Polycom 3725-76302-001LI manual Device Authentication

Note

You can turn authentication off and on for specific devices (assuming that it’s turned on here for that device type). See “Edit Device Dialog Box” on page 98.

•Configure specific ports or prefixes for “unauthorized” or “guest” SIP calls that can only access specific resources (VMRs, VEQs, or a SIP peer).

H.323 Device Authentication

In an environment where H.235 authentication is used, H.323 devices include their credentials (name and password) in registration and signaling (RAS) requests. The Polycom DMA system authenticates requests as follows:

•If it’s a signaling request (ARQ, BRQ, DRQ) from an unregistered endpoint, the Call Server doesn’t authenticate the credentials.

•If it’s a signaling request from a registered endpoint, or if the request is from an MCU or neighbor gatekeeper, the Call Server attempts to authenticate using its device authentication list (see “Device Authentication” on page 264).

If the credentials can’t be authenticated, the Call Server rejects the registration or signaling request. For call signaling requests, it also rejects the request if the credentials differ from those with which the device registered.

SIP Device Authentication

The SIP digest authentication mechanism is described in RFC 3261, starting in section 22, and in RFC 2617, section 3). When a SIP endpoint registers with or calls the Polycom DMA system, if the request includes authentication information, that information is checked against the Call Server’s local device authentication list (see “Device Authentication” on page 264).

SIP authentication can be enabled at the port/transport level or (for “unauthorized” access prefixes) the prefix level. If SIP authentication is enabled and an endpoint’s request doesn’t include authentication information, the Call Server responds with an authentication challenge containing the required fields (see the RFCs). If the endpoint responds with valid authentication information, the system accepts the registration or call.

Note

If inbound SIP authentication is turned on for a port or prefix, the Polycom DMA system challenges any SIP message coming to the system via that port or with that prefix. Any SIP peer and other device that interacts with the system by those means must be configured to authenticate itself, or you must turn off Device authentication for that specific device. See “Edit Device Dialog Box” on page 98.