Download Print this page

Cisco TelePresence Video Communication Server Administrator's Manual

Hide thumbs

Advertisement

Quick Links

Table of Contents
Cisco TelePresence
Video Communication
Server

Administrator Guide

D14049.10
April 2011
Software version: X6.1

Advertisement

Table of Contents
loading

  Also See for Cisco TelePresence Video Communication Server

  Related Manuals for Cisco TelePresence Video Communication Server

  Summary of Contents for Cisco TelePresence Video Communication Server

  • Page 1: Administrator Guide

    Cisco TelePresence Video Communication Server Administrator Guide D14049.10 April 2011 Software version: X6.1...
  • Page 2: Table Of Contents

    Contents Contents Contents About the Cisco TelePresence Video Communication Server (VCS) VCS base applications VCS Control VCS Expressway™ Standard features Optional features FindMe™ Device Provisioning Dual Network Interfaces About this guide Typographical conventions Installation and initial configuration Using the web interface...
  • Page 3 Search details Local Zone status Zone status Link status Pipe status Policy service status TURN relays status Presence Presence publishers Presence presentities Presence subscribers OCS Relay status Provisioning status Provisioning server Cisco VCS Administrator Guide (X6.1) Page 3 of 401...
  • Page 4 VCS as a SIP registrar VCS as a SIP proxy server Proxying registration requests VCS as a SIP Presence Server H.323 configuration SIP configuration Configuring SIP domains Configuring SIP and H.323 interworking Searching by protocol Cisco VCS Administrator Guide (X6.1) Page 4 of 401...
  • Page 5 Subzone-level Authentication Policy SIP authentication trust Device authentication configuration Authentication database Endpoint credentials used for authentication Device authentication using LDAP Authentication process LDAP server settings Device LDAP schemas Authentication using a local database Cisco VCS Administrator Guide (X6.1) Page 5 of 401...
  • Page 6 About the configuration master Secure communication between peers Alternates Setting up a cluster Maintaining a cluster Cluster name Cluster pre-shared key Setting configuration for the cluster Adding and removing peers from a cluster Cisco VCS Administrator Guide (X6.1) Page 6 of 401...
  • Page 7 About the fallback alias About pre-search transforms Pre-search transform process Configuring pre-search transforms Search and zone transform process Configuring search rules Example searches and transforms Filter queries to a zone without transforming Cisco VCS Administrator Guide (X6.1) Page 7 of 401...
  • Page 8 Configuring Call Policy Configuring Call Policy rules using the web interface Configuring Call Policy using a CPL script Configuring VCS to use the Cisco TelePresence Advanced Media Gateway Configuring the VCS Usage features and limitations Configuring Cisco AM GW policy rules...
  • Page 9 Applying bandwidth limitations to subzones Links and pipes Configuring links Default links Configuring pipes Applying pipes to links Bandwidth control examples Firewall traversal About firewall traversal Expressway solution How does it work? Cisco VCS Administrator Guide (X6.1) Page 9 of 401...
  • Page 10 About ICE About TURN TURN relay server Configuring TURN services TURN relay status information Applications Conference Factory Conference creation process About Presence Presence Server Presence User Agent (PUA) Configuring Presence OCS Relay Cisco VCS Administrator Guide (X6.1) Page 10 of 401...
  • Page 11 Adding option keys using the web interface Adding option keys using the CLI About security certificates Managing security certificates CRL management Certificate-based authentication configuration Client certificate testing Advanced account security Prerequisites Cisco VCS Administrator Guide (X6.1) Page 11 of 401...
  • Page 12 Creating a system snapshot Incident reporting Incident reporting warning: privacy-protected personal data Sending incident reports automatically Sending incident reports manually Viewing incident reports Incident report details Checking the effect of a pattern Cisco VCS Administrator Guide (X6.1) Page 12 of 401...
  • Page 13 About Event Log levels Event Log format Administrator and FindMe user events Message details field Events and levels CPL reference CPL address-switch node otherwise not-present location rule-switch proxy reject Unsupported CPL elements Cisco VCS Administrator Guide (X6.1) Page 13 of 401...
  • Page 14 FindMe Device Provisioning TMS Agent account passwords TMS Agent passwords TMS Agent LDAP and replication accounts VCSs managed by TMS VCSs not managed by TMS What are traversal calls? Warnings list Cisco VCS Administrator Guide (X6.1) Page 14 of 401...
  • Page 15 Command reference — xStatus xStatus elements About policy services Policy service request parameters Policy service responses Bibliography Glossary Legal notices Intellectual property rights Copyright notice Patent information Disclaimers and notices Cisco VCS Administrator Guide (X6.1) Page 15 of 401...
  • Page 16: About The Cisco Telepresence Video Communication Server (Vcs)

    About the Cisco TelePresence Video Communication Server (VCS) The Cisco TelePresence Video Communication Server (VCS) enhances the video experience and provides seamless communication between SIP and H.323 devices utilizing IETF and ITU standards. The VCS is the center of the video communication network, and connects all H.323 and SIP endpoints, infrastructure, and management devices.
  • Page 17: Standard Features

    Control over which endpoints are allowed to register Call Policy (also known as Administrator Policy) including support for CPL Can be managed with Cisco TelePresence Management Suite (TMS) 12.5 or later AD authentication for administrators of the VCS Pre-configured defaults for:...
  • Page 18: Findme

    About the Cisco TelePresence Video Communication Server (VCS) FindMe™ A unique industry solution that gives individual video users a single alias on which they can be contacted regardless of location. Users have the ability to log on to a Web-based interface and control where and how they are contacted.
  • Page 19: About This Guide

    About the Cisco TelePresence Video Communication Server (VCS) About this guide This Administrator Guide is provided to help you make the best use of your VCS. Your approach to this documentation depends on what you want to do and how much you already know.
  • Page 20: Using The Web Interface

    About the Cisco TelePresence Video Communication Server (VCS) Using the web interface Configuration of the VCS is normally carried out through the web interface. To use the web interface: 1. Open a browser window and in the address bar type either:...
  • Page 21: Using The Command Line Interface (Cli)

    About the Cisco TelePresence Video Communication Server (VCS) Using the command line interface (CLI) The VCS can be configured through a web interface or via a command line interface (CLI). The CLI is available by default over SSH and through the serial port. Access using Telnet can also be enabled.
  • Page 22: Web Page Features And Layout

    About the Cisco TelePresence Video Communication Server (VCS) Web page features and layout This section describes the features that can be found on some or all of the web interface pages. The elements included in the example web pages shown here are described in the table below.
  • Page 23 About the Cisco TelePresence Video Communication Server (VCS) Page Description element Information The VCS provides you with feedback in certain situations, for example when settings have been saved or when you need to take further action. This feedback is given in a yellow information bar at the top of the page.
  • Page 24: What's New In This Version

    Cisco AM GW available on VCS Expressway Cisco AM GW features are now available on both VCS Control and VCS Expressway platforms. Movi ClearPath provisioning The Cisco VCS Starter Pack now supports the provisioning of ClearPath to Movi.
  • Page 25: Overview And Status Information

    VCS since it was last restarted. Since last restart: the total number of non-traversal calls handled by the VCS since it was last restarted. License limit: the number of non-traversal call licenses available on the VCS. Cisco VCS Administrator Guide (X6.1) Page 25 of 401...
  • Page 26: System Information

    The following information is displayed: Field Description System information section: System The name that has been assigned to the VCS. name Product This identifies the VCS. Cisco VCS Administrator Guide (X6.1) Page 26 of 401...
  • Page 27: Ethernet Status

    The page displays the following information for the LAN 1 port and, if the Dual Network Interfaces option key has been installed, the LAN 2 port: Field Description The MAC address of the VCS’s Ethernet device for that LAN port. address Cisco VCS Administrator Guide (X6.1) Page 27 of 401...
  • Page 28: Ip Status

    1..5 names. Up to 5 DNS servers may be configured. address Domain Specifies the name to be appended to the host name before a query to the DNS server is executed. Cisco VCS Administrator Guide (X6.1) Page 28 of 401...
  • Page 29: Resource Usage

    SIP and H.323 protocols; in such a case the SIP registration and the H.323 registration will appear as separate entries on this page. The following information is displayed: Cisco VCS Administrator Guide (X6.1) Page 29 of 401...
  • Page 30: Registrations By Alias

    VCS is part of a cluster, all registrations across the cluster are shown. Note that a single H.323 device can register with more than one alias, and each will appear as a separate entry on this page. The following information is displayed: Cisco VCS Administrator Guide (X6.1) Page 30 of 401...
  • Page 31: Registration History

