Authentication Policy Configuration Options - Cisco TelePresence Administrator's Manual
Video communication server
Hide thumbs
Also See for TelePresence:
- Administrator's manual (507 pages) ,
- Manual (24 pages) ,
- Specifications (7 pages)
Table of Contents
Advertisement
Note that due to the complexity of writing CPL scripts, you are recommended to use an external policy
service instead.
Authentication policy configuration options
Authentication policy behavior varies for H.323 messages, SIP messages received from local domains and
SIP messages from non-local domains.
The primary authentication policy configuration options and their associated behavior are as follows:
Check credentials: verify the credentials using the relevant authentication method. Note that in some
n
scenarios, messages are not challenged, see below.
Do not check credentials: do not verify the credentials and allow the message to be processed.
n
Treat as authenticated: do not verify the credentials and allow the message to be processed as if it is has
n
been authenticated. This option can be used to cater for endpoints from third-party suppliers that do not
support authentication within their registration mechanism. Note that in some scenarios, messages are
allowed but will still be treated as though they are unauthenticated, see below.
The following tables summarize the policy behavior when applied at the zone and subzone level, and how it
varies depending on the message protocol.
Zone-level authentication policy
Authentication policy is configurable for zones that receive messaging; the Default Zone, neighbor zones,
traversal client and traversal server zones all allow configuration of authentication policy; DNS and ENUM
zones do not receive messaging and so have no configuration.
To configure a zone's Authentication policy, go to the
> Zones, then click View/Edit or the name of the zone). The policy is set to Do not check credentials by
default when a new zone is created.
The behavior varies for H.323 and SIP messages as shown in the tables below:
H.323
Authentication
Behavior
policy
Check
Messages are classified as either authenticated or unauthenticated depending on whether any
credentials
credentials in the message can be verified against the authentication database.
If no credentials are supplied, the message is always classified as unauthenticated.
Do not check
Message credentials are not checked and all messages are classified as unauthenticated.
credentials
Treat as
Message credentials are not checked and all messages are classified as authenticated.
authenticated
SIP
The behavior for SIP messages at the zone level depends upon the
(meaning whether the VCS trusts any pre-existing authenticated indicators - known as P-Asserted-Identity
headers - within the received message) and whether the message was received from a local domain (a
domain for which the VCS is authoritative) or a non-local domain.
Cisco VCS Administrator Guide (X7.2)
Edit zone
page
(VCS configuration > Zones
SIP authentication trust mode
Device authentication
setting
Page 101 of 498
Hide quick links:
Advertisement
Table of Contents
