TANDBERG Gatekeeper User Manual Download

Page: 1 / 105

TANDBERG Gatekeeper

User Guide

Software version N5.1

D13381.07

January 2007

This document is not to be reproduced in whole or in part without permission in writing from:

Summary of Contents for Gatekeeper

Page 1: ...TANDBERG Gatekeeper User Guide Software version N5 1 D13381 07 January 2007 This document is not to be reproduced in whole or in part without permission in writing from ...

Page 2: ...s 11 1 4 10 Communication lines 11 2 Introduction 12 2 1 Main Features 12 2 2 Hardware Overview 12 3 Installation 14 3 1 Precautions 14 3 2 Preparing the Installation Site 14 3 3 Unpacking 15 3 4 Mounting 15 3 5 Connecting the Cables 15 3 5 1 Power cable 15 3 5 2 LAN cable 15 3 5 3 Null modem RS 232 cable 15 3 6 Switching on the System 15 4 Getting started 16 4 1 Initial Configuration 16 4 2 Syste...

Page 3: ...d Deny lists 36 8 1 2 Activating use of Allow or Deny lists 36 8 1 3 Managing entries in the Allow and Deny lists 37 8 2 Authentication 38 8 2 1 Authentication using a local database 38 8 2 2 Authentication using an LDAP server 38 8 2 3 Enforced dial plans 39 8 2 4 Securing the LDAP connection with TLS 40 9 URI Dialing 41 9 1 About URI Dialing 41 9 2 Making a Call Using URI Dialing 41 9 2 1 Enabli...

Page 4: ...CPL Script Actions 55 13 3 1 location 55 13 3 2 proxy 56 13 3 3 reject 56 13 4 Unsupported CPL Elements 56 13 5 CPL Examples 56 13 5 1 Call screening of authenticated users 56 13 5 2 Call screening based on domain 57 13 5 3 Call redirection 57 13 5 4 Call screening based on alias 57 14 Logging 58 14 1 About Logging 58 14 2 Viewing the event log 58 14 3 Controlling what is Logged 58 14 3 1 About Ev...

Page 5: ...6 SSH 79 16 2 17 Subzones 79 16 2 18 SystemUnit 81 16 2 19 Telnet 81 16 2 20 TimeZone 81 16 2 21 Traversal 81 16 2 22 Zones 81 16 3 Command 84 16 3 1 AllowListAdd 84 16 3 2 AllowListDelete 84 16 3 3 Boot 84 16 3 4 CallTransfer 84 16 3 5 CheckBandwidth 84 16 3 6 CredentialAdd 84 16 3 7 CredentialDelete 85 16 3 8 DefaultLinksAdd 85 16 3 9 DefaultValuesSet 85 16 3 10 DenyListAdd 85 16 3 11 DenyListDe...

Page 6: ...ve Directory 95 18 1 1 Prerequisites 95 18 1 2 Adding H 350 objects 95 18 1 3 Securing with TLS 96 18 2 OpenLDAP 96 18 2 1 Prerequisites 96 18 2 2 Installing the H 350 schemas 96 18 2 3 Adding H 350 objects 97 18 2 4 Securing with TLS 98 19 Appendix C Regular Expression Reference 99 20 Appendix D Technical data 100 20 1 Technical Specifications 100 20 1 1 System Capacity 100 20 1 2 Ethernet Interf...

Page 7: ...TANDBERG Gatekeeper User Guide Page 7 of 105 21 Bibliography 102 22 Glossary 103 23 Index 104 ...

Page 8: ...RG ASA assumes no responsibility or liability for any errors or inaccuracies that may appear in this document nor for any infringements of patents or other rights of third parties resulting from its use No license is granted under any patents or patent rights of TANDBERG ASA COPYRIGHT 2006 TANDBERG ASA 1 3 Environmental Issues Thank you for buying a product which contributes to a reduction in poll...

Page 9: ... August 2005 are marked with a crossed out wheelie bin symbol that invites you to use those take back systems Please contact your local supplier the regional waste administration or http www tandberg net recycling if you need more information on the collection and recycling system in your area 1 3 4 Information for Recyclers As part of compliance with the European WEEE Directive TANDBERG provides ...

Page 10: ...Do not use liquid cleaners or aerosol cleaners Use a lint free cloth lightly moistened with water for cleaning the exterior of the apparatus Unplug the apparatus from communication lines before cleaning or polishing Do not use liquid cleaners or aerosol cleaners Use a lint free cloth lightly moistened with water for cleaning the exterior of the apparatus 1 4 3 Ventilation Do not block any of the v...

Page 11: ...from its power source 1 4 8 Servicing Do not attempt to service the apparatus yourself as opening or removing covers may expose you to dangerous voltages or other hazards and will void the warranty Refer all servicing to qualified service personnel Unplug the apparatus from its power source and refer servicing to qualified personnel under the following conditions o If the power cord or plug is dam...