    For SIP devices this will always be blank because they cannot register E.164 numbers. Type Indicates the nature of the registration. This will most commonly be Endpoint, Gateway, or SIP UA. Protocol Indicates whether the registration was for a SIP or H.323 device. Cisco VCS Administrator Guide (X6.1) Page 31 of 401...
  • Page 32: Registration Details

    Destination The alias dialed from the device. This may be different from the alias to which the call was placed, which may have been transformed (due to pre-search transforms, zone transforms or User Policy). Cisco VCS Administrator Guide (X6.1) Page 32 of 401...
  • Page 33: Call History

    Destination The alias dialed from the device. This may be different from the alias to which the call was placed, which may have been transformed (due to pre-search transforms, zone transforms or User Policy). Protocol Shows whether the call used H.323, SIP, or both protocols. Cisco VCS Administrator Guide (X6.1) Page 33 of 401...
  • Page 34: Call Summary

    (where the VCS took the media), it also lists the individual media channels (audio, video, data and so on) that made up the call. This page is reached via the View media statistics for this call link in the Related tasks section of either of the following pages: Cisco VCS Administrator Guide (X6.1) Page 34 of 401...
  • Page 35: Search History

    To limit the list of calls, enter one or more characters in the Filter field and click Filter. Only those calls that contain (in any of the displayed fields) the characters you entered will be shown. To return to the full list of calls, click Reset. Cisco VCS Administrator Guide (X6.1) Page 35 of 401...
  • Page 36: Search Details

    Traversal Subzone, so they will show up twice; once in the originating subzone and once in the Traversal Subzone. Bandwidth The total amount of bandwidth used by all calls passing through the subzone. used Cisco VCS Administrator Guide (X6.1) Page 36 of 401...
  • Page 37: Zone Status

    VCS, along with the number of calls and the bandwidth being used by each pipe. The following information is displayed: Field Description Name The name of each pipe. Clicking on a pipe Name takes you to the configuration page for that pipe. Cisco VCS Administrator Guide (X6.1) Page 37 of 401...
  • Page 38: Policy Service Status

    The IP address and port on the VCS of the relay resource that has been allocated for this particular request. Client The IP address and port on the NAT (or the client if there is no NAT) that requested the relay. Cisco VCS Administrator Guide (X6.1) Page 38 of 401...
  • Page 39: Presence

    If a presentity has been subscribed to but there is no information being published about it, then it will be listed here if the local presence server is authoritative for the presentity’s domain. Cisco VCS Administrator Guide (X6.1) Page 39 of 401...
  • Page 40: Presence Subscribers

    Note: the OCS Relay application is configured via the OCS Relay page (Applications > OCS Relay). The following information is displayed: Field Description Alias The FindMe ID being handled by the OCS Relay application. Cisco VCS Administrator Guide (X6.1) Page 40 of 401...
  • Page 41: Provisioning Status

    UI, but the warning will still be listed on the Warnings page with a status of Acknowledged. If a new warning occurs, the warning icon will reappear. Cisco VCS Administrator Guide (X6.1) Page 41 of 401...
  • Page 42: Hardware Status

    Results section The Results section shows all the events matching the current filter conditions, with the most recent being shown first. Cisco VCS Administrator Guide (X6.1) Page 42 of 401...
  • Page 43: Configuration Log

    The Filter section lets you filter the Configuration Log. Enter the words you want to search for and click Filter. Only those events that contain all the words you entered are shown. To do more advanced filtering, click more options. This gives you additional filtering methods: Cisco VCS Administrator Guide (X6.1) Page 43 of 401...
  • Page 44: Vcs Unit Front Panel

    The LCD panel on the front of the VCS hardware unit has a rotating display of the VCS's system name, IP addresses, warnings, and the number of current traversal calls, non-traversal calls and registrations. Cisco VCS Administrator Guide (X6.1) Page 44 of 401...
  • Page 45: Network And System Settings

    VCS is shipped with a default IP address of 192.168.0.100 (for both LAN ports). This lets you connect the VCS to your network and access it via the default address so that you can configure it remotely. Cisco VCS Administrator Guide (X6.1) Page 45 of 401...
  • Page 46: Configuring Ethernet Settings

    IP traffic to the public internet, and instead the traffic must pass through an application proxy such as the VCS. To enable this feature you must purchase and install the appropriate option key. Contact your Cisco representative for information.
  • Page 47: Configuring Quality Of Service Settings

    VCS.) Configuring Quality of Service settings The Quality of Service (QoS) page (System > Quality of Service) is used to configure QoS options for outbound traffic from the VCS. Cisco VCS Administrator Guide (X6.1) Page 47 of 401...
  • Page 48: Configuring System Name And Access Settings

    (FindMe) accounts or session that each individual the root account. limit administrator account A value of 0 turns session limits off. is allowed on each VCS. Cisco VCS Administrator Guide (X6.1) Page 48 of 401...
  • Page 49 TMS accesses the VCS via the web server. If HTTPS mode is interface the VCS can be turned off, TMS will not be able to access it. (over accessed via the web HTTPS) interface. Default is Cisco VCS Administrator Guide (X6.1) Page 49 of 401...
  • Page 50 For further security, disable HTTPS and SSH as well and use the serial port to manage the system. Because access to the serial port allows the password to be reset, it is recommended that you install the VCS in a physically secure environment. Cisco VCS Administrator Guide (X6.1) Page 50 of 401...
  • Page 51: Configuring Snmp Settings

    You can configure the front panel to hide this identifying information, if required for security reasons for example, by using the CLI command xConfiguration Administration LCDPanel Mode. If the mode is set to Off the front panel only displays "Cisco". Configuring SNMP settings The SNMP page (System >...
  • Page 52: Configuring Time Zone And Ntp Server Settings

    H.323 authentication, helping to guard against replay attacks. For this reason, if you are using authentication in a deployment that includes H.323, both the VCS and the endpoints must use an NTP server to synchronize their system time. Cisco VCS Administrator Guide (X6.1) Page 52 of 401...
  • Page 53: Configuring The Login Page

    Domain name has also been configured) of the NTP server to be used when synchronizing system time. The NTP server field defaults to one of four NTP servers provided by Cisco, either: 0.ntp.tandberg.com, 1.ntp.tandberg.com, 2.ntp.tandberg.com or 3.ntp.tandberg.com. The connection status to the NTP server is shown in the Status section.
  • Page 54: Configuring Logging Levels

    All Level 1 and Level 2 Events, plus: protocol keepalives call-related SIP signaling messages Level The most verbose level: all Level 1, Level 2 and Level 3 Events, plus: network level SIP messages Cisco VCS Administrator Guide (X6.1) Page 54 of 401...
  • Page 55: Remote Logging

    To enable remote logging, you must configure the VCS with the IP addresses or Fully Qualified Domain Names (FQDNs) of the Remote syslog servers to where the Event Log is written. Up to 4 servers can be specified. Note that these servers cannot be another VCS. Cisco VCS Administrator Guide (X6.1) Page 55 of 401...
  • Page 56: Protocols

    The VCS can provide interworking between SIP and H.323, translating between the two protocols to enable endpoints that only support one of these protocols to call each other. To support SIP: Cisco VCS Administrator Guide (X6.1) Page 56 of 401...
  • Page 57: Vcs As A Sip Registrar

    This provides extra resiliency: if the endpoint loses its connection to one cluster peer it will still be able to receive calls via one of its other registration connections. Cisco VCS Administrator Guide (X6.1) Page 57 of 401...
  • Page 58: Vcs As A Sip Proxy Server

    Proxied registrations are classified as belonging to the zone they were last proxied from. This is different from non-proxied registration requests which are assigned to a subzone within the VCS. Cisco VCS Administrator Guide (X6.1) Page 58 of 401...
  • Page 59: Vcs As A Sip Presence Server

    Overwrite is useful if registration. your network is such that endpoints are often allocated new IP addresses, because it will prevent unwanted registration rejections. Cisco VCS Administrator Guide (X6.1) Page 59 of 401...
  • Page 60: Sip Configuration

    VCS to prevent its registration registered with the VCS. It (seconds) expiring. Default is 60. does not apply to endpoints whose registrations are proxied through the VCS. Cisco VCS Administrator Guide (X6.1) Page 60 of 401...
  • Page 61 The minimum value the VCS will negotiate for the For further information refer to session session refresh interval for SIP calls. Default is 500. the definition of Min-SE header refresh in RFC 4028 [14]. interval (seconds) Cisco VCS Administrator Guide (X6.1) Page 61 of 401...
  • Page 62: Configuring Sip Domains

