07-24-2012 04:19 AM - edited 03-17-2019 11:30 PM
Hi,
we have a situation where C Series endpoints can't see any content from a Jabber users when they are on MCU encrypted Call. But when they are on a point to point encrypted call, the content is working. When the C Series only endpoints are on a MCU call, the calls are encrypted and content is working.
Customer uses the MSE 8510 as a conference bridge. All the C Series endpoints has been configured encrption mode to " Best Effort". Jabber client encryption mode set to " Auto".
Also, MSE 8510 has been configured encryption mode " Enabled". So, by default, all the calls will be encrypted whether point to point or MCU call.
During a MCU call between C Series endpoint and Jabber, I can see Jabber client sending encrypted content, but MCU couldn't send the encrypted content to the C Series endpoint and saying " not Supported"
This particular Scenario, Jabber sending encryption content, becuase call has been setup with encryption ( by default), then content will follow the main video channel ( No seperate Channel like a C Series endpoint). So MCU received the Encrypted content.
So, my question is, does the C Series endpoint can receive or send encrypted content?.
Note: if i " turn off" the encryption on the C Series endpoint, then the content is working between the Jabber and C Series on a MCU call
Thanks
Regards,
Chris
07-24-2012 06:20 AM
There is a known limitation in which encryption prevents content sharing for SIP endpoints when connected to an MCU such as the MSE8510. Currently we have encryption enabled on all of our H323 endpoints, but have it disabled on SIP.
MCU v4.3 release notes:
The transmission of SIP content from the MCU using Binary Floor Control Protocol (BFCP) is not supported on encrypted calls. To allow content to be transmitted over SIP calls in a separate channel from main video, you should disable encryption on the MCU or on the target endpoint.
I'm not sure what the difference is between an encrypted point-to-point call and using the MCU, but I'd hope they would get it working, because for those that require all calls to be completly encrypted it can cause some issues since it hinders content sharing between endpoints.
07-24-2012 06:43 AM
Is this a known limitation to MSE8510 MCU only?
I can mad an encrypted Jabber call to our 4520 MCU (latest Firmware) and can send encrypted content to a c40 codec (also latest firmware). The C codec is connected via H.323, as a Jabber client I am using CiscoFreeJabber Service.
07-24-2012 06:53 AM
I think it applies to any MCU that runs the current v4.3 software, you'd have to check the release notes for exact models.
Sent from Cisco Technical Support iPad App
07-24-2012 07:05 AM
According to the release notes the following MCU's are supported, which contain the limitation:
Cisco TelePresence MCU 4200 Series
Cisco TelePresence MCU 4500 Series
Cisco TelePresence MCU 4501 Series
Cisco TelePresence MCU MSE 8420
Cisco TelePresence MCU MSE 8510
07-24-2012 07:54 PM
Thanks Patrick. Yes, it is mentioned in the release notes. it is not resolved yet.
I only tested and found this issue between the Jabber client and the C Series endpoint (SIP Regsitered).
would it be the same result when 2 C series endpoint ( SIP registered and using encryption) calling MCU virtual meeting rooms and share the Content?.
Thanks
Regards,
Chris
08-10-2012 01:35 PM
Hi Chris. As Patrick pointed out, this is a limitation of the MCU. It can receive encrypted content over SIP but if the far end or any participant on the MCU is connected over SIP and is encrypted, they will more likely receive content in the main video channel. Other option here is to interwork and have the endpoints connect as H323 and you shouldnt see a problem.
Let us know?
Thanks.
VR
Patrick P.
08-12-2012 05:13 PM
This is limitation of MCU with current release including latest 4.3 maintenance release version.
== From MCU 4.3(2.32) release note ========
Binary Floor Control Protocol on encrypted calls
The transmission of SIP content from the MCU using Binary Floor Control Protocol (BFCP) is not supported on encrypted calls. To allow content to be transmitted over SIP calls in a separate channel from main video, you should disable encryption on the MCU or on the target endpoint.
=====================================
Several workaround has already mention in this discussion, but you may also use "Media encryption mode" on VCS introduce in X7.2 release.
You can create subzone for MCU and register MCU on it so this media encryption mode only apply on specific MCU (and also able to control encrypt/non-encrypt call per H323/SIP call by using search rule (X7.2 search rule can be define call protocol and also source/destination in low as subzone level).
For more detail of new search rule and media encryption mode, please refer to https://supportforums.cisco.com/docs/DOC-26316.
08-13-2012 05:02 AM
Thanks Tom &Patrick.
Atleast, can they receive the content on the main video channel?.
Any time frame from Cisco to enable this feature on the MCU ?. Because most of the Customers are going with the SIP, it is a important feature missing from the MCU.
Thanks.
08-13-2012 06:35 AM
Yes, you still able to transmit presentation in one of main stream panel.
Unfortunately there is no clear plan to support encrypted BFCP in MCU this point.
I suggest reach out your Cisco representative and raise this as feature request (which help to priorities this RFE with customer voice).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide