This option can be set atDECT / Config / Master. Restart the device afterwards.

The IP-DECT master can run in the following modes:
  • Off - You probably guessed it, this mode turns off the IP-DECT master feature of your IP1202. This is the default value.
  • Active - This mode turns on the IP-DECT master, allowing you to use all functions of your IP1202.
  • Standby - A nIP1202 in standby mode takes over as soon as the active IP-DECT master fails. You cannot subscribe handsets to a standby IP-DECT master even if the standby has taken over. This mode is deprecated and we recommend to use the mirror mode instead.
  • Deployment - This mode allows us to test our voice quality and measure signal strength. Outgoing calls are forwarded back to the handset.
  • Mirror - If you configure two IP-DECT masters in mirror mode, you always have one active IP-DECT master. Even if the active IP-DECT master fails, the other IP-DECT master in mirror mode will switch to active which allows you to maintain normal operation. We will discuss this feature in more detail later in this book.

DECT System

You have to create a DECT system object in the PBX for each IP-DECT master in your system. This means if you have more than one IP DECT master, you need a DECT system object for each of them. Fortunately, the PBX is capable of handling multiple DECT system objects, so you can create them all in the same PBX. To create a DECT system object we need to go back to our PBX PBX / Objects and select a screenshot.png DECT System object in the drop down menu and screenshot.png assign a Long Name to the object.

Please choose the Long Name of the DECT system object carefully because it will be used throughout your DECT system and is even visible on the screens of the DECT phones. We therefore recommend to use a System name that identifies the physical location of this IP-DECT master. It would be advisable to call it Dect-headquarters or Site-Sindelfingen. Furthermore, you can define a PBX location in the drop-down menu of the DECT system PBX object. If you have a master-slave scenario, you would select the PBX where the DECT system is located.

The purpose of the DECT system object is easily explained. It stores system parameters such as the preferred codec or the authentication method of the DECT system within the PBX.

Please go ahead and create a DECT system object at PBX / Objects and use hq-dect as Long Name for the object.

Afterwards we have to define our DECT system name at the IP-DECT master as well. Therefore we will go to DECT / Config and screenshot.png configure the system name. Note that screenshot.png the system name you configured here has to match the Long Name of the DECT system object in the PBX you created before.

As a result please set the system name to hq-dect.

You are probably wondering which password to use as system password. As soon as we create an LDAP replication between PBX and IP-DECT master, the PBX will share user data, like the user password with the IP-DECT master. Such data is communicated in encrypted form consequently both sides need to share a secret to encrypt and decrypt the data. The secret in this case is the PBX password. The equivalent to the PBX password is the system password at the IP-DECT master. As a result we need to set the system password equal to the PBX password. If you remember back on the first day of the training we set the PBX password at PBX / Config / Security.

Please set the password to ip411 and reset your IP1202A again.

LDAP replication

The IP-DECT master needs to know all user objects that should be capable of using a DECT phone. In the next chapters we will establish an LDAP connection between IP-DECT master and PBX. LDAP is used to replicate all DECT capable user objects to the IP-DECT master and to write information from the IP-DECT master back to the DECT system object we created earlier.

User object settings

The next step is done screenshot.png in the DECT tab of the user object.
  • Gateway: This parameter is mandatory, otherwise the object will not be replicated to the DECT master. You must set the DECT system name here.
  • IPEI: In the course of the book we will discuss two different methods to subscribe a DECT handset to an IP-DECT master. We can either preconfigure this value with the IPEI, the serial number of the DECT handset, or we can leave this value empty and use a feature code to assign the handset to a user.
  • Idle Display: You can enter a text to be shown on the display of the handset.
  • AC: You can define a personal access code that protects the user object from an unauthorized subscription at this object.
(Further Hints) The IPEI of the DECT handset is printed on the box the handset was delivered in and under the handset battery. It is also possible to use the fish-help.png Service Code *#06# to determine the IPEI.

(Further Hints) If you configure the IPEI in the user object, the last digit should be omitted. Although the IPEI is a 13-digit number, you should only enter 12 digits and skip the last digit. The last digit is used as a check digit and can be a special character like a *. If you enter the 13-digit IPEI, the registration will fail.

Please go to the DECT tab of John Doe's user object.
  • Set the Gateway value to hq-dect.
  • Configure the first 12 digit of the IPEI screenshot.png of your IP65.
  • Please configure a simple personal access code for John Doe, like 1234.
Please go to the DECT tab of Richard Roe's user object.
  • Set the Gateway property to hq-dect.

Powering on a virgin DECT handset

If you receive a virgin DECT handset, we have to prepare your handset to be able to use it.
  • Remove the battery cover. In case of an IP64 you better remove the clip to be able to slide down the battery cover.
  • Pull off the foil.
  • On an IP64 you need to plug in the battery connector.
  • Reattach the battery cover.
  • Press and hold the disconnect button at your handset to turn it on.
  • You are going to be asked for a System name, PARK and AC. You can skip this for now because we talk about the subscription of a handset later in the book.

Subscription vs Registration

A common misunderstanding is the difference between subscription and registration. When we talk about subscription, we talk about adding the DECT handset to the DECT environment in order to become known to your IP-DECT master. If the subscription was successful you will see screenshot.png an indication at your IP-DECT master. As long as the DECT handset is not assigned to a user, a subscribed handset will be listed as anonymous. When the IP-DECT master learns which IPEI corresponds to which user object, the IP-DECT master will try to establish a registration on the behalf of the DECT subscription.

LDAP server

As a next step we will screenshot.png create new LDAP credentials on the LDAP server of the PBX. This is necessary because the DECT master replicates its user objects from the PBX. Therefore the DECT master needs access to the user database of the PBX. It is important to set Write Access for this LDAP connection, because the DECT master has to be able to store information on the DECT system object and PBX user objects.

(Further Hints) It important to not set the Apply Hide checkmark for this LDAP connection because the DECT system object is marked hidden by default. As a result, as soon as you activate this checkmark the DECT system object could no longer be seen from the DECT master which would lead to the error message No Sys-Object at the DECT master.

Please screenshot.png create LDAP credentials at Services / LDAP for the LDAP replication.
  • Set the user to\dect
  • Use ip411 as password
  • Tick the Write Access checkmark

LDAP Replicator

As a next step, we complete our LDAP replication configuration because we finally want to see some objects at DECT / Users. More specifically, we want to see John Doe and Richard Roe because these are DECT capable user objects and only these objects should be replicated. Therefore we will have to set up an LDAP replicator at Services / LDAP / Replicator.

The first decision we have to make is the choice of a Replication Type. We select Full Replication which is used when replicating objects from an innovaphone PBX. The Active Directory Replication option is selected if you need to replicate users from a Microsoft Active Directory. But this is currently not what we are looking for.

Please make sure that you selected Full Replication. Afterward we configure the following parameters:
  • Tick the enable flag to activate the replication
  • The server property has to be set to the DNS name of the PBX (
  • The PBX only allows LDAPS connections. As a result we have to activate the TLS checkbox next to the Server property to enable LDAPS. This automatically adds the default port 636 to the server property.
  • We do not need to configure an Alt. Server (Alternate Server) at the moment. This option is used in case we want to have a backup source to replicate from if the PBX is down.
  • You have to configure a search base as the DN property. To replicate objects from the PBX database, the configuration option should be cn=PBX0
  • Since we only want to replicate user objects with a DECT configuration, we set the Filter Type option to DECT Gateway Name
  • Set the DECT Gateway Name to the Long Name of the DECT system object in the PBX. In our case it is hq-dect
  • Set the user property to the LDAP user name we previously defined in the PBX LDAP server. In our case the correct user is called\dect
  • The password must match the password we defined for the LDAP user configured on the PBX LDAP server. Of course, as always, we will use ip411

To see if your configuration worked, you can switch to screenshot.png the replicator status screen Services / LDAP / Rep-Status. If everything worked as it should, you will see the state Completed next to the Full replication information. If your configuration generated an error, you will find an error message in the Last messages section.

Finally, when you click show on your DECT / Users screen, you will see the screenshot.png replicated users John Doe and Richard Roe.

Setting up the IP-DECT master

In this chapter we will focus on further configuration options of the IP DECT master.

(Further Hints) Please note that you need to have an active LDAP replication before you configure the IP-DECT master. If this is not the case, the IP-DECT master cannot write the configuration into the DECT system object. If the IP-DECT master is rebooted, configuration options such as the SARI are lost if they are not present in the DECT system object.

Master ID

You have to assign an screenshot.png ID to the master. This ID has to be unique for each IP-DECT master in a DECT System with multiple IP-DECT masters. In other words, if you have more than one IP-DECT master, each of these IP-DECT masters must have a different Master ID. The default value of the Master ID is 0. To avoid errors, a one-digit number would be advisable in most cases although you may choose the value freely.

It is important that a Standby master has the same ID as the master.

For training purposes we will use 1 as our master ID at DECT / Config / Master .

PARI Master

As already discussed, the PARI master is a function of the IP DECT master. screenshot.png You can activate this function by checking Enable PARI function at DECT / Config / Master. After activating and restarting your device, you have further configuration options available in your IP1202, such as setting a system ID or SARI.

To activate the PARI master function please tick the Enable PARI function check mark and restart your IP1202A afterwards.

System ID

As we talked before the PARI is part of the RFPI. A unique System ID is part of the PARI. The System ID is created randomly and assigned automatically as soon as you enable the PARI master. If more than one IP-DECT system operates in the same coverage area the System ID has to be unique in order to differentiate the systems. The system ID has to be unique as well in a system with two physical sites operating with the same SARI. As a consequence you can set the System ID manually to a value between 1 and 296 at DECT / Config / PARI. Depending on the value, the number of radios per PARI master is limited.

If you use a System ID between 1 and 36, you can connect up to 1023 radios for one PARI master.
If you use a System ID between 37 and 292 the maximum number of radios for one PARI master is reduced to 127.
In large systems you can also set the System ID between 293 and 296. In this case, the PARI master can handle up to 2047, but all other functions such as radio, crypto-master or mobility master should be deactivated.

If you are doing an on-site training in a classroom, please make sure that your fellow classmates use a different System ID than you do.


The SARI (Secondary Access Rights Identity) is a unique ID and used to identify an IP-DECT system and a mandatory configuration of the PARI master. Each DECT system requires its own SARI, which must be purchased for each productive DECT system. It is possible to enter more than one SARI. This can be useful if you want to join two different IP-DECT systems and allow roaming between those. The first entered SARI is later used as PARK, which must be entered to subscribe to a handset.

Please add one of the following SARIs to your configuration. The SARI can be set at DECT / Config / SARI. If you are doing an on-site training in a classroom, please make sure that each participant has a different one.

31100654271708 31100654272203
31100654271745 31100654272240
31100654272049 31100654272304
31100654272102 31100654272341
3110065427214* 31100654272405

(Further Hints) These SARIs are for training purposes only. Usage within productive systems is prohibited.

PBX connection

One of the tasks of the IP DECT master is to keep a registration for each subscribed handset and forward the signalling data from and to the PBX. screenshot.png Consequently we need a VoIP signaling protocol to achieve such a task. In our case we will use H.323/TLS to encrypt traffic from and to the IP-DECT master.
  • Gatekeeper - The IP-DECT master needs to know the address of the PBX to be able to route traffic to the PBX. Therefore a Gatekeeper is used.
  • Alt. gatekeeper - If the PBX fails, a standby PBX should take over. The address of the standby PBX is defined here.
  • Gatekeeper ID - If you want to route the signalling traffic through a reverse proxy. The routing decision is made via the gatekeeper ID, which is configured here.
Back at DECT / Config / Master please configure an IP connection between your IP-DECT master and the PBX.
  • Select H323/TLS as protocol.
  • Configure the Gatekeeper
  • Reboot your IP1202A afterwards.


Throughout this book we will subscribe and register our 2 DECT handsets to Richard Roe and John Doe. These two will be our DECT users. In order for them to register, we need to do some groundwork.

In the first part of the training we discussed that a phone is not registered to a user, but to a device defined in the user object. As a result, we had to create a hardware ID for this phone. We will do the same for our DECT phones but in order to configure it correctly, we need to know which name a DECT phone uses for the registration. The answer is simple, it uses the name of the object which was replicated to the IP-DECT master. For example, John Doe will use his name john.doe for the registration, which means screenshot.png we need to add this hardware ID to the user object.

Please create a hardware ID for John Doe and Richard Roe that matches the name of these objects

Since the IP DECT master manages all registrations to the PBX, the IP DECT master must ensure a trustworthy registration. Activating H.323/TLS does not work in this situation because you cannot map the base station certificate to a user object. screenshot.png The CN of the certificate will simply contain the MAC address of the IP1202, which is unknown in the PBX. However, you still have two different registration methods that you can use. You can either use the PBX password or the user password for the authentication. Both are valid options, but you must make a choice. You cannot use the methods simultaneously.

Registration with user password

We recommend using the user password for registration. Since this is the default method of the IP DECT master, you do not need to configure anything for it to work. The IP DECT master automatically uses the password of the user to authenticate the registration.

If you are afraid that the user can change the user password and then the registration will not work anymore. I can ease your concerns in this regard. Due to the LDAP replication between IP-DECT master and PBX, the IP-DECT master is always up to date with the user password, even if the user changed it.

As we mentioned before, the IP DECT master will use the object name to register to the PBX. This probably sounds familiar to you. The reason is that we already used the name of the object as a hardware ID when we created a hardware ID for ad-hoc registrations. A hardware ID must be unique in the PBX, which means that you must use the same hardware ID for both DECT and hotdesking. It also means that you should use the user password to authenticate the DECT registration because the user most likely doesn't know the PBX password.

