Video Communication Server Administrator Guide
System Configuration
Getting Started
Table of Contents
Call Processing
Administrator Policy
Using TANDBERG’s FindMe
User Policy
Fallback Alias
Enum Dialing Disconnecting calls
Calls to and from Unregistered Endpoints
Firewall Traversal
Ldap Configuration 80
Maintenance
DNS Configuration 79
Regular Expression Reference 78
Trademarks and Copyright
Copyright 2007, Tandberg
Disclaimer
Disclaimer, Copyrights and License Agreements
Patent Information
Safety Instructions
Safety Instructions and Approvals
Approvals
Environmental Issues
Environmental Issues
Optional Features
Main Product Features
Standard Features
Introduction
Getting Started
Connecting the Cables
Tandberg VCS
Powering on the VCS
Initial Configuration via Serial Cable
System Administrator Access
Using the Web Interface
Supported Browsers
Using the Command Line Interface CLI
Viewing the Overview
ViewingText goesSystemhere Overview
Understanding the Overview
About Admin Access settings
Systemtext Configuration
Configuring System Settings
System Administration Configuration
XConfiguration Ethernet
Configuring Ethernet Settings
Ethernet Configuration
About Ethernet Speed
XConfiguration IP XConfiguration IPProtocol
Configuring IP Settings
IP Configuration
About IPv4 to IPv6 Gatewaying
XConfiguration IP DNS
DNS Configuration
Configuring DNS Settings
About DNS Servers
NTP Configuration
Configuring NTP Settings
Setting the Time Zone
XConfiguration NTP Address XConfiguration TimeZone Name
Snmp Configuration
Configuring Snmp Settings
About Snmp Settings
XConfiguration Snmp
XConfiguration ExternalManager
Configuring External Manager Settings
External Manager Configuration
About the External Manager
Backing up Configuration Settings
Logging
Logging Overview
Event Log Format
Viewing the Event Log
Event Log
Message Details Field
Events Logged at Level
DNS
Events Logged at Level 1
SIP
Event Data Fields
TCP UDP TLS
225 245
Request/granted registration expiry duration
For Register requests the AOR for the Register request
Number of bytes sent/received in the message
Limitations of standard syslog timestamps
WorkingText goeswithhereH.323
Overview Endpoint Registration
Configuring H.323
XConfiguration H323
WorkingText goeswithhereSIP
SIP Overview
Configuring SIP Registrations, Protocols and Ports
XConfiguration SIP
Configuring SIP Domains
XCommand DomainAdd XConfiguration SIP Domains
InterworkingesText here
Configuring Interworking
XConfiguration Interworking Mode
Overview
Endpoint Registration
MCU, Gateway and Content Server Registration
RegistrationText goes hereControl
Registration Overview
Preventing automatic registrations
Finding a VCS with which to Register
323
H323 Gatekeeper AutoDiscovery
Configuring Authentication
About Authentication
Authentication
XConfiguration Authentication
Configuring the Ldap Server Directory
Authentication using an Ldap Server
Alias Origin Setting
Securing the Ldap Connection with TLS
Configuring Ldap Server settings
XConfiguration Ldap XConfiguration Authentication
New
Authentication using a Local Database
Configuring the Local Database
Create Credential
Registering Aliases
Attempts to Register using an Existing Alias
About Alias Registration
Alias Registration
Patterns and Pattern Types
XConfiguration Registration RestrictionPolicy
About Allow and Deny Lists
Allow and Deny Lists
XCommand AllowListAdd XConfiguration Registration AllowList
Managing Entries in the Allow List
Add Deny List Pattern
XCommand DenyListAdd XConfiguration Registration DenyList
Managing Entries in the Deny List
Registration Deny List
About your Video Communications Network
Managing Zones, Neighbors and Alternates
Example
Local Zone and Subzones
Configuring the Local Zone and its Subzones
About the Local Zone and its Subzones
Zones
XConfiguration Zones Zone
Adding Zones Configuring Zones
XCommand ZoneAdd
Create Zone
Hop count
Configuring Zones All Types
Match1 Match5
Configuring Neighbor Zones
SIP port
Protocol
Configuring Traversal Client Zones
Retry interval
SIP transport
Configuring Traversal Server Zones
DNS suffix
Configuring Enum Zones
Configuring DNS Zones
Determines whether H.323 calls will be allowed to this zone
XConfiguration Alternates
About Alternates Configuring Alternates
Alternate 1 to Alternate 5 IP address
Flat Dial Plan
Setting up a Dial Plan
About Dial Plans
Structured Dial Plan
Locating a Destination Endpoint
CallText Processinggoeshere
Process
Dialing by Address Types
About Hop Counts
Configuring Hop Counts
