Manuals / TANDBERG / Photography / Security Camera

TANDBERG Security Camera Restricting Access to a Local Gateway, Using the address-switch node

Models: Security Camera

1 247

Download 247 pages 11.75 Kb

Page 179

Grey Headline (continued)

CPL Reference

TANDBERG VIDEO COMMUNICATIONS SERVER ADMINISTRATOR GUIDE

CPL Examples

Restricting Access to a Local Gateway

In these examples, a gateway is registered to the VCS with a prefix of 9 and the administrator wants to stop calls from outside the organization being routed through it.

We can do this in two ways: using the address-switchnode or the rule-switchnode. Examples of each are shown below.

Using the address-switch node

<?xml version="1.0" encoding="UTF-8" ?> <cpl xmlns="urn:ietf:params:xml:ns:cpl"

xmlns:taa="http://www.tandberg.net/cpl-extensions" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:cpl cpl.xsd">

<taa:routed>

<address-switch field="destination"> <address regex="9(.*)">

<address-switch field="originating-zone">

<address is="TraversalZone">

<reject status="403" reason="Denied by policy"/>

</address> </address-switch>

</address> </address-switch>

</taa:routed>

</cpl>

Using the rule-switch node

<?xml version="1.0" encoding="UTF-8" ?> <cpl xmlns="urn:ietf:params:xml:ns:cpl"

xmlns:taa="http://www.tandberg.net/cpl-extensions" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:cpl cpl.xsd">

<taa:routed> <taa:rule-switch>

<taa:rule originating-zone="TraversalZone" destination="9(.*)"> <!-- Calls coming from the traversal zone are not allowed to use

this gateway -->

<reject status="403" reason="Denied by policy"/>

</taa:rule>

<taa:rule origin="(.*)" destination="(.*)">  <proxy/>

</taa:rule> </taa:rule-switch>

</taa:routed>

</cpl>

Introduction

Getting Started

Overview and

System

VCS

Zones and

Call

Bandwidth

Firewall

Maintenance

Appendices

Status

Configuration

Configuration

Neighbors

Processing

Control

Traversal

D14049.03

179

MAY 2008

Image 179

TANDBERG Security Camera Restricting Access to a Local Gateway, Using the address-switch node, Using the rule-switch node