Registration with PBX password

Of course you could also use the PBX password for the authentication of the registration. If you remember back the IP-DECT master already knows the PBX password. We had to set the password of the IP-DECT system to the PBX password because the PBX password is used as shared secret to encrypt the user passwords. The IP-DECT master can be told to use the system password for the authentication of the registration if you activate screenshot.png the checkmark Registration with system password at DECT / Config / Master.

On the PBX side, you need to enable screenshot.png the PBX Pwd option at the hardware ID of the DECT handset inside the user object. This option is necessary, because otherwise the PBX does not know to match the received password with the PBX password.


To proceed with our configuration we will now add radios to our DECT system. Fortunately, there is a really easy way to do this. We just have to go to DECT / Devices Overview at our PARI master and we screenshot.png already see a list of radios.

Every virgin base station will use the Gatekeeper Discovery protocol to find his Gatekeeper, or in this context, the PARI master. It sends a gatekeeper request as an IP multicast message and hopes to discover a PARI master. As a result, this mechanism only works if the radio and the PARI master are in the same broadcast domain of the network. When they find each other, the radio will be included in the above-mentioned list.

Please add the radio of your IP1202A and IP1202B to your PARI master,screenshot.png by clicking the Add button. screenshot.png A new window appears allowing us to specify a name and an alternative PARI master for the device. You can also add the radio to a Kerberos realm, but since we use the Devices app, this is no longer necessary. As soon as you click OK, the radio is registered with the PARI master and the configuration is done automatically.

You can also configure the radio manually at DECT / Config / Radio. You will need to configure the following components.
  • Name - The system name must be entered here. We defined this name when we created the Long name of the DECT system object.
  • Password - This password must match the password of the DECT system.
  • PARI Master IP Address - The IP address of the PARI master has to be configured here.
  • Standby PARI Master IP Address - You can define the IP address of a standby PARI master so that the standby PARI master will take over all H323 registrations of radios if the PARI master fails. This configuration is optional.
(Further Hints) Since an IP address is used to connect the radio to the PARI master, you should give the PARI master a fixed IP address or create a reservation on your DHCP server so that the IP address always remains the same.

Air Sync

DECT in Europe operates in the frequency range from 1880 MHz to 1900 MHz and is divided into 10 channels with a bandwidth of 1728 kHz each. Each of these channels is divided into 24 timeslots with a duration of 10 milliseconds. These time slots must be synchronized on all radios in the same sync region, so that each radio has the same clock rate. To achieve synchronization, one radio must be an active sync master to dictate the clock rate.

Timeslots are used for the uplink and downlink between handset and radio. All of these 24 timeslots result in 12 bidirectional channels, 8 channels for speech and 4 for synchronization.

As long as the IP1202 is flashing blue, the base station is not in sync, which means that it cannot operate. If the LED of the base station is constantly blue, the base station is in operation.

But who decides which base station is active sync master? Radios configured as sync master will report to the PARI Master that they want to be the active sync master. The PARI Master will select one of them to be the active sync master. The remaining candidates act as sync slaves until the active sync master fails. In this case, one of the other candidates becomes the new active sync master.

All IP1202s in sync mode slave scan their coverage area to find radios in range. They send a list of received sync candidates to the master. The master tells each sync slave which radio to sync to. This can be the air sync master itself or another air sync slave.

As a result, radios form a sync chain of air sync slaves leading to the air sync master. To keep the sync chains as short as possible, we recommend placing the air sync master and its backup in the center of the DECT coverage area.

In case you configure a radio as a restricted slave, it can't be used as a synchronization source, it can only retrieve sync from another radio. This option is used when a base station cannot be considered a reliable source for synchronization. This may be the case if there is a door between two base stations and the synchronization is lost when the door closes. In such a case the connection can be considered unreliable.

Please set both of our IP1202s screenshot.png from Sync Mode Slave to Master, because we will later test a fail-over that only works if both base stations can be the active sync master (DECT / Config / Air Sync and DECT / Config / Air Sync.

Sync region

There are two main examples why you would want screenshot.png to split a DECT system into multiple sync regions.
  • If the visibility of the base station used for synchronization is constantly changing, e.g. due to a door opening and closing or moving objects, you can divide the coverage area into sync regions, each sync region being independent of the other.
  • If you have separate buildings far away from each other between which synchronization is not possible, you can define multiple sync regions. Also in this case the synchronization is independent from another sync region, but the radios still connect to the same PARI master

In other words, sync regions are used when all radios use the same PARI master, but the coverage between radios is not good enough for stable synchronization or the radios are simply out of range of each other. In this case, we can divide a site into several sync regions. Each of these sync regions has its own sync master, which dictates the clock in that sync region. This way, a handover within this sync region is possible. To enable handover between two sync regions, you must configure a reference sync from another region. If a region loses its reference sync, handover within the region still works, but handover between regions does not work.

Do not forget that the radios use H.323/UDP to talk to the PARI master. This means that the distance between the sync regions does not matter as long as the radio can reach the PARI master via IP. There could even be a VPN tunnel between the sync regions and the communication between the radio and the PARI master will still work. Since the reverse proxy only listens to TCP based traffic, a connection between a radio and the PARI master via the reverse proxy is not possible.

Sync region is a configuration option you can find at DECT / Config / Air Sync and has to be set to a value between 0 and 249 on all radios in the same sync region. As long as the value is within the specified range, you can select any value.

Please make sure that our two IP1202 are part of the same sync region.

As soon as you configure a radio as a sync master screenshot.png you will get additional configuration options. One of these actions can be defined to be executed in case of a synchronization failure with its reference RFPI. You can set the resynchronization to a specific day and time, or it will only be executed on command, but note that all calls will be dropped during the resynchronization.screenshot.png The reference RFPI can be configured at DECT / Config / Air Sync screenshot.png The RFPI value of your radios can be found at DECT / Devices Overview / Radios of your PARI master. Since our setup is quite simple at the moment and we only use one sync region, we do not need to configure a reference RFPI.

(Further Hints) For synchronization to work, it is not allowed to configure the reference synchronization in a ring.

Handset subscription

Before we can subscribe our DECT handsets to our DECT system we need to talk about Subscription Modes and Authentication Codes.

For security reasons, we can define a subscription mode and a matching Authentication code to reject any unknown DECT handset that could be a malicious threat. You have three possible options to choose from.
  • Allowed - Any handset may subscribe as long as the Authentication code is correct.
    • If the user's IPEI is already known to the DECT master, like the IPEI of our John Doe, you only have to turn on your DECT handset. It will automatically search for a DECT system, subscribe to it and the IP-DECT master will create a registration on its behalf.
  • With Activation - The handset subscription requires manual activation.
    • If the IPEI of the user is already known to the DECT master, you must enter the personal user Authentication code. However, the subscription works only video2.png if you click on the user's IPEI at DECT / Users. If you click on it, a subscription with this IPEI is allowed for two minutes. After a successful subscription, the DECT master automatically creates a registration at the PBX on behalf of the handset.
    • If the IPEI is unknown to the DECT master, you can video2.png add the IPEI to the anonymous screen (DECT / Anonymous). To subscribe the handset, you must click on the IPEI you just created and use the system Authentication code. In the next chapter we will learn how to connect an anonymous handset to a PBX user.
  • Disabled - no new DECT handsets can be subscribed. This option can be used if all handsets are already subscribed and no further handsets should be able to be subscribed.
(Further Hints) We advise against using the Allowed Subscription mode in a productive system to protect your system from unwanted subscriptions. This mode should only be used in the deployment phase. Please use With Activation or Disabled in a productive system.

Subscribing Handset in mode allowed

We will first subscribe our IP64 as if we are simulating the deployment phase. Therefore screenshot.png please set the Subscription mode to Allowed at DECT / Config / System.You can either use screenshot.png the suggested system Authentication code or configure a new one. If you use the suggested Authentication Code you need to press OK or otherwise the Authentication code isn't saved in the configuration.

Before we subscribe our IP64, we need to discuss the options that needs to be entered.
  • System name - You need to enter the DECT system name here to identify the DECT system. This configuration is not mandatory.
  • PARK - You will find the PARK at DECT / Users and it serves to identify the DECT system. This configuration is not mandatory.
  • AC - You need to enter either the personal or system Authentication code depending on the subscription method we discussed earlier.
  • Protection - By turning on Protection the user is unable to unsubscribe the handset by himself. While this is a useful setting in real life, we will not use it in training, because we do not want to lock ourselves out.
(Further Hints) You have to identify the DECT system either by the system name or PARK unless you are sure that no other DECT system is in range. In this case you can leave these options blank.

Please power on your screenshot.png IP64. When you switch on your brand new DECT handset or a DECT handset that has been reset to the factory settings, it asks you (after selecting a language and canceling the searching) for the System name, PARK, Access Code (AC) and protection mode. You can also subscribe the handset by navigating to Menu/Settings/System/Subscription at the phone's user interface. We will enter the following values.
  • System name: Please enter hq-dect
  • PARK: Please enter your PARK which screenshot.png can be found at DECT / Users
  • AC: Please enter the previously configured system Authentication code
  • Protection: No
(Further Hints) If you want to enter the system name for the subscription, please note that the input mode is automatically set to "Abc"mode, which means that the first letter is entered as uppercase. You can switch this mode to "ABC", "abc" or "123" by pressing the * key on your phone's keypad.

