Page 1: User Guide
TANDBERG Border Controller User Guide Software version Q6.0 D13691.08 February 2008 This document is not to be reproduced in whole or in part without permission in writing from:...
Page 2: Table Of Contents
TANDBERG Border Controller User Guide Contents Product Information 1.1. Trademarks and Copyright ......................8 1.2. Disclaimer ........................... 8 1.3. Environmental Issues ......................... 8 1.3.1. TANDBERG's Environmental Policy ......................8 1.3.2. European Environmental Directives.....................9 1.3.3. Waste Handling............................9 1.3.4. Information for Recyclers........................9 1.3.5.
Page 3 9.2.4. Enforced dial plans ..........................43 9.2.5. Securing the LDAP connection with TLS................... 44 9.2.6. Setting the Border Controller’s own authentication credentials ............ 44 10. URI Dialing 10.1. About URI Dialing ........................45 10.2. Making a Call Using URI Dialing ....................45 10.2.1.
Page 4 TANDBERG Border Controller User Guide 11.3. Configuring DNS NAPTR Records .....................50 12. Example Traversal Deployments 12.1. Simple Enterprise Deployment ....................51 12.2. Enterprise Gatekeepers......................52 12.3. Dialing Public IP Addresses ......................52 12.4. Neighbored Enterprises......................53 12.4.1. Enabling outgoing URI calls ....................... 53 12.4.2.
Page 5 TANDBERG Border Controller User Guide 17. Software Upgrading 17.1. About Software Upgrading......................73 17.2. Upgrading Using HTTP(S)......................73 17.3. Upgrading Using SCP/PSCP......................74 18. Command Reference 18.1. Status............................76 18.1.1. Listing all status information ......................76 18.1.2. Listing all status commands ......................76 18.1.3.
Page 6 TANDBERG Border Controller User Guide 18.3.11. DenyListAdd............................97 18.3.12. DenyListDelete ............................ 98 18.3.13. Dial ............................... 99 18.3.14. DisconnectCall ............................ 99 18.3.15. FeedbackRegister ..........................99 18.3.16. FeedbackDeregister .........................100 18.3.17. FindRegistration..........................100 18.3.18. LinkAdd ..............................100 18.3.19. LinkDelete............................100 18.3.20. Locate ..............................100 18.3.21. OptionKeyAdd............................100 18.3.22.
Page 7 TANDBERG Border Controller User Guide 21. Appendix C: Regular Expression Reference 22. Appendix D - Technical data 22.1. Technical Specifications ......................113 22.1.1. System Capacity..........................113 22.1.2. Ethernet Interfaces ...........................113 22.1.3. System Console Port.........................113 22.1.4. ITU Standards............................113 22.1.5. Security Features ..........................113 22.1.6.
Page 8: Product Information
Portions of this software are licensed under 3rd party licenses. See the CD accompanying this product for details. 3rd party license information may also be obtained from the Border Controller itself -- see the license command in section 18.6.4 for details.
Page 9: European Environmental Directives
Digital User Guides TANDBERG is pleased to announce that we have replaced the printed versions of our User Guides with a digital CD version. Instead of a range of different user manuals, there is now one CD -- which can be used with all TANDBERG products -- in a variety of languages.
Page 10: Operator Safety Summary
TANDBERG Border Controller User Guide 1.4. Operator Safety Summary For your protection please read these safety instructions completely before you connect the equipment to the power source. Carefully observe all warnings, precautions and instructions both on the apparatus and in these operating instructions.
Page 11: Power Connection And Hazardous Voltage
TANDBERG Border Controller User Guide 1.4.7. Power connection and Hazardous voltage • The product may have hazardous voltage inside. Never attempt to open this product, or any peripherals connected to the product, where this action requires a tool. • This product should always be powered from an earthed power outlet.
Page 12: Introduction
TANDBERG Border Controller User Guide Introduction This User Manual is provided to help you make the best use of your TANDBERG Border Controller. A Border Controller is a key component of TANDBERG's Expressway firewall traversal solution. Used in conjunction with a TANDBERG Gatekeeper or TANDBERG traversal-enabled endpoints it allows calls to be made into and out of a secured private network.
Page 13 TANDBERG Border Controller User Guide Figure 1: Front panel of Border Controller On the back of the Border Controller (see Figure 2) there are: • a power connector • a power switch • a serial port (Data 2) for connecting to a PC.
Page 14: Installation
