Table of Contents
Advertisement
Grey Headline (continued)
Registration control
About Allow and Deny Lists
When an endpoint attempts to register with the VCS it presents
a list of aliases. You can control which endpoints are allowed to
register by setting the Restriction Policy to Allow List or Deny
List and then including any one of the endpoint's aliases on the
Allow List or the Deny list as appropriate. Each list can contain
up to 2,500 entries.
When an endpoint attempts to register, each of its aliases
is compared with the patterns in the relevant list to see if it
matches. Only one of the aliases needs to appear in the Allow
List or the Deny List for the registration to be allowed or denied.
For example, If the Registration Restriction policy is set to Deny
List and an endpoint attempts to register using three aliases,
one of which matches a pattern on the Deny List, that endpoint's
registration will be denied. Likewise, if the Registration
Restriction policy is set to Allow List, only one of the endpoint's
aliases needs to match a pattern on the Allow List for it to be
allowed to register using all its aliases.
Allow Lists and Deny Lists are mutually exclusive: only one may
be in use at any given time.
You can also control registrations at the
Each subzone's registration policy can be configured to
allow or deny registrations assigned to it via the subzone
membership rules.
Overview and
System
Introduction
status
configuration
D14049.07
March 2010
Allow and Deny Lists
Activating use of Allow or Deny Lists
The Registration Configuration page allows you to specify
whether an Allow List or a Deny List should be used when
determining which endpoints may register with the VCS.
To go to the Registration Configuration page:
•
VCS configuration > Registration > Configuration.
To configure this using the CLI:
xConfiguration Registration RestrictionPolicy
•
The Restriction policy option specifies the policy to be used
when determining which endpoints may register with the VCS.
The options are:
None: any endpoint may register.
AllowList: only those endpoints with an alias that matches an
entry in the Allow List may register.
DenyList: all endpoints may register, unless they match an entry
on the Deny List.
The default is None.
subzone
level.
If you have elected to use an Allow List or a Deny List,
!
you must also go to the appropriate configuration page
(VCS configuration > Registration > Allow List or VCS
configuration > Registration > Deny List) to create the
list to be used.
VCS
Zones and
Clustering and
configuration
neighbors
Call
Bandwidth
peers
processing
control
59
TANDBERG
VIDEO COMMUNICATION SERVER
Removing existing registrations
After an Allow List or Deny List has been activated, it controls
all registration requests from that point forward. However, any
existing registrations may remain in place, even if the new list
would otherwise block them. Therefore, you are recommended
to manually remove all existing unwanted registrations after you
have implemented an Allow List or Deny List.
To manually remove a registration, go to Status > Registrations
> By device, select the registration(s) you want to remove, and
click Unregister.
Re-registrations
All endpoints must periodically re-register with the VCS in order
to keep their registration active. If you do not manually delete the
registration, the registration could be removed when the endpoint
attempts to re-register, but this depends on the protocol being
used by the endpoint:
•
H.323 endpoints may use "light" re-registrations which do not
contain all the aliases presented in the initial registration, so
the re-registration may not get filtered by the Allow List or Deny
List. If this is the case, the registration will not expire at the
end of the registration timeout period and must be removed
manually.
•
SIP re-registrations contain the same information as the initial
registrations so will be filtered by the Allow List and Deny
List. This means that, after the list has been activated, all
SIP registrations will disappear at the end of their registration
timeout period.
The frequency of re-registrations is determined by the
Registration Expire Delta setting for SIP (VCS configuration >
Protocols > SIP > Configuration) and the Time to Live setting for
H.323 (VCS configuration > Protocols > H.323).
Firewall
Applications
Maintenance
traversal
ADMINISTRATOR GUIDE
Appendices
Advertisement
Table of Contents
