178, Address Address is=DefaultSubZone | TANDBERG Security Camera

Grey Headline (continued)

CPL Reference

TANDBERG VIDEO COMMUNICATIONS SERVER ADMINISTRATOR GUIDE

CPL Examples

Allow Calls from Locally Registered Endpoints Only

In this example, the administrator only wants to allow calls that originate from locally registered endpoints.

<?xml version="1.0" encoding="UTF-8" ?> <cpl xmlns="urn:ietf:params:xml:ns:cpl"

xmlns:taa="http://www.tandberg.net/cpl-extensions" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:cpl cpl.xsd">

<taa:routed>

<address-switch field="registered-origin"> <not-present>

<reject status="403" reason="Only local endpoints can use this Tandberg VCS"/>

</not-present> </address-switch>

</taa:routed>

</cpl>

Block Calls from Default Zone and Default Subzone

The same script can be extended to also allow calls from configured zones but not from the Default Zone or Default Subzone.

<?xml version="1.0" encoding="UTF-8" ?> <cpl xmlns="urn:ietf:params:xml:ns:cpl"

xmlns:taa="http://www.tandberg.net/cpl-extensions" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:cpl cpl.xsd">

<taa:routed>

<address-switch field="registered-origin"> <not-present>

<address-switch field="originating-zone"> <address is="DefaultZone">

<reject status="403" reason="Denied by policy"/>

</address>

<address is="DefaultSubZone">

<reject status="403" reason="Denied by policy"/>

</address>

<otherwise>

<proxy/>

</otherwise> </address-switch>

</not-present> </address-switch>

</taa:routed>

</cpl>

Introduction

Getting Started

Overview and

System

VCS

Zones and

Call

Bandwidth

Firewall

Maintenance

Appendices

Status

Configuration

Configuration

Neighbors

Processing

Control

Traversal

D14049.03

178

MAY 2008

Image 178

TANDBERG Security Camera manual 178, Allow Calls from Locally Registered Endpoints Only, Address Address is=DefaultSubZone