XConfiguration Zones Zone 1..200 HopCount
Hop Counts
Administrator Policy and Authentication
Administrator Policy
About Administrator Policy
Authentication Mode On
Administrator Policy Mode
Enabling the use of Administrator Policy
To enable Administrator Policy
Administrator Policy Mode to take effect
Configuring Administrator Policy via the Web Interface
About CPL XSD files
Configuring Administrator Policy via a CPL script
Uploading a CPL Script
Downloading policy files
UserText goesPolicyhere
About User Policy
Enabling User Policy on the VCS
Configuring User Policy Manager
XConfiguration Policy UserPolicy
Username
Managing FindMe User Accounts
About User Accounts
Creating a New User Account
Changing a User Password
Viewing Existing User Account Settings
Tick the box next to the account you wish to delete
Deleting a User Account
To change delete a FindMe user account
Click here to delete the selected accounts
About your FindMe User Account
Using TANDBERG’s FindMe
FindMe User Accounts Accessing the FindMe Configuration
About FindMe
Configuring your FindMe User Account
AliasText goSearchingshere and Transforming
Configuring Local Alias Transforms
XConfiguration Transform
Zone Searching and Transforming
Default Settings
Configuring Zone Searches and Transforms
Zone searching and alias transforming configuration
Never Query a Zone
Combining Match Types and Priorities
Examples
Always Query a Zone, Never Apply Transforms
Changing the Prefix or Suffix Before Querying
Filter Queries to a Zone Without Transforming
User@example.com User@exampleusa.com
Query a Zone for Both Original and Transformed Alias
Query a Zone for Two or More Transformed Aliases
URITextDialinggoeshere
URI Dialing Overview
URI Dialing for Outgoing Calls
Configuring Matches for DNS Zones
An AlwaysMatch, or
Click Create Zone
Adding and Configuring DNS Zones
XCommand ZoneAdd XConfiguration Zones Zone
Assigns a name to this zone
Configuring DNS Servers
XConfiguration IP DNS Server
URI Dialing for Incoming Calls
Recommended Configuration
Example DNS Record Configuration
URI Dialing and Firewall Traversal
Enum Dialing Overview
ENUMText goesDialinghere
About Enum Dialing
Enum Process
Prerequisites
Enum Dialing for Outgoing Calls
Configuring Transforms for Enum Zones
Configuring Matches for Enum Zones
Mode of PatternMatch Pattern string Pattern type of Prefix
Configuring Enum Zones
For Enum zones, this will be Enum
Configuring DNS Servers
About DNS Domains for Enum
Configuring DNS Naptr Records
Enum Dialing for Incoming Calls
CallsText gtoesandherefrom Unregistered Endpoints
Configuration
Recommended Configuration for Firewall Traversal
Calls to an Unregistered Endpoint
Fallback Alias
XConfiguration Call Services Fallback Alias
FallbackText goesAliashere
Example Use of a Fallback Alias
DisconnectingText goes herecalls
Identifying a Particular Call
Issues when Disconnecting SIP Calls
Disconnecting a Call via the Web Interface
Disconnecting a Call via the CLI
Disconnect
About Firewall Traversal VCS as a Firewall Traversal Client
Firewall Traversal
Firewall Traversal Overview
VCS as a Firewall Traversal Server
Firewall Traversal Protocols and Ports
Stun Ports
Ports for Connections out to the Public Internet
323
Firewall Traversal and Authentication
VCS
From the Type drop-down menu, select
Configuring the VCS as a Traversal Client
Adding a New Traversal Client Zone
TraversalClient Create Zone
Configuring a Traversal Client Zone
Alternate 1 Alternate 5 Address
Adding a New Traversal Server Zone
Configuring the VCS as a Traversal Server
TraversalServer Create Zone
Demux mode
Configuring a Traversal Server Zone
TCP retry count Interval
Configuring Traversal for Endpoints
XConfiguration Zones LocalZone Traversal H323
323 H.460.18 call signaling port
Configuring Traversal Server Ports
Assent call signaling port
Media demultiplexing RTP port
Stun Binding Discovery
Stun Services
About Stun
Stun Relay
Configuring Stun Services
XConfiguration Traversal Server
About Bandwidth Control
Bandwidthth Controll
Example Network Deployment
Subzones
BandwidthControl
XCommand SubZoneAdd
Creating a Subzone
XConfiguration Zones LocalZone SubZone
Configuring a Subzone
To configure a subzone
Subnet 2
How Different Bandwidth Limitations are Managed
Applying Bandwidth Limitations to Subzones
Types of Limitations
Per call inter Limits the bandwidth of any individual call
Creating a new pipe
XCommand PipeAdd
About Pipes
Creating Pipes
Editing an Existing Pipe
XConfiguration Bandwidth Pipe
Editing Pipes
About Links Creating Links
Default Links
XCommand LinkAdd
Creating a New Link
Editing Links
XConfiguration Bandwidth Link
Editing Links
Bandwidth Control
Default Links
Applying Pipes to Links
Configuring the Default Call Bandwidth and Downspeeding
About the Default Call Bandwidth
About Downspeeding
Bandwidth Control Examples
Example Without a Firewall
Enterprise VCS Subzone Configuration
VCS Border Controller Subzone Configuration
Example With a Firewall
Upgrading Using SCP/PSCP
MaintenanceText goes here
Backing up the Existing Configuration Before Upgrading
Upgrading Software
Upgrading via the Web Interface
Upgrading
About Adding Extra Options
XConfiguration Option 1..64 Key S 0
Option Keys
Adding Options via the CLI
Add option key
Adding Options via the Web Interface
Add Option Click Add Option
Enabling Security
About Security
Security
About the System Snapshot
Passwords
System Snapshot
Creating a System Snapshot
About Restarting
XCommand Boot
Restarting
About Shutting Down
Https
CommandText goes hereReference xConfiguration
Http
SSH
Request
Total Mode On/Off
AliasOrigin LDAP/Endpoint/Combined
Off the call will be rejected
One call
Far end were registered directly to the local system
Fallback Alias S 0
TCP
H323 Gatekeeper CallSignaling
Port
NTP
Option Key S 0
On the VCS will act as a DIP registrar
Tration will not be permitted
Off the VCS will not act as a SIP registrar
137
Snmp
CommunityName S 0
RTP
Rtcp
Stun
Traversal Server
For any one call to or from an endpoint in the Default
Between two endpoints within the Default Subzone
For any one call between two endpoints within
Intra Mode None/Limited/Unlimited
To or from an endpoint in this subzone
Sets the total bandwidth limit in kbps of this subzone
Limit
Name S 1 Assigns a name to this subzone Subnet Address S 0
RetryCount
Zones LocalZone Traversal H323 Cont
Order to keep the firewall’s NAT bindings open
VCS will attempt to send a TCP probe to the VCS
Enum
145
TCP TCP will be used
Transport TCP/TLS
TLS TLS will be used
Zones TraversalClient
Plexing mode for calls from the traversal client
Off Each call will use a separate pair of ports for
Zones TraversalServer TCPProbe KeepAliveInterval Cont
List, the registration will be permitted
CommandText goes hereReference xCommand
XCommand Description Parameters
PatternType Exact/Prefix/Suffix/Regex
Description Parameters
XCommand
List, the registration will not be permitted
Status/NTP
Event/AuthenticationFailure
Status/Ethernet
Status/LDAP
Pipe1 S 1
LinkAdd LinkDelete Locate OptionKeyAdd OptionKeyDelete
Pipe2 S 1
153
PerCallInter
SubZoneAdd SubZoneDelete
PerCallInterMode None/Limited/Unlimited
To Limited
TransformAdd TransformDelete ZoneAdd ZoneDelete
Each transform
ZoneList
CommandText goes hereReference xStatus
Option Key S 1 Description S 1
Server Address IPv4Addr/IPv6Addr Domain S 0
NTP
External Manager
Status On/Off URL S 1,255 Expression S 1,127 0..15 entries
160
161
Contact S 1,255 Path URI 1..10 S 1,255
Zones
163
164
165
166
167
Status Active/Inactive/Failed Address IPv4Addr IPv6
IPv4
Status Active/Inactive/Failed Address IPv4Addr
Status Active/Inactive/Failed Address IPv6Addr
169
Address
Address-switch node
CPLText Referencgoeshere
Otherwise node
Setup
Authentication Mode On
Field
URI
Subfield
Url-ID 323 ID H323-ID Dialled Digits DialedDigits
Unsupported CPL Elements
Rule-switch
CPL Script Actions Location
Proxy
Call Screening Based on Alias
Call Screening of Authenticated Users
CPL Examples
Vpengineering
Call Screening Based on Domain
Change of Domain Name
Block Calls from Default Zone and Default Subzone
Allow Calls from Locally Registered Endpoints Only
Restricting Access to a Local Gateway
Will match against any sequence of characters
RegularText goesExpressionhere Reference
About Regular Expressions
For a detailed description of regular expression syntax see
Verifying the SRV Record
DNSText goesConfiguhereation
Overview Microsoft DNS Server
Bind 8
LDAPText goesConfigurationhere
About the Ldap Databases Downloading the H.350 schemas
Adding H.350 Objects
Installing the H.350 Schemas
Microsoft Active Directory
Securing with TLS
OpenLDAP
. Copy the OpenLDAP files to the OpenLDAP schema directory
. Add the ldif file to the server using the command
Add the H.350 Objects
Bibliography
Reference Title Link
Glossary
Term Definition
LRQ
IRQ
LAN
NAT
Firewall NAT traversal for SIP. Defined by RFC 3489
Session Initiation Protocol
Protocol used to monitor network devices
Reliable communication protocol defined by RFC 791
187