cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1038
Views
0
Helpful
5
Replies

VCS Endpoint Authentication - True/False

Patrick Sparkman
VIP Alumni
VIP Alumni

What all is considered for an endpoint to be considered authenticated either true or false when it is applied to search rules?

We have several endpoints ranging from C-Series to E20s that don't authenticate or require credentials when they register, and we have Jabber Video that of course authenticates.  I'm asking as this applies to call policies and want to try to do some testing, but due to the authenticated true/false of some of the endpoints I want to get it right.

Default Zone:  Do not check credentials

Default SubZone:  Treat as authenticated

Subzones:  Treat as authenticated

The SubZones are set so that they will allow presence.

5 Replies 5

gubadman
Level 3
Level 3

Endpoints are considered authenticated if the zone or subzone they are in is set to Treat as authenticated. Or if the zone or subzone is set to check credentials and the endpoint supplies the right credentials. for example on my EX90 it has settings:

xConfiguration H323 Profile 1 Authentication LoginName:

xConfiguration H323 Profile 1 Authentication Password:

xConfiguration SIP Profile 1 Authentication 1 LoginName:

xConfiguration SIP Profile 1 Authentication 1 Password:

and if these are set correctly and the endpoint is challenege for it's credentials, and provides the correct ones, it will then be considered authenticated.

What promted my questions, was I did some checking on previous searches against the VCS from some of our local endpoints, and some of the searches are showing as being false and others as true.

Here are a few examples of the search history, it's a combination of SIP and H323.

    • State: Completed
    • Found: True
    • Type: SIP (INVITE)
    • CallRouted: True
    • CallSerial Number: c958d7fc-dd6b-11e1-9768-0010f31805bc
    • Tag: c958d996-dd6b-11e1-a8f7-0010f31805bc
    • StartTime: 2012-08-03 09:04:40
    • Duration: 2.54
    • Source (1)
      • Authenticated: True

---------------------------------------

    • State: Completed
    • Found: True
    • Type: H323 (Setup)
    • CallRouted: True
    • CallSerial Number: 0b2907fe-dd69-11e1-b2d0-0010f31805bc
    • Tag: 0b2909d4-dd69-11e1-a953-0010f31805bc
    • StartTime: 2012-08-03 08:45:02
    • Duration: 0.76
    • Source (1)
      • Authenticated: False
      • Aliases (1)
        • Alias (1)
          • Type: H323Id
          • Origin: Unknown
          • Value: FSUCOM-MCU
        • Alias (2)
          • Type: E164
          • Origin: Unknown
          • Value: 9800

---------------------------------------

    • State: Completed
    • Found: True
    • Type: H323 (ARQ)
    • CallRouted: True
    • CallSerial Number: 4e5428bc-dcae-11e1-a3ca-0010f31805bc
    • Tag: 4e542aba-dcae-11e1-b00f-0010f31805bc
    • StartTime: 2012-08-02 10:28:19
    • Duration: 0.01
    • Source (1)
      • Authenticated: True
      • Aliases (1)
        • Alias (1)
          • Type: E164
          • Origin: Endpoint
          • Value: 0175055

---------------------------------------

    • State: Completed
    • Found: True
    • Type: H323 (Setup)
    • CallRouted: True
    • CallSerial Number: 4e5428bc-dcae-11e1-a3ca-0010f31805bc
    • Tag: 4e542aba-dcae-11e1-b00f-0010f31805bc
    • StartTime: 2012-08-02 10:28:19
    • Duration: 0.44
    • Source (1)
      • Authenticated: False
      • Aliases (1)
        • Alias (1)
          • Type: H323Id
          • Origin: Unknown
          • Value: anatomy.lab
        • Alias (2)
          • Type: E164
          • Origin: Unknown
          • Value: 0175055

Hi Patrick,

This is likely due to differences between SIP and H.323 - SIP can be challenged for authentication on every single message, but H.323 is only challenged on registration.

Thanks, it makes sence and why I'm seening different statuses for authentication for the protocols.  Am I correct that in order to have all unknown endpoints (not locally registered to the VCS) to be affected by a call policy I would need to create my own CPL using the "unauthenticated-origin" method, as the call policy generator in the VCS web gui doesn't write it correct, and the end result is all calls are capable of making it through?  From what I've been reading in the other call policy discussions I've searched and read through.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: