TANDBERG N3 User Manual
  1. Manuals
  2. Brands
  3. TANDBERG Manuals
  4. Conference System
  5. N3
  6. User manual
TANDBERG N3 User Manual

TANDBERG N3 User Manual

Tandberg gatekeeper user manual
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
TANDBERG Gatekeeper User
Manual
Software version N3
D13381.03
This document is not to be reproduced in whole or in part without permission in writing from:

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the N3 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for TANDBERG N3

Summary of Contents for TANDBERG N3

  • Page 1 TANDBERG Gatekeeper User Manual Software version N3 D13381.03 This document is not to be reproduced in whole or in part without permission in writing from:...

  • Page 2: Trademarks And Copyright

    TANDBERG Gatekeeper User Manual Trademarks and copyright Copyright 1993-2005 TANDBERG ASA. All rights reserved. This document contains information that is proprietary to TANDBERG ASA. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form, or by any means, electronically, mechanically, by photocopying, or otherwise, without the prior written permission of TANDBERG ASA.

  • Page 3: Environmental Considerations

    Environmental Issues Thank you for buying a product which contributes to a reduction in pollution, and thereby helps save the environment. Our products reduce the need for travel and transport and thereby reduce pollution. Our products have either none or few consumable parts (chemicals, toner, gas, paper).

  • Page 4: Operator Safety Summary

    TANDBERG Gatekeeper User Manual Operator Safety Summary For your protection, please read these safety instructions completely before operating the equipment and keep this manual for future reference. The information in this summary is intended for operators. Carefully observe all warnings, precautions and instructions both on the apparatus and in the operating instructions.

  • Page 5: Table Of Contents

    TANDBERG Gatekeeper User Manual ...i Trademarks and copyright ...ii Environmental Issues... iii Operator Safety Summary ...iv Introduction... 1 TANDBERG Gatekeeper Overview ... 2 Installation ... 3 Unpacking ... 3 Mounting... 4 Connecting Cables... 4 Switching on the System... 4 Gatekeeper Initial Configuration ... 5 Using the Gatekeeper ...
  • Page 6 TANDBERG Gatekeeper User Manual Upgrading Using HTTP(S) ... 30 Upgrading Using SCP ... 31 Configuring the Gatekeeper ... 33 Status ... 33 Configuration ... 34 Command... 40 History ... 42 Feedback... 42 Other commands... 43 Appendix: Configuring DNS Servers ... 45 Microsoft DNS Server ...

  • Page 7: Introduction

    1 Introduction This User Manual is provided to help you make the best use of your TANDBERG Gatekeeper. A Gatekeeper is a central part of an H.323 infrastructure. It provides address translation and controls access to the network for H.323 terminals, Gateways and MCUs. The Gatekeeper also provides other services to the terminals, Gateways and MCUs such as bandwidth management and locating Gateways.

  • Page 8: Tandberg Gatekeeper Overview

    TANDBERG Gatekeeper User Manual 1.1 TANDBERG Gatekeeper Overview On the front of the Gatekeeper there are three LAN interfaces, a serial port (Data 1) and a Light Emitting Diode (Power). The LAN 1 interface is used for connecting the system to your local area network, LAN interface 2 and 3 are disabled.

  • Page 9: Installation

    2 Installation Precautions:  Never install communication equipment during a lightning storm.  Never install jacks for communication cables in wet locations unless the jack is specifically designed for wet locations.  Never touch uninstalled communication wires or terminals unless the communication line has been disconnected at the network interface.

  • Page 10: Mounting

    TANDBERG Gatekeeper User Manual  Do not place heavy objects directly on top of the Gatekeeper.  Do not place hot objects directly on top, or directly beneath the Gatekeeper.  Use a grounded AC power outlet for the Gatekeeper. 2.2 Mounting The Gatekeeper comes with brackets for mounting in standard 19"...

  • Page 11: Gatekeeper Initial Configuration

    Whether you want to use Telnet to administer the system. 9. You will be prompted to login again. You should see a welcome message like this. Welcome to TANDBERG Gatekeeper Release N3.0 SW Release Date: 2005-06-15 10. Login with username ‘admin’ and your password.
  • Page 12 TANDBERG Gatekeeper User Manual xConfiguration Gatekeeper AutoDiscovery command in section 5.2 for more information. 12. Reboot the Gatekeeper by typing the command xCommand boot to make your new settings take effect. 13. Disconnect the serial cable. NOTE To secure the Gatekeeper you should disable HTTP, HTTPS, SSH and Telnet, relying on the serial interface for management.

  • Page 13: Using The Gatekeeper

    3 Using the Gatekeeper The Gatekeeper is used by H.323 terminals, Gateways and MCUs. These devices register with the Gatekeeper and the Gatekeeper then provides address translation and controls access to the network. 3.1 System Administration To configure and monitor the TANDBERG Gatekeeper you can either use the web interface or a command line interface.

  • Page 14: Neighbor Gatekeepers

    TANDBERG Gatekeeper User Manual NOTE Automatic discovery is a function that allows the Gatekeeper to reply to multicast Gatekeeper discovery messages from the endpoint. NOTE If you have problems registering the endpoint, try turning on automatic discovery. Some endpoints require automatic registration to be enabled. NOTE When URI dialing is used to discover an endpoint, the URI used is based on either the H.323 ID or the E.164 alias that the endpoint registered with.

  • Page 15: Alternate Gatekeepers

    Remote zones can be configured through the web interface of the TANDBERG Gatekeeper by navigating to Gatekeeper Configuration > Gatekeeper. See Figure 1 for a screenshot of the configuration. Figure 1 Screenshot of the Adding a New Zone configuration NOTE When using a local zone prefix do not start the E.164 aliases with the same digits as the local prefix.
  • Page 16 TANDBERG Gatekeeper User Manual When a Gatekeeper receives a Location Request, if it cannot respond from its own registration database, it will query all of its Alternates before responding. This allows the pool of registrations to be treated as if they were registered with a single Gatekeeper. The Alternate Gatekeepers can be configured within the web interface of the Gatekeeper by navigating to Gatekeeper Configuration >...

  • Page 17: Call Control

    3.5 Call Control When an end-point wants to call another endpoint it presents the address it wants to call to the Gatekeeper using a protocol knows as RAS. The Gatekeeper tries to resolve this address and supplies the calling endpoint with information about the called endpoint. The destination address can take several forms: IP address, H.323 ID, E.164 alias or a full H.323 URI.
  • Page 18 TANDBERG Gatekeeper User Manual Figure 3 Admission Request Processing...
  • Page 19 Figure 4 Location Request Processing...

  • Page 20: Bandwidth Control

    TANDBERG Gatekeeper User Manual 3.6 Bandwidth Control The TANDBERG Gatekeeper allows you to control endpoints’ use of bandwidth on your network. Figure 5 shows a typical deployment: a broadband LAN, where high bandwidth calls are acceptable, a pipe to the internet with restricted bandwidth, and two satellite offices, each with their own restricted pipes.
  • Page 21 xConfiguration Links Link [1..100] Pipe2 Name Each subzone may be configured with its own bandwidth limits. Calls placed between two endpoints in the same subzone consume resource from the subzone’s allocation. Subzone bandwidths are configured on the Gatekeeper Configuration > SubZones page (see Figure 6 for a screenshot of the configuration) or using the following command line commands: xConfiguration SubZones SubZone [1..100] Bandwidth TotalMode xConfiguration SubZones SubZone [1..100] Bandwidth Total Limit...

