179, Using the address-switch node | TANDBERG Security Camera

Grey Headline (continued)

CPL Reference

TANDBERG VIDEO COMMUNICATIONS SERVER ADMINISTRATOR GUIDE

CPL Examples

Restricting Access to a Local Gateway

In these examples, a gateway is registered to the VCS with a prefix of 9 and the administrator wants to stop calls from outside the organization being routed through it.

We can do this in two ways: using the address-switchnode or the rule-switchnode. Examples of each are shown below.

Using the address-switch node

<?xml version="1.0" encoding="UTF-8" ?> <cpl xmlns="urn:ietf:params:xml:ns:cpl"

xmlns:taa="http://www.tandberg.net/cpl-extensions" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:cpl cpl.xsd">

<taa:routed>

<address-switch field="destination"> <address regex="9(.*)">

<address-switch field="originating-zone">

<address is="TraversalZone">

<reject status="403" reason="Denied by policy"/>

</address> </address-switch>

</address> </address-switch>

</taa:routed>

</cpl>

Using the rule-switch node

<?xml version="1.0" encoding="UTF-8" ?> <cpl xmlns="urn:ietf:params:xml:ns:cpl"

xmlns:taa="http://www.tandberg.net/cpl-extensions" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:cpl cpl.xsd">

<taa:routed> <taa:rule-switch>

<taa:rule originating-zone="TraversalZone" destination="9(.*)"> <!-- Calls coming from the traversal zone are not allowed to use

this gateway -->

<reject status="403" reason="Denied by policy"/>

</taa:rule>

<taa:rule origin="(.*)" destination="(.*)">  <proxy/>

</taa:rule> </taa:rule-switch>

</taa:routed>

</cpl>

Introduction

Getting Started

Overview and

System

VCS

Zones and

Call

Bandwidth

Firewall

Maintenance

Appendices

Status

Configuration

Configuration

Neighbors

Processing

Control

Traversal

D14049.03

179

MAY 2008

Image 179

TANDBERG Security Camera manual 179, Restricting Access to a Local Gateway, Using the address-switch node, This gateway