Page 12: ...he amount of bandwidth used both within the Gatekeeper zone and to neighboring Border Controllers and Gatekeepers Can limit total bandwidth usage and set maximum per call bandwidth usage with automatic downspeeding if call exceeds per call maximum Can be managed with TANDBERG Management Suite 11 0 or newer or as a standalone system with RS 232 Telnet SSH HTTP and HTTPS Embedded setup wizard on ser...

Page 13: ...ser Guide Page 13 of 105 Figure 1 Front panel of Gatekeeper On the back of the Gatekeeper see Figure 2 there are a power connector a power switch a serial port Data 2 for connecting to a PC Figure 2 Rear panel of Gatekeeper ...

Page 14: ...e vicinity of the leak The socket outlet shall be installed near to the equipment and shall be easily accessible Never install cables without first switching the power OFF This product complies with directives LVD 73 23 EC and EMC 89 366 EEC Power must be switched off before power supplies can be removed from or installed into the unit 3 2 Preparing the Installation Site Make sure that the Gatekee...

Page 15: ...ing space is according to the Installation site preparations in section 3 2 3 Attach the brackets to the chassis on both sides of the unit 4 Insert the unit into a 19 rack and secure it with screws 3 5 Connecting the Cables 3 5 1 Power cable Connect the system power cable to an electrical distribution socket 3 5 2 LAN cable Connect a LAN cable from the LAN 1 connector on the front of the unit to y...

Page 16: ...oximately 2 minutes you will get a login prompt none login admin Password 4 Enter the username admin and your password The default password is TANDBERG You will be prompted if you want to run the install wizard Run install wizard n y 5 Type y and press Enter 6 Specify the following a The password you want to use for your system See Administrator Account section 4 2 4 for account details b The IP a...

Page 17: ...dress command 16 2 6 for more information 10 To make your new settings take effect reboot the Gatekeeper by typing the command xCommand boot 11 Disconnect the serial cable Note To securely manage the Gatekeeper you should disable HTTP and Telnet using the encrypted HTTPS and SSH protocols instead For increased security disable HTTPS and SSH as well using the serial port to manage the system Note I...

Page 18: ...ine interface start a session and login with user name admin and your password The interface groups information in different commands xstatus Provides a read only interface to determine the current status of the system Information such as current calls and registrations is available through this command group xconfiguration A read write interface to set system configuration data such as IP address...

Page 19: ...n systemunit password new_password If you forget your password it is possible to set a new password using the following procedure 1 Reboot the Gatekeeper 2 Connect to the Gatekeeper over the serial interface once it has restarted 3 Login with the user name pwrec No password is required You will be prompted for a new password Note The pwrec account is only active for one minute following a restart ...

Page 20: ... IPv6 IPv4 and IPv6 dual stack behavior is controlled by the command xConfiguration IPProtocol Both IPv4 IPv6 or using the web interface via System Configuration IP Configuration shown in Figure 3 below Figure 3 Selecting IP Protocol 4 5 Endpoint Registration Before an endpoint can use the Gatekeeper it must first register with it There are two ways an endpoint can register Automatically Manually ...

Page 21: ...eper or Border Controller forms an H 323 zone and is responsible for the endpoints within that zone There are a number of ways this can be done depending on the complexity of your system Flat dial plan The simplest approach is to assign each endpoint a unique alias and divide the endpoint registrations between the Gatekeepers and Border Controllers Each Gatekeeper or Border Controller is then conf...

Page 22: ...Configuration Zones either select Add New Zone or highlight an existing zone and select Edit to access the screen shown in Figure 4 The prefixes and suffixes described above are formed using patterns each zone may have up to 5 patterns assigned each of which may be defined as a prefix or a suffix Patterns are not used and not displayed on the web interface if the pattern match mode is set to alway...

Page 23: ...d with the same routing information such as local domain names and local domain subnet masks Each Gatekeeper may be configured with the IP addresses of up to five Alternates When an endpoint registers with the Gatekeeper it is presented with the IP addresses of all the Alternates If the endpoint loses contact with its initial Gatekeeper it will seek to register with one of the Alternates This may ...

Page 24: ...l Zones No Received LCF Yes LRQ all weak matching Traversal Zones No Received LCF Yes No ARQ from registered EP and alias does not contain local domain LRQ from Known GK received by this GK No No Does alias resemble E 164 address Yes Yes Perform E 164 URI resolution using ENUM algorithm Yes Empty candidate set of URIs Feed URIs back in priority order to Location Search algorithm No DNS Resolution ...

Page 25: ... Controller responsible for the domain the part of the URI following the symbol and queries that device Dialing by IP address is necessary when the destination endpoint is not registered with a Gatekeeper or Border Controller If it is registered then one of the other addressing schemes should be used instead as they are more flexible From your registered endpoint dial the IP address of the endpoin...

