Manuals / Brands / Photography / Security Camera / TANDBERG / Photography / Security Camera

TANDBERG Security Camera Allow Calls from Locally Registered Endpoints Only, Block Calls from Default Zone and Default Subzone

1 247

Download 247 pages, 22.45 Mb

178

D14049.03

MAY 2008

Grey Headline (continu ed)

TANDBERG VIDEO COMMUNICATIONS SERVER

ADMINISTRATOR GUIDE

Introduction Getting Started Overview and

Status

System

Conguration

VCS

Conguration

Zones and

Neighbors

Call

Processing

Bandwidth

Control

Firewall

Traversal Maintenance Appendices

CPL Reference

Allow Calls from Locally Registered Endpoints Only

In this example, the administrator on ly wants to allow calls that origina te from locally registered

endpoints.

<?xml version="1.0" encoding="UTF-8" ?>

<cpl xmlns="urn:ietf:params:xml:ns:cpl"

xmlns:taa="http://www.tandberg.net/cpl-extensions"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xsi:schemaLocation="urn:ietf:params:xml:ns:cpl cpl.xsd">

<taa:routed>

<address-switch eld="registered-origin">

<not-present>

<reject status="403" reason="Only local endpoints can use this

Tandberg VCS"/>

</not-present>

</address-switch>

</taa:routed>

</cpl >

CPL Examples

Block Calls from Default Zone and Default Subzone

The same script can be extend ed to also allow calls from congured zo nes but not from the Default

Zone or Default Subzone.

<?xml version="1.0" encoding="UTF-8" ?>

<cpl xmlns="urn:ietf:params:xml:ns:cpl"

xmlns:taa="http://www.tandberg.net/cpl-extensions"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xsi:schemaLocation="urn:ietf:params:xml:ns:cpl cpl.xsd">