Contents

Guide Introduction What’s in this Manual?Preamble Overview and Status LAN Zones and Neighbors Call Processing Maintenance Appendices Bandwidth Control Maintenance What’s in this Manual? Legal Notices Copyright 2008, Tandberg Safety Instructions Safety Instructions and ApprovalsApprovals Environmental Issues Waste Handling Digital User Guides Environmental Issues VCS Control Tandberg VCSOverview VCS Base Applications VCS Expressway Dual Network Interfaces Standard Features What’s New in this Version?Optional Features User Policy FindMe Command Line Interface Administrator GuideUsing this Administrator Guide Typographical conventions Getting Started General Installation Precautions InstallationInstallation Site Preparations Connecting the Cables Initial Configuration Powering on the VCS Initial Configuration via Serial Cable UP key Initial Configuration via Front PanelDown key System Administrator Access Overview Web Interface Using the Web InterfaceSelect Administrator Login Supported Browsers General page features Types of Commands Command Line InterfaceUsing the Command Line Interface CLI How Command are Shown in this Guide Overview and Status Overview Viewing the Overview Understanding the Overview System Information Status System Ethernet MAC address EthernetSpeed IP Status Viewing the IP Status Understanding the IP Status Viewing the Resource Usage Understanding the Resource Usage Resource UsageStatus System Resource Usage Traversal calls Registrations Viewing the Registrations Understanding the Registrations Duration Registration HistoryReason End Time Calls Viewing the Calls Understanding the Calls Viewing the Call History Understanding the Call History Call HistoryStatus Call History Filter About Searches Search HistoryViewing the Search History Understanding the Search History Status Search History Local Zone Viewing the Local Zone Understanding the Local Zone Viewing the Zones Understanding the Zones ZonesStatus Zones Viewing the Links Understanding the Links LinksStatus Links Understanding the Pipes PipesViewing the Pipes Status Pipes Stun Relays Viewing the Stun Relays Understanding the Stun Relays Viewing the Warnings Understanding the Warnings Status Warnings Event Log Color Coding Event LogViewing the Event Log Understanding the Event Log Green Interpreting the Event Log Event Log Format Message Details Field Events Logged at Level User session Login failure System Configuration ChangedTLS Negotiation Error Policy Change Registration Refresh Accepted Message ReceivedMessage Sent Registration Refresh Request System Configuration About Administrator Access settings System AdministrationOverview Configuration About the System Name About Ethernet Speed System Configuration EthernetXConfiguration Ethernet Ethernet speed XConfiguration IP Route XCommand RouteAdd Overview IP ConfigurationXConfiguration IP XConfiguration IPProtocol About IPv4 to IPv6 Gatewaying About LAN Configuration Overview LAN ConfigurationAbout Dual Network Interfaces About DNS Servers XConfiguration IP DNSAbout the DNS Domain Name About the NTP Server System Configuration NTPXConfiguration NTP Address XConfiguration TimeZone Name About the Time Zone XConfiguration Snmp About Snmp About the External Manager XConfiguration ExternalManagerExternal Manager Address Backups Backing up Configuration Settings About Logging LoggingOverview Remote Logging About Remote Logging Log Levels Setting the Event Log LevelXConfiguration Log Level About Event Log Levels VCS Configuration 323 Overview Endpoint Registration Configuring H.323 XConfiguration H323 About SIP on the VCS Using the VCS as a SIP RegistrarSIP Overview SIP Registration Expiry Using the VCS as a SIP Proxy Server SIP protocols and ports Configuring SIP Registrations, Protocols and Ports XConfiguration SIP Cancel Configuring SIP DomainsVCS Configuration Protocols SIP Domains View/Edit Save SIP interworking mode Configuring InterworkingXConfiguration Interworking Mode Interworking Registration Overview MCU, Gateway and Content Server RegistrationRegistration Control Endpoint Registration Preventing automatic registrations Finding a VCS with which to Register323 H323 Gatekeeper AutoDiscovery Configuring Authentication for Local Registrations AuthenticationAbout Authentication for Local Registrations XConfiguration Authentication Configuring External Registration Credentials About External Registration Credentials Alias Origin Setting Authentication DatabasesAuthentication using an Ldap Server Configuring Ldap Server settings XConfiguration Ldap XConfiguration Authentication Ldap Authentication using a Local Database Configuring the Local Database About Alias Registration Attempts to Register using an Existing AliasRegistering Aliases Alias Registration About Allow and Deny Lists XConfiguration Registration RestrictionPolicyAllow and Deny Lists Activating use of Allow or Deny Lists XCommand AllowListAdd XConfigurationAllowList Registration Managing Entries in the Allow List Managing Entries in the Deny List VCS Configuration Registration Deny ListXCommand DenyListAdd XConfigurationDenyList Registration Add Deny List Pattern Zones and Neighbors Introduction Example Network DiagramAbout your Video Communications Network Local Zone and Subzones Overview Configuring the Local Zone and its SubzonesConfiguring the Traversal Subzone Ports Traversal Subzone About Zones Traversal Client Zone Traversal Server Zone Neighbor Zone Enum Zone DNS Zone Default Zone XCommand DefaultLinksAdd XCommand ZoneAdd Adding Zones Configuring ZonesVCS Configuration Zones XConfiguration Zones Zone Hop count Configuring Zones All TypesMatch1 Match5 SIP transport Configuring Neighbor ZonesSIP port Primary address Alternate 1 to Alternate 5 address Retry interval Configuring Traversal Client ZonesAuthentication username Primary address Configuring Traversal Server Zones Configuring DNS Zones Configuring Enum ZonesDNS suffix XConfiguration Alternates About Alternates Configuring AlternatesVCS Configuration Alternates Alternates Dial Plans Call Processing Call Processing Diagram Search Process Dialing by Enum Dialing by Address TypesDialing by IP Address Dialing by H.323 or SIP URI Endpoints registered to a VCS Expressway XConfiguration Zones Zone 1..200 HopCount About Hop Counts Configuring Hop CountsHop Counts Authentication Mode On Administrator PolicyAuthentication Mode Off Enabling the use of Administrator Policy Administrator Policy Mode Configuring Administrator Policy via the Web Interface Uploading a CPL Script About CPL XSD files User Policy FindMe XConfiguration Policy UserPolicy Configuring User Policy ManagerVCS Configuration Policy User 100 About User Accounts 101Managing FindMe User Accounts Creating a New User Account Viewing Existing User Account Settings Changing a User Password102 Deleting a User Account 103Are you sure...? 104 Using TANDBERG’s FindMeAccessing the FindMe Configuration About your FindMe User Account Configuring your FindMe User Account 105 106 Searches and Transforms XConfiguration Transform Configuring Local Alias Transforms107 108 Zone Searching and Transforming XConfiguration Zones Zone 1..200 Match Configuring Zone Searches TransformsDefault Settings 109 Combining Match Types and Priorities 110Examples Never Query a Zone 111 Filter Queries to a Zone Without Transforming 112 Query a Zone for Original and Transformed Alias 113 Query a Zone for Two or More Transformed Aliases URI Dialing 114H323 URI Dialing for Outgoing Calls Configuring Matches for DNS Zones115 Process 116 Adding and Configuring DNS ZonesXCommand ZoneAdd XConfiguration Zones Zone Click Create Zone XConfiguration IP DNS Server Configuring DNS Servers117 118 URI Dialing for Incoming Calls 119 Example DNS Record ConfigurationRecommended Configuration URI Dialing and Firewall Traversal Enum Dialing 120Overview Process Enabling Enum Dialing Prerequisites 121Enum Dialing for Outgoing Calls Example Mode of PatternMatch Pattern string Pattern type of Prefix Configuring Matches for Enum ZonesConfiguring Transforms for Enum Zones 122 Configuring Enum Zones 123 124 Enum Dialing for Incoming Calls Configuring DNS Naptr Records125 About DNS Domains for Enum 126 Recommended Configuration for Firewall TraversalXConfiguration Call Services Unregistered Endpoints 127 Overview Configuration Example UsageXConfiguration Call Services Fallback Alias Fallback Alias 128 Disconnecting CallsIdentifying a Particular Call Issues when Disconnecting SIP Calls Disconnecting a Call via the Web InterfaceDisconnecting a Call via the CLI 129 130 Bandwidth Control Bandwidth Control Overview 131Bandwidth Control on the VCS Example Network Deployment Subzones About the Default Subzone132 Specifying the Subzone IP Addresses Subzone Links 133 XCommand SubZoneAddCreating a Subzone XConfiguration Zones LocalZone SubZone Configuring a Subzone134 Types of Limitations 135Applying Bandwidth Limitations to Subzones How Different Bandwidth Limitations are Managed 136 Default LinksXCommand LinkAdd About Links Creating Links 137 XConfiguration Bandwidth LinkEditing Links Pre-Configured Links Default LinksAbout Default Links 138 139 XCommand PipeAddAbout Pipes Creating Pipes Editing Pipes XConfiguration Bandwidth Pipe140 Editing an Existing Pipe One Pipe, One Link 141Applying Pipes to Links One Pipe, Two or More Links Configuring Default Call Bandwidth and Downspeeding Default Bandwidth and DownspeedingAbout the Default Call Bandwidth 142 Bandwidth Control Examples 143Example Without a Firewall 144 VCS Expressway Subzone ConfigurationVCS Control Subzone Configuration Example With a Firewall 145 Firewall Traversal About Expressway VCS as a Firewall Traversal Client 146Firewall Traversal Overview How does it work? 147 Quick Guide to VCS Traversal Client Server ConfigurationVCS Expressway Server Overview Expressway Process Firewall Traversal Protocols 148Firewall Traversal Protocols and Ports SIP Firewall Traversal Protocols Media Call signaling149 SIP Ports Configuration Zones Edit