Manuals / Cisco Systems / Household Appliance / Home Security System

Cisco Systems VC-289 Interzone Communication, RADIUS and TACACS+, Terminal Name Registration

Models: VC-289

1 76
Download 76 pages 30.7 Kb
Page 5
Image 5
Terminal Name Registration

Configuring H.323 Gatekeepers and Proxies

H.323 Gatekeeper Features

Terminal Name Registration

Gatekeepers recognize one of two types of terminal aliases, or terminal names:

H.323 IDs, which are arbitrary, case-sensitive text strings

E.164 addresses, which are telephone numbers

If an H.323 network deploys interzone communication, each terminal should at least have a fully qualified e-mail name as its H.323 identification (ID), for example, bob@cisco.com. The domain name of the e-mail ID should be the same as the configured domain name for the gatekeeper of which it is to be a member. As in the previous example, the domain name would be cisco.com.

Interzone Communication

To allow endpoints to communicate between zones, gatekeepers must be able to determine which zone an endpoint is in and be able to locate the gatekeeper responsible for that zone. If the Domain Name System (DNS) mechanism is available, a DNS domain name can be associated with each gatekeeper. See the DNS configuration task in the “Configuring Intergatekeeper Communication” section to understand how to configure DNS.

RADIUS and TACACS+

Version 1 of the H.323 specification does not provide a mechanism for authenticating registered endpoints. Credential information is not passed between gateways and gatekeepers. However, by enabling AAA on the gatekeeper and configuring for RADIUS and TACACS+, a rudimentary form of identification can be achieved.

If the AAA feature is enabled, the gatekeeper attempts to use the registered aliases along with a password and completes an authentication transaction to a RADIUS and TACACS+ server. The registration will be accepted only if RADIUS and TACACS+ successfully authenticates the name.

The gatekeeper can be configured so that a default password can be used for all users. The gatekeeper can also be configured so that it recognizes a password separator character that allows users to piggyback their passwords onto H.323-ID registrations. In this case, the separator character separates the ID and password fields.

Note The names loaded into RADIUS and TACACS+ are probably not the same names provided for dial access because they may all have the same password.

Accounting via RADIUS and TACACS+

If AAA is enabled on the gatekeeper, the gatekeeper will emit an accounting record each time a call is admitted or disconnected.

Cisco IOS Voice, Video, and Fax Configuration Guide

VC-293

Page 4 Page 6
Page 5
Image 5
Cisco Systems VC-289 Interzone Communication, Accounting via RADIUS and TACACS+, Terminal Name Registration, VC-293
Page 4 Page 6