Video Communication Server Administrator Guide
Getting Started
System Configuration
Table of Contents
User Policy
Administrator Policy
Using TANDBERG’s FindMe
Call Processing
Firewall Traversal
Enum Dialing Disconnecting calls
Calls to and from Unregistered Endpoints
Fallback Alias
Regular Expression Reference 78
Maintenance
DNS Configuration 79
Ldap Configuration 80
Copyright 2007, Tandberg
Trademarks and Copyright
Patent Information
Disclaimer, Copyrights and License Agreements
Disclaimer
Approvals
Safety Instructions and Approvals
Safety Instructions
Environmental Issues
Environmental Issues
Introduction
Main Product Features
Standard Features
Optional Features
Tandberg VCS
Connecting the Cables
Getting Started
Initial Configuration via Serial Cable
Powering on the VCS
System Administrator Access
Supported Browsers
Using the Web Interface
Using the Command Line Interface CLI
Understanding the Overview
ViewingText goesSystemhere Overview
Viewing the Overview
System Administration Configuration
Systemtext Configuration
Configuring System Settings
About Admin Access settings
About Ethernet Speed
Configuring Ethernet Settings
Ethernet Configuration
XConfiguration Ethernet
About IPv4 to IPv6 Gatewaying
Configuring IP Settings
IP Configuration
XConfiguration IP XConfiguration IPProtocol
About DNS Servers
DNS Configuration
Configuring DNS Settings
XConfiguration IP DNS
XConfiguration NTP Address XConfiguration TimeZone Name
Configuring NTP Settings
Setting the Time Zone
NTP Configuration
XConfiguration Snmp
Configuring Snmp Settings
About Snmp Settings
Snmp Configuration
About the External Manager
Configuring External Manager Settings
External Manager Configuration
XConfiguration ExternalManager
Backing up Configuration Settings
Logging Overview
Logging
Message Details Field
Viewing the Event Log
Event Log
Event Log Format
DNS
Events Logged at Level
Events Logged at Level 1
225 245
Event Data Fields
TCP UDP TLS
SIP
Limitations of standard syslog timestamps
For Register requests the AOR for the Register request
Number of bytes sent/received in the message
Request/granted registration expiry duration
Overview Endpoint Registration
WorkingText goeswithhereH.323
XConfiguration H323
Configuring H.323
SIP Overview
WorkingText goeswithhereSIP
XConfiguration SIP
Configuring SIP Registrations, Protocols and Ports
XCommand DomainAdd XConfiguration SIP Domains
Configuring SIP Domains
Overview
Configuring Interworking
XConfiguration Interworking Mode
InterworkingesText here
Registration Overview
MCU, Gateway and Content Server Registration
RegistrationText goes hereControl
Endpoint Registration
H323 Gatekeeper AutoDiscovery
Finding a VCS with which to Register
323
Preventing automatic registrations
XConfiguration Authentication
About Authentication
Authentication
Configuring Authentication
Securing the Ldap Connection with TLS
Authentication using an Ldap Server
Alias Origin Setting
Configuring the Ldap Server Directory
XConfiguration Ldap XConfiguration Authentication
Configuring Ldap Server settings
Create Credential
Authentication using a Local Database
Configuring the Local Database
New
Alias Registration
Attempts to Register using an Existing Alias
About Alias Registration
Registering Aliases
Allow and Deny Lists
XConfiguration Registration RestrictionPolicy
About Allow and Deny Lists
Patterns and Pattern Types
Managing Entries in the Allow List
XCommand AllowListAdd XConfiguration Registration AllowList
Registration Deny List
XCommand DenyListAdd XConfiguration Registration DenyList
Managing Entries in the Deny List
Add Deny List Pattern
Example
Managing Zones, Neighbors and Alternates
About your Video Communications Network
About the Local Zone and its Subzones
Configuring the Local Zone and its Subzones
Local Zone and Subzones
Zones
Create Zone
Adding Zones Configuring Zones
XCommand ZoneAdd
XConfiguration Zones Zone
Match1 Match5
Configuring Zones All Types
Hop count
SIP port
Configuring Neighbor Zones
SIP transport
Configuring Traversal Client Zones
Retry interval
Protocol
Configuring Traversal Server Zones
Determines whether H.323 calls will be allowed to this zone
Configuring Enum Zones
Configuring DNS Zones
DNS suffix
Alternate 1 to Alternate 5 IP address
About Alternates Configuring Alternates
XConfiguration Alternates
Structured Dial Plan
Setting up a Dial Plan
About Dial Plans
Flat Dial Plan
Process
CallText Processinggoeshere
Locating a Destination Endpoint
Dialing by Address Types
Hop Counts
Configuring Hop Counts
XConfiguration Zones Zone 1..200 HopCount
About Hop Counts
Authentication Mode On
Administrator Policy
About Administrator Policy
Administrator Policy and Authentication
Administrator Policy Mode to take effect
Enabling the use of Administrator Policy
To enable Administrator Policy
Administrator Policy Mode
Configuring Administrator Policy via the Web Interface
Downloading policy files
Configuring Administrator Policy via a CPL script
Uploading a CPL Script
About CPL XSD files
About User Policy
UserText goesPolicyhere
Username
Configuring User Policy Manager
XConfiguration Policy UserPolicy
Enabling User Policy on the VCS
Creating a New User Account
About User Accounts
Managing FindMe User Accounts
Viewing Existing User Account Settings
Changing a User Password
Click here to delete the selected accounts
Deleting a User Account
To change delete a FindMe user account
Tick the box next to the account you wish to delete
About FindMe
Using TANDBERG’s FindMe
FindMe User Accounts Accessing the FindMe Configuration
About your FindMe User Account
Configuring your FindMe User Account
AliasText goSearchingshere and Transforming
XConfiguration Transform
Configuring Local Alias Transforms
Zone Searching and Transforming
Zone searching and alias transforming configuration
Configuring Zone Searches and Transforms
Default Settings
Always Query a Zone, Never Apply Transforms
Combining Match Types and Priorities
Examples
Never Query a Zone
User@example.com User@exampleusa.com
Filter Queries to a Zone Without Transforming
Changing the Prefix or Suffix Before Querying
Query a Zone for Two or More Transformed Aliases
Query a Zone for Both Original and Transformed Alias
URI Dialing Overview
URITextDialinggoeshere
An AlwaysMatch, or
Configuring Matches for DNS Zones
URI Dialing for Outgoing Calls
Assigns a name to this zone
Adding and Configuring DNS Zones
XCommand ZoneAdd XConfiguration Zones Zone
Click Create Zone
XConfiguration IP DNS Server
Configuring DNS Servers
URI Dialing for Incoming Calls
URI Dialing and Firewall Traversal
Example DNS Record Configuration
Recommended Configuration
Enum Process
ENUMText goesDialinghere
About Enum Dialing
Enum Dialing Overview
Enum Dialing for Outgoing Calls
Prerequisites
Mode of PatternMatch Pattern string Pattern type of Prefix
Configuring Matches for Enum Zones
Configuring Transforms for Enum Zones
For Enum zones, this will be Enum
Configuring Enum Zones
Configuring DNS Servers
Enum Dialing for Incoming Calls
Configuring DNS Naptr Records
About DNS Domains for Enum
Calls to an Unregistered Endpoint
Configuration
Recommended Configuration for Firewall Traversal
CallsText gtoesandherefrom Unregistered Endpoints
Example Use of a Fallback Alias
XConfiguration Call Services Fallback Alias
FallbackText goesAliashere
Fallback Alias
Identifying a Particular Call
DisconnectingText goes herecalls
Disconnect
Disconnecting a Call via the Web Interface
Disconnecting a Call via the CLI
Issues when Disconnecting SIP Calls
VCS as a Firewall Traversal Server
Firewall Traversal
Firewall Traversal Overview
About Firewall Traversal VCS as a Firewall Traversal Client
Firewall Traversal Protocols and Ports
323
Ports for Connections out to the Public Internet
Stun Ports
VCS
Firewall Traversal and Authentication
TraversalClient Create Zone
Configuring the VCS as a Traversal Client
Adding a New Traversal Client Zone
From the Type drop-down menu, select
Alternate 1 Alternate 5 Address
Configuring a Traversal Client Zone
TraversalServer Create Zone
Configuring the VCS as a Traversal Server
Adding a New Traversal Server Zone
TCP retry count Interval
Configuring a Traversal Server Zone
Demux mode
XConfiguration Zones LocalZone Traversal H323
Configuring Traversal for Endpoints
Media demultiplexing RTP port
Configuring Traversal Server Ports
Assent call signaling port
323 H.460.18 call signaling port
Stun Relay
Stun Services
About Stun
Stun Binding Discovery
XConfiguration Traversal Server
Configuring Stun Services
Example Network Deployment
Bandwidthth Controll
About Bandwidth Control
Subzones
Creating a Subzone
XCommand SubZoneAdd
BandwidthControl
Subnet 2
Configuring a Subzone
To configure a subzone
XConfiguration Zones LocalZone SubZone
Per call inter Limits the bandwidth of any individual call
Applying Bandwidth Limitations to Subzones
Types of Limitations
How Different Bandwidth Limitations are Managed
Creating Pipes
XCommand PipeAdd
About Pipes
Creating a new pipe
Editing Pipes
XConfiguration Bandwidth Pipe
Editing an Existing Pipe
Creating a New Link
Default Links
XCommand LinkAdd
About Links Creating Links
Editing Links
XConfiguration Bandwidth Link
Editing Links
Applying Pipes to Links
Default Links
Bandwidth Control
About Downspeeding
About the Default Call Bandwidth
Configuring the Default Call Bandwidth and Downspeeding
Example Without a Firewall
Bandwidth Control Examples
Example With a Firewall
VCS Border Controller Subzone Configuration
Enterprise VCS Subzone Configuration
Upgrading Software
MaintenanceText goes here
Backing up the Existing Configuration Before Upgrading
Upgrading Using SCP/PSCP
Upgrading
Upgrading via the Web Interface
Adding Options via the CLI
XConfiguration Option 1..64 Key S 0
Option Keys
About Adding Extra Options
Add Option Click Add Option
Adding Options via the Web Interface
Add option key
Security
About Security
Enabling Security
Creating a System Snapshot
Passwords
System Snapshot
About the System Snapshot
About Shutting Down
XCommand Boot
Restarting
About Restarting
SSH
CommandText goes hereReference xConfiguration
Http
Https
Off the call will be rejected
Total Mode On/Off
AliasOrigin LDAP/Endpoint/Combined
Request
One call
Fallback Alias S 0
Far end were registered directly to the local system
Port
H323 Gatekeeper CallSignaling
TCP
NTP
Option Key S 0
Off the VCS will not act as a SIP registrar
Tration will not be permitted
On the VCS will act as a DIP registrar
137
CommunityName S 0
Snmp
Stun
Rtcp
RTP
For any one call between two endpoints within
For any one call to or from an endpoint in the Default
Between two endpoints within the Default Subzone
Traversal Server
To or from an endpoint in this subzone
Intra Mode None/Limited/Unlimited
Name S 1 Assigns a name to this subzone Subnet Address S 0
Limit
Sets the total bandwidth limit in kbps of this subzone
VCS will attempt to send a TCP probe to the VCS
Zones LocalZone Traversal H323 Cont
Order to keep the firewall’s NAT bindings open
RetryCount
Enum
145
TLS TLS will be used
Transport TCP/TLS
TCP TCP will be used
Off Each call will use a separate pair of ports for
Plexing mode for calls from the traversal client
Zones TraversalClient
Zones TraversalServer TCPProbe KeepAliveInterval Cont
PatternType Exact/Prefix/Suffix/Regex
CommandText goes hereReference xCommand
XCommand Description Parameters
List, the registration will be permitted
List, the registration will not be permitted
XCommand
Description Parameters
Status/LDAP
Event/AuthenticationFailure
Status/Ethernet
Status/NTP
Pipe2 S 1
LinkAdd LinkDelete Locate OptionKeyAdd OptionKeyDelete
Pipe1 S 1
153
To Limited
SubZoneAdd SubZoneDelete
PerCallInterMode None/Limited/Unlimited
PerCallInter
Each transform
TransformAdd TransformDelete ZoneAdd ZoneDelete
ZoneList
Option Key S 1 Description S 1
CommandText goes hereReference xStatus
NTP
Server Address IPv4Addr/IPv6Addr Domain S 0
Status On/Off URL S 1,255 Expression S 1,127 0..15 entries
External Manager
160
161
Zones
Contact S 1,255 Path URI 1..10 S 1,255
163
164
165
166
167
Status Active/Inactive/Failed Address IPv6Addr
IPv4
Status Active/Inactive/Failed Address IPv4Addr
Status Active/Inactive/Failed Address IPv4Addr IPv6
169
Otherwise node
Address-switch node
CPLText Referencgoeshere
Address
Field
Authentication Mode On
Setup
Url-ID 323 ID H323-ID Dialled Digits DialedDigits
Subfield
URI
Proxy
Rule-switch
CPL Script Actions Location
Unsupported CPL Elements
Vpengineering
Call Screening of Authenticated Users
CPL Examples
Call Screening Based on Alias
Change of Domain Name
Call Screening Based on Domain
Allow Calls from Locally Registered Endpoints Only
Block Calls from Default Zone and Default Subzone
Restricting Access to a Local Gateway
For a detailed description of regular expression syntax see
RegularText goesExpressionhere Reference
About Regular Expressions
Will match against any sequence of characters
Bind 8
DNSText goesConfiguhereation
Overview Microsoft DNS Server
Verifying the SRV Record
About the Ldap Databases Downloading the H.350 schemas
LDAPText goesConfigurationhere
Securing with TLS
Installing the H.350 Schemas
Microsoft Active Directory
Adding H.350 Objects
Add the H.350 Objects
. Copy the OpenLDAP files to the OpenLDAP schema directory
. Add the ldif file to the server using the command
OpenLDAP
Reference Title Link
Bibliography
Term Definition
Glossary
NAT
IRQ
LAN
LRQ
Reliable communication protocol defined by RFC 791
Session Initiation Protocol
Protocol used to monitor network devices
Firewall NAT traversal for SIP. Defined by RFC 3489
187