Contents

Guide Overview and Status What’s in this Manual?Preamble IntroductionLAN Call Processing Zones and NeighborsMaintenance Appendices Bandwidth Control Maintenance What’s in this Manual? Copyright 2008, Tandberg Legal NoticesApprovals Safety Instructions and ApprovalsSafety Instructions Waste Handling Digital User Guides Environmental IssuesEnvironmental Issues VCS Expressway Tandberg VCSOverview VCS Base Applications VCS ControlUser Policy FindMe Standard Features What’s New in this Version?Optional Features Dual Network InterfacesTypographical conventions Administrator GuideUsing this Administrator Guide Command Line InterfaceGetting Started Connecting the Cables InstallationInstallation Site Preparations General Installation PrecautionsPowering on the VCS Initial Configuration via Serial Cable Initial ConfigurationDown key Initial Configuration via Front PanelUP key Overview System Administrator AccessSupported Browsers Using the Web InterfaceSelect Administrator Login Web InterfaceGeneral page features How Command are Shown in this Guide Command Line InterfaceUsing the Command Line Interface CLI Types of CommandsOverview and Status Viewing the Overview Understanding the Overview OverviewSystem Information Speed EthernetStatus System Ethernet MAC address Viewing the IP Status Understanding the IP Status IP StatusStatus System Resource Usage Traversal calls Resource UsageViewing the Resource Usage Understanding the Resource Usage Viewing the Registrations Understanding the Registrations RegistrationsEnd Time Registration HistoryReason DurationViewing the Calls Understanding the Calls CallsStatus Call History Filter Call HistoryViewing the Call History Understanding the Call History Status Search History Search HistoryViewing the Search History Understanding the Search History About SearchesViewing the Local Zone Understanding the Local Zone Local ZoneStatus Zones ZonesViewing the Zones Understanding the Zones Status Links LinksViewing the Links Understanding the Links Status Pipes PipesViewing the Pipes Understanding the PipesViewing the Stun Relays Understanding the Stun Relays Stun RelaysStatus Warnings Viewing the Warnings Understanding the WarningsGreen Event LogViewing the Event Log Understanding the Event Log Event Log Color CodingEvent Log Format Interpreting the Event LogMessage Details Field Events Logged at Level Policy Change System Configuration ChangedTLS Negotiation Error User session Login failureRegistration Refresh Request Message ReceivedMessage Sent Registration Refresh AcceptedSystem Configuration About the System Name System AdministrationOverview Configuration About Administrator Access settingsEthernet speed System Configuration EthernetXConfiguration Ethernet About Ethernet SpeedAbout IPv4 to IPv6 Gatewaying Overview IP ConfigurationXConfiguration IP XConfiguration IPProtocol XConfiguration IP Route XCommand RouteAddAbout Dual Network Interfaces Overview LAN ConfigurationAbout LAN Configuration About the DNS Domain Name XConfiguration IP DNSAbout DNS Servers About the Time Zone System Configuration NTPXConfiguration NTP Address XConfiguration TimeZone Name About the NTP ServerAbout Snmp XConfiguration SnmpAddress XConfiguration ExternalManagerExternal Manager About the External ManagerBacking up Configuration Settings BackupsAbout Remote Logging LoggingOverview Remote Logging About LoggingAbout Event Log Levels Setting the Event Log LevelXConfiguration Log Level Log LevelsVCS Configuration Overview Endpoint Registration 323XConfiguration H323 Configuring H.323SIP Registration Expiry Using the VCS as a SIP RegistrarSIP Overview About SIP on the VCSSIP protocols and ports Using the VCS as a SIP Proxy ServerXConfiguration SIP Configuring SIP Registrations, Protocols and PortsView/Edit Configuring SIP DomainsVCS Configuration Protocols SIP Domains CancelInterworking Configuring InterworkingXConfiguration Interworking Mode Save SIP interworking modeEndpoint Registration MCU, Gateway and Content Server RegistrationRegistration Control Registration OverviewH323 Gatekeeper AutoDiscovery Finding a VCS with which to Register323 Preventing automatic registrationsXConfiguration Authentication AuthenticationAbout Authentication for Local Registrations Configuring Authentication for Local RegistrationsAbout External Registration Credentials Configuring External Registration CredentialsAuthentication using an Ldap Server Authentication DatabasesAlias Origin Setting XConfiguration Ldap XConfiguration Authentication Ldap Configuring Ldap Server settingsConfiguring the Local Database Authentication using a Local DatabaseAlias Registration Attempts to Register using an Existing AliasRegistering Aliases About Alias RegistrationActivating use of Allow or Deny Lists XConfiguration Registration RestrictionPolicyAllow and Deny Lists About Allow and Deny ListsManaging Entries in the Allow List XCommand AllowListAdd XConfigurationAllowList RegistrationAdd Deny