Zone, in the Configuration section Firewall Traversal and AuthenticationAuthentication and NTP 150 Other Issues 151 Adding a New Traversal Client Zone Configuring the VCS as a Traversal Client152 TraversalClient Create Zone 153 Configuring a Traversal Client ZoneAlternate 1..5 Address Adding a New Traversal Server Zone Configuring the VCS as a Traversal Server154 TraversalServer Create Zone Demux mode Configuring a Traversal Server ZoneClient authentication username 155 XConfiguration Zones LocalZone Traversal H323 Configuring Traversal for Endpoints156 Configuring Traversal Server Ports 157 Stun Services 158 Configuring Stun Services 159 Maintenance 160 161 Overview Upgrading Using SCP/PSCPUpgrading Software 162 Upgrading via the Web Interface Option Keys XConfiguration Option 1..64 Key163 Overview Adding Options via the CLI Adding Options via the Web Interface Maintenance Option Keys164 Add option key Security 165Overview Enabling Security XConfiguration SystemUnitPassword PasswordsOverview Configuring Administrator Password 166 System Snapshot Error Reports167 Overview Creating a System Snapshot Restarting XCommand Boot168 Overview Restarting the VCS Shutting Down Maintenance Shutdown169 Overview Shutting Down XCommand DefaultValuesSet Level 3 must be Restoring Default ConfigurationOverview DefaultValuesSet Level 170 171 Appendices CPL Reference Address-switch172 Overview of CPL on the VCS 173 Field Subfield 174Otherwise Not-present Location Rule-switch175 Reject CPL Examples Call Screening of Authenticated Users176 Call Screening Based on Alias Change of Domain Name 177Call Screening Based on Domain Dont accept calls from this source 178 Block Calls from Default Zone and Default SubzoneAddress Address is=DefaultSubZone Allow Calls from Locally Registered Endpoints Only Using the rule-switch node Restricting Access to a Local GatewayUsing the address-switch node 179 Overview Common Regular Expressions 180Regular Expression Reference Matches 0 or more repetitions of the previous match 181 Pattern Variable Reference 182 XConfiguration H323 Gatekeeper Registration UDP PortXConfiguration H323 Gatekeeper CallSignaling TCP Port VCS Port Reference 183 XConfiguration Traversal Media Port Start 184 Overview Microsoft DNS Server DNS Configuration185 Verifying the SRV Record 186 Ldap ConfigurationDownloading the Ldap schemas About the Ldap Databases Securing with TLS 187Adding H.350 Objects Create the Organizational Hierarchy 188 Include /etc/openldap/schemas/sipidentity.ldifOpenLDAP # MeetingRoom1 endpoint 189Slapadd -l ldif file Command Reference xConfiguration 190 191 192 Example xConfiguration Bandwidth Link 1 Node1 Name HQ Example xConfiguration Bandwidth Downspeed PerCall Mode OnExample xConfiguration Bandwidth Downspeed Total Mode On 193 Example xConfiguration Error Reports Mode Off Example xConfiguration Bandwidth Pipe 1 Name 512Kb Asdl194 Example xConfiguration Ethernet 1 Speed Auto Example xConfiguration Ethernet 1 IP V4 AddressExample xConfiguration Ethernet 1 IP V4 SubnetMask Example xConfiguration ExternalManager Address Example xConfiguration H323 Gatekeeper TimeToLive Example xConfiguration H323 Gatekeeper CallTimeToLive196 197 198 199 Example xConfiguration Registration RestrictionPolicy None 200 201 202 203 Example xConfiguration Traversal Media Port Start Example xConfiguration Transform 1 PriorityExample xConfiguration Traversal Media Port End Example Traversal Server H323 H46018 CallSignaling Port 205 Example xConfiguration Traversal Server Stun Discovery PortExample xConfiguration Traversal Server Stun Relay Mode On Example Traversal Server Stun Relay Port 206 207 208 Example xConfiguration Zones Zone 1 H323 Mode On 209 Example xConfiguration Zones Zone 1 HopCount 210 211 CommandHeadline TextReferenceGoes Here- xConfiguration 212 Example xConfiguration Zones Zone 3 TraversalServer SIP Port 213 Example xConfiguration Zones Zone 1 Type Neighbor 214 Command Reference xCommand 215 Example xCommand boot Example xCommand AllowListDelete AllowListId216 Example xCommand DefaultLinksAdd Example xCommand CredentialDelete CredentialId217 Example xCommand DomainAdd DomainName example.com Example xCommand DefaultValuesSet LevelExample xCommand DenyListDelete DenyListId 218 Example xCommand FeedbackDeregister ID Example xCommand DomainDelete DomainId219 220 Example xCommand OptionKeyAdd Key 1X4757T5-1-60BAD5CD Example xCommand LinkDelete LinkId221 Example xCommand PipeDelete PipeId Example xCommand OptionKeyDelete OptionKeyId222 223 Example xCommand TransformDelete TransformId Example xCommand SubZoneDelete SubZoneId2224 Example xCommand ZoneList Alias john.smith@example.com Example xCommand ZoneDelete ZoneId225 Command Reference xStatus 226 CommandHeadline TextReferenceGoes Here- xStatus 227 228 Ethernet 229 NTP 230 Calls 231 232 Registrations 233 Zones 234 235 236 237 Links 238 Alternates 239 H323 240 SIP 241 Stun 242 Bibliography 243 Glossary 244 Secure Socket Layer Hop count 245 PEM 246 VCS 247 Contact Information