Contents

Guide Overview and Status What’s in this Manual?Preamble Introduction LAN Call Processing Zones and Neighbors Maintenance Appendices Bandwidth Control Maintenance What’s in this Manual? Copyright 2008, Tandberg Legal Notices Approvals Safety Instructions and ApprovalsSafety Instructions Waste Handling Digital User Guides Environmental Issues Environmental Issues VCS Expressway Tandberg VCSOverview VCS Base Applications VCS Control User Policy FindMe Standard Features What’s New in this Version?Optional Features Dual Network Interfaces Typographical conventions Administrator GuideUsing this Administrator Guide Command Line Interface Getting Started Connecting the Cables InstallationInstallation Site Preparations General Installation Precautions Powering on the VCS Initial Configuration via Serial Cable Initial Configuration Down key Initial Configuration via Front PanelUP key Overview System Administrator Access Supported Browsers Using the Web InterfaceSelect Administrator Login Web Interface General page features How Command are Shown in this Guide Command Line InterfaceUsing the Command Line Interface CLI Types of Commands Overview and Status Viewing the Overview Understanding the Overview Overview System Information Speed EthernetStatus System Ethernet MAC address Viewing the IP Status Understanding the IP Status IP Status Status System Resource Usage Traversal calls Resource UsageViewing the Resource Usage Understanding the Resource Usage Viewing the Registrations Understanding the Registrations Registrations End Time Registration HistoryReason Duration Viewing the Calls Understanding the Calls Calls Status Call History Filter Call HistoryViewing the Call History Understanding the Call History Status Search History Search HistoryViewing the Search History Understanding the Search History About Searches Viewing the Local Zone Understanding the Local Zone Local Zone Status Zones ZonesViewing the Zones Understanding the Zones Status Links LinksViewing the Links Understanding the Links Status Pipes PipesViewing the Pipes Understanding the Pipes Viewing the Stun Relays Understanding the Stun Relays Stun Relays Status Warnings Viewing the Warnings Understanding the Warnings Green Event LogViewing the Event Log Understanding the Event Log Event Log Color Coding Event Log Format Interpreting the Event Log Message Details Field Events Logged at Level Policy Change System Configuration ChangedTLS Negotiation Error User session Login failure Registration Refresh Request Message ReceivedMessage Sent Registration Refresh Accepted System Configuration About the System Name System AdministrationOverview Configuration About Administrator Access settings Ethernet speed System Configuration EthernetXConfiguration Ethernet About Ethernet Speed About IPv4 to IPv6 Gatewaying Overview IP ConfigurationXConfiguration IP XConfiguration IPProtocol XConfiguration IP Route XCommand RouteAdd About Dual Network Interfaces Overview LAN ConfigurationAbout LAN Configuration About the DNS Domain Name XConfiguration IP DNSAbout DNS Servers About the Time Zone System Configuration NTPXConfiguration NTP Address XConfiguration TimeZone Name About the NTP Server About Snmp XConfiguration Snmp Address XConfiguration ExternalManagerExternal Manager About the External Manager Backing up Configuration Settings Backups About Remote Logging LoggingOverview Remote Logging About Logging About Event Log Levels Setting the Event Log LevelXConfiguration Log Level Log Levels VCS Configuration Overview Endpoint Registration 323 XConfiguration H323 Configuring H.323 SIP Registration Expiry Using the VCS as a SIP RegistrarSIP Overview About SIP on the VCS SIP protocols and ports Using the VCS as a SIP Proxy Server XConfiguration SIP Configuring SIP Registrations, Protocols and Ports View/Edit Configuring SIP DomainsVCS Configuration Protocols SIP Domains Cancel Interworking Configuring InterworkingXConfiguration Interworking Mode Save SIP interworking mode Endpoint Registration MCU, Gateway and Content Server RegistrationRegistration Control Registration Overview H323 Gatekeeper AutoDiscovery Finding a VCS with which to Register323 Preventing automatic registrations XConfiguration Authentication AuthenticationAbout Authentication for Local Registrations Configuring Authentication for Local Registrations About External Registration Credentials Configuring External Registration Credentials Authentication using an Ldap Server Authentication DatabasesAlias Origin Setting XConfiguration Ldap XConfiguration Authentication Ldap Configuring Ldap Server settings Configuring the Local Database Authentication using a Local Database Alias Registration Attempts to Register using an Existing AliasRegistering Aliases About Alias Registration Activating use of Allow or Deny Lists XConfiguration Registration RestrictionPolicyAllow and Deny Lists About Allow and Deny Lists Managing Entries in the Allow List XCommand AllowListAdd XConfigurationAllowList Registration Add Deny