Polycom 3725-76302-001LI

DMA OperationsGuide Signaling Settings

72 Polycom, Inc.

•Configure specific ports or prefixes for “unauthorized” or “guest” SIP

calls that can only access specific resources (VMRs, VEQs, or a SIP peer).

H.323 Device Authentication

In an environment where H.235 authentication is used, H.323 devices include

their credentials (name and password) in registration and signaling (RAS)

requests. The Polycom DMA system authenticates requests as follows:

•If it’s a signaling request (ARQ, BRQ, DRQ) from an unregistered

endpoint, the Call Server doesn’t authenticate the credentials.

•If it’s a signaling request from a registered endpoint, or if the request is

from an MCU or neighbor gatekeeper, the Call Server attempts to

authenticate using its device authentication list (see “Device

Authentication” on page 264).

If the credentials can’t be authenticated, the Call Server rejects the registration

or signaling request. For call signaling requests, it also rejects the request if the

credentials differ from those with which the device registered.

SIP Device Authentication

The SIP digest authentication mechanism is described in RFC 3261, starting in

section 22, and in RFC 2617, section 3). When a SIP endpoint registers with or

calls the Polycom DMA system, if the request includes authentication

information, that information is checked against the Call Server’s local device

authentication list (see “Device Authentication” on page 264).

SIP authentication can be enabled at the port/transport level or (for

“unauthorized” access prefixes) the prefix level. If SIP authentication is

enabled and an endpoint’s request doesn’t include authentication information,

the Call Server responds with an authentication challenge containing the

required fields (see the RFCs). If the endpoint responds with valid

authentication information, the system accepts the registration or call.

Note

You can turn authentication off and on for specific devices (assuming that it’s turned

on here for that device type). See “Edit Device Dialog Box” on page98 .

Note

If inbound SIP authentication is turned on for a port or prefix, the Polycom DMA

system challenges any SIP message coming to the system via that port or with that

prefix. Any SIP peer and other device that interacts with the system by those means

must be configured to authenticate itself, or you must turn off Device

authentication for that specific device. See “Edit Device Dialog Box” on page 98.