List Pattern VCS Configuration Registration Deny ListXCommand DenyListAdd XConfigurationDenyList Registration Managing Entries in the Deny ListZones and Neighbors About your Video Communications Network Example Network DiagramIntroduction Traversal Subzone Overview Configuring the Local Zone and its SubzonesConfiguring the Traversal Subzone Ports Local Zone and SubzonesNeighbor Zone About Zones Traversal Client Zone Traversal Server ZoneXCommand DefaultLinksAdd Enum Zone DNS Zone Default ZoneXConfiguration Zones Zone Adding Zones Configuring ZonesVCS Configuration Zones XCommand ZoneAddMatch1 Match5 Configuring Zones All TypesHop count Primary address Alternate 1 to Alternate 5 address Configuring Neighbor ZonesSIP port SIP transportPrimary address Configuring Traversal Client ZonesAuthentication username Retry intervalConfiguring Traversal Server Zones DNS suffix Configuring Enum ZonesConfiguring DNS Zones Alternates About Alternates Configuring AlternatesVCS Configuration Alternates XConfiguration AlternatesDial Plans Call Processing Search Process Call Processing DiagramEndpoints registered to a VCS Expressway Dialing by Address TypesDialing by IP Address Dialing by H.323 or SIP URI Dialing by EnumHop Counts About Hop Counts Configuring Hop CountsXConfiguration Zones Zone 1..200 HopCount Authentication Mode Off Administrator PolicyAuthentication Mode On Administrator Policy Mode Enabling the use of Administrator PolicyConfiguring Administrator Policy via the Web Interface About CPL XSD files Uploading a CPL ScriptUser Policy FindMe 100 Configuring User Policy ManagerVCS Configuration Policy User XConfiguration Policy UserPolicyCreating a New User Account 101Managing FindMe User Accounts About User Accounts102 Changing a User PasswordViewing Existing User Account Settings Are you sure...? 103Deleting a User Account About your FindMe User Account Using TANDBERG’s FindMeAccessing the FindMe Configuration 104105 Configuring your FindMe User AccountSearches and Transforms 106107 Configuring Local Alias TransformsXConfiguration Transform Zone Searching and Transforming 108109 Configuring Zone Searches TransformsDefault Settings XConfiguration Zones Zone 1..200 MatchNever Query a Zone 110Examples Combining Match Types and PrioritiesFilter Queries to a Zone Without Transforming 111Query a Zone for Original and Transformed Alias 112Query a Zone for Two or More Transformed Aliases 113H323 114URI Dialing Process Configuring Matches for DNS Zones115 URI Dialing for Outgoing CallsClick Create Zone Adding and Configuring DNS ZonesXCommand ZoneAdd XConfiguration Zones Zone 116117 Configuring DNS ServersXConfiguration IP DNS Server URI Dialing for Incoming Calls 118URI Dialing and Firewall Traversal Example DNS Record ConfigurationRecommended Configuration 119Overview Process Enabling Enum Dialing 120Enum Dialing Example 121Enum Dialing for Outgoing Calls Prerequisites122 Configuring Matches for Enum ZonesConfiguring Transforms for Enum Zones Mode of PatternMatch Pattern string Pattern type of Prefix123 Configuring Enum Zones124 About DNS Domains for Enum Configuring DNS Naptr Records125 Enum Dialing for Incoming CallsUnregistered Endpoints Recommended Configuration for Firewall TraversalXConfiguration Call Services 126Fallback Alias Overview Configuration Example UsageXConfiguration Call Services Fallback Alias 127Identifying a Particular Call Disconnecting Calls128 129 Disconnecting a Call via the Web InterfaceDisconnecting a Call via the CLI Issues when Disconnecting SIP CallsBandwidth Control 130Bandwidth Control on the VCS Example Network Deployment 131Bandwidth Control Overview Specifying the Subzone IP Addresses Subzone Links About the Default Subzone132 SubzonesCreating a Subzone XCommand SubZoneAdd133 134 Configuring a SubzoneXConfiguration Zones LocalZone SubZone How Different Bandwidth Limitations are Managed 135Applying Bandwidth Limitations to Subzones Types of LimitationsAbout Links Creating Links Default LinksXCommand LinkAdd 136Editing Links XConfiguration Bandwidth Link137 138 Default LinksAbout Default Links Pre-Configured LinksAbout Pipes Creating Pipes XCommand PipeAdd139 Editing an Existing Pipe XConfiguration Bandwidth Pipe140 Editing PipesOne Pipe, Two or More Links 141Applying Pipes to Links One Pipe, One Link142 Default Bandwidth and DownspeedingAbout the Default Call Bandwidth Configuring Default Call Bandwidth and DownspeedingExample Without a Firewall 143Bandwidth Control Examples Example With a Firewall VCS Expressway Subzone ConfigurationVCS Control Subzone Configuration 144Firewall Traversal 145How does it work? 146Firewall Traversal Overview About Expressway VCS as a Firewall Traversal ClientVCS Expressway Server Quick Guide to VCS Traversal Client Server Configuration147 SIP Firewall Traversal Protocols 148Firewall Traversal Protocols and Ports Overview Expressway Process Firewall Traversal ProtocolsSIP Ports Call signaling149 Media150 Firewall Traversal and AuthenticationAuthentication and NTP Configuration Zones Edit Zone, in the Configuration section151 Other IssuesTraversalClient Create Zone Configuring the VCS as a Traversal Client152 Adding a New Traversal Client ZoneAlternate 1..5 Address Configuring a Traversal Client Zone153 TraversalServer Create Zone Configuring the VCS as a Traversal Server154 Adding a New Traversal Server Zone155 Configuring a Traversal Server ZoneClient authentication username Demux mode156 Configuring Traversal for EndpointsXConfiguration Zones LocalZone Traversal H323 157 Configuring Traversal Server Ports158 Stun Services159 Configuring Stun Services160 MaintenanceUpgrading Software Overview Upgrading Using SCP/PSCP161 Upgrading via the Web Interface 162Overview Adding Options via the CLI XConfiguration Option 1..64 Key163 Option KeysAdd option key Maintenance Option Keys164 Adding Options via the Web InterfaceOverview Enabling Security 165Security 166 PasswordsOverview Configuring Administrator Password XConfiguration SystemUnitPasswordOverview Creating a System Snapshot Error Reports167 System SnapshotOverview Restarting the VCS XCommand Boot168 RestartingOverview Shutting Down Maintenance Shutdown169 Shutting Down170 Restoring Default ConfigurationOverview DefaultValuesSet Level XCommand DefaultValuesSet Level 3 must beAppendices 171Overview of CPL on the VCS Address-switch172 CPL ReferenceField 173Otherwise Not-present 174Subfield Reject Rule-switch175 LocationCall Screening Based on Alias Call Screening of Authenticated Users176 CPL ExamplesDont accept calls from this source 177Call Screening Based on Domain Change of Domain NameAllow Calls from Locally Registered Endpoints Only Block Calls from Default Zone and Default SubzoneAddress Address is=DefaultSubZone 178179 Restricting Access to a Local GatewayUsing the address-switch node Using the rule-switch nodeMatches 0 or more repetitions of the previous match 180Regular Expression Reference Overview Common Regular ExpressionsPattern Variable Reference 181VCS Port Reference XConfiguration H323 Gatekeeper Registration UDP PortXConfiguration H323 Gatekeeper CallSignaling TCP Port 182183 184 XConfiguration Traversal Media Port StartVerifying the SRV Record DNS Configuration185 Overview Microsoft DNS ServerAbout the Ldap Databases Ldap ConfigurationDownloading the Ldap schemas 186Create the Organizational Hierarchy 187Adding H.350 Objects Securing with TLSOpenLDAP Include /etc/openldap/schemas/sipidentity.ldif188 Slapadd -l ldif file 189# MeetingRoom1 endpoint 190 Command Reference xConfiguration191 192 193 Example xConfiguration Bandwidth Downspeed PerCall Mode OnExample xConfiguration Bandwidth Downspeed Total Mode On Example xConfiguration Bandwidth Link 1 Node1 Name HQ194 Example xConfiguration Bandwidth Pipe 1 Name 512Kb AsdlExample xConfiguration Error Reports Mode Off Example xConfiguration ExternalManager Address Example xConfiguration Ethernet 1 IP V4 AddressExample xConfiguration Ethernet 1 IP V4 SubnetMask Example xConfiguration Ethernet 1 Speed Auto196 Example xConfiguration H323 Gatekeeper CallTimeToLiveExample xConfiguration H323 Gatekeeper TimeToLive 197 198 199 200 Example xConfiguration Registration RestrictionPolicy None201 202 203 Example Traversal Server H323 H46018 CallSignaling Port Example xConfiguration Transform 1 PriorityExample xConfiguration Traversal Media Port End Example xConfiguration Traversal Media Port StartExample Traversal Server Stun Relay Port Example xConfiguration Traversal Server Stun Discovery PortExample xConfiguration Traversal Server Stun Relay Mode On 205206 207 208 209 Example xConfiguration Zones Zone 1 H323 Mode On210 Example xConfiguration Zones Zone 1 HopCount211 212 CommandHeadline TextReferenceGoes Here- xConfiguration213 Example xConfiguration Zones Zone 3 TraversalServer SIP Port214 Example xConfiguration Zones Zone 1 Type Neighbor215 Command Reference xCommand216 Example xCommand AllowListDelete AllowListIdExample xCommand boot 217 Example xCommand CredentialDelete CredentialIdExample xCommand DefaultLinksAdd 218 Example xCommand DefaultValuesSet LevelExample xCommand DenyListDelete DenyListId Example xCommand DomainAdd DomainName example.com219 Example xCommand DomainDelete DomainIdExample xCommand FeedbackDeregister ID 220 221 Example xCommand LinkDelete LinkIdExample xCommand OptionKeyAdd Key 1X4757T5-1-60BAD5CD 222 Example xCommand OptionKeyDelete OptionKeyIdExample xCommand PipeDelete PipeId 223 224 Example xCommand SubZoneDelete SubZoneId2Example xCommand TransformDelete TransformId 225 Example xCommand ZoneDelete ZoneIdExample xCommand ZoneList Alias john.smith@example.com 226 Command Reference xStatus227 CommandHeadline TextReferenceGoes Here- xStatusEthernet 228NTP 229Calls 230231 Registrations 232Zones 233234 235 236 Links 237Alternates 238H323 239SIP 240Stun 241Bibliography 242Glossary 243Secure Socket Layer Hop count 244PEM 245VCS 246Contact Information 247