List Pattern VCS Configuration Registration Deny ListXCommand DenyListAdd XConfigurationDenyList Registration Managing Entries in the Deny List Zones and Neighbors About your Video Communications Network Example Network DiagramIntroduction Traversal Subzone Overview Configuring the Local Zone and its SubzonesConfiguring the Traversal Subzone Ports Local Zone and Subzones Neighbor Zone About Zones Traversal Client Zone Traversal Server Zone XCommand DefaultLinksAdd Enum Zone DNS Zone Default Zone XConfiguration Zones Zone Adding Zones Configuring ZonesVCS Configuration Zones XCommand ZoneAdd Match1 Match5 Configuring Zones All TypesHop count Primary address Alternate 1 to Alternate 5 address Configuring Neighbor ZonesSIP port SIP transport Primary address Configuring Traversal Client ZonesAuthentication username Retry interval Configuring Traversal Server Zones DNS suffix Configuring Enum ZonesConfiguring DNS Zones Alternates About Alternates Configuring AlternatesVCS Configuration Alternates XConfiguration Alternates Dial Plans Call Processing Search Process Call Processing Diagram Endpoints registered to a VCS Expressway Dialing by Address TypesDialing by IP Address Dialing by H.323 or SIP URI Dialing by Enum Hop Counts About Hop Counts Configuring Hop CountsXConfiguration Zones Zone 1..200 HopCount Authentication Mode Off Administrator PolicyAuthentication Mode On Administrator Policy Mode Enabling the use of Administrator Policy Configuring Administrator Policy via the Web Interface About CPL XSD files Uploading a CPL Script User Policy FindMe 100 Configuring User Policy ManagerVCS Configuration Policy User XConfiguration Policy UserPolicy Creating a New User Account 101Managing FindMe User Accounts About User Accounts 102 Changing a User PasswordViewing Existing User Account Settings Are you sure...? 103Deleting a User Account About your FindMe User Account Using TANDBERG’s FindMeAccessing the FindMe Configuration 104 105 Configuring your FindMe User Account Searches and Transforms 106 107 Configuring Local Alias TransformsXConfiguration Transform Zone Searching and Transforming 108 109 Configuring Zone Searches TransformsDefault Settings XConfiguration Zones Zone 1..200 Match Never Query a Zone 110Examples Combining Match Types and Priorities Filter Queries to a Zone Without Transforming 111 Query a Zone for Original and Transformed Alias 112 Query a Zone for Two or More Transformed Aliases 113 H323 114URI Dialing Process Configuring Matches for DNS Zones115 URI Dialing for Outgoing Calls Click Create Zone Adding and Configuring DNS ZonesXCommand ZoneAdd XConfiguration Zones Zone 116 117 Configuring DNS ServersXConfiguration IP DNS Server URI Dialing for Incoming Calls 118 URI Dialing and Firewall Traversal Example DNS Record ConfigurationRecommended Configuration 119 Overview Process Enabling Enum Dialing 120Enum Dialing Example 121Enum Dialing for Outgoing Calls Prerequisites 122 Configuring Matches for Enum ZonesConfiguring Transforms for Enum Zones Mode of PatternMatch Pattern string Pattern type of Prefix 123 Configuring Enum Zones 124 About DNS Domains for Enum Configuring DNS Naptr Records125 Enum Dialing for Incoming Calls Unregistered Endpoints Recommended Configuration for Firewall TraversalXConfiguration Call Services 126 Fallback Alias Overview Configuration Example UsageXConfiguration Call Services Fallback Alias 127 Identifying a Particular Call Disconnecting Calls128 129 Disconnecting a Call via the Web InterfaceDisconnecting a Call via the CLI Issues when Disconnecting SIP Calls Bandwidth Control 130 Bandwidth Control on the VCS Example Network Deployment 131Bandwidth Control Overview Specifying the Subzone IP Addresses Subzone Links About the Default Subzone132 Subzones Creating a Subzone XCommand SubZoneAdd133 134 Configuring a SubzoneXConfiguration Zones LocalZone SubZone How Different Bandwidth Limitations are Managed 135Applying Bandwidth Limitations to Subzones Types of Limitations About Links Creating Links Default LinksXCommand LinkAdd 136 Editing Links XConfiguration Bandwidth Link137 138 Default LinksAbout Default Links Pre-Configured Links About Pipes Creating Pipes XCommand PipeAdd139 Editing an Existing Pipe XConfiguration Bandwidth Pipe140 Editing Pipes One Pipe, Two or More Links 141Applying Pipes to Links One Pipe, One Link 142 Default Bandwidth and DownspeedingAbout the Default Call Bandwidth Configuring Default Call Bandwidth and Downspeeding Example Without a Firewall 143Bandwidth Control Examples Example With a Firewall VCS Expressway Subzone ConfigurationVCS Control Subzone Configuration 144 Firewall Traversal 145 How does it work? 146Firewall Traversal Overview About Expressway VCS as a Firewall Traversal Client VCS Expressway Server Quick Guide to VCS Traversal Client Server Configuration147 SIP Firewall Traversal Protocols 148Firewall Traversal Protocols and Ports Overview Expressway Process Firewall Traversal Protocols SIP Ports Call signaling149 Media 150 Firewall Traversal and AuthenticationAuthentication and NTP Configuration Zones Edit Zone, in the Configuration section 151 Other Issues TraversalClient Create Zone Configuring the VCS as a Traversal Client152 Adding a New Traversal Client Zone Alternate 1..5 Address Configuring a Traversal Client Zone153 TraversalServer Create Zone Configuring the VCS as a Traversal Server154 Adding a New Traversal Server Zone 155 Configuring a Traversal Server ZoneClient authentication username Demux mode 156 Configuring Traversal for EndpointsXConfiguration Zones LocalZone Traversal H323 157 Configuring Traversal Server Ports 158 Stun Services 159 Configuring Stun Services 160 Maintenance Upgrading Software Overview Upgrading Using SCP/PSCP161 Upgrading via the Web Interface 162 Overview Adding Options via the CLI XConfiguration Option 1..64 Key163 Option Keys Add option key Maintenance Option Keys164 Adding Options via the Web Interface Overview Enabling Security 165Security 166 PasswordsOverview Configuring Administrator Password XConfiguration SystemUnitPassword Overview Creating a System Snapshot Error Reports167 System Snapshot Overview Restarting the VCS XCommand Boot168 Restarting Overview Shutting Down Maintenance Shutdown169 Shutting Down 170 Restoring Default ConfigurationOverview DefaultValuesSet Level XCommand DefaultValuesSet Level 3 must be Appendices 171 Overview of CPL on the VCS Address-switch172 CPL Reference Field 173 Otherwise Not-present 174Subfield Reject Rule-switch175 Location Call Screening Based on Alias Call Screening of Authenticated Users176 CPL Examples Dont accept calls from this source 177Call Screening Based on Domain Change of Domain Name Allow Calls from Locally Registered Endpoints Only Block Calls from Default Zone and Default SubzoneAddress Address is=DefaultSubZone 178 179 Restricting Access to a Local GatewayUsing the address-switch node Using the rule-switch node Matches 0 or more repetitions of the previous match 180Regular Expression Reference Overview Common Regular Expressions Pattern Variable Reference 181 VCS Port Reference XConfiguration H323 Gatekeeper Registration UDP PortXConfiguration H323 Gatekeeper CallSignaling TCP Port 182 183 184 XConfiguration Traversal Media Port Start Verifying the SRV Record DNS Configuration185 Overview Microsoft DNS Server About the Ldap Databases Ldap ConfigurationDownloading the Ldap schemas 186 Create the Organizational Hierarchy 187Adding H.350 Objects Securing with TLS OpenLDAP Include /etc/openldap/schemas/sipidentity.ldif188 Slapadd -l ldif file 189# MeetingRoom1 endpoint 190 Command Reference xConfiguration 191 192 193 Example xConfiguration Bandwidth Downspeed PerCall Mode OnExample xConfiguration Bandwidth Downspeed Total Mode On Example xConfiguration Bandwidth Link 1 Node1 Name HQ 194 Example xConfiguration Bandwidth Pipe 1 Name 512Kb AsdlExample xConfiguration Error Reports Mode Off Example xConfiguration ExternalManager Address Example xConfiguration Ethernet 1 IP V4 AddressExample xConfiguration Ethernet 1 IP V4 SubnetMask Example xConfiguration Ethernet 1 Speed Auto 196 Example xConfiguration H323 Gatekeeper CallTimeToLiveExample xConfiguration H323 Gatekeeper TimeToLive 197 198 199 200 Example xConfiguration Registration RestrictionPolicy None 201 202 203 Example Traversal Server H323 H46018 CallSignaling Port Example xConfiguration Transform 1 PriorityExample xConfiguration Traversal Media Port End Example xConfiguration Traversal Media Port Start Example Traversal Server Stun Relay Port Example xConfiguration Traversal Server Stun Discovery PortExample xConfiguration Traversal Server Stun Relay Mode On 205 206 207 208 209 Example xConfiguration Zones Zone 1 H323 Mode On 210 Example xConfiguration Zones Zone 1 HopCount 211 212 CommandHeadline TextReferenceGoes Here- xConfiguration 213 Example xConfiguration Zones Zone 3 TraversalServer SIP Port 214 Example xConfiguration Zones Zone 1 Type Neighbor 215 Command Reference xCommand 216 Example xCommand AllowListDelete AllowListIdExample xCommand boot 217 Example xCommand CredentialDelete CredentialIdExample xCommand DefaultLinksAdd 218 Example xCommand DefaultValuesSet LevelExample xCommand DenyListDelete DenyListId Example xCommand DomainAdd DomainName example.com 219 Example xCommand DomainDelete DomainIdExample xCommand FeedbackDeregister ID 220 221 Example xCommand LinkDelete LinkIdExample xCommand OptionKeyAdd Key 1X4757T5-1-60BAD5CD 222 Example xCommand OptionKeyDelete OptionKeyIdExample xCommand PipeDelete PipeId 223 224 Example xCommand SubZoneDelete SubZoneId2Example xCommand TransformDelete TransformId 225 Example xCommand ZoneDelete ZoneIdExample xCommand ZoneList Alias john.smith@example.com 226 Command Reference xStatus 227 CommandHeadline TextReferenceGoes Here- xStatus Ethernet 228 NTP 229 Calls 230 231 Registrations 232 Zones 233 234 235 236 Links 237 Alternates 238 H323 239 SIP 240 Stun 241 Bibliography 242 Glossary 243 Secure Socket Layer Hop count 244 PEM 245 VCS 246 Contact Information 247