  • Page 22: Bandwidth Control And Firewall Traversal

    TANDBERG Gatekeeper User Manual Figure 6 Configuration of a SubZone through the web interface Figure 7 Adding a new Pipe through the web interface Figure 8 Configuring the downspeeding parameters of the Gatekeeper 3.6.1 Bandwidth Control and Firewall Traversal When a Border Controller and Gatekeeper are being used to traverse a firewall, an additional zone and subzone come into use.

  • Page 23: Bandwidth Control Examples

    3.6.2 Bandwidth Control Examples One possible configuration for the deployment in Figure 5 is shown in Figure 9. Each of the offices is represented as a separate subzone, with bandwidth configured according to local policy. The enterprise’s leased line connection to the Internet, and the DSL connections to the remote offices, are modelled as separate pipes.
  • Page 24 TANDBERG Gatekeeper User Manual In Figure , the endpoints in the enterprise register with the Gatekeeper, whilst those in the branch and home office register with the Border Controller. Border Controller Traversal sub-zone Enterprise Traversal Zone Figure 11 Border Controller example configuration Figure 11 shows how the Border Controller could be configured for the deployment in Figure 10.

  • Page 25: Registration Control

    Figure 12 Gatekeeper example configuration All of the endpoints in the enterprise will be assigned to the default subzone. The Traversal subzone controls traversal traffic flowing through the Gatekeeper, whilst the Traversal Zone controls all traffic traversing the enterprise firewall and passing on to the Border Controller. Both subzones and the Traversal zone are linked: the link between the default subzone and the Traversal zone is used by endpoints which can send media directly to the Border Controller.

  • Page 26: Authentication

    TANDBERG Gatekeeper User Manual match an entry on the DenyList. Allow lists and Deny lists are mutually exclusive: only one may be in use at any given time. Matching uses a simple form of wild card expansion: 12345678 Exact match only 1234567? First 7 characters are an exact match, last may be anything 123*...

  • Page 27: Authentication Using An Ldap Server

    To configure the Gatekeeper to use the local database of credentials during authentication issue the following commands xConfiguration Authentication Mode: On xConfiguration Authentication Database: LocalDatabase Each credential in the local database has a username and a password. To manage the credentials in the local database use the following commands xcommand CredentialAdd <user name>...

  • Page 28: Securing The Ldap Connection With Tls

    TANDBERG Gatekeeper User Manual xConfiguration LDAP UserDN: "Your user DN" xConfiguration LDAP Password: "password" The status of the connection between the Gatekeeper and the LDAP server can be verified using the command xstatus LDAP The details of the LDAP server can also be configured via the web interface on the Gatekeeper Configuration >...

  • Page 29: Uri Dialing

    Figure 16 Configuring the Gatekeeper to authenticate with an LDAP server using TLS 3.9 URI Dialing If an alias is not located in the Gatekeeper’s list of registrations, it may attempt to find an authoritative Gatekeeper through the DNS system. URI dialing makes it easier for endpoints registered with different Gatekeepers to call each other.

  • Page 30: Uri Dialing And Firewall Traversal

    TANDBERG Gatekeeper User Manual Figure 17 IP Configuration Screen 3.9.1 URI Dialing and firewall traversal If URI dialing is being used in conjunction with firewall traversal, DNSResolutionMode should only be enabled on the Border Controller. The DNS records should be updated with the address of the Border Controller as the authoritative Gatekeeper for the enterprise.

  • Page 31: Calling Unregistered Endpoints

    To configure the Gatekeeper for firewall traversal, use the Web or console interface (see Figure 18 for this configuration screen on the web interface). You will need to set the IP address of the Border Controller xConfiguration Traversal Server Address: <ip_address> You will need to enter the name of your Gatekeeper onto the Border Controller.

  • Page 32: Making Decisions Based On Addresses

    TANDBERG Gatekeeper User Manual xConfiguration Gatekeeper Policy Mode <On/Off> Policy interacts with authentication (section 3.7.2, Authentication). If authentication is enabled on the local Gatekeeper and a call received from a remote, unauthenticated Gatekeeper, the call’s source aliases will be removed from the call request before it is passed to the policy engine.

  • Page 33: Cpl Script Actions

    “display” address The address construct is used within an address-switch to specify addresses to match. Please note that all address comparisons ignore upper/lower case differences so <address is=“Fred”> will match “fred”, “freD” etc. is=<string> contains=<string> subdomain-of=<string> otherwise The otherwise node will be executed if the address specified in the address-switch was found but none of the preceding address nodes matched.

  • Page 34: Unsupported Cpl Elements

    TANDBERG Gatekeeper User Manual proxy On executing a proxy node the Gatekeeper will attempt to forward the call to the locations specified in the current location set. If multiple entries are in the location set then they are treated as different aliases for the same destination and are all placed in the destination alias field.

  • Page 35: Call Redirection

    User "fred" will not accept calls from anyone at "annoying.com", or from any unauthenticated users. All other users will allow any calls. <cpl> <incoming> <address-switch field="destination"> <address is="fred"> <address-switch field="origin" subfield="host"> <address subdomain-of="annoying.com"> <reject/> </address> <otherwise> <proxy/> </otherwise> <not-present> <reject/> </not-present>...

  • Page 36: Software Upgrade

    TANDBERG Gatekeeper User Manual 4 Software Upgrade Software upgrade can be done in one of two ways:  Using a web browser (HTTP/HTTPS).  Using secure copy (SCP). NOTE To upgrade the Gatekeeper, a valid Release key and software file is required. Contact your TANDBERG representative for more information.

  • Page 37: Upgrading Using Scp

    4. Enter the release key and press Install Software. You will get a new screen where you can upload the software image: 5. Browse to the file containing the software and press Install. You should see a page indicating that upload is in progress: 6.
  • Page 38 TANDBERG Gatekeeper User Manual NOTE Make sure you transfer the release key file before transferring the software image. Also make sure you name the files exactly as described below. NOTE The release key file should contain just the 16 character release key. To upgrade using SCP, do the following: 1.

  • Page 39: Configuring The Gatekeeper

    5 Configuring the Gatekeeper This chapter lists the basic usage of each command. The commands also support more advanced usage, which is outside the scope of this document. 5.1 Status The status root command, xstatus, returns status information from the Gatekeeper. To list all xstatus commands type xstatus ? To list all status information, type...

  • Page 40: Configuration

    TANDBERG Gatekeeper User Manual Command Usage ResourceUsage xstatus ResourceUsage SubZones xstatus SubZones SystemUnit xstatus SystemUnit Traversal xstatus Traversal Zones xstatus Zones 5.2 Configuration The configuration root command, xconfiguration, is used to set configuration settings. To list all xconfiguration commands type Description Reports usage of system resources.
  • Page 41 xconfiguration ? To list all configuration data, type xconfiguration To show a specific configuration value, type xconfiguration <name> To show usage information for a specific configuration value, type xconfiguration <name> ? To set a configuration element type xconfiguration <name> <param1>: value1 <param2>: value2 There is also a shorthand for configuration element with several parameters: xconfiguration <name>...

  • Page 42: Configuration Commands

    TANDBERG Gatekeeper User Manual Configuration commands xConfiguration Gatekeeper AlternateGK [1..5]: <IPAddr> xConfiguration Gatekeeper AutoDiscovery: <On/Off> xConfiguration Gatekeeper CallsToUnknownIPAddresses: <Off/Direct/Indirect> xConfiguration Gatekeeper CallTimeToLive: <60..65534> xConfiguration Gatekeeper DNSResolution Mode: <On/Off> xConfiguration Gatekeeper Downspeed PerCall Mode: <On/Off> xConfiguration Gatekeeper Downspeed Total Mode: <On/Off> xConfiguration Gatekeeper ForwardLocationRequests: <On/Off>...
  • Page 43 Configuration commands xConfiguration HTTPS Mode: <On/Off> xConfiguration IP Address: <IPAddr> xConfiguration IP Gateway: <IPAddr> xConfiguration IP SubnetMask: <IPAddr> xConfiguration LDAP Encryption: <Off/TLS> xConfiguration LDAP Password: <password> xConfiguration LDAP Server Address: <IPAddr> xConfiguration LDAP Server Port: <1..65534> xConfiguration LDAP UserDN: <userdn> xConfiguration Links Link [1..100] Name: <linkname>...
  • Page 44 TANDBERG Gatekeeper User Manual Configuration commands xConfiguration Pipes Pipe [1..100] Bandwidth Total Limit: <1..100000000> xConfiguration Pipes Pipe [1..100] Bandwidth Total Mode: <None/Limited/Unlimited> xConfiguration Pipes Pipe [1..100] Bandwidth PerCall Limit: <1..100000000> xConfiguration Pipes Pipe [1..100] Bandwidth PerCall Mode: <None/Limited/Unlimited> xConfiguration Pipes Pipe [1..100] Name: <pipename>...
  • Page 45 Configuration commands xConfiguration SubZones TraversalSubZone Bandwidth Total Mode: <None/Limited/Unlimited> xConfiguration SubZones SubZone [1..100] Bandwidth PerCall Limit: <1..100000000> xConfiguration SubZones SubZone [1..100] Bandwidth PerCall Mode: <None/Limited/Unlimited> xConfiguration SubZones SubZone [1..100] Bandwidth Total Limit: <1..100000000> xConfiguration SubZones SubZone [1..100] Bandwidth Total Mode: <None/Limited/Unlimited>...

  • Page 46: Command

    TANDBERG Gatekeeper User Manual Configuration commands xConfiguration Zones Zone [1..100] Gatekeeper IP Port: <1..65534> xConfiguration Zones Zone [1..100] Gatekeeper HopCount: <1..255> xConfiguration Zones Zone [1..100] Name: <zonename> xConfiguration Zones Zone [1..100] Prefix Match: <prefix> xConfiguration Zones Zone [1..100] Prefix Mode: <Strip/Include> 5.3 Command The command root command, xcommand, is used to execute commands on the Gatekeeper.

  • Page 47: Command Usage

    Command Usage DenyListAdd xCommand DenyListAdd <denied_alias> DenyListDelete xCommand DenyListDelete <index> DisconnectCall xCommand DisconnectCall <callid> FeedbackRegiste xCommand FeedbackRegister <ID> <URL> <Expression> FeedbackDeregis xCommand FeedbackDeregister <ID> LinkAdd xCommand LinkAdd: <linkname> <node1> <node2> <pipe1> <pipe2> LinkDelete xCommand LinkDelete: <index> OptionKeyAdd xCommand OptionKeyAdd: <key> OptionKeyDelete xCommand OptionKeyDelete: <index>...

  • Page 48: History

    TANDBERG Gatekeeper User Manual Command Usage SubZoneDelete xCommand SubZoneDelete: <index> ZoneAdd xCommand ZoneAdd <name> <address> <prefix> ZoneDelete xCommand ZoneDelete <index> 5.4 History The history root command, xhistory, is used to display history data on the Gatekeeper. To list all xhistory commands type xhistory ? To list all history data, type xhistory...

  • Page 49: Other Commands

    xfeedback list To register a feedback expression, type xfeedback register <expression> To deregister the feedback expression with index <n>, type xfeedback deregister <n> To deregister all feedback expressions, type xfeedback deregister 0 Feedback commands xFeedback Register Status/<Calls/Registrations> xFeedback Register History/<Calls/Registrations> xFeeedback Register Event/<CallAttempt/ Connected/ Disconnected/ ConnectionFailure/ Registration/ Unregistration/ Bandwidth>...
  • Page 50 TANDBERG Gatekeeper User Manual Command Usage relkey Relkey syslog syslog <level> [ipaddr] [ipaddr] ... Description Displays the release key that this software has been installed with. Enables tracing. <level> - is the log level, 0-3, 3 gives most logging. ipaddr – specify up to 10 IP addresses to log information for, all if none specified.

  • Page 51: Appendix: Configuring Dns Servers

    6 Appendix: Configuring DNS Servers In the examples below, we set up an SRV record to handle H.323 URIs of the form user@example.com. These are handled by the Gatekeeper with the fully qualified domain name of Gatekeeper1.example.com which is listening on port 1719, the default registration port.

  • Page 52: Verifying The Srv Record

    TANDBERG Gatekeeper User Manual then instruct named to reload the files kill –s SIGHUP pid 4. Check the log files for any discrepancies tail /var/log/messages For more details of how to configure BIND servers and the DNS system in general see the book “DNS and BIND”...

  • Page 53: Appendix: Configuring Ldap Servers

    7 Appendix: Configuring LDAP Servers 7.1 Microsoft Active Directory 7.1.1 Prerequisites These comprehensive step by step instructions assume that Active Directory is installed. For details on installing Active Directory please consult your Windows documentation. The following instructions are for Windows Server 2003 Enterprise Edition, if you are not using this version of Windows, your instructions may vary.

  • Page 54: Securing With Tls

    TANDBERG Gatekeeper User Manual commUniqueId: comm1 h323Identityh323-ID: MeetingRoom1 h323IdentitydialedDigits: 626262 h235IdentityEndpointID: meetingroom1 h235IdentityPassword: mypassword Add the ldif file to the server using the command: ldifde -i -c DC=X <ldap_base> -f filename.ldf This will add a single H.323 endpoint with an H.323 Id alias of “MeetingRoom1” and an E.164 alias of “626262”.

  • Page 55: Adding H.350 Objects

    H.350.2 – Directory services architecture for H.235 - An LDAP schema to represent  H.235 elements. The schemas can be downloaded in ldif format from the web interface on the Gatekeeper. To do this, navigate to the Gatekeeper Configuration > Files page and click on the links for the schemas.

  • Page 56: Securing With Tls

    TANDBERG Gatekeeper User Manual commUniqueId: comm1 h323Identityh323-ID: MeetingRoom1 h323IdentitydialedDigits: 626262 h235IdentityEndpointID: meetingroom1 h235IdentityPassword: mypassword Add the ldif file to the server using the command: slapadd -l <ldif_file> This will add a single H.323 endpoint with an H.323 Id alias of “MeetingRoom1” and an E.164 alias of “626262”.

  • Page 57: Approvals

    8 Approvals The product has been approved by various international approval agencies, among others: UL and Nemko. According to their Follow-Up Inspection Scheme, these agencies also perform production inspections at a regular basis, for all production of TANDBERG’s equipment. The test reports and certificates issued for the product show that the TANDBERG Gatekeeper, Type number TTC2-02, complies with the following standards.

  • Page 58: Technical Specifications

    TANDBERG Gatekeeper User Manual 9 Technical Specifications System Capacity 100-1000 registered endpoints 25-200 concurrent calls 0-100 traversal calls 100 zones (The system’s capacity depends on the system’s option key) Ethernet Interfaces 3 x LAN/Ethernet (RJ-45) 10/100 Base-TX (2 disabled) System console port 2 x COM ports (front and rear), RS-232 DB-9 connector 2 x USB (disabled) ITU standard...

  • Page 59: Index

    10 Index AllowList, 19, 36, 40 Alternate, 9, 24, 36 Authentication LDAP, 35 local database, 35 Bandwidth Control, 37 CPL, 25, 36 examples, 28 unsupported elements, 28 Credentials, 21 DenyList, 19, 36, 41 DNS, 23, 24, 36 BIND, 45 Microsoft DNS Server, 45 Down-speed, 15 Ethernet, 2 speed, 35...

This manual is also suitable for:

Gatekeeper

Table of Contents