Page 26: ...re created either using the xconfiguration Gatekeeper Transform commands or using the web interface via Gatekeeper Configuration Transforms and selecting Add New Transform Alias transforms support the use of Regular Expressions See Appendix C for further information Example We have two gateways registered with the Gatekeeper with prefixes of 7 and 8 respectively We want to allow the users to dial ...

Page 27: ...the Match 1 Match 2 etc sections a Mode of PatternMatch in order to access the options see Figure 4 Zone transforms support the use of Regular Expressions See Appendix C for more information Example Endpoints might be registered to a Gatekeeper with aliases of the form user example com If someone were to dial user exampleusa com we might want to try and find that user as user example com hence we ...

Page 28: ...nt by dialing its IP address or if the DNS system has been appropriately configured using an H 323 URI If URI dialing is used DNS is queried for a call signaling address and if found the call is placed to that address See URI Dialing section 9 for details of how to configure the Call Signaling SRV Record It is sometimes undesirable for a system to place a call to an IP address directly Instead you...

Page 29: ...u will typically set CallsToUnknownIPAddresses to Indirect on the Gatekeeper and Direct on the Border Controller This will allow calls originating inside the firewall to use the Gatekeeper and Border Controller to successfully traverse the firewall This is described in more detail in Dialing Public IP Addresses section 11 3 ...

Page 30: ...ifferent bandwidth limitations In order to model this the local zone is made up of one or more subzones When an endpoint registers with the Gatekeeper it is assigned to a subzone based on its IP address By default all endpoints registering with the Gatekeeper are assigned to the default subzone This is suitable if you have uniform bandwidth available between all your endpoints When you have differ...

Page 31: ...enshot of the configuration or using the following command line commands xConfiguration SubZones SubZone 1 100 Bandwidth Total Mode xConfiguration SubZones SubZone 1 100 Bandwidth Total Limit xConfiguration SubZones SubZone 1 100 Bandwidth PerCall Mode xConfiguration SubZones SubZone 1 100 Bandwidth PerCall Limit 7 2 2 Pipes When calls are placed between endpoints in different subzones it is possi...

Page 32: ...ith see URI Dialing section 9 These Gatekeepers and any unregistered endpoints reached by dialing their IP address are placed in the Default Zone 7 3 Insufficient Bandwidth 7 3 1 Insufficient bandwidth If bandwidth control is in use there may be situations when there is insufficient bandwidth available to place a call at the requested rate By default and assuming that there is some bandwidth still...

Page 33: ...one and subzone come into use as follows The traversal zone is used to represent the zone containing the Gatekeeper with which this Gatekeeper is paired This zone is automatically added for you The traversal subzone represents the Gatekeeper itself The traversal subzone allows you to control total and per call bandwidths passing through the Border Controller Unlike other subzones no endpoints can ...

Page 34: ...tween each of the offices Each link is then assigned two pipes representing the Internet connections of the offices at each end of the link A call placed between the Home Office and Branch Office will consume bandwidth in the Home and Branch subzones and on the Home and Branch pipe The enterprise s bandwidth budget will be unaffected by the call 7 5 2 Example with a firewall If we modify our deplo...

Page 35: ...ay be used to control the amount of traffic flowing through the Border Controller itself Because the Gatekeeper is only managing endpoints on the LAN its configuration is simpler as shown in Figure 16 Figure 16 Gatekeeper example configuration All of the endpoints in the enterprise will be assigned to the default subzone The Traversal subzone controls traversal traffic flowing through the Gatekeep...

Page 36: ...s one of which matches a pattern on the Deny list that endpoint s registration will be denied Likewise if the Registration Restriction policy is set to Allow only one of the endpoint s aliases needs to match a pattern on the Allow list for it to be allowed to register using all its aliases 8 1 1 Viewing the Allow and Deny lists To view the entries in the Allow and Deny lists either issue the follo...

Page 37: ...h only 1234567 First 7 characters are an exact match last character may be anything 123 123 followed by anything example com Anything ending with example com To add and remove entries from the Allow and Deny lists either issue the following commands xCommand AllowListAdd xCommand AllowListDelete xCommand DenyListAdd xCommand DenyListDelete or go to Gatekeeper Configuration Restrictions and select ...

Page 38: ...cation Credential or use the web interface via Gatekeeper Configuration Credentials Managing credentials Each credential in the local database has a username and a password To manage the credentials in the local database either use the command line interface to issue the following commands xcommand CredentialAdd user name password xcommand CredentialDelete credential index or use the web interface...

Page 39: ...Gatekeeper and the LDAP server either issue the following command xstatus LDAP or navigate to Gatekeeper Configuration Authentication The server status will be shown in a panel on the right hand side of the screen 8 2 3 Enforced dial plans If LDAP authentication is in use you may control what aliases an endpoint is allowed to register with This allows you centralized control of your dial plan When...

Page 40: ...either issue the following command xConfiguration LDAP Encryption TLS or navigate to Gatekeeper Configuration Authentication and from the LDAP Encryption drop down menu select TLS The Gatekeeper will now only communicate with the LDAP server using TLS Uploading Trusted CA certificate To verify the identity of the LDAP server the certificate of the Certificate Authority CA that issued the LDAP serv...

Page 41: ...st one DNS server for the systems to query For resilience you can specify up to five DNS servers To do this either issue the following command xConfiguration IP DNS Server 1 Address address or navigate to System Configuration IP and under the DNS section enter the IP address es of the DNS server s you wish to use see Figure 18 Note If you want others to be able to reach you using URI dialing add a...

Page 42: ...ng the dialed URI in the form user host As described in DNS Records section 9 4 several mechanisms could have been used to locate the Gatekeeper Depending on which was used the received URI could be in one of three forms user 10 0 0 1 user srv record domain name user a record domain name Each of these should be able to discover an endpoint registered as either user or user a record domain name On ...

Page 43: ...ation SRV record to discover the authoritative Gatekeeper for the destination DNS zone 2 If is not located the Gatekeeper will query for a Call SRV record and try to place the call to that address 3 If no appropriate SRV record can be located the Gatekeeper will fall back to looking for an A or AAAA record for the domain If a record is found a call will be placed to that address If you intend to u...

Page 44: ... zone for ENUM This could either be within your corporate DNS zone or could use a public ENUM database such as http www e164 org The DNS zone used for ENUM contains NAPTR records as defined by RFC 2915 7 These provide the mapping between E 164 numbers and H 323 URIs The Gatekeeper may be configured with up to 5 DNS zones to search for a NAPTR record It will iterate through them in order stopping w...

Page 45: ...TANDBERG Gatekeeper User Guide Page 45 of 105 Figure 19 Setting the ENUM Zone ...

Page 46: ...ly the value u is supported service states that this record is intended to describe E 164 to URI conversion for H 323 Its value must be E2U h323 regex describes the conversion from the given E 164 number to an H 323 URI is a field separator The first part represents the entire E 164 number The second part h323 1 example com represents the H 323 URI that will be generated In the above example the E...

Page 47: ... register with the Border Controller The Gatekeeper and Border Controller are configured to work together to provide firewall traversal 11 1 1 Enabling outgoing URI calls If you wish to be able to call using URI dialing in this deployment then the following configuration is required Enter the address of your DNS server on the Border Controller This can be done via either xConfiguration IP DNS Serv...

Page 48: ...g the Border Controller and an SRV record that returns the Border Controller s A record See DNS Records section 9 4 for details 11 2 Enterprise Gatekeepers If your enterprise has already deployed a third party Gatekeeper to manage calls within the private network you may wish to deploy a traversal solution without having to alter the existing deployment In order to achieve this the TANDBERG Gateke...

Page 49: ...the Gatekeeper to forward calls to any IP address it does not have locally registered to the TANDBERG Border Controller thereby allowing the Border Controller itself to relay the call to the endpoint on the public IP address 2 On the Border Controller set Calls to unknown IP addresses to Direct This setting will allow the Border Controller to connect any call that it receives from the internal Gat...

Page 50: ...er with the address of a public DNS server When an endpoint in our enterprise dials the full H 323 URI of an endpoint in another enterprise for example Ben EnterpriseB com the call will be routed to our Border Controller This will discover that Border Controller B is registered in DNS as responsible for enterprise B and will route the call to it Border Controller B will receive the incoming call a...

Page 51: ... asynchronous Gatekeeper commands progress information may be obtained by registering for feedback using the command xFeedback Register status calls 12 3 Transferring a Call A call may be transferred using the Gatekeeper by issuing the command xCommand CallTransfer Call call_index Leg leg_index Alias dest where call_index the call to be transferred leg_index the endpoint to be disconnected dest th...

Page 52: ...r Mode On Off or go to Gatekeeper Configuration Services and in the Call Transfer section tick the Allow call transfer box see Figure 23 Figure 23 Enabling call transfer 12 4 Disconnecting a Call An existing call may be disconnected using the Gatekeeper by issuing the command xCommand DisconnectCall index where index the call index as reported by xStatus Calls ...

Page 53: ...th of the file in the CPL file field Note The CPL script cannot be uploaded via the command line interface 13 1 2 Enabling use of the CPL script To enable or disable use of the CPL script either issue the command xConfiguration Gatekeeper Policy Mode On Off or go to Gatekeeper Configuration Gatekeeper and in the Configuration section tick or clear the CPL policy box 13 1 3 Call Policy and Authenti...

Page 54: ...ddress node i e an address node matches if it matches any alias subfield The following table gives the definition of subfields for each alias type If a subfield is not specified for the alias type being matched then the not present action will be taken address type For all alias types the address type subfield is the string h323 user For URI aliases this selects the username part For H 323 IDs it ...

Page 55: ...ess specified in the address switch was not present in the call setup message This form is most useful when authentication is being used With authentication enabled the Gatekeeper will only use authenticated aliases when running policy so the not present action can be used to take appropriate action when a call is received from an unauthenticated user see CPL Examples section13 5 13 3 CPL Script A...

Page 56: ...keeper stops any further script processing and rejects the current call 13 4 Unsupported CPL Elements The Gatekeeper does not currently support some elements that are described in the CPL RFC If an attempt is made to upload a script containing any of the following elements an error message will be generated and the Gatekeeper will continue to use its existing policy The following elements are not ...

Page 57: ...itch incoming cpl 13 5 3 Call redirection This example redirects all calls to user barney to voicemail cpl incoming address switch field destination address is barney location clear yes url barney voicemail proxy location address otherwise proxy otherwise address switch incoming cpl 13 5 4 Call screening based on alias In this example user ceo will only accept calls from users vpsales vpmarketing ...

Page 58: ... call attempts Easily human readable For example call attempt connected disconnected registration attempt accepted rejected Level 2 Protocol Logs of protocol messages sent and received H 323 LDAP etc excluding noisy messages such as H 460 18 keep alives and H 245 video fast updates Level 3 Protocol Verbose Protocol keep alives are suppressed at Level 2 At logging level 3 keep alives are also logge...

Page 59: ...es but will differ for messages from third party processes which are used in the Gatekeeper product message_details the body of the message see below for further information For all messages logged from the tandberg process the field is structured to allow easy parsing It consists of a number of human readable name value pairs separated by a space The first field is always Field Example Descriptio...

Page 60: ...st has been rejected The Reason event parameter contains the H225 cause code Optionally the Detail event parameter may contain a textual representation of the H 225 additional cause code Registration Removed A registration has been removed by the Gatekeeper Border Controller The Reason event parameter specifies the reason why the registration was removed This is one of Authentication change Confli...

Page 61: ...was shutdown Application Start The Gatekeeper has started Further detail may be provided in the event data Detail field Application Failed The Gatekeeper application is out of service due to an unexpected failure License Limit Reached Licensing limits for a given feature have been reached The event detail field specifies the facility limits concerned Possible values for the detail field are Non Tr...

Page 62: ... Communication Failure Message Sent Message Received Policy Change Registration Accepted Registration Rejected Registration Removed Registration Requested Reason Textual string containing any reason information associated with an event Call Rejected External Server Communication Failure Registration Rejected Registration Removed Service Specifies which protocol was used for the communication A ser...

Page 63: ... same format as Src ip As Src ip Dst port Specifies the destination port the IP port of the destination for a communication attempt As Src ip Src port Specifies the source port the IP port of the device attempting to establish communications As Src ip Src Alias If present the first H 323 Alias associated with the originator of the message If present the first E 164 Alias associated with the origin...

Page 64: ...14 6 Remote Logging The event log is stored locally on the Gatekeeper However it is often convenient to collect copies of all event logs from various systems in a single location A computer running a BSD style syslog server as defined in RFC 3164 4 may be used as the central log server Note A Gatekeeper will not act as a central logging server for other systems 14 6 1 Enabling remote logging To en...

Page 65: ...NDBERG representative for more information Note Configuration is restored after performing an upgrade but we recommend that you make a backup of the existing configuration using the TANDBERG Management Suite before performing the upgrade 15 2 Upgrading Using HTTP S To upgrade using HTTP S 1 Go to System Configuration Upgrade You will see the following screen 2 In the Install Software section enter...

Page 66: ...store system parameters After 3 4 minutes the Gatekeeper is ready for use 15 3 Upgrading Using SCP PSCP To upgrade using SCP or PSCP part of the PuTTY free Telnet SSH package you need to transfer two files to the Gatekeeper a text file containing the release key and a file containing the software image Note Make sure you transfer the release key file before transferring the software image Also mak...

Page 67: ...oot 10 0 0 1 tmp release key 3 Enter password when prompted 4 Copy the software image using SCP PSCP The target name must be tmp tandberg image tar gz e g scp s42000n51 tar gz root 10 0 0 1 tmp tandberg image tar gz or pscp s42100n51 tar gz root 10 0 0 1 tmp tandbergimage tar gz 5 Enter password when prompted 6 Wait until the software has installed completely This should not take more than two min...

Page 68: ... root It is possible to reduce the amount of information returned by xstatus by specifying a more detailed status command 16 1 2 Listing all status commands To list all xstatus commands available at the root level type xstatus 16 1 3 Calls xstatus Calls Returns information about all active calls on the system xstatus Calls Call index Returns information about the specified call 16 1 4 Ethernet xst...

Page 69: ...ack expressions xstatus Feedback index Returns the specified feedback expression 16 1 7 IP xstatus IP Returns the active IP configuration of the system including protocol IP address subnet mask and gateway If you have changed the IP configuration without rebooting xstatus IP will return the original settings currently in effect Protocol Returns the Protocol in which the system is operating IPv4 IP...

Page 70: ...he total and per call bandwidth limits on this link together with bandwidth currently in use 16 1 10 NTP xstatus NTP Reports the status of any connection to an NTP server 16 1 11 Pipes xstatus Pipes Returns call and bandwidth information for all pipes on the system xstatus Pipes Pipe index Reports call and bandwidth information for the specified pipe 16 1 12 Registrations xstatus Registrations Ret...

Page 71: ...tly active non traversal calls MaxNonTraversalCalls Maximum number of non traversal calls since system start TotalNonTraversalCalls Total number of non traversal calls since system start 16 1 14 SubZones xstatus SubZones Returns call and bandwidth information for all subzones on the system xstatus SubZones SubZone index Returns call and bandwidth information for the specified subzone 16 1 15 Syste...

Page 72: ...2 1 Authentication The Authentication group of commands allow you to configure parameters relating to how an endpoint authenticates itself with the Gatekeeper xconfiguration Authentication Credential 1 1000 Name username Specifies the username of a credential in the local authentication database xconfiguration Authentication Credential 1 1000 Password password Specifies the password of a credentia...

Page 73: ... 2 4 Gatekeeper Commands under the Gatekeeper node control aspects of the system s operation as an H 323 gatekeeper xconfiguration Gatekeeper Alternates Monitor On Off Controls whether or not alternate gatekeepers are periodically interrogated to ensure that they are still functioning In order to prevent delays during call setup non functional alternates will not receive Location Requests xconfigu...

Page 74: ...o verify that they are still in a call The default is 120 seconds xconfiguration Gatekeeper DNSResolution Mode On Off Determines whether or not DNS lookup of H 323 URIs is enabled on this system The default is On xconfiguration Gatekeeper Downspeed PerCall Mode On Off Determines whether or not the system will attempt to downspeed a call if there is insufficient per call bandwidth configured to ful...

Page 75: ...ecifies the pattern to be used when deciding whether or not to transform a destination alias xconfiguration Gatekeeper Transform 1 100 Priority 1 65534 Determines the order in which transforms are matched The priority must be unique for each transform xconfiguration Gatekeeper Transform 1 100 Type Prefix Suffix Regex Prefix Suffix determines whether the pattern string being checked should appear a...

Page 76: ...hen using IPv6 addresses are entered in colon hexadecimal form 2001 db8 2AA FF FE9A 4CA2 xConfiguration IPProtocol Both IPv4 IPv6 Selects whether the Gatekeeper is operating in IPv4 IPv6 or dual stack mode xconfiguration IP Address IPAddress Specifies the IPv4 address of the system xconfiguration IP SubnetMask IPAddress Specifies the IPv4 subnet mask of the system xconfiguration IP Gateway IPAddre...

Page 77: ... Sets the IP address of the LDAP server to be used when making LDAP queries xconfiguration LDAP Server Port 1 65534 Sets the IP port of the LDAP server to be used when making LDAP queries xconfiguration LDAP UserDN userDN Sets the user distinguished name to be used when binding to the LDAP server 16 2 8 Links xconfiguration Links Link 1 100 Name linkname Specifies the name of a link in the list of...

Page 78: ...be used to discover the existing options 16 2 12 Pipes xconfiguration Pipes Pipe 1 100 Bandwidth Total Limit 1 100000000 Bandwidth associated with a pipe keyed by index xconfiguration Pipes Pipe 1 100 Bandwidth Total Mode None Limited Unlimited Whether or not a given pipe is enforcing total bandwidth restrictions None corresponds to no bandwidth available xconfiguration Pipes Pipe 1 100 Bandwidth ...

Page 79: ...You must restart the system for changes to take effect xconfiguration SNMP SystemLocation name Used to identify the system location via SNMP tools such as TANDBERG Management Suite or HP OpenView You must restart the system for changes to take effect 16 2 16 SSH xconfiguration SSH Mode On Off Enables disables SSH and SCP support You must restart the system for changes to take effect 16 2 17 Subzon...

Page 80: ...ndwidth available on the indexed subzone xconfiguration SubZones SubZone 1 100 Bandwidth PerCall Mode None Limited Unlimited Whether or not the indexed subzone is enforcing per call bandwidth restrictions None corresponds to no bandwidth available xconfiguration SubZones SubZone 1 100 Bandwidth Total Limit 1 100000000 Total bandwidth available on the indexed subzone xconfiguration SubZones SubZone...

Page 81: ...America New_York 16 2 21 Traversal xconfiguration Traversal Registration RetryInterval 1 65534 Sets the interval in seconds at which the Gatekeeper will attempt to register with the Border Controller if its initial registration fails for some reason The default is 120 seconds xconfiguration Traversal AllowMediaDirect On Off Determines whether endpoints must route their media through the Gatekeeper...

Page 82: ...he alias If set to Replace the matching part of the alias will be substituted for the replace text Note that Strip is not a supported option if the pattern type is set to Regex xconfiguration Zones TraversalZone 1 100 Match 1 5 Pattern Replace S 0 60 The string to be used as a substitution for the part of the alias that matched the pattern xconfiguration Zones Zone 1 100 Name name Sets an administ...

Page 83: ... should be treated as a regular expression when matching xconfiguration Zones Zone 1 100 Match 1 5 Pattern Behavior Strip Leave Replace Determines whether the matched part of the alias should be modified before an LRQ is sent to the indicated zone If set to Leave the alias will be unmodified If set to Strip the matching prefix or suffix will removed from the alias If set to Replace the matching pa...

Page 84: ...dex from the allow list Allow list entries can be viewed using the command xconfiguration Gatekeeper Registration AllowList 16 3 3 Boot xCommand Boot Reboots the Gatekeeper This takes approximately 2 minutes to complete 16 3 4 CallTransfer xCommand CallTransfer Call call_index Leg 1 2 Alias alias Attempts to transfer the half of the call identified by the call index and leg to the given alias Call...

Page 85: ...OM port baud rate speed data bits parity stop bits SNMP community name and host address system name password option key release key Note DefaltValuesSet will not add the links with which the system ships from the factory Use the DefaultLinksAdd command to do that Certificates and policy files are not removed 16 3 10 DenyListAdd xCommand DenyListAdd denied_alias Add an entry to the deny list This i...

Page 86: ...tions on the event or status change described by the Expression Notifications are sent in XML format to the specified URL Up to 15 Expressions may be registered for each of 3 feedback IDs The following Expressions are valid Event Event AuthenticationFailure Event CallAttempt Event Connected Event Disconnected Event ConnectionFailure Event Locate Event Registration Event ResourceUsage Event Unregis...

Page 87: ...ied nodes and pipes The nodes and pipes must already exist on the system 16 3 18 LinkDelete xCommand LinkDelete index Deletes the link with the specified index 16 3 19 Locate xCommand Locate alias HopCount Runs the Gatekeeper s location algorithm to locate the endpoint identified by the given alias searching locally on neighbors and on systems discovered through the DNS system within the specified...

Page 88: ...ess to be in this subzone totalmode Determines whether bandwidth is controlled for this node None prevents any calls Limited imposes bandwidth limits Unlimited imposes no bandwidth limits 16 3 26 SubZoneDelete xCommand SubZoneDelete index Deletes the subzone with the specified index 16 3 27 TransformAdd xCommand TransformAdd pattern priority type behavior replace Adds a new destination alias trans...

Page 89: ...t transforms can be obtained using the command xconfiguration gatekeeper transform 16 3 29 ZoneAdd xCommand ZoneAdd name IPAddress Adds a new zone with the specified name and IP address The zone is pre configured with a link to the default subzone and a pattern match mode of AlwaysMatch 16 3 30 ZoneDelete xCommand ZoneDelete index Removes the zone with the specified index ...

Page 90: ...dded to the Call History on call completion Call histories are listed in reverse chronological order of completion time xhistory calls call index Displays data for the call with the specified index 16 4 2 registrations xhistory registrations Displays history data for up to the last 255 registrations handled by the Gatekeeper Registration entries are added to the Registration History on unregistrat...

Page 91: ...ands type xfeedback To list all currently active feedback expressions type xfeedback list To register a feedback expression type xfeedback register expression To deregister the feedback expression with index n type xfeedback deregister n To deregister all feedback expressions type xfeedback deregister 0 16 5 1 Register status xfeedback Register Status Registers for all status changes xfeedback Reg...

Page 92: ...nregistration Bandwidth ResourceUsage Registers for feedback on the occurrence of the specified Event Note Registering for the ResourceUsage event will return the entire ResourceUsage structure every time one of the ResourceUsage fields changes ResourceUsage fields consist of Registrations MaxRegistrations TraversalCalls MaxTraversalCalls TotalTraversalCalls NonTraversalCalls MaxNonTraversalCalls ...

Page 93: ...the whole event log 16 6 4 license license Returns a list of the third party software licenses incorporated in the product license index Returns the terms of the license with the specified index 16 6 5 relkey relkey Returns the release key with which this software has been installed 16 6 6 Syslog syslog level IPAddress IPAddress Enables tracing to the console for the specified IP addresses level S...

Page 94: ...ed around two sets of text files named conf which describes which zones are represented by the server and a selection of zone files which describe the detail of each zone BIND is sometimes run chrooted for increased security This gives the program a new root directory which means that the configuration files may not appear where you expect them to be To see if this is the case on your system run p...

Page 95: ...ectory in its own organizational unit to separate out H 350 objects from other types of objects This allows access controls to be setup which only allow the Gatekeeper read access to the BaseDN and therefore limit access to other sections of the directory 2 Add the H 350 objects Create an ldif file with the following contents MeetingRoom1 endpoint dn commUniqueId comm1 ou h350 dc my domain dc com ...

Page 96: ...enLDAP see the documentation at http www openldap org The following examples use a standard OpenLDAP installation on the Linux platform For installations on other platforms the location of the OpenLDAP configuration files may be different See the OpenLDAP installation documentation for details 18 2 2 Installing the H 350 schemas The following ITU specification describes the schemas which are requi...

Page 97: ...rom other types of objects This allows access controls to be setup which only allow the Gatekeeper read access to the BaseDN and therefore limit access to other sections of the directory 2 Add the H 350 objects Create an ldif file with the following contents MeetingRoom1 endpoint dn commUniqueId comm1 ou h350 dc my domain dc com objectClass commObject objectClass h323Identity objectClass h235Ident...

Page 98: ... that was used to sign the LDAP server s certificate All three files should be in PEM file format The LDAP server must be configured to use the certificate To do this edit etc openldap slapd conf and add the following three lines TLSCACertificateFile path to CA certificate TLSCertificateFile path to LDAP server certificate TLSCertificateKeyFile path to LDAP private key The OpenLDAP daemon slapd mu...

Page 99: ...n be specified by giving the first character in the range followed by the character and then the last character in the range For example a z will match against any lower case alphabetical character a zA Z will match against any alphabetical character Note that you can not use special characters within the they will be taken literally For example 0 9 will match against any single E 164 character th...

Page 100: ...rts front and rear RS 323 DB 9 connector 2 x USB disabled 20 1 4 ITU Standards ITU T H 323 version 5 including Annex O ITU T H 235 ITU T H 350 20 1 5 Security Features IP Administration passwords Management via SSH and HTTPS Software upgrade via HTTPS and SCP 20 1 6 System Management Configuration via serial connection Telnet SSH HTTP HTTPS Software upgraded via HTTP HTTPS and SCP 20 1 7 Environme...

Page 101: ...duct show that the TANDBERG Gatekeeper Type number TTC2 02 complies with the following standards 20 2 1 EMC Emission Radiated Electromagnetic Interference EN55022 1994 A1 1995 A2 1997 Class A FCC Rules and Regulations 47CFR Part 2 Part 15 CISPR PUB 22 Class A 20 2 2 EMC Immunity EN 55024 1998 A1 2001 EN 61000 3 2 2000 EN 61000 3 3 1995 A1 2001 20 2 3 Electrical Safety IEC 60950 1 edition 2001 EN 6...

Page 102: ...t 4 RFC 3164 The BSD syslog Protocol http www ietf org rfc rfc3164 txt 5 RFC 3880 Call Processing Language CPL A Language for User Control of Internet Telephony Services http www ietf org rfc rfc3880 txt 6 DNS and BIND Fourth Edition Albitz and Liu O Reilly and Associates ISBN 0 596 00158 4 7 RFC 2915 The Naming Authority Pointer NAPTR DNS Resource Record http www ietf org rfc rfc2915 txt 8 RFC 37...

Page 103: ... to determine which phone line in Lysaker External Manager The remote system that is used to manage endpoints and network infrastructure The TANDBERG Management Suite TMS is an example of an external manager Gatekeeper Zone A collection of all the endpoints gateways and MCUs managed by a single gatekeeper LRQ Location Request A RAS query between Gatekeepers or Border Controllers to determine the l...

Page 104: ...fault password 16 19 Deny List 36 73 85 dial plan enforced 39 flat 21 hierarchical 21 structured 21 directory gatekeeper 21 disconnect call 86 DNS 16 22 41 44 50 73 DNS lookup 44 73 DNS zone 44 103 documentation 15 domain 16 73 domain local 20 73 down speed 32 73 E E 164 21 24 44 46 95 103 ENUM 44 46 environmental issues 8 9 ethernet 16 73 100 event levels 58 event log 58 59 60 62 64 93 event log ...

Page 105: ...se key 65 66 93 remote logging 64 resetting password 19 restriction policy 73 RFC 2782 43 94 102 RFC 2915 44 46 102 RFC 3164 64 102 RFC 3761 44 102 RFC 3880 53 102 S SCP 65 66 79 81 search order 22 serial cable 15 16 serial interface 19 serial port 12 16 17 session timeout 79 SNMP 79 SRV record 43 46 94 SSH 16 17 79 81 static IP address 16 subnet mask 16 subzone 34 79 88 subzone traversal 33 subzo...

Search results

Summary of Contents for Gatekeeper

Reviews:

Related manuals for Gatekeeper

Brands by name

Popular brands

TANDBERG Gatekeeper, User Manual

Search results

Summary of Contents for Gatekeeper

Reviews:

Related manuals for Gatekeeper

Brands by name

Popular brands