TANDBERG Gatekeeper User Manual
26
xConfiguration Gatekeeper Policy Mode <On/Off>
Policy interacts with authentication (section 3.7.2, Authentication). If authentication is enabled
on the local Gatekeeper and a call received from a remote, unauthenticated Gatekeeper, the
call’s source aliases will be removed from the call request before it is passed to the policy
engine. This is because the unauthenticated source aliases could be forged and so should
not be used for policy decisions in a secure environment.
The following sections give details of the Gatekeeper’s implementation of the CPL language
and should be read on conjunction with the CPL standard (RFC 3880)5.
3.11.1 Making Decisions Based on Addresses address-switch
The address-switch node allows the script to run different actions based on the source or
destination aliases of the call. The address-switch specifies which fields to match and then a
list of address nodes contains the possible matches and their associated actions.
The supported attributes on an address-switch and their interpretation are as follows
field
“origin” Match against the source aliases
“destination” Match against the destination aliases
“original-destination” Match against the destination aliases
If the selected field contains multiple aliases then the Gatekeeper will attempt to match each
address node with all of the aliases before proceeding to the next address node i.e. an
address node matches if it matches ANY alias.
subfield
The following table gives the definition of subfields for each alias type, if a subfield is not
specified for the alias type being matched then the not-present action will be taken.
“address-type” For all aliases types the address-type subfield is the string
“h323”
“user” For URI aliases this selects the username part. For H.323 ID’s it
is the entire ID and for E.164 numbers it is the entire number.
“host” For URI aliases this selects the domain name part. If the alias is
an IP address then this subfield is the complete address in
dotted decimal form.
“port” For IP addresses th is is the port number in decimal.
“tel” For E.164 numbers this selects the entire string of digits.
“alias-type” Gives a string representation of the type of alias as follows
Alias Type Result
URI “url-ID”
H.323 ID “h323-ID”
Dialed Digits “dialedDigits”
IP Address “transportID”