    If the request has come from a neighboring system and Interworking mode is set to Registered only, the VCS will search the local zone using both protocols, and all other zones using the native Cisco VCS Administrator Guide (X6.1) Page 62 of 401...
  • Page 63: Enabling Sip Endpoints To Dial H.323 Numbers

    Refer to the pre-search transforms section for information about how to configure pre-search transforms, and to the stripping @domain for dialing to H.323 numbers section for an example of how to do this. Cisco VCS Administrator Guide (X6.1) Page 63 of 401...
  • Page 64: Registration Control

    If a traversal-enabled endpoint registers directly with a VCS Expressway, the VCS Expressway will provide the same services to that endpoint as a VCS Control, with the addition of firewall traversal. Traversal-enabled endpoints include all Cisco TelePresence Expressway™ endpoints and third-party endpoints which support the ITU H.460.18 and H.460.19 standards.
  • Page 65: Mcu, Gateway And Content Server Registration

    Note that the Cisco TelePresence MPS 200 and MPS 800, and the Cisco TelePresence Content Server both support Expressway. They can therefore register directly with a VCS Expressway for firewall traversal.
  • Page 66: Registering Aliases

    SIP and H.323, as SIP endpoints register using a URI as standard. You are recommended to not use aliases that reveal sensitive information. Due to the nature of H.323, call setup information is exchanged in an unencrypted form. Cisco VCS Administrator Guide (X6.1) Page 66 of 401...
  • Page 67: Sip

    SIP re-registrations contain the same information as the initial registrations so will be filtered by the restriction policy. This means that, after the list has been activated, all SIP registrations will disappear at the end of their registration timeout period. Cisco VCS Administrator Guide (X6.1) Page 67 of 401...
  • Page 68: About Allow And Deny Lists

    Exact: the alias must match the Pattern exactly. Prefix: the alias must begin with the Pattern. Suffix: the alias must end with the Pattern. Regex: the Pattern is a regular expression. Cisco VCS Administrator Guide (X6.1) Page 68 of 401...
  • Page 69: Configuring The Registration Deny List

    Prefix: the alias must begin with the Pattern. Suffix: the alias must end with the Pattern. Regex: the Pattern is a regular expression. Description An optional free-form description of the entry. Cisco VCS Administrator Guide (X6.1) Page 69 of 401...
  • Page 70: Device Authentication

    SIP message to show that it has been authenticated. You can control whether the VCS chooses to trust any authentication carried out at an earlier stage by configuring a zone's authentication trust setting. Cisco VCS Administrator Guide (X6.1) Page 70 of 401...
  • Page 71: Authentication Policy Configuration Options

    (meaning whether the VCS trusts any pre-existing authenticated indicators - known as P- Asserted-Identity headers - within the received message) and whether the message was received from a local domain (a domain for which the VCS is authoritative) or a non-local domain. Cisco VCS Administrator Guide (X6.1) Page 71 of 401...
  • Page 72 Messages without an existing P- Messages without an existing P- Asserted-Identity header are Asserted-Identity header are classified as unauthenticated. classified as unauthenticated. Cisco VCS Administrator Guide (X6.1) Page 72 of 401...
  • Page 73: Subzone-Level Authentication Policy

    Do not check Message credentials are not checked and all messages are classified as credentials unauthenticated. Treat as Message credentials are not checked and all messages are classified as authenticated authenticated. Cisco VCS Administrator Guide (X6.1) Page 73 of 401...
  • Page 74: Sip Authentication Trust

    Messages from a local domain are challenged if the Authentication Policy is set to Check credentials. Note: you are recommended to enable authentication trust only if the neighbor zone is part of a network of trusted SIP servers. Cisco VCS Administrator Guide (X6.1) Page 74 of 401...
  • Page 75: Device Authentication Configuration

    VCS, for example when attempting to register and the relevant subzone's Authentication Policy is set to Check credentials. For Cisco endpoints using H.323, the username is typically the endpoint’s Authentication ID; for Cisco endpoints using SIP it is typically the endpoint’s Authentication username.
  • Page 76: Ldap Server Settings

    The area of the directory on the LDAP server to search for credential information. This should be specified as the Distinguished Name (DN) in the LDAP directory under which the H.350 objects reside. Cisco VCS Administrator Guide (X6.1) Page 76 of 401...
  • Page 77: Device Ldap Schemas

    The Device LDAP schemas page (VCS configuration > Authentication > Devices > LDAP schemas) provides a set of .ldif files to be downloaded from the VCS and installed on the LDAP server. Cisco VCS Administrator Guide (X6.1) Page 77 of 401...
  • Page 78: Authentication Using A Local Database

    Note that these settings are not used by traversal client zones. Traversal clients, which must always authenticate with traversal servers before they can connect, configure their connection credentials per traversal client zone. Cisco VCS Administrator Guide (X6.1) Page 78 of 401...
  • Page 79: Zones And Neighbors

    The Local Zone is also connected to external VCSs and to the internet via different types of zones. All these components are described in more detail in the sections that follow. Cisco VCS Administrator Guide (X6.1) Page 79 of 401...
  • Page 80: Structuring Your Dial Plan

    Mode of Any alias and a Target of the central VCS There is no need to neighbor the VCSs with each other. Adding a new VCS now only requires changing configuration on the new VCS and the central VCS. Cisco VCS Administrator Guide (X6.1) Page 80 of 401...
  • Page 81: About The Local Zone And Subzones

    Local Zone and out to external zones, and speed up the search process. For further information about how to configure search rules for the Local Zone, see the Configuring search and zone transform rules section. Cisco VCS Administrator Guide (X6.1) Page 81 of 401...
  • Page 82: About Zones

    When adding a new zone you must specify its Type. The zone type indicates the nature of the connection and determines which configuration options are available. For traversal server zones, Cisco VCS Administrator Guide (X6.1) Page 82 of 401...
  • Page 83: Configuring Neighbor Zones

    You create a neighbor relationship with the other system by adding it as a neighbor zone on your local VCS. After you have added it, you can: query the neighbor about its endpoints apply transforms to any requests before they are sent to the neighbor Cisco VCS Administrator Guide (X6.1) Page 83 of 401...
  • Page 84 SIP connections from the local VCS. number as that configured on the neighbor system as its SIP TCP, SIP TLS or SIP UDP listening port (depending on which SIP Transport mode is in use). Cisco VCS Administrator Guide (X6.1) Page 84 of 401...
  • Page 85 Peer 1 to Peer system. another VCS cluster for more 6 address If the neighbor is a VCS cluster, this includes information. all of the peers in the cluster. Advanced section: Cisco VCS Administrator Guide (X6.1) Page 85 of 401...
  • Page 86: Configuring Traversal Client Zones

    This field the two values is used. specifies the hop count to use when sending a search request to this particular zone. Cisco VCS Administrator Guide (X6.1) Page 86 of 401...
  • Page 87 VCS is acting as a Registrar. For requests for other domains the SIP registration proxy mode setting applies. See Proxying registration requests more information. Cisco VCS Administrator Guide (X6.1) Page 87 of 401...
  • Page 88: Configuring Traversal Server Zones

    VCS traversal client - server configuration for more information). The client and server will then be able to communicate over the firewall and query each other. For full details on how traversal Cisco VCS Administrator Guide (X6.1) Page 88 of 401...
  • Page 89 H.460.18) to use to traverse the and ports for more information. firewall/NAT. Port The port on the local VCS Expressway to use for H.323 calls to and from the traversal client. Cisco VCS Administrator Guide (X6.1) Page 89 of 401...
  • Page 90 Poison mode Determines if SIP requests sent to systems located via this zone are "poisoned" such that if they are received by this VCS again they will be rejected. Authentication section: Cisco VCS Administrator Guide (X6.1) Page 90 of 401...
  • Page 91: Configuring Enum Zones

    VCS and each group of ENUM endpoints Full details of how to use and configure ENUM zones are given in the About ENUM dialing section. The configurable options for an ENUM zone are: Cisco VCS Administrator Guide (X6.1) Page 91 of 401...
  • Page 92: Configuring Dns Zones

    H.323 Determines whether H.323 calls are allowed to mode systems and endpoints located using DNS lookups via this zone. Cisco VCS Administrator Guide (X6.1) Page 92 of 401...
  • Page 93: Zone Configuration: Advanced Settings