<taa:routed>

<address-switch eld="registered-origin">

<not-present>

<address-switch eld="originating-zone">

<address is="DefaultZone">

<reject status="403" reason="Denied by policy"/>

</address>

<address is="DefaultSubZone">

<reject status="403" reason="Denied by policy"/>

</address>

<otherwise>

<proxy/>

</otherwise>

</address-switch>

</not-present>

</address-switch>

</taa:routed>

</cpl >

Contents

Main Video Communication Server ADMINISTRATOR GUIDE Version X2.1 May 2008 Page Page Page Page Page Page Page Preamble Legal Notices Intellectual Property Rights Disclaimer Copyright Notice Patent Information Safety Instructions and Approvals ApprovalsSafety Instructions Water and Moisture Cleaning Environmental Issues TANDBERGs Environmental Policy Waste Handling Digital User Guides Page The TANDBERG VCS VCS Control VCS Base Applications VCS Expressway Page The Administrator Guide Using this Administrator Guide Typographical conventions Web Interface Command Line Interface Getting Started Installation Connecting the Cables Whats in the Box? Installation Site Preparations General Installation Precautions Initial Conguration Security Considerations Conguring Administrator Access Administrator Account Password Default Administrator Password Changing the Administrator Password Resetting the Administrator Password Administrator Session Timeout Root Account Web Interface Using the Web Interface Supported Browsers Web Interface General page features Command Line Interface Using the Command Line Interface (CLI) Types of Commands How Command are Shown in this Guide Overview and Status Overview Viewing the Overview Page Understanding the Overview Page System Information Understanding the System Information Page Viewing the System Information Page Ethernet Understanding the Ethernet Status Page Viewing the Ethernet Status Page IP Status Understanding the IP Status Page Viewing the IP Status Page Resource Usage Understanding the Resource Usage Page Viewing the Resource Usage Page Registrations Understanding the Registrations Page Viewing the Registrations Page Registration History Understanding the Registration History Page Viewing the Registration History Page Calls Understanding the Calls Page Viewing the Calls Page ! Call History Understanding the Call History Page Viewing the Call History Page Search History Understanding the Search History Page Viewing the Search History Page About Searches Local Zone Understanding the Local Zone Page Viewing the Local Zone Page Understanding the Zones Page Viewing the Zones Page Understanding the Links Page Viewing the Links Page Understanding the Pipes Page Viewing the Pipes Page STUN Relays Understanding the STUN Relays Page Viewing the STUN Relays Page Warnings Understanding the Warnings PageViewing the Warnings Page Understanding the Event Log PageViewing the Event Log Page Event Log Color Coding Green Red Event Log Format Interpreting the Event Log Interpreting the Event Log Message Details Field Events Logged at Level 1 Events Logged at Level 1 Events Logged at Level 2 Events Logged at Level 3 System Conguration System Administration ! About the System Name About Administrator Access settings Ethernet About Ethernet Speed ! IP About IPv4 to IPv6 Gatewaying IP Conguration About IP Routes LAN LAN Conguration About LAN Conguration About Dual Network Interfaces DNS About the DNS Domain Name About DNS Servers NTP About the NTP Server About the Time Zone SNMP About SNMP External Manager About the External Manager Backups Backing up Conguration Settings Logging Enabling Remote Logging About Remote Logging Logging Setting the Event Log Level About Event Log Levels VCS Conguration H.323 About H.323 on the VCS Call Time to Live Conguring H.323 Ports Using the VCS as an H.323 Gatekeeper H.323 Conguring H.323 Using the VCS as a SIP Registrar Proxying Registration Requests About SIP on the VCS SIP Registration Expiry SIP Overview SIP protocols and ports SIP Overview Conguring SIP - Registrations, Protocols and Ports Conguring SIP - Domains Interworking About Interworking Overview Conguring Interworking Endpoint Registration Registration Overview MCU, Gateway and Content Server Registration Registrations on a VCS Expressway Registration Overview Finding a VCS with which to Register Preventing automatic registrations About Authentication for Local Registrations Authentication Conguring Authentication for Local Registrations About External Registration Credentials Authentication Conguring External Registration Credentials Authentication using an LDAP Server Alias Origin Setting LDAP Combined Endpoint Conguring the LDAP Server Directory Securing the LDAP Connection wit h TLS Conguring LDAP Server settin gs Authentication using a Local Database Conguring the Local Database About Alias Registration Registering Aliases SIP Alias Registration H.323 Alias Registration About Allow and Deny Lists Patterns and Pattern Types Allow and Deny Lists Activating use of Allow or Deny Lists Allow and Deny lists Managing Entries in the Allow List Allow and Deny lists Managing Entries in the Deny List Zones and Neighbors Introduction Example Network Diagram Internet VCS CONTROL About your Video Communications Network Local Zone and Subzones Conguring the Local Zone and its Subzones Conguring the Traversal Subzone Ports About Zones Traversal Client Zone Traversal Server Zone Neighbor Zone ENUM Zone DNS Zone Default Zone Adding Zones Conguring Zones Conguring Zones - All Types Conguring Neighbor Zones Conguring Traversal Client Zones Conguring Traversal Server Zones Conguring ENUM Zones Conguring DNS Zones Alternates About Alternates Conguring Alternates Dial Plans About Dial Plans Flat Dial Plan Structured Dial Plan Hierarchical Dial Plan Call Processing Introduction Search Process Call Processing Diagram Dialing by Address Types Dialing by ENUM Dialing by IP Address Hop Counts About Hop Counts Conguring Hop Counts Administrator Policy and Authentication Authentication Mode On Authentication Mode Off About Administrator Policy Enabling the use of Administrator Policy Conguring Administrator Policy via the Web Interface Conguring Administrator Policy via a CPL script Uploading a CPL Script About CPL XSD les Downloading policy les What is User Policy? Enabling User Policy on the VCS Conguring User Policy Manager About User Accounts Creating a New User Account Changing a User Password Viewing Existing User Account Settings Deleting a User Account Using TANDBERGs FindMe Accessing the FindMe Conguration Page About FindMe FindMe User Accounts Using TANDBERGs FindMe Conguring your FindMe User Account ! About Transforms Local Alias Transform Process If the Transformed Alias is Not Found Locally Transforming an Alias Before Searching Locally Zone Search and Transform Process Zone Searching and Transforming About Zone Transforms About Zone Searching Combining Match Types and Priorities Always Query a Zone, Never Apply Transforms Never Query a Zone Filter Queries to a Zone Without Transforming Query a Zone for Original and Transformed Alias Query a Zone for Two or More Transformed Aliases Enabling URI DialingURI Resolution Process via DNS H323 SIP Conguring Matches for DNS Zones Adding and Conguring DNS Zones Conguring DNS Servers Types of DNS Records Required URI Dialing for Incoming Calls Conguring H.323 SRV Records Location SRV Records Call SRV Records SRV Record Format Conguring SIP SRV Records URI Dialing for Incoming Calls Example DNS Record Conguration Recommended Conguration URI Dialing and Firewall Traversal Process Enabling ENUM Dialing Example Conguring Matches for ENUM Zones Conguring Transforms for ENUM Zones Conguring ENUM Zones Conguring DNS Servers Conguring DNS NAPTR Records About DNS Domains for ENUM ENUM Dialing for Incoming Calls Example Unregistered Endpoints Calls to an Unregistered Endpoint Recommended Conguration for Firewall Traversal About Unregistered Endpoints Calls from an Unregistered Endpoint Fallback Alias Conguration Example Usage Disconnecting Calls Call ID Number Call Serial Number Overview Identifying a Particular Call Obtaining the Call ID/Serial Number Disconnecting Calls Disconnecting a Call via the Web Interface Disconnecting a Call via the CLI Issues when Disconnecting SIP Calls Bandwidth Control Bandwidth Control Overview Bandwidth Control on the VCS Example Network Deployment HEAD OFFICE VCS CONTROL HOME OFFICE Bandwidth Consumption of Traversal Calls Traversal Calls Subzone LinksSpecifying the Subzone IP Addresses About Subzones and Bandwidth Control About the Traversal Subzone Creating a Subzone Conguring a Subzone Types of Limitations How Different Bandwidth Limitations are Managed Applying Bandwidth Limitations to Subzones Creating Links Default Links About Links Creating a New Link Editing Links Automatically Created Links Default Links Pre-Congured Links About Default Links Creating Pipes About Pipes Editing Pipes Editing an Existing Pipe P i p e s One Pipe, One Link INTERNET HEAD OFFICE One Pipe, Two or More Links Default Bandwidth and Downspeeding About the Default Call Bandwidth About Downspeeding Bandwidth Control Examples Example Without a Firewall INTERNET Pipe C HEAD OFFICE Bandwidth Control Examples Example With a Firewall INTERNET VCS Expressway Subzone Conguration VCS Control Subzone Conguration Firewall Traversal Firewall Traversal Overview How does it work? Quick Guide to VCS Traversal Client - Server Conguration VCS Expressway (Server)VCS Control (Client) Firewall Traversal Protocols and Ports SIP Firewall Traversal Protocols Expressway Process H.323 Firewall Traversal Protocols Firewall Traversal Protocols and Ports ! STUN Ports Firewall Traversal and Authentication Authentication and NTP Other Issues Firewall Conguration Firewall Traversal and Dual Network Interfaces ! Conguring the VCS as a Traversal Client Adding a New Traversal Client Zone Conguring the VCS as a Traversal Client Conguring a Traversal Client Zone Adding a New Traversal Server Zone Conguring a Traversal Server Zone Conguring Traversal for Endpoints Conguring Traversal Server Ports About STUN STUN Services STUN Relay How it works STUN Binding Discovery How it works STUN Services Maintenance Upgrading Software Backing up Existing Conguration Before Upgrading Upgrading Software Upgrading via the Web Interface Option Keys Adding Options via the CLI Option Keys Adding Options via the Web Interface Security Enabling Security Passwords Conguring Administrator Password System Snapshot Creating a System Snapshot Error Reports Restarting Restarting the VCS Shutting Down Shutting Down Restoring Default Conguration DefaultValuesSet Level 3 Appendices address Overview of CPL on the VCS address-switch eld address-switch subeld otherwise not-present address-switch location proxy Unsupported CPL Elements reject rule-switch Call Screening of Authenticated Users Call Screening Based on Alias Change of Domain Name Call Screening Based on Domain Allow Calls from Locally Registered Endpoints Only Block Calls from Default Zone and Default Subzone Restricting Access to a Local Gateway Using the address-switch node Using the rule-switch node Regular Expression Reference Overview Common Regular Expressions Pattern Variable Reference Overview Valid Variable Strings Page Page Page DNS Conguration BIND 8 & 9 Verifying the SRV Record About the LDAP Databases Downloading the LDAP schemas Prerequisites Microsoft Active Directory Installing the H.350 Schemas Adding H.350 Objects Create the Organizational Hierarchy Add the H.350 Objects OpenLDAP Prerequisites Installing the H.350 Schemas Securing with TLS Adding H.350 Objects Create the Organizational Hierarchy Add the H.350 Objects OpenLDAP Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Headline Text Goes Here Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Bibliography Page Page Page Page Contact Information