Make sure that the Border Controller is accessible and that all cables can be easily connected. • For ventilation: Leave a space of at least 10cm (4 inches) behind the Border Controller's rear and 5cm (2 inches) on the sides.
Page 15: Unpacking
TANDBERG Border Controller User Guide 3.3. Unpacking The TANDBERG Border Controller is delivered in a special shipping box which should contain the following components: • Border Controller unit • Installation sheet • User manual and other documentation on CD •...
Page 16: Getting Started
PC connected to the serial port (Data 1) or by connecting to the system's default IP address: 192.168.0.100. The IP address, subnet mask and gateway must be configured before use. The Border Controller has to be configured with a static IP address. Consult your network administrator for information on which addresses to use.
Page 17: System Administration
HTTPS and SSH protocols instead. For increased security, disable HTTPS and SSH as well, using the serial port to manage the system. Note: If you do not have an IP gateway, configure the Border Controller with an unused IP address that is valid in your subnet. 4.2.
Page 18: Command Line Interface
Border Controller from administrator web browsers. You can also upload a PEM file that identifies the private key used to encrypt the server certificate used by the Border Controller. This private key must not be password protected.
Page 19: Session Timeout
The pwrec account is only active for one minute following a restart. Beyond that time you will have to restart the system again to change the password. Because access to the serial port allows the password to be reset, it is recommended that you install the Border Controller in a physically secure environment.
Page 20: Backups
4.4. IP Configuration The Border Controller may be configured to use IPv4, IPv6 or both protocols. If using both protocols, the Border Controller will act as a gateway if necessary, allowing calls to be made between an IPv4-only endpoint and an IPv6-only endpoint. This behavior will use a traversal license for each call gatewayed between IPv4 and IPv6.
Page 21: Endpoint Registration
When it tries to register, it may be rejected because the Border Controller still has a registration from its old IP address. The Border Controller may be configured to allow an endpoint to overwrite the old IP address. To do this, either issue the command: xConfiguration Gatekeeper Registration ConflictMode: <Overwrite/Reject>...
Page 22: Neighbor Gatekeepers
4.6.1. Neighboring and dial plans As you start deploying more than one Gatekeeper or Border Controller, it is useful to neighbor the systems together so that they can exchange information about registered endpoints. Each Gatekeeper or Border Controller forms an H.323 zone and is responsible for the endpoints within that zone. There are a number of ways this can be done, depending on the complexity of your system.
Page 23: Search Order
Each Border Controller may be configured with the IP addresses of up to five Alternates. When an endpoint registers with the Border Controller, it is presented with the IP addresses of all the Alternates. If the endpoint loses contact with its initial Border Controller, it will seek to register with one of the Alternates.
Page 24 TANDBERG Border Controller User Guide Figure 5: Alternate Border Controller configuration Page 24 of 118...
Page 25: Call Processing Overview
TANDBERG Border Controller User Guide 4.8. Call Processing Overview Figure 6 illustrates the process the Border Controller performs when receiving call requests. Figure 6: Location decision flow diagram Page 25 of 118...
Page 26 The destination address can take several forms: IP address, H.323 ID, E.164 alias or a full H.323 URI. When an H.323 ID or E.164 alias is used, the Border Controller looks for a match between the dialed address and the aliases registered by its endpoints. If no match is found, it may query other Gatekeepers and Border Controllers.
Page 27: Transforming Destination Aliases
TANDBERG Border Controller User Guide Transforming Destination Aliases 5.1. Alias Transforms The Alias Transforms function takes any aliases present in ARQ and LRQ messages and runs a set of transformations on them. The resulting aliases will then be used in the normal Gatekeeper logic, exactly as if those aliases were unchanged.
Page 28: Zone Transforms
TANDBERG Border Controller User Guide 5.2. Zone Transforms It is possible to direct an incoming location request to a different alias by replacing either the prefix or the suffix of the alias with a new string, or by using regular expressions to specify the way in which the alias is to be transformed.
Page 29: Unregistered Endpoints
Indirect Upon receiving the call the Border Controller will check to see if the address belongs to one of its local subzones. If so, it will allow the call. If not, it will query its neighbors for the remote address, relying on the response from the neighbor to allow the ability for the call to be completed;...
Page 30 TANDBERG Border Controller User Guide When the Border Controller is used with a Gatekeeper for firewall traversal, you will typically set CallsToUnknownIPAddresses to Indirect on the Gatekeeper and Direct on the Border Controller. This will allow endpoints registered to the gatekeeper to successfully traverse the firewall in order to call public endpoints on the Internet.
Page 31: Firewall Traversal
H.460.18 and H.460.19 are ITU standards which define protocols for the firewall traversal of signaling and media respectively. These standards are based on the original TANDBERG Assent protocol. In order to successfully traverse a firewall, the firewall is required to allow initial outbound traffic to designated ports on the Border Controller and return traffic from those ports.
Page 32: Traversal Zones
This is only used for display purposes. You will need to create a corresponding Traversal Zone on the Border Controller. If you select Assent as the traversal protocol, you must supply the account name that the Gatekeeper will use. If you use H.460.18/19 as the traversal protocol, you should instead provide the publicly perceived IP address of...
Page 33: Bandwidth Control
8.2. Subzones All endpoints registered with your Border Controller are part of its local zone. As shown in Figure 9, the local zone can contain two or more different networks with different bandwidth limitations. In order to model this, the local zone is made up of one or more subzones. When an endpoint registers with the Border Controller it is assigned to a subzone, based on its IP address.
Page 34: Subzone Bandwidths
If multiple routes are possible, your Border Controller will select the one with the fewest links. Links may be configured using the web interface via Border Controller Configuration >...
Page 35: Insufficient Bandwidth
If bandwidth control is in use, there may be situations when there is insufficient bandwidth available to place a call at the requested rate. By default (and assuming that there is some bandwidth still available) the Border Controller will still attempt to connect the call, but at a reduced bandwidth - known as downspeeding .
Page 36: Bandwidth Control And Firewall Traversal
Figure 12: Configuring downspeeding options 8.4. Bandwidth Control and Firewall Traversal When a Border Controller is being used to traverse a firewall, an additional subzone and zone(s) come into use on the Border Controller, as follows: • A traversal zone is used to represent each zone containing a traversal client system (e.g.
Page 37: Bandwidth Control Examples
Example with a firewall If we modify our deployment to include firewalls between the offices, we can use the firewall traversal capability of the TANDBERG Gatekeeper and Border Controller to maintain connectivity. Figure 14: Network deployment with firewalls In Figure 14, the endpoints in the enterprise register with the Gatekeeper, whilst those in the branch and home office register with the Border Controller.
Page 38 Gatekeeper. In this example we have assumed that there is no bottleneck on the link between the Border Controller and the Enterprise network, so have not placed a pipe on this link. If you want to limit the amount of traffic flowing through your firewall, you could provision a pipe on this link.
Page 39: Registration Control
Setting Registration Restriction Policy When an endpoint registers with your Border Controller it presents a list of aliases. You can control which endpoints are allowed to register by including any one of its aliases on the Allow List or the Deny list.
Page 40: Managing Entries In The Allow And Deny Lists
TANDBERG Border Controller User Guide Figure 17: Configuring registration restrictions 9.1.3. Managing entries in the Allow and Deny lists When adding entries to the Allow and Deny lists, you can either specify an exact alias or use pattern matching to specify a group of aliases.
Page 41: Authentication
Border Controller communicates. In order to verify the identity of a device, the Border Controller needs access to the password information. This credential information may be stored in a local database on the Border Controller or obtained from an LDAP Directory Server.
Page 42 Border Controller. For instructions on how to configure common third party LDAP servers, see Appendix B. To configure the Border Controller to use the LDAP server directory during authentication, either use the command line interface to issue the following commands:...
Page 43: Enforced Dial Plans
TANDBERG Border Controller User Guide Configuring LDAP base DN The Border Controller needs to be configured with the area of the directory which will be searched for the communication device information. This should be specified as the Distinguished Name (DN) in the directory under which the H.350 objects reside.
Page 44: Securing The Ldap Connection With Tls
Securing the LDAP connection with TLS The traffic between the Border Controller and the LDAP server can be encrypted using Transport Layer Security (TLS). To use TLS, the LDAP server must have a valid certificate installed so that the Border Controller can verify the server's identity.
Page 45: 10. Uri Dialing
10.1. About URI Dialing If an alias is not located in the Border Controller's list of registrations, it may attempt to find an authoritative Gatekeeper through the DNS system. URI dialing makes it easier for endpoints registered with different Gatekeepers or Border Controllers to call each other.
Page 46: Receiving A Call Using Uri Dialing
Each of these should be able to discover an endpoint registered as either user or user@a.record.domain.name. On receipt of the URI the Border Controller will modify the URI by removing the @ and host if the host matches either: •...
Page 47: Dns Records
First the Border Controller will query for a Location SRV record, to discover the authoritative Gatekeeper for the destination DNS zone. If is not located, the Border Controller will query for a Call SRV record and try to place the call to that address.
Page 48: 11. Enum Dialing
The DNS zone used for ENUM contains NAPTR records as defined by RFC 2915 [7]. These provide the mapping between E.164 numbers and H.323 URIs. The Border Controller may be configured with up to 5 DNS zones to search for a NAPTR record. It will iterate through them in order, stopping when the first record is found.
Page 49 TANDBERG Border Controller User Guide Figure 19: Setting the ENUM Zone Page 49 of 118...
Page 50: Configuring Dns Naptr Records
ENUM relies on the presence of NAPTR records, as defined by RFC 2915 [7]. This is used to obtain an H.323 URI from the E.164 number. The record format that the Border Controller supports is: ;; order flag preference service regex replacement IN NAPTR 10 100 "u"...
Page 51: 12. Example Traversal Deployments
NAT. Endpoint 1003 is on a separate private network, perhaps a home worker on an DSL connection. A Border Controller is deployed on the public network to allow traversal across the firewalls.
Page 52: Enterprise Gatekeepers
In order to achieve this, the TANDBERG Gatekeeper is neighbored with the existing enterprise Gatekeeper as shown in Figure 21. The Enterprise Gatekeeper is also neighbored with the TANDBERG Gatekeeper.
Page 53: Neighbored Enterprises
Controller itself to relay the call to the endpoint on the public IP address. Note however that if the IP address received by the Gatekeeper matches that of any subzone configured on the Gatekeeper, it will attempt to place the call locally and will not forward it to the Border Controller. On the Border Controller, set Calls to unknown IP addresses to Direct.
Page 54: Enabling Incoming Uri Calls
TANDBERG Border Controller User Guide URI dialing will send all queries for a particular domain to the same Border Controller. If you want to have URI dialing covering multiple Border Controllers, nominate one as the master. That system is registered in DNS and is set up with all the other Border Controllers and Gatekeepers as neighbors.
Page 55: 13. Third Party Call Control
13.1. About Third Party Call Control The Border Controller provides a third party call control API which enables you to place calls, disconnect calls, or initiate a blind transfer of an existing call. The API is provided through the command line interface; it is not available via the web interface.
Page 56: Enabling Call Transfer
(see Figure 23). Figure 23: Enabling call transfer 13.4. Disconnecting a Call An existing call may be disconnected using the Border Controller by issuing the command: xCommand DisconnectCall: <index> where: the call index as reported by xStatus Calls index...
Page 57: 14. Multiway
At this point the conference will have no calls. Once the conference has been set up, the Border Controller routes each leg of the existing call to the conference. It also initiates an “on-hold” call between the new endpoint and the conference. Once all calls are established into the conference, they are all taken off hold and the participants will find themselves in the conference.
Page 58: Configuration
This prefix will be the same on all alternates registered to the MPS/MCU. Configure the Border Controller with a unique 3-digit ID. This ID is used by the MPS/MCU to distinguish between conference requests from different gatekeepers. Each gatekeeper and each Alternate that may initiate a Multiway conference on an MPS/MCU must use a different ID.
Page 59: 15. Call Policy
15.1. About Call Policy Your TANDBERG Border Controller allows you to set up policy to control which calls are allowed and even redirect selected calls to different destinations. You specify this policy by uploading a script written in the Call Processing Language (CPL). Each time a call is made the Border Controller executes the script to decide, based on the source and destination of the call, whether to •...
Page 60: Making Decisions Based On Addresses
The destination aliases. original-destination If the selected field contains multiple aliases then the Border Controller will attempt to match each address node with all of the aliases before proceeding to the next address node i.e. an address node matches if it matches any alias.
Page 61 TANDBERG Border Controller User Guide subfield The following table gives the definition of subfields for each alias type. If a subfield is not specified for the alias type being matched then the not-present action will be taken. For all alias types the address-type subfield is the string h323 address-type For URI aliases this selects the username part.
Page 62: Cpl Script Actions
This form is most useful when authentication is being used. With authentication enabled the Border Controller will only use authenticated aliases when running policy so the not-present action can be used to take appropriate action when a call is received from an unauthenticated user (see CPL Examples, section 15.5).
Page 63: Proxy
15.4. Unsupported CPL Elements The Border Controller does not currently support some elements that are described in the CPL RFC. If an attempt is made to upload a script containing any of the following elements an error message will be generated and the Border Controller will continue to use its existing policy.
Page 64: Call Screening Based On Domain
TANDBERG Border Controller User Guide 15.5.2. Call screening based on domain In this example, user fred will not accept calls from anyone at annoying.com, or from any unauthenticated users. All other users will allow any calls. <cpl> <incoming> <address-switch field="destination">...
Page 65: Prevent External Use Of Gateway
TANDBERG Border Controller User Guide 15.5.5. Prevent external use of Gateway In this example, we have an ISDN gateway registered with an alias of MyGateway that uses the prefixes of 0 and 9 to route outbound ISDN calls. The following script shows how to prevent callers from outside your network calling in via the gateway and then using it to make outbound calls.
Page 66: 16. Logging
Setting the log level You can control which events are logged by the Border Controller by specifying the log level. All events with a level numerically equal to and lower than the specified logging level are recorded in the event log.
Page 67: Event Log Format
(see below for further information) message_details For all messages logged from the tandberg process the field is structured to allow easy parsing. It consists of a number of human-readable name=value pairs, separated by a space. The first field is...
Page 68: Logged Events
TANDBERG Border Controller User Guide 16.5. Logged Events Events logged at level 1 Event Description An operator cleared the event log. Eventlog Cleared An administrator has logged onto the system. Admin Session Start An administrator has logged off the system.
Page 69 The Border Controller has started. Application Start Further detail may be provided in the event data Detail field. The Border Controller application is out of service due to an Application Failed unexpected failure. Licensing limits for a given feature have been reached.
Page 70 TANDBERG Border Controller User Guide Event data fields Each Event has associated data fields. Fields are listed below in the order in which they appear in the log message. Field Description Applicable Events Specifies which protocol was used for the...
Page 71 TANDBERG Border Controller User Guide Field Description Applicable Events Specifies the source IP address (the IP address Call Attempted Src-ip of the device attempting to establish Call Bandwidth Changed communications). Call Connected The source IP is recorded in the dotted decimal Call Disconnected format: (number).(number).(number).(number)
Page 72: Remote Logging
16.6. Remote Logging The event log is stored locally on the Border Controller. However, it is often convenient to collect copies of all event logs from various systems in a single location. A computer running a BSD-style syslog server, as defined in RFC 3164 [4] , may be used as the central log server.
Page 73: 17. Software Upgrading
• Using secure copy (SCP). Note: To upgrade the Border Controller, a valid Release key and software file is required. Contact your TANDBERG representative for more information. Note: Configuration is restored after performing an upgrade but we recommend that you make a backup of the existing configuration using the TANDBERG Management Suite before performing the upgrade.
Page 74: Upgrading Using Scp/Pscp
Select Restart. You will see a confirmation window: The system will then perform a second reboot to restore system parameters. After 3-4 minutes, the Border Controller is ready for use. 17.3. Upgrading Using SCP/PSCP To upgrade using SCP or PSCP (part of the PuTTY free Telnet/SSH package) you need to transfer two files to the Border Controller: •...
Page 75 Upload the release key file using SCP/PSCP to the /tmp folder on the system e.g. scp release-key root@10.0.0.1:/tmp/release-key or pscp release-key root@10.0.0.1:/tmp/release-key Enter password when prompted. Copy the software image using SCP/PSCP. The target name must be /tmp/tandberg- image.tar.gz, e.g. scp s42100q60.tar.gz root@10.0.0.1:/tmp/tandberg-image.tar.gz or pscp s42100q60.tar.gz root@10.0.0.1:/tmp/tandbergimage.tar.gz Enter password when prompted.
Page 76: 18. Command Reference
This chapter lists the basic usage of each command. The commands also support more advanced usage, which is outside the scope of this document. 18.1. Status The status root command, xstatus, returns status information from the Border Controller. 18.1.1. Listing all status information To list all status information, type: xstatus Status is reported hierarchically beneath the status root.
Page 77: Externalmanager
ExternalManager xstatus ExternalManager Returns information about the external manager. The External Manager is the remote system, such as the TANDBERG Management Suite (TMS) used to manage the endpoints and network infrastructure. Returns the IP address of the external manager. Address Returns the Protocol used to communicate with the external manager.
Page 78: Links
TANDBERG Border Controller User Guide 18.1.9. Links xstatus Links Reports call and bandwidth information for all links on the system. xstatus Links Link <index> Reports call and bandwidth information for the specified link. Returns the name assigned to this link Name Returns a list of call indices for calls currently active on this link.
Page 79: Resourceusage
TANDBERG Border Controller User Guide 18.1.14. ResourceUsage xstatus ResourceUsage Returns information about the usage of system resources. Number of currently active registrations. Registrations Maximum number of concurrent registrations since system MaxRegistrations Number of currently active traversal calls. TraversalCalls Maximum number of traversal calls since system start.
Page 80: Zones
18.2.1. Authentication The Authentication group of commands allow you to configure parameters relating to how an endpoint authenticates itself with the Border Controller. xconfiguration Authentication Credential [1..1000] Name: <username> Specifies the username of a credential in the local authentication database.
Page 81: Ethernet
Gatekeeper Alternates Alternate [1..5] Address: <IPAddress> Sets the IP address of an alternate Border Controller. Up to 5 alternates may be configured. When the Border Controller receives a Location Request, all alternates will also be queried. xconfiguration Gatekeeper Alternates Alternate [1..5] Port: <Port>...
Page 82 TANDBERG Border Controller User Guide xconfiguration Gatekeeper CallRouted: <On/Off> Specifies whether the Border Controller should operate in call routed mode. The defaults is Off. Page 82 of 118...
Page 83 Determines behavior on receipt of a location request (LRQ) from another Gatekeeper. If set to On, the Border Controller will first try to resolve the request locally. If it cannot, the request will be forwarded to neighbor Gatekeepers. The default is On.
Page 84 TANDBERG Border Controller User Guide Sets the local zone prefix of the system. xconfiguration Gatekeeper Policy Mode: <On/Off> Determines whether or not the CPL policy engine is active. The default is On. Page 84 of 118...
Page 85 Specifies whether calls may be made by an unregistered endpoint. Defaults to Off. xconfiguration Gatekeeper Unregistered Caller Fallback: <alias> Specifies the alias to which calls are placed if the Border Controller receives a call setup containing no alias information. Page 85 of 118...
Page 86: Http/Https
TANDBERG Border Controller User Guide 18.2.5. HTTP/HTTPS Commands under the HTTP and HTTPS nodes control web access to the Border Controller. xConfiguration HTTP Mode: <On/Off> Enables/disables HTTP support. The default is On. You must restart the system for changes to take effect.
Page 87: Ldap
18.2.7. LDAP Parameters under the LDAP node control the Border Controller's communication with an LDAP server. xconfiguration LDAP Encryption: <Off/TLS> Sets the encryption mode to be used on the connection to the LDAP server. The default is Off.
Page 88: Ntp
Specifies the option key of your software option. An Option Key/software option is added to the system in order to add extra functionality, such as increasing the system's capacity. Contact your TANDBERG representative for further information. You must restart the system for changes to take effect.
Page 89 Specifies the prefix to be used for encrypted conference requests. xConfiguration Services CallTransfer Mode: <On/Off> Controls whether or not third party call transfer is enabled. The Border Controller must also be operating in call routed mode. Page 89 of 118...
Page 90: Session
SNMP Mode: <On/Off> Turn on/off SNMP support. xconfiguration SNMP SystemContact: <name> Used to identify the system contact via SNMP tools such as TANDBERG Management Suite or HP OpenView. xconfiguration SNMP SystemLocation: <name> Used to identify the system location via SNMP tools such as TANDBERG Management Suite or HP OpenView.
Page 91 TANDBERG Border Controller User Guide xconfiguration SubZones TraversalSubZone Bandwidth PerCall Limit: <1..100000000> Per-call bandwidth available on the traversal subzone. xconfiguration SubZones TraversalSubZone Bandwidth PerCall Mode: <None/Limited/Unlimited> Whether or not the traversal subzone is enforcing per-call bandwidth restrictions. None corresponds to no bandwidth available.
Page 92: Systemunit
TANDBERG Border Controller User Guide 18.2.18. SystemUnit xconfiguration SystemUnit Name: <name> The name of the unit. Choose a name that uniquely identifies the system. xconfiguration SystemUnit Password: <password> Specify the password of the unit. The password is used to login with Telnet, HTTP(S), SSH, SCP, and on the serial port.
Page 93: Zones
Determines which of the two protocols to use when given a choice. Default is Assent. xconfiguration Traversal H46019Demultiplexing: <On/Off> H.460.19 optionally allows all media to be sent to the same ports on the Border Controller and demultiplexed there. This switch controls that option.
Page 94 TANDBERG Border Controller User Guide xconfiguration Zones TraversalZone [1..50] Match [1..5] Pattern Behavior: <Strip/Leave/Replace> Determines whether the matched part of the alias should be modified before an LRQ is sent to the indicated zone. If set to Leave, the alias will be unmodified. If set to Strip, the matching prefix or suffix will removed from the alias.
Page 95 TANDBERG Border Controller User Guide xconfiguration Zones Zone [1..100] Match [1..5] Pattern Behavior: <Strip/Leave/Replace> Determines whether the matched part of the alias should be modified before an LRQ is sent to the indicated zone. If set to Leave, the alias will be unmodified. If set to Strip, the matching prefix or suffix will removed from the alias.
Page 96: Command
TANDBERG Border Controller User Guide 18.3. Command The command root command, xcommand, is used to execute commands on the Border Controller. To list all xcommands type: xcommand ? To get usage information for a specific command, type: xcommand <command_name> ? 18.3.1.
Page 97: Credentialadd
TANDBERG Border Controller User Guide The case-sensitive names of the nodes. Node1 Node2 The required bandwidth. bandwidth Must be one of Traversal, Routed or Direct calltype 18.3.7. CredentialAdd xCommand CredentialAdd <username> <password> Adds the given username and password to the local authentication database.
Page 98: Denylistdelete
TANDBERG Border Controller User Guide 18.3.12. DenyListDelete xCommand DenyListDelete <index> Removes the pattern with the specified index from the deny list. Deny list entries can be viewed using the command xconfiguration Gatekeeper Registration DenyList. Page 98 of 118...
Page 99: Dial
TANDBERG Border Controller User Guide 18.3.13. Dial xCommand Dial <callsrc> <calldst> <bandwidth> Places call halves out to the specified source and destination, joining them together. callsrc and calldst can be specified using either an alias or IP address. Bandwidth is in kbps.
Page 100: Feedbackderegister
Locate xCommand Locate <alias> <HopCount> Runs the Border Controller's location algorithm to locate the endpoint identified by the given alias, searching locally, on neighbors, and on systems discovered through the DNS system, within the specified number of "hops". Results are reported back through the xFeedback mechanism, which must therefore be set up before issuing this command.
Page 101: Pipedelete
TANDBERG Border Controller User Guide 18.3.24. PipeDelete xCommand PipeDelete <index> Deletes the pipe with the specified index. 18.3.25. RemoveRegistration xCommand RemoveRegistration <index> Removes the specified registration. 18.3.26. SubZoneAdd xCommand SubZoneAdd <name> <address> <prefixlength> <totalmode> Adds and configures a new subzone.
Page 102: Transformdelete
TraversalZoneAdd xCommand TraversalZoneAdd Creates a new traversal zone, allowing a TANDBERG Gatekeeper to connect to the Border Controller. Up to 50 such zones may be created. The new zone is pre-configured with a link to the traversal subzone and with a pattern match mode of AlwaysMatch.
Page 103: History
Displays history data for up to the last 255 calls handled by the Border Controller. Call entries are added to the Call History on call completion. Call histories are listed in reverse chronological order of completion time.
Page 104: Feedback
TANDBERG Border Controller User Guide 18.5. Feedback The feedback root command, xfeedback, is used to control notifications of events and status changes on the Border Controller. A Feedback Expression describes an interesting event or change in status. When a Feedback Expression is registered, a notification will be displayed on the console for each occurrence of the event described by that Expression.
Page 105: Register Event
TANDBERG Border Controller User Guide 18.5.3. Register event xfeedback Register Event Registers for all available Events. xfeedback Register Event/ <CallAttempt/Connected/Disconnected/ConnectionFailure/Registration/ Unregistration/Bandwidth/ResourceUsage> Registers for feedback on the occurrence of the specified Event. Note: Registering for the ResourceUsage event will return the entire ResourceUsage structure every time one of the ResourceUsage fields changes.
Page 106: Other Commands
TANDBERG Border Controller User Guide 18.6. Other Commands 18.6.1. about about Returns information about the software version installed on the system. 18.6.2. clear clear <eventlog/history> Clears the event log or history of all calls and registrations. 18.6.3. eventlog eventlog <n/all>...
Page 107: 19. Appendix A: Configuring Dns Servers
TANDBERG Border Controller User Guide 19. Appendix A: Configuring DNS Servers In the examples below, we set up an SRV record to handle H.323 URIs of the form user@example.com These are handled by the system with the fully qualified domain name of gatekeeper1.example.com which is listening on port 1719, the default registration port.
Page 108: 20. Appendix B: Configuring Ldap Servers
It is good practice to keep the H.350 directory in its own organizational unit to separate out H.350 objects from other types of objects. This allows access controls to be setup which only allow the Border Controller read access to the BaseDN and therefore limit access to other sections of the directory.
Page 109: Securing With Tls
Directory services architecture for H.323 - An LDAP schema to represent H.323 endpoints. H.350.2 Directory services architecture for H.235 - An LDAP schema to represent H.235 elements. The schemas can be downloaded in ldif format from the web interface on the Border Controller. To do this, navigate to Border Controller Configuration >...
Page 110: Adding H.350 Objects
Add the ldif file to the server using the command: slapadd -l <ldif_file> This organizational unit will form the BaseDN to which the Border Controller will issue searches. In this example the BaseDN will be ou=h350,dc=my-domain,dc=com. Note: It is good practice to keep the H.350 directory in its own organizational unit to separate out H.350 objects from other types of objects.
Page 111: Securing With Tls
For more details on configuring OpenLDAP to use TLS consult the OpenLDAP Administrator's Guide. To configure the Border Controller to use TLS on the connection to the LDAP server you must upload the CA's certificate as a trusted CA certificate. To do this, navigate to Border Controller Configuration >...
Page 112: 21. Appendix C: Regular Expression Reference
TANDBERG Border Controller User Guide 21. Appendix C: Regular Expression Reference Regular expressions can be used in conjunction with a number of Border Controller features such as alias transformations, zone transformations, CPL policy and ENUM. The Border Controller uses POSIX format regular expression syntax.
Page 113: 22. Appendix D - Technical Data
TANDBERG Border Controller User Guide 22. Appendix D - Technical data 22.1. Technical Specifications 22.1.1. System Capacity • 500 registered traversal endpoints • 100 traversal calls at 384 kbps • 100 zones Option keys may restrict the system to a lower capacity than specified above.
Page 114: Hardware Mtbf
Nemko. According to their Follow-Up Inspection Scheme, these agencies also perform production inspections at a regular basis, for all production of TANDBERG's equipment. The test reports and certificates issued for the product show that the TANDBERG Border Controller, Type number TTC2-02, complies with the following standards.
Page 115: 23. Bibliography
TANDBERG Border Controller User Guide 23. Bibliography ITU Specification: H.235 Security and encryption for H-Series (H.323 and other H.245-based) multimedia terminals http://www.itu.int/rec/T-REC-H.235/en ITU Specification: H.350 Directory services architecture for multimedia conferencing http://www.itu.int/rec/T-REC-H.350/en RFC 2782: A DNS RR for specifying the location of services (DNS SRV) http://www.ietf.org/rfc/rfc2782.txt...
Page 116: 24. Glossary
TANDBERG Border Controller User Guide 24. Glossary Alias The name an endpoint uses when registering with the Border Controller. Other endpoints can then use this name to call it. ARQ, Admission Request An endpoint RAS request to make or answer a call.
Page 117: 25. Index
TANDBERG Border Controller User Guide 25. Index documentation ............15 —A— domain ..............16, 76 about ................97 domain, local ............20, 76 account down-speed ............35, 76 Administrator Account ........19 Root Account ............19 —E— Active Directory............99 E.164..........21, 47, 49, 99, 107 alias ........
Page 118 TANDBERG Border Controller User Guide LDAP schema............100 —S— LDAP servers - configuring........100 SCP ............68, 69, 82, 84 ldif 101 search order ............... 23 license ................. 97 serial cable ............15, 16 links ............33, 37, 73, 91 serial interface............19 links, default ............... 89 serial port............12, 16, 17...

TANDBERG Border Controller User Manual

1 Product Information

2 Introduction

3 Installation

4 Getting Started

5 Transforming Destination Aliases

6 Unregistered Endpoints

7 Firewall Traversal

8 Bandwidth Control

9 Registration Control

10 URI Dialing

11 ENUM Dialing

12 Example Traversal Deployments

13 Third Party Call Control

14 Multiway

15 Call Policy

16 Logging

17 Software Upgrading

18 Command Reference

19 Appendix A: Configuring DNS Servers

20 Appendix B: Configuring LDAP Servers

21 Appendix C: Regular Expression Reference

22 Appendix D - Technical Data

23 Bibliography

24 Glossary

25 Index

Quick Links

User Guide

Related Manuals for TANDBERG Border Controller

Summary of Contents for TANDBERG Border Controller

Table of Contents