Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
VIP Super Bronze

VCS Endpoint Authentication - True/False

What all is considered for an endpoint to be considered authenticated either true or false when it is applied to search rules?

We have several endpoints ranging from C-Series to E20s that don't authenticate or require credentials when they register, and we have Jabber Video that of course authenticates.  I'm asking as this applies to call policies and want to try to do some testing, but due to the authenticated true/false of some of the endpoints I want to get it right.

Default Zone:  Do not check credentials

Default SubZone:  Treat as authenticated

Subzones:  Treat as authenticated

The SubZones are set so that they will allow presence.

Everyone's tags (4)
5 REPLIES
Cisco Employee

VCS Endpoint Authentication - True/False

Endpoints are considered authenticated if the zone or subzone they are in is set to Treat as authenticated. Or if the zone or subzone is set to check credentials and the endpoint supplies the right credentials. for example on my EX90 it has settings:

xConfiguration H323 Profile 1 Authentication LoginName:

xConfiguration H323 Profile 1 Authentication Password:

xConfiguration SIP Profile 1 Authentication 1 LoginName:

xConfiguration SIP Profile 1 Authentication 1 Password:

and if these are set correctly and the endpoint is challenege for it's credentials, and provides the correct ones, it will then be considered authenticated.

VIP Super Bronze

VCS Endpoint Authentication - True/False

What promted my questions, was I did some checking on previous searches against the VCS from some of our local endpoints, and some of the searches are showing as being false and others as true.

VIP Super Bronze

Re: VCS Endpoint Authentication - True/False

Here are a few examples of the search history, it's a combination of SIP and H323.

    • State: Completed
    • Found: True
    • Type: SIP (INVITE)
    • CallRouted: True
    • CallSerial Number: c958d7fc-dd6b-11e1-9768-0010f31805bc
    • Tag: c958d996-dd6b-11e1-a8f7-0010f31805bc
    • StartTime: 2012-08-03 09:04:40
    • Duration: 2.54
    • Source (1)
      • Authenticated: True

---------------------------------------

    • State: Completed
    • Found: True
    • Type: H323 (Setup)
    • CallRouted: True
    • CallSerial Number: 0b2907fe-dd69-11e1-b2d0-0010f31805bc
    • Tag: 0b2909d4-dd69-11e1-a953-0010f31805bc
    • StartTime: 2012-08-03 08:45:02
    • Duration: 0.76
    • Source (1)
      • Authenticated: False
      • Aliases (1)
        • Alias (1)
          • Type: H323Id
          • Origin: Unknown
          • Value: FSUCOM-MCU
        • Alias (2)
          • Type: E164
          • Origin: Unknown
          • Value: 9800

---------------------------------------

    • State: Completed
    • Found: True
    • Type: H323 (ARQ)
    • CallRouted: True
    • CallSerial Number: 4e5428bc-dcae-11e1-a3ca-0010f31805bc
    • Tag: 4e542aba-dcae-11e1-b00f-0010f31805bc
    • StartTime: 2012-08-02 10:28:19
    • Duration: 0.01
    • Source (1)
      • Authenticated: True
      • Aliases (1)
        • Alias (1)
          • Type: E164
          • Origin: Endpoint
          • Value: 0175055

---------------------------------------

    • State: Completed
    • Found: True
    • Type: H323 (Setup)
    • CallRouted: True
    • CallSerial Number: 4e5428bc-dcae-11e1-a3ca-0010f31805bc
    • Tag: 4e542aba-dcae-11e1-b00f-0010f31805bc
    • StartTime: 2012-08-02 10:28:19
    • Duration: 0.44
    • Source (1)
      • Authenticated: False
      • Aliases (1)
        • Alias (1)
          • Type: H323Id
          • Origin: Unknown
          • Value: anatomy.lab
        • Alias (2)
          • Type: E164
          • Origin: Unknown
          • Value: 0175055
Cisco Employee

VCS Endpoint Authentication - True/False

Hi Patrick,

This is likely due to differences between SIP and H.323 - SIP can be challenged for authentication on every single message, but H.323 is only challenged on registration.

VIP Super Bronze

VCS Endpoint Authentication - True/False

Thanks, it makes sence and why I'm seening different statuses for authentication for the protocols.  Am I correct that in order to have all unknown endpoints (not locally registered to the VCS) to be affected by a call policy I would need to create my own CPL using the "unauthenticated-origin" method, as the call policy generator in the VCS web gui doesn't write it correct, and the end result is all calls are capable of making it through?  From what I've been reading in the other call policy discussions I've searched and read through.

625
Views
0
Helpful
5
Replies
CreatePlease to create content