If the subscription was successful you will see a pop up information on the display of the DECT handset and the DECT system name will appear on the DECT main screen together with the information "Please login". Additionally, you will see the IPEI of the device at the Anonymous screen (DECT / Anonymous).

Mapping a subscription to a PBX user

As soon as a handset is subscribed to the IP-DECT master as anonymous, we can assign the handset to a user object. This can be easily achieved by dialing this number from the anonymous handset:


  • Master-ID - When configuring the IP-DECT master, we previously set the master ID to 1 at DECT / Config / Master.
  • User Number - We need to dial the number of the user to be mapped to.
  • Access-Code - If you configured a personal authentication code in the DECT tab of your PBX user object, you have to also dial it, otherwise it could remain empty.
This means that we dial the following number from our IP64 (Keep in mind that we didn't configure a personal authentication code in the user object of Richard Roe):
The IP-DECT master will create a registration on behalf of the handset. If the registration was successful, you can call any user number in the PBX.

Subscribing Handset in mode With activation

Please switch the Subscription mode to With activation, because we will use this method to subscribe our IP65.

If your IP65 is already registered, you turned it on while the subscription mode was set to Allowed. If the IPEI is already known, the subscription and registration process is performed automatically in this case. To proceed with the next task, you need unsubscribe your handset at Menu/Connections/System/Unsubscribe.

Please start your screenshot.png IP65 and go to Menu/Connections/System/Subscribe. Please enter the following parameters
  • System name: Please enter hq-dect
  • PARK: Please enter your PARK which screenshot.png can be found at DECT / Users
  • AC: Please enter the previously configured personal Authentication code
  • Protection: No
Do not forget to allow subscription video2.png by pressing the IPEI on the IP DECT master since we switched the Subscription mode to With Activation. After successful subscription, the IP-DECT master creates a registration for the handset. Afterwards you can call any of our 4 desk phones.

Phone App

Of course you can also control your DECT handset with a phone app. The configuration is rather easy, you just have to add the word phone as App to the devices entry of your DECT handset. You can do this either screenshot.png in the user object in the advanced UI or the user can do it by himself screenshot.png in his profile app. As soon as you entered the name phone, screenshot.png your phone app will appear.

Feature Codes

Feature Codes

Feature codes are used to call up a specific function on the IP-DECT master via DTMF tones. Which means that you can easily set up a call forwarding or number restriction by simply calling the corresponding feature code from your DECT handset. The IP-DECT master is responsible for interpreting the incoming DTMF tones to activate the desired function for the called user.

These feature codes can be set on DECT / Config / Features and are enabled by default. All feature codes can be changed and the change affects all DECT users.

As a little exercise, let's activate the call waiting feature for Richard Roe by calling *43# from your IP64. You will see an Executed information on the handset display and if you open the user object on your IP-DECT master, you will see all screenshot.png activated features for this user.

R-key handling

In addition to the feature codes, you can also activate features during the call by pressing the R-key (Right function key). So if you are in a conversation, you have the possibility to use either of these options.

  • R-key: Puts the active call on hold. Press the R-key again you retrieve the call on hold.
  • R-key + any number: Puts the active call on hold and calls the dialed number.
  • R-key + 0: An incoming call will be rejected while call waiting is enabled.
  • R-key + 1: Disconnects the call currently on hold
  • R-key + 2: Toggles between an active call and a call on hold.
  • R-key + 3: Initiates a 3-party conference. (This does not work out of the box. We will come to this option later in the book Conferencing and DECT)
  • R-key + 4: Connects the active call with the call on hold.
Let's test this feature
  • Call Richard Roe(13) from Jane Doe(IP112)
  • Connect the call with your IP64
  • Call Richard Roe(13) from Edward Hyde(IP232)
  • You will hear a ringing sound on your IP64, which means that call waiting is working
  • Take the call by pressing the R-key and then 2 on your IP64.
  • Richard can now talk to Edward while Jane listens to the MOH


Now we are going to configure a phone book at DECT / Config / Phone Book to be able to search for names aka forward lookup. The phone book will use LDAP as a protocol to find contacts in the PBX, contacts app service database or a third-party directory service. This will allow us to use the Central Phonebook function of the DECT handsets.

General Settings

Phone Book Number

The Phone Book Number is not allowed to overlap with an existing number in the PBX. The default value is 999999 and it's not recommended to change it. You can still use the number 9 or 99999 in your PBX. This will not result in a conflict.
Discarded Results Text
If too many matches are found in the LDAP search, the result is discarded and the configured text is displayed.
Result Format
This option allows you to decide in which format a search result should be displayed at the handset. Imagine your Display/Sort Attributes value of your external LDAP server configuration is set to: givenName,sn,city,email. In this regard the results are mapped to variables: A=givenName, B=sn, C=city, D=email.

A B C D E and B A C D E will display all found attributes separated by blanks either starting by A or B.
E.g: A B C D E = Erika Müller Sindelfingen

A, B C D E and B, A C D E will display all attributes separated by blanks expect the first one which is also separated by a comma. Again you can choose if you want start the list with A or B.
E.g: B, A C D E = Müller, Erika Sindelfingen

(A or B) C D E and (B or A) C D E will only display A or B and then the rest of the attributes. In case the first attribute is not found the second one is displayed.
E.g: (B or A) C D E = Müller Sindelfingen

PBX search

To find contacts in the PBX we will configure a PBX search on the IP-DECT master.

Server settings

For the PBX search to work, we first need to configure the server side. You probably guessed it, the server side for the PBX search is the PBX.

We will create new LDAP credentials on the LDAP server (Services / LDAP / server) of the PBX.
  • Set the username of the LDAP account to\phonebook
  • Set the password of the LDAP account to ip411
  • Set the Apply Hide flag because we don't want to find hidden objects.

Client settings

As a second step we need to configure the PBX search parameters on DECT / Config / Phone Book.

To screenshot.png configure client side of the PBX search for your DECT handsets, you need to do the following steps.
  • Tick the Enable flag
  • Enter as Server property because the LDAP search request should be sent to the PBX
  • We need to use LDAPS for this connection therefore we have to activate the Use TLS check mark
  • You do not need to tick the Validate TLS Certificate check mark.
  • Set the User of the PBX search to\phonebook
  • The password should be ip411 again because this should be the password the LDAP server account

Let's try it. Therefore please go to Menu/Contacts/Central Phonebook and search for j as first name. You will find Jane and John Doe. You can call both directly from the phonebook.

External LDAP search

As a next step we establish a LDAP connection to our contacts database which we will use as directory service.

Server side

Once again we are going to configure the server side first. As a result we will do the following steps which most likely sound familiar to you because we did the same steps when we discussed the contacts chapter.
  • start Contacts Admin
  • type a secure password into the Password (LDAP) field
    In this course, we will use ip411 again.
  • tick the Enable LDAP check mark to start the LDAP server if not already active.

Client side

To complete our configuration we will configure the following steps screenshot.png on the client side.
  • Tick the Enable check mark.
  • Set the server property to the DNS name of your App Platform (
  • Tick the Use TLS check mark to use LDAPS
  • You do not need to tick the Validate TLS Certificate check mark.
  • Set the User to a name in the domain\user format. The domain is in this case. User is the name of your Contacts App service (contacts). So in this case, you end up with\contacts
  • Set the Password to ip411 which is the matching password in our contacts app
  • Set the Search Base to dc=entries
  • Leave the Search Filter attribute empty because we don't want to filter our search results
  • Set the Search Attributes to givenName,sn
  • Set the Number Attributes to telephoneNumber
  • Set the Display/Sort Attributes to cn

  • Set the Meta Name Attribute to metaSearchText
Once again we will configure screenshot.png the Dialing Location. This resembles the Prefix for Intl/Ntl/Subscriber and Country-Code/Area-Code/Subscriber property in PBX/Config/General, however, the format is slightly different. The Dialing Location is used to put the number in a dialable context.

  • set Country Code to the country code of your trunk line, 49 in your case
  • set Area Code to the area code of your trunk line
    (Further Hints) If there are no area codes in your country, this field must be left empty. So for you, set it to


  • set National Prefix to the prefix you need to dial to reach a national number but without the trunk access prefix (this is the difference to the setting in PBX/Config/General).
    (Further Hints) Again, if there are no area codes in your country, this field must be left empty. So for you, set it to


  • set International Prefix to the prefix you need to dial to reach an international number but without the trunk access prefix (this is the difference to the setting in PBX/Config/General).


  • set External Line to the trunk access prefix of your trunk. In your case, this is


If you go to Menu/Contacts/Central Phonebook and search for r, you will find Renée-François Fenêtre from the external contacts and Richard Roe from the PBX.

(Further Hints) Please note that the LDAP client of the IP-DECT master cannot access a personal phonebook directory in Contacts, as this would require permissions that are not currently configurable.

Reverse lookup

As we learned in the chapter about contacts, the reverse lookup of a number is done in the PBX, in a central place. This means you don't have to configure a separate reverse lookup at your IP-DECT master. This is already taken care of.

You may wonder about the LDAP directory search configuration at DECT / Config / Master. This configuration became obsolete with the introduction of the reverse lookup URL in the PBX. As long as the PBX is already sending a name, which it does when you configure the reverse lookup URL, the LDAP directory search in the IP DECT master will not be performed, even if you have activated it. You can configure the LDAP directory lookup to ask a third-party LDAP server (not the contact database) in case no name was delivered by the PBX, but this is somehow useless because you could enter this server as a reverse lookup anyway.

DECT Redundancy

Now that we have a working DECT environment, we want to strengthen the robustness of our DECT system against sudden failures. For this reason, we are creating a redundant IP-DECT system.

Redundant DECT master

At the beginning of the book we talked about which mode to select for our IP-DECT master. We decided to put the device into active mode. But as we discussed before, we want to make sure our system is working even if the active IP-DECT master fails. To do this, we add another IP-DECT master to our system, but this IP-DECT master should work in standby mode. A standby takes over all responsibilities of an active IP-DECT Master if it fails, without the possibility of subscribing handsets.

We no longer recommend creating a master/standby scenario because it is outdated. Instead of an active/standby scenario, an IP-DECT master in mirror mode can work as both active and standby, but it has to work in pair with another IP-DECT master in mirror mode. So if you put one IP-DECT master in mirror mode, you must also put another one in mirror mode. In other words, it is not possible to mix an IP-DECT master in mirror mode with an IP-DECT master in another mode.

One of the IP-DECT master in mirror mode will start in the active role, while the other one becomes the standby. When the active mirror fails, the standby automatically becomes the active mirror. When the failing IP-DECT master recovers, it becomes the standby mirror and the active mirror remains active.

This already explains the advantages of the mirror mode compared to a master/standby scenario. You can still add/edit/delete users and subscribe handsets in mirror mode, which you cannot do when in active/standby scenario when the standby takes over. Furthermore, if the failing master recovers in a master/standby scenario, all active calls will drop. This is not the case in a mirror mode scenario.

As a next step we have to configure the same system parameters at our IP1202B so that the configuration of our IP1202A and IP1202B is identical.
  • Please set your IP1202A and your IP1202B to master mode mirror at DECT / Config / Master and DECT / Config / Master. Reboot both of your IP1202 afterwards.
  • Please configure the same DECT system name (hq-dect) and password (ip411) for your IP1202B as well. A reboot of your IP1202B is necessary afterwards.
  • The next step is to establish a relationship between our two IP-DECT masters in mirror mode. To do this we need to configure screenshot.png the following parameters on both of our base stations and promote one of our base stations to active IP-DECT master.
    • Mirror Master - We have to configure the IP address of the other IP-DECT master in mirror mode here.
    • Mirror Status - You can see the current status of this base station, whether it is the active master or not. In addition, we have to decide which of our IP DECT masters starts as the active master in mirror mode. This is done by clicking the Activate mirror link.
Afterwards you will see that one of your IP-DECT master in mirror mode screenshot.png is active andscreenshot.png the other is not. Both are connected to each other.

Before we can test the mirror mode we have to set several parameters identical on both IP1202s.
  • Set the Master ID to 1 at DECT / Config / Master so that both IP-DECT masters in mirror mode share the same master ID.
  • Choose the H.323/TLS as protocol and configure the Gatekeeper ( at DECT / Config / Master
  • Create an LDAP replication at Services / LDAP / Replicator for your IP1202B as well. Please use the same credentials as described in the LDAP replicator chapter in this book.
(Further Hints) You must create the LDAP replication from/to the PBX although you already see the desired user objects at DECT / User. The reason for this is that an implicit LDAP replication is created between your IP-DECT masters in mirror mode. It is important that both base stations can write and read from/to the PBX in their active state. When both base stations are online, one of the two LDAP replicators is auto disabled, the other keeps the LDAP replication to the PBX alive and the auto disabled replicator replicates only from its mirror mode counterpart. This way, no conflict in the LDAP replication can occur.

Redundant PARI master

The PARI master is a function of the IP-DECT master. Consequently you can only set this function if your IP1202 is an IP-DECT master. Since the PARI master manages all radios you need one PARI master per site. If the PARI master fails you can define a standby PARI master that takes over if the PARI master fails.

To configure a standby PARI master you need to set the following parameters.
  • Enable the PARI function at DECT / Config / Master and reboot your IP1202B afterwards. Your IP1202B will be the standby PARI master from now on.
  • Configure a Standby PARI Master IP Address at DECT / Config / Radio and DECT / Config / Radio which should point to our IP1202B. A reset is required afterwards.

Redundant Air sync master

To ensure that all radios are in sync, there must be a sync master that dictates the synchronization. If this sync master fails, there must be another sync master in the same sync region to take over. We therefore recommend having more than one sync master in the region.
Fortunately, we do not need to configure anything at our two base stations, since both are already sync masters.

Trying it

Now we can test our configuration.
  • Unplug one of our base stations. The other one will be active. (This will take a few minutes)
  • Start a call between your DECT phones.
  • Plug your IP1202 back in. Your call won't be dropped.