    The table below describes the Advanced and Custom zone configuration options. Some of these settings only apply to specific zone types. Note: you should only use the Custom zone profile settings on the advice of Cisco customer support. Cisco VCS Administrator Guide (X6.1)
  • Page 94 [36] for more information) Nortel Communication Server 1000 Cisco Advanced Media Gateway (see the Microsoft OCS 2007, VCS Control and Cisco AM GW deployment guide [37] for more information) Non-registering device (typically used for non-gatekeeper devices such as an MCU) Custom: allows you to configure each Advanced setting individually.
  • Page 95 Traversal clients Off: SIP requests sent out via this zone that are received by Traversal this VCS again will not be rejected; they will be processed as servers normal. zones Cisco VCS Administrator Guide (X6.1) Page 95 of 401...
  • Page 96 This option should normally be left as the default Off. However, some systems such as Microsoft OCS 2007 do not support the UPDATE method in the Allow header, so for these zones this should be set to On. Cisco VCS Administrator Guide (X6.1) Page 96 of 401...
  • Page 97 Duo Video. This option may be required to enable zones mode interoperability with SIP devices that do not support Duo Video, so this must be set to On for connections to a Cisco zones Unified Communications Manager. On: the second video line in any outgoing INVITE request is removed.
  • Page 98: Zone Configuration: Pre-Configured Profile Settings

    H.323 searches automatically responded to SIP searches automatically responded to Empty INVITE allowed SIP poison mode SIP encryption Microsoft Auto Auto Auto Auto mode SIP SDP attribute line limit mode Cisco VCS Administrator Guide (X6.1) Page 98 of 401...
  • Page 99: Tls Certificate Verification Of Neighbor Systems

    VCS’s certificate is valid both as a client and as a server. See the Managing security certificates section for more information about certificate verification and for instructions on uploading the VCS’s server certificate and uploading a list of trusted certificate authorities. Cisco VCS Administrator Guide (X6.1) Page 99 of 401...
  • Page 100: Clustering And Peers

    Peers share information with each other about their use of bandwidth, registrations, and user accounts. This allows the cluster to act as one large VCS Local Zone as shown in the example below. Cisco VCS Administrator Guide (X6.1) Page 100 of 401...
  • Page 101: About The Configuration Master

    You are recommended to backup your VCS data before setting up a cluster. A full step-by-step guide on using the clustering script and configuring clusters is available in the Cluster creation and maintenance deployment guide [27]. Cisco VCS Administrator Guide (X6.1) Page 101 of 401...
  • Page 102: Maintaining A Cluster

    Changing the master peer You should only need to change the Configuration master when: the original master peer fails you want to take the master VCS unit out of service Cisco VCS Administrator Guide (X6.1) Page 102 of 401...
  • Page 103: Monitoring The Status Of The Cluster

    IP routes (also known as static routes) are not replicated. If these are used, they can be different for each peer. Note that the IP protocol is replicated, because each peer must support the same protocols. DNS configuration Cisco VCS Administrator Guide (X6.1) Page 103 of 401...
  • Page 104: Troubleshooting Cluster Replication Problems

    The VCS operating as the master peer could be unreachable for many reasons, including: network access problems VCS unit is powered down incorrectly configured IP addresses incorrectly configured IPsec keys - ensure each peer is configured with the same Cluster pre- shared key value. Cisco VCS Administrator Guide (X6.1) Page 104 of 401...
  • Page 105: Managing Clusters And Peers

    Sharing bandwidth across peers When clustering has been configured, all peers share the bandwidth available to the cluster. Peers must be configured identically for all aspects of bandwidth control including subzones, links and pipes. Cisco VCS Administrator Guide (X6.1) Page 105 of 401...
  • Page 106: Cluster Upgrades And Downgrades

    If you are part of a large enterprise with, for example, TMS managing several VCS clusters, the FindMe database may contain details of users and devices in other VCS clusters. Different clusters Cisco VCS Administrator Guide (X6.1) Page 106 of 401...
  • Page 107: Clustering And Presence

    The Cluster Subzone is (like the Traversal Subzone) a virtual subzone used for call routing only, and endpoints cannot register to this subzone. After a call has been established between two peers, the Cisco VCS Administrator Guide (X6.1) Page 107 of 401...
  • Page 108: Neighboring The Local Vcs To Another Vcs Cluster

    Note that: Ideally you should use IP addresses in these fields. If you use FQDNs instead, each FQDN must be different and must resolve to a single IP address for each peer. Cisco VCS Administrator Guide (X6.1) Page 108 of 401...
  • Page 109: Tms Agent Replication Status

    Note that the TMS Agent replication status is only relevant if the VCS has the FindMe or Device Provisioning option keys enabled (as the TMS Agent service is not required otherwise). Cisco VCS Administrator Guide (X6.1) Page 109 of 401...
  • Page 110: Dial Plan And Call Processing

    Call Policy to manage calls routing calls via the Cisco TelePresence Advanced Media Gateway the different address dial formats that can be used to initiate a call how to set up your network to handle incoming and outgoing calls made via...
  • Page 111 VCS attempts to place the call. 9. If the alias is not found, it responds with a message to say that the call has failed. Cisco VCS Administrator Guide (X6.1) Page 111 of 401...
  • Page 112: About The Vcs's Directory Service

    For full details on other zone options, see the Zone configuration section. About transforms and search rules The VCS can be configured to use transforms and search rules as a part of its call routing process. Cisco VCS Administrator Guide (X6.1) Page 112 of 401...
  • Page 113: Transforms

    VCS searches the Local Zone and all external zones using both protocols. Dial plan configuration The Dial plan configuration page (VCS configuration > Dial plan> Configuration) is used to configure how the VCSroutes calls in specific call scenarios. The configurable options are: Cisco VCS Administrator Guide (X6.1) Page 113 of 401...
  • Page 114: About The Fallback Alias

    For example, Example Inc has the domain of example.com. The endpoint at reception has the alias reception@example.com. They configure their VCS with a fallback alias of reception@example.com. This means that any calls made directly to example.com (that is, Cisco VCS Administrator Guide (X6.1) Page 114 of 401...
  • Page 115: About Pre-Search Transforms

    Pattern in the manner specified by the pattern Type. The alias is then transformed according to the Behavior and Replace rules. After the alias has been transformed, it remains changed. and all further call processing is applied to the new alias. Cisco VCS Administrator Guide (X6.1) Page 115 of 401...
  • Page 116 Replace. You can use regular expressions. Additional The string to add as a prefix or suffix. Only applies if the Pattern behavior is text Add Prefix or Add Suffix. Cisco VCS Administrator Guide (X6.1) Page 116 of 401...
  • Page 117: Search And Zone Transform Process

    For example, if searches for a particular domain should always be routed to a specific zone this option lets you make the search process more efficient and stop the VCS from searching any other zones unnecessarily. Cisco VCS Administrator Guide (X6.1) Page 117 of 401...
  • Page 118: Configuring Search Rules

    Specifies whether the search rule This can be used in conjunction with the must be applies only to authenticated search VCS's Authentication Policy to limit the authenticated requests. set of services available to unauthenticated devices. Cisco VCS Administrator Guide (X6.1) Page 118 of 401...
  • Page 119 Replace string. Replace The string to substitute for the part of the Only applies if the Pattern behavior is string alias that matches the pattern. Replace. You can use regular expressions. Cisco VCS Administrator Guide (X6.1) Page 119 of 401...
  • Page 120: Example Searches And Transforms

    Always query a zone using the original alias Always query a zone using a transformed alias Query a zone using both the original and transformed alias Query a zone using two or more different transformed aliases Cisco VCS Administrator Guide (X6.1) Page 120 of 401...
  • Page 121: Filter Queries To A Zone Without Transforming

    (VCS configuration > Dial plan > Search rules > New), set up a search rule for that zone with a Mode of Any alias: Field Value Rule name Always query with original alias Cisco VCS Administrator Guide (X6.1) Page 121 of 401...
  • Page 122: Query A Zone For A Transformed Alias

    Source Request must be authenticated Mode Alias pattern match Pattern type Suffix Pattern string example.com Pattern behavior Replace Replace string example.co.uk On successful match Continue Target zone Head office State Enabled Cisco VCS Administrator Guide (X6.1) Page 122 of 401...
  • Page 123: Query A Zone For Original And Transformed Alias

    Overseas office - strip domain Description Query overseas office with domain removed Priority Source Request must be authenticated Mode Alias pattern match Pattern type Suffix Pattern string @example.com Pattern behavior Strip On successful match Continue Cisco VCS Administrator Guide (X6.1) Page 123 of 401...
  • Page 124: Query A Zone For Two Or More Transformed Aliases

    Request must be authenticated Mode Alias pattern match Pattern type Suffix Pattern string example.com Pattern behavior Replace Replace string example.co.uk On successful match Continue Target zone Head office State Enabled Rule #2 Cisco VCS Administrator Guide (X6.1) Page 124 of 401...
  • Page 125: Stripping @Domain For Dialing To H.323 Numbers

    On the Create transforms page (VCS configuration > Dial plan > Transforms > New): Field Value Priority Description Take any number-only dial string and append @domain Pattern type Regex Pattern string (\d+) Pattern behavior Replace Cisco VCS Administrator Guide (X6.1) Page 125 of 401...
  • Page 126 Replace string On successful match Continue Target zone Local Zone State Enabled Rule #2 Field Value Rule name Dialing H.323 numbers Description Place calls to number@domain with no alias transform Priority Source Cisco VCS Administrator Guide (X6.1) Page 126 of 401...
  • Page 127: Transforms For Alphanumeric H.323 Id Dial Strings

    (VCS configuration > Dial plan > Transforms > New): Field Value Priority Description Append @domain to any alphanumeric dial string Pattern type Regex Pattern string ([^@]*) Pattern behavior Replace Replace string \1@domain State Enabled Cisco VCS Administrator Guide (X6.1) Page 127 of 401...
  • Page 128 Field Value Rule name Dialing H.323 strings with domain Description Place calls to string@domain with no alias transform Priority Source Request must be authenticated Mode Alias pattern match Pattern type Regex Cisco VCS Administrator Guide (X6.1) Page 128 of 401...
  • Page 129: Allowing Calls To Ip Addresses Only If They Come From Known Zones

    The Policy services page (VCS configuration > Dial plan > Policy services) is used to configure the external policy services that can be used as a target of the VCS's search rules. Cisco VCS Administrator Guide (X6.1) Page 129 of 401...
  • Page 130 Default CPL The default CPL used by the VCS if the This defaults to <reject policy service is unavailable. status='403' reason='Service Unavailable'/> but you could change it, for example, to redirect to an answer service or recorded message. Cisco VCS Administrator Guide (X6.1) Page 130 of 401...
  • Page 131: About Call Policy

    The Directory and local CPL option refers Call Policy decisions, in the first instance, to the Directory service. This could be used, for example to determine if certain groups of users are allowed to call Cisco VCS Administrator Guide (X6.1) Page 131 of 401...
  • Page 132 The username used by the VCS to log in and query the service. Password The password used by the VCS to log in and query the service. The maximum plaintext length is 30 characters (which is subsequently encrypted). Cisco VCS Administrator Guide (X6.1) Page 132 of 401...
  • Page 133: Configuring Call Policy Rules Using The Web Interface

    Call authenticated with the local VCS Policy. This field supports regular expressions. Destination The alias that the endpoint dialed to make the call. This field supports pattern regular expressions. Cisco VCS Administrator Guide (X6.1) Page 133 of 401...
  • Page 134: Configuring Call Policy Using A Cpl Script

    XML schemas which are used to check scripts that are uploaded to the VCS. You can use the XSD files to check in advance that your CPL script is valid. Two download options are available: Cisco VCS Administrator Guide (X6.1) Page 134 of 401...
  • Page 135: Configuring Vcs To Use The Cisco Telepresence Advanced Media Gateway

    By default, all OCS calls are routed via the Cisco AM GW. If you want to control which calls go through the Cisco AM GW you have to set up policy rules. To do this, set Policy mode to On and then go to the Advanced Media Gateway policy rules page.
  • Page 136: Configuring Cisco Am Gw Policy Rules

    Cisco AM By default, after a VCS has been configured with the Cisco AM GW to use for OCS calls, all calls to or from the OCS zone are routed via the Cisco AM GW.
  • Page 137: Dialable Address Formats

    The action to take if the source or destination alias of the call matches this policy rule. Allow: the call can connect via the Cisco AM GW. Deny: the call can connect but it will not use Cisco AM GW resources.
  • Page 138: Dialing By Ip Address

    To support ENUM dialing on the VCS you must configure it with at least one DNS server and the appropriate ENUM zones. Full instructions on how to configure the VCS to support ENUM dialing (both outbound and inbound) are given in the ENUM dialing section. Cisco VCS Administrator Guide (X6.1) Page 138 of 401...
  • Page 139: Ip Dialing

    When a VCS Expressway is neighbored with a VCS Control for firewall traversal, you should typically set Calls to unknown IP addresses to Indirect on the VCS Control and Direct on the VCS Cisco VCS Administrator Guide (X6.1) Page 139 of 401...
  • Page 140: About Uri Dialing

    A local transform is then configured to strip the @domain, and the search is made locally for alias. See Stripping @domain for dialing to H.323 numbers for an example of how to do this. Cisco VCS Administrator Guide (X6.1) Page 140 of 401...
  • Page 141: Uri Dialing Via Dns

    IP addresses returned in those records. (An exception to this is where the original dial string has a port specified - for example, user@example.com:1719 - in which case the address returned is queried via an LRQ for the full URI address.) Cisco VCS Administrator Guide (X6.1) Page 141 of 401...
  • Page 142: Uri Dialing Via Dns For Outgoing Calls

    DNS lookup. It does this by querying the DNS server configured on the VCS for the location of the domain as per the URI resolution process via DNS. If the domain part of the URI address is resolved successfully the request is forwarded to those addresses. Cisco VCS Administrator Guide (X6.1) Page 142 of 401...
  • Page 143 DNS zone and set up associated search rules that use the Pattern string and Pattern type fields to define the aliases that will trigger a DNS query For example, rules with: Cisco VCS Administrator Guide (X6.1) Page 143 of 401...
  • Page 144: Uri Dialing Via Dns For Incoming Calls

    Annex O of H.323 specification [15] defines the procedures for using DNS to locate gatekeepers and endpoints and for resolving H.323 URL aliases. It also defines parameters for use with the H.323 URL. Cisco VCS Administrator Guide (X6.1) Page 144 of 401...
  • Page 145 SRV record for _sip._tcp.example.com returns vcs.example.com SRV record for _sips._tcp.example.com returns vcs.example.com A record for vcs.example.com returns the IPv4 address of the VCS AAAA record for vcs.example.com returns the IPv6 address of the VCS Cisco VCS Administrator Guide (X6.1) Page 145 of 401...
  • Page 146: Uri Dialing And Firewall Traversal

    These are the responsibility of the administrator of that domain. ENUM dialing process When a VCS is attempting to locate a destination endpoint using ENUM, the general process is as follows: Cisco VCS Administrator Guide (X6.1) Page 146 of 401...
  • Page 147: Enabling Enum Dialing

    However, if one or more of the URIs are not locally registered, you may also need to configure a DNS zone if they are to be located using a DNS lookup. Cisco VCS Administrator Guide (X6.1) Page 147 of 401...
  • Page 148 8. The VCS then starts another search, this time for fred@example.com. From this point the process for URI dialing is followed, and results in the call being forwarded to Fred’s endpoint. Cisco VCS Administrator Guide (X6.1) Page 148 of 401...
  • Page 149: Zone Configuration For Enum Dialing

    You can then set up search rules that filter the queries sent to each ENUM zone as follows: use a Mode of Alias pattern match use the Pattern string and Pattern type fields to define the aliases for each domain that will trigger an ENUM lookup Cisco VCS Administrator Guide (X6.1) Page 149 of 401...
  • Page 150: Enum Dialing For Incoming Calls

    ENUM relies on the presence of NAPTR records, as defined by RFC 2915 [7]. These are used to obtain an H.323 or SIP URI from an E.164 number. The record format that the VCS supports is: order flag preference service regex replacement Cisco VCS Administrator Guide (X6.1) Page 150 of 401...
  • Page 151: Configuring Dns Servers For Enum And Uri Dialing

    In this scenario, when viewing the zone, you can ignore the warning indicating that search rules have not been configured. Cisco VCS Administrator Guide (X6.1) Page 151 of 401...
  • Page 152: Call Signaling Configuration

    Off: the VCS will not detect and fail search loops. You are recommended to use this setting only in advanced deployments. Note: the loop detection feature was introduced in VCS version X4. It is only supported in deployments where all VCSs are running on X4 software or later. Cisco VCS Administrator Guide (X6.1) Page 152 of 401...
  • Page 153: Identifying Calls

    This returns details of each call currently in progress in order of their Call ID. The second line of each entry lists the Call Serial Number, and the third lists the Call Tag, for example: Cisco VCS Administrator Guide (X6.1) Page 153 of 401...
  • Page 154: Disconnecting Calls

    SIP call, but the call signaling, media or both may stay up (depending on the type of call being made). The call will not actually disconnect until the SIP endpoints involved have also released their resources. Cisco VCS Administrator Guide (X6.1) Page 154 of 401...
  • Page 155 Note: endpoints that support SIP session timers (RFC 4028 [14]) have a call refresh timer which allows them to detect a hung call (signaling lost between endpoints). The endpoints can then release their resources after the negotiated timeout period. Cisco VCS Administrator Guide (X6.1) Page 155 of 401...
  • Page 156: Bandwidth Control

    In this example each pool of endpoints has been assigned to a different subzone, so that suitable limitations can be applied to the bandwidth used within and between each subzone based on the amount of bandwidth they have available via their internet connections. Cisco VCS Administrator Guide (X6.1) Page 156 of 401...
  • Page 157: Bandwidth Configuration

    On: the call will be downspeeded. Off: the call will not be placed. Cisco VCS Administrator Guide (X6.1) Page 157 of 401...
  • Page 158: About Downspeeding

    About the Traversal Subzone The Traversal Subzone is a conceptual subzone. No endpoints can be registered to the Traversal Subzone; its sole purpose is to control the bandwidth used by traversal calls. Cisco VCS Administrator Guide (X6.1) Page 158 of 401...
  • Page 159: About The Default Subzone

    Up to 1000 subzones can be configured. Cisco VCS Administrator Guide (X6.1) Page 159 of 401...
  • Page 160: Configuring Subzone Membership Rules

    Up to 3000 subzone membership rules can be configured. Note: if the endpoint’s IP address or registration alias does not match any of the membership rules, it is assigned to the Default Subzone. The configurable options are: Cisco VCS Administrator Guide (X6.1) Page 160 of 401...
  • Page 161 Applies only if the Type is Alias pattern string compared. match. Target The subzone to which an endpoint is subzone assigned if its address satisfies this rule. State Indicates if the rule is enabled or not. Cisco VCS Administrator Guide (X6.1) Page 161 of 401...
  • Page 162: Applying Bandwidth Limitations To Subzones

    Subzone A and any other subzone or zone will be limited to 128kbps. However, Subzone A also has a link configured between it and Subzone B. This link uses a pipe with a limit of 512kbps. In Cisco VCS Administrator Guide (X6.1) Page 162 of 401...
  • Page 163: Links And Pipes

    Shows the total amount of bandwidth currently being consumed by all calls traversing used the link. You can configure up to 3000 links. Whenever a subzone or zone is created, certain links are automatically created; see Default links further information. Cisco VCS Administrator Guide (X6.1) Page 163 of 401...
  • Page 164: Default Links

    (VCS configuration > Bandwidth > Pipes) lists all the pipes that have been configured on the VCS and allows you to create, edit and delete pipes. The following information is displayed: Cisco VCS Administrator Guide (X6.1) Page 164 of 401...
  • Page 165: Applying Pipes To Links

    Pipe A, which represents the Head Office’s broadband connection to the internet, and Pipe B, which represents the Home Office’s dial-up connection to the internet. Each pipe Cisco VCS Administrator Guide (X6.1) Page 165 of 401...
  • Page 166: Bandwidth Control Examples

    In this scenario, a call placed between the Home Office and Branch Office will consume bandwidth from the Home and Branch subzones and on the Home and Branch pipes (Pipe B and Pipe C). The Head Office’s bandwidth budget will be unaffected by the call. Cisco VCS Administrator Guide (X6.1) Page 166 of 401...
  • Page 167 If the example deployment above is modified to include firewalls between the offices, we can use Cisco’s Expressway firewall traversal solution to maintain connectivity. We do this by adding a VCS Expressway outside the firewall on the public internet, which will work in conjunction with the VCS Control and Home and Branch office endpoints to traverse the firewalls.
  • Page 168 Bandwidth control Cisco VCS Administrator Guide (X6.1) Page 168 of 401...
  • Page 169: Firewall Traversal

    However, firewalls can be configured to allow outgoing requests to certain trusted destinations, and to allow responses from those destinations. This principle is used by Cisco's Expressway technology to enable secure traversal of any firewall.
  • Page 170: Vcs As A Firewall Traversal Client

    TURN relay services to ICE-enabled endpoints. Configuring traversal server zones For the VCS Expressway to act as a firewall traversal server for Cisco systems, you must create and configure a traversal server zone on the VCS Expressway (VCS configuration >...
  • Page 171 Configure all the modes and ports in the H.323 and SIP protocol sections to match identically those of the traversal server zone on the VCS Expressway. Enter the VCS Expressway’s IP address or FQDN in the Peer 1 address field. Cisco VCS Administrator Guide (X6.1) Page 171 of 401...
  • Page 172: Firewall Traversal Protocols And Ports

    H.323 firewall traversal protocols The VCS supports two different firewall traversal protocols for H.323: Assent and H.460.18/H.460.19. Assent is Cisco’s proprietary protocol. H.460.18 and H.460.19 are ITU standards which define protocols for the firewall traversal of signaling and media respectively. These standards are based on the original Assent protocol.
  • Page 173: Default Port Summary

    NAT) which can be used by SIP endpoints that support the ICE firewall traversal protocol. The ports used by these services are configurable on the TURN page (VCS configuration > Expressway > TURN). Cisco VCS Administrator Guide (X6.1) Page 173 of 401...
  • Page 174: Ports For Connections Out To The Public Internet

    VCS configuration > Zones > Edit zone, in credentials section. the Connection credentials section. There must also be an entry in the VCS Expressway’s authentication database with the corresponding client username and password. Cisco VCS Administrator Guide (X6.1) Page 174 of 401...
  • Page 175 Connection credentials section. Note that all VCS and Gatekeeper traversal clients must authenticate with the VCS Expressway, even if the VCS Expressway is not using device authentication for endpoint clients. Cisco VCS Administrator Guide (X6.1) Page 175 of 401...
  • Page 176: Authentication And Ntp

    VCS Expressway back to the originating client Cisco offers a downloadable tool, the Expressway Port Tester, that allows you to test your firewall configuration for compatibility issues with your network and endpoints. It will advise if necessary which ports may need to be opened on your firewall in order for the Expressway™...
  • Page 177: Configuring Traversal Server Ports

    The options are: Field Description Media demultiplexing RTP port Port used for demultiplexing RTP media. Default is 2776. Media demultiplexing RTCP port Port used for demultiplexing RTCP media. Default is 2777. Cisco VCS Administrator Guide (X6.1) Page 177 of 401...
  • Page 178: About Ice And Turn Services

    After the relays are allocated, each ICE client has 3 potential connection paths (addresses) through which it can send and receive media: its host address which is behind the NAT device (and thus not reachable from endpoints on the other side of the NAT) Cisco VCS Administrator Guide (X6.1) Page 178 of 401...
  • Page 179: Configuring Turn Services

    Ensure the client's credentials are stored in the device realm server in its authentication authentication database. challenges. Media port The lower and upper port range start / in the range used for the allocation of TURN relays. Cisco VCS Administrator Guide (X6.1) Page 179 of 401...
  • Page 180: Turn Relay Status Information

    TURN relay status information TURN relays page lists all the currently active TURN relays on the VCS. You can also review further details of each TURN relay including permissions, channel bindings and counters. Cisco VCS Administrator Guide (X6.1) Page 180 of 401...
  • Page 181: Applications

    Multiway is supported in Cisco TelePresence endpoints including the E20 (software version TE1.0 or later) and MXP range (software version F8.0 or later). Check with your Cisco representative for an up-to-date list of the Cisco endpoints and infrastructure products that support Multiway.
  • Page 182: About Presence

    The Presence application on the VCS supports the SIP-based SIMPLE standard and is made up of two separate services. These are the Presence Server and the Presence User Agent (PUA). These services can be enabled and disabled separately. Cisco VCS Administrator Guide (X6.1) Page 182 of 401...
  • Page 183: Presence Server

    When enabled, the PUA generates presence information for all endpoints registered to the VCS, including those which already support presence. The status information provided by the PUA is either: Cisco VCS Administrator Guide (X6.1) Page 183 of 401...
  • Page 184: Configuring Presence

    PUA to publish updated presence information on behalf of any SIP endpoints. Configuring Presence The Presence page (Applications > Presence) allows you to enable and configure Presence services on the VCS. Cisco VCS Administrator Guide (X6.1) Page 184 of 401...
  • Page 185 Server on the VCS Expressway, and enable the Presence Server on the VCS Control. This will ensure that all PUBLISH messages generated by the PUA are routed to the VCS Control. Cisco VCS Administrator Guide (X6.1) Page 185 of 401...
  • Page 186: Ocs Relay

    This ensures that all requests with the specified prefix are routed directly to the OCS. There are a number of other steps required in order to successfully set up a connection between the VCS and OCS. These include: configuring Call Policy configuring Presence Cisco VCS Administrator Guide (X6.1) Page 186 of 401...
  • Page 187: About Findme

    FindMe configuration. If FindMe is not enabled, or the alias is not a FindMe ID, the VCS continues to search for the alias in the usual manner. Cisco VCS Administrator Guide (X6.1) Page 187 of 401...
  • Page 188: Who Must Do What Before Findme Can Be Used

    To configure how user accounts are authenticated, go to the Login account authentication configuration page. Note that the FindMe configuration page can only be accessed if the FindMe option key is installed. Cisco VCS Administrator Guide (X6.1) Page 188 of 401...
  • Page 189 This setting can be used to stop users from adding their own devices and restrict them to being able to only maintain their locations and their associated devices. Cisco VCS Administrator Guide (X6.1) Page 189 of 401...
  • Page 190: Searching For Findme Users

    Note that if you are part of a large enterprise with, for example, TMS managing several VCS clusters, the search may find users and devices in other VCS clusters. You can only view (and not edit) the Cisco VCS Administrator Guide (X6.1) Page 190 of 401...
  • Page 191: About Provisioning (Starter Pack)

    If you enable the bandwidth limits option for a device type you can then configure the maximum incoming and outgoing bandwidth (in kbps) values to set on the provisioned devices. Cisco VCS Administrator Guide (X6.1) Page 191 of 401...
  • Page 192 When you configure a user account, you can choose the devices to provision for that user. User accounts are also used to configure a user's FindMe settings. See the VCS Starter Pack Express deployment guide [34] for full details on setting up Starter Pack provisioning. Cisco VCS Administrator Guide (X6.1) Page 192 of 401...
  • Page 193: Maintenance

    — additional manual steps may be required Contact your Cisco representative for more information on how to obtain these. Cisco VCS Administrator Guide (X6.1) Page 193 of 401...
  • Page 194: Backing Up Before Upgrading

    New features may also become available with each major release of the VCS platform component, and you may need to install new option keys to take advantage of these new features. Contact your Cisco representative for more information on all the options available for the latest release of VCS software.
  • Page 195: Upgrading Using Secure Copy (Scp/Pscp)

    3. Enter the root password when prompted. The software installation begins automatically. Wait until the software has installed completely. This should not take more than five minutes. Cisco VCS Administrator Guide (X6.1) Page 195 of 401...
  • Page 196: Option Keys

    Options are used to add additional features to the VCS. Your VCS may have been shipped with one or more optional features pre-installed. To purchase further options, contact your Cisco representative. The System information section summarizes the existing features installed on the VCS. The options that you may see here include: Expressway: enables the VCS to work as an Expressway™...
  • Page 197: Adding Option Keys Using The Cli

    VCS when acting as either a client or a server in connections using TLS, and when authenticating client connections over HTTPS. Cisco VCS Administrator Guide (X6.1) Page 197 of 401...
  • Page 198: Crl Management

    CRL files are used instead by the VCS when communicating with external policy services by the Client certificate testing page To upload a CRL file: Cisco VCS Administrator Guide (X6.1) Page 198 of 401...
  • Page 199: Certificate-Based Authentication Configuration

    Common Access Card or CAC) — and the certificate contains appropriate credentials that have a suitable authorization level. Enabling certificate-based authentication The recommended procedure for enabling certificate-based authentication is described below: Cisco VCS Administrator Guide (X6.1) Page 199 of 401...
  • Page 200 VCS may be possible. This lack of protection may also apply if the certificates are stored in the browser, although some browsers do allow you to password protect their certificate store. Cisco VCS Administrator Guide (X6.1) Page 200 of 401...
  • Page 201: Client Certificate Testing

    In the Regex field, use the (?<name>regex) syntax to supply names for capture groups so that matching sub-patterns can be substituted in the associated Username format field, for example, /(Subject:.*, CN=(?<Group1>.*))/m. Note that the regex defined here must conform to PHP regex guidelines [43]. Cisco VCS Administrator Guide (X6.1) Page 201 of 401...
  • Page 202: Advanced Account Security

    HTTPS client certificate validation is enabled login account LDAP server configuration uses TLS encryption and has certificate revocation list (CRL) checking set to All remote logging is disabled Cisco VCS Administrator Guide (X6.1) Page 202 of 401...
  • Page 203: Vcs Functionality: Changes And Limitations

    If you upgrade to a later version of VCS software you may need to install a later version of the associated language pack to ensure that all text is available in the chosen language. Cisco VCS Administrator Guide (X6.1) Page 203 of 401...
  • Page 204: Installing Language Packs

    The selected language pack is then verified and uploaded, and then made available for selection in the Language drop-down. Note that you cannot create your own language packs. Language packs can only be obtained from Cisco. Refer to your Cisco support representative for information on currently available language packs. About login accounts The VCS has two types of login account for normal operation: Administrator accounts: used to configure the VCS.
  • Page 205: User Accounts

    To use LDAP for account authentication, you must also go to the Login account authentication configuration page and select a Remote administrator or user authentication source. The configurable options are: Cisco VCS Administrator Guide (X6.1) Page 205 of 401...
  • Page 206 LDAP server. VCS bind The password used by the VCS when binding to the The maximum plaintext length password LDAP server. is 60 characters, which is then encrypted. Cisco VCS Administrator Guide (X6.1) Page 206 of 401...
  • Page 207: Login History

    For security reasons you must change the password as soon as possible. A warning is displayed on the web interface and the CLI if the root account has the default password set. Cisco VCS Administrator Guide (X6.1) Page 207 of 401...
  • Page 208: Resetting An Administrator Or Root Password

    Resetting user account passwords To change a password on behalf of a user without knowing their existing password (for example, when a user forgets their password): Cisco VCS Administrator Guide (X6.1) Page 208 of 401...
  • Page 209: Configuring Administrator Accounts

    If the VCS is operating in Enforce strict passwords mode (set on the Password security page, Maintenance > Login accounts > Password security) the password must be Strong before it will be accepted. Note: you cannot set blank passwords for any administrator account. Cisco VCS Administrator Guide (X6.1) Page 209 of 401...
  • Page 210 This setting affects administrator passwords only. It does not affect any other passwords used on the VCS such as in the local authentication database, LDAP server, external registration credentials or user account passwords. All passwords and usernames are case sensitive. Cisco VCS Administrator Guide (X6.1) Page 210 of 401...
  • Page 211: Configuring Administrator Groups

    The User accounts page (Maintenance > Login accounts > User accounts) lists all the user accounts that have been configured on the VCS, and lets you add, edit and delete accounts. Cisco VCS Administrator Guide (X6.1) Page 211 of 401...
  • Page 212 Note that passwords are this account. case sensitive, and that the password fields are not shown if remote authentication is You must confirm any new or enabled. modified password. Cisco VCS Administrator Guide (X6.1) Page 212 of 401...
  • Page 213: Principal Devices (Starter Pack Only)

    Note: all device address URIs are converted to lower case. Cisco VCS Administrator Guide (X6.1) Page 213 of 401...
  • Page 214: Configuring User Groups

    It cannot contain any of the directory service to manage user accounts. following characters: / \ [ ] : ; | = , + * ? > < @ " Cisco VCS Administrator Guide (X6.1) Page 214 of 401...
  • Page 215: Backing Up And Restoring Vcs Data

    VCS, you will receive a warning message, but you will be allowed to continue. Backups should not be used to copy data between VCSs. Note: you are recommended to take the VCS unit out of service before performing a restore. Cisco VCS Administrator Guide (X6.1) Page 215 of 401...
  • Page 216: Creating A Backup

    To restore the VCS to a previous set of TMS Agent data: 1. Go to the Backup and restore page (Maintenance > Backup and restore). 2. In the Restore section, Browse to the backup file containing the configuration you want to restore. Cisco VCS Administrator Guide (X6.1) Page 216 of 401...
  • Page 217: Creating A System Snapshot

    (Maintenance > System snapshot) allows you to create a file that can be used for diagnostic purposes. The file should be sent to your Cisco support representative at their request to assist them in troubleshooting issues you may be experiencing.
  • Page 218: Sending Incident Reports Automatically

    If you need to edit the report before sending it to Cisco (for example, if you need to remove any potentially sensitive information) you must copy and paste the information from the Incident detail page into a text file, and edit the information in that file before sending it to Cisco.
  • Page 219: Incident Report Details

    Incident detail page, from where you can view the report on screen, or download it as an XML file for forwarding manually to Cisco customer support. Incident report details The Incident detail page (Maintenance > Incident reporting >...
  • Page 220: Locating An Alias

    VCS Cisco AM GW policy rules to determine which calls are routed via the Cisco AM GW To use this tool: 1. Enter an Alias against which you want to test the transform.
  • Page 221: Local Vcs Inbound Ports

    The Remote listening ports page (Maintenance > Tools > Port usage > Remote listening ports) shows the destination IP addresses and IP ports of remote systems with which the VCS communicates. Cisco VCS Administrator Guide (X6.1) Page 221 of 401...
  • Page 222: Restarting

    VCS while the red ALM LED on the front of the box is on. This indicates a hardware fault. Contact your Cisco representative. The restart function shuts down and restarts the VCS application software, but not the operating system or hardware.
  • Page 223: Rebooting Using The Web Interface

    WARNING: do not shut down the VCS while the red ALM LED on the front of the box is on. This indicates a hardware fault. Contact your Cisco representative. The system must be shut down before it is unplugged. After the system has been shut down, the only way it can be restarted is by pressing the soft power button on the unit itself.
  • Page 224: Reference Material

    TMS agent TMS agent passwords what constitutes traversal calls restoring the system to its default settings warnings xConfiguration commands xComand commands xStatus commands policy services bibliography glossary Cisco VCS Administrator Guide (X6.1) Page 224 of 401...
  • Page 225: Software Version History

    User interface language packs Multiple language support has been enabled on the VCS's web interface. Language packs will be made available for download in the future. Contact your Cisco support representative for more information on supported languages. Cisco VCS Administrator Guide (X6.1)
  • Page 226: X5.2

    Message waiting indication The VCS now supports forwarding of unsolicited NOTIFY messages to registered endpoints. This allows message waiting indication from CUCM to be forwarded to E20s thus allowing the indicator Cisco VCS Administrator Guide (X6.1) Page 226 of 401...
  • Page 227: X5.1

    OCS Relay status: colored status icons make the difference between the online and offline OCS Relay status more distinct. Configuration warnings: more warnings are raised for common misconfiguration scenarios, for example if a clustered VCS has H.323 disabled, or if default links are not present. Cisco VCS Administrator Guide (X6.1) Page 227 of 401...
  • Page 228 10-999 will generate aliases 010 through 999. Cisco TelePresence Advanced Media Gateway support The Cisco TelePresence Advanced Media Gateway (Cisco AM GW) provides support for transcoding between standard codecs (such as H.264) and Microsoft RT Video to allow high definition calls between Microsoft Office Communicator (MOC) clients and Cisco endpoints.
  • Page 229 50 registrations 5 calls (any combination of traversal and non-traversal calls) Note that installing additional call license option keys will have no effect while the Starter Pack option key is present. Cisco VCS Administrator Guide (X6.1) Page 229 of 401...
  • Page 230 Number of links increased from 600 to 3000. Zone configuration VCS now supports up to 1000 zones (previously 200). New Cisco Unified Communications Manager zone profile option configures the settings required for connections to a Cisco UCM. Zone matches replaced by search rules Instead of specifying up to 5 matches when configuring a zone, you now set up separate search rules and associate each rule with a target zone to where the query is forwarded.
  • Page 231 The VCS now distinguishes between a restart function which is required for some configuration changes to take effect, and a full reboot process which is only required after a software upgrade. Cisco VCS Administrator Guide (X6.1) Page 231 of 401...
  • Page 232 On the DNS page you can now specify the Local host name. This is the DNS host name that this VCS is known by. The NTP server field on the Time page now defaults to one of four NTP servers provided by Cisco, either: 0.ntp.tandberg.com, 1.ntp.tandberg.com, 2.ntp.tandberg.com or 3.ntp.tandberg.com.
  • Page 233 VCS, regardless of whether these belong to the same device. Login banner You can upload an image and text that will be displayed when administrators or FindMe users log in the VCS. Cisco VCS Administrator Guide (X6.1) Page 233 of 401...
  • Page 234: About Event Log Levels

    The body of the message (see the Message details field section for further details information). Administrator and FindMe user events Administrator session related events are: Admin Session Start Admin Session Finish Cisco VCS Administrator Guide (X6.1) Page 234 of 401...
  • Page 235: Message Details Field

    H.225 H.245 LDAP Q.931 NeighbourGatekeeper Clustering ConferenceFactory Message Specifies the type of the message. Type Response- SIP response code or, for H.323 and interworked calls, a SIP equivalent response code. code Cisco VCS Administrator Guide (X6.1) Page 235 of 401...
  • Page 236 A full UTC timestamp in YYYY/MM/DD-HH:MM:SS format. Using this format permits simple ASCII text sorting/ordering to naturally sort by time. This is included due to the limitations of standard syslog timestamps. Cisco VCS Administrator Guide (X6.1) Page 236 of 401...
  • Page 237: Events And Levels

    A call has been attempted. Call Bandwidth The endpoints in a call have renegotiated call bandwidth. Changed Call Connected A call has been connected. Call Diverted A call has been diverted. Cisco VCS Administrator Guide (X6.1) Page 237 of 401...
  • Page 238 The TMS Agent failed to restart. Service Failed Restarting Directory The TMS Agent has restarted. Service Restarted Directory The TMS Agent is restarting. Service Restarting Directory The TMS Agent is starting. Service Starting Cisco VCS Administrator Guide (X6.1) Page 238 of 401...
  • Page 239 Possible values for the detail field are: Non Traversal Call Limit Reached Traversal Call Limit Reached If this occurs frequently, you may want to contact your Cisco representative to purchase more licenses. Message An incoming RAS message has been received.
  • Page 240 Authentication change Conflicting zones Operator forced removal Operator forced removal (all registrations removed) Registration superseded. Registration A registration has been requested. Requested Relay Allocated A TURN server relay has been allocated. Cisco VCS Administrator Guide (X6.1) Page 240 of 401...
  • Page 241 Source Aliases A source alias has been changed to indicate the caller's FindMe ID. Rewritten Success The TURN server has sent a success message to a client (using STUN Response Sent protocol). Cisco VCS Administrator Guide (X6.1) Page 241 of 401...
  • Page 242 Transport Layer Security (TLS) connection failed to negotiate. Negotiation Error TMS Agent The TMS Agent backup process has completed. backup completed TMS Agent An error occurred while attempting a TMS Agent backup. backup error Cisco VCS Administrator Guide (X6.1) Page 242 of 401...
  • Page 243 Warning raised The VCS has detected an issue and raised a warning. The Detail event parameter provides information about the nature of the issue. Cisco VCS Administrator Guide (X6.1) Page 243 of 401...
  • Page 244: Cpl Reference

    The address construct is used within an address-switch to specify addresses to match. It supports the use of regular expressions. Valid values are: is=string Selected field and subfield exactly match the given string. Cisco VCS Administrator Guide (X6.1) Page 244 of 401...
  • Page 245 If the call originates from a registered endpoint this is the list of all aliases it registered- has registered, otherwise not-present. origin destination The destination aliases. Cisco VCS Administrator Guide (X6.1) Page 245 of 401...
  • Page 246: Otherwise

    VCS will only use authenticated aliases when running policy so the not- present action can be used to take appropriate action when a call is received from an unauthenticated user (see the example Call screening of authenticated users). Cisco VCS Administrator Guide (X6.1) Page 246 of 401...
  • Page 247: Location

    <taa:rule originating-user="<regular expression>" destination="<regular expression>" message-regex="<regular expression>"> <taa:rule originating-zone="<regular expression>" destination="<regular expression>" message-regex="<regular expression>"> </taa:rule-switch> The meaning of the various origin selectors is as described in the field section. Cisco VCS Administrator Guide (X6.1) Page 247 of 401...
  • Page 248: Proxy

    VCS will continue to use its existing policy. The following elements are not currently supported: Cisco VCS Administrator Guide (X6.1) Page 248 of 401...
  • Page 249: Cpl Examples

    </taa:routed> </cpl> CPL example: call screening based on alias In this example, user ceo will only accept calls from users vpsales, vpmarketing or vpengineering. <?xml version="1.0" encoding="UTF-8" ?> <cpl xmlns="urn:ietf:params:xml:ns:cpl" xmlns:taa="http://www.tandberg.net/cpl-extensions" Cisco VCS Administrator Guide (X6.1) Page 249 of 401...
  • Page 250 <address is="fred"> <address-switch field="authenticated-origin" subfield="host"> <address subdomain-of="annoying.com"> <!-- Don't accept calls from this source --> <!-- Reject call with a status code of 403 (Forbidden) --> <reject status="403" reason="Denied by policy"/> Cisco VCS Administrator Guide (X6.1) Page 250 of 401...
  • Page 251 <taa:routed> <address-switch field="destination"> <address regex="(.*)@example.com"> <proxy> <failure> <!-- Failed to contact using example.com, retry the request with example.net --> <taa:location clear="yes" regex="(.*)@example.com" replace="\1@example.net"> <proxy/> </taa:location> </failure> </proxy> </address> </address-switch> </taa:routed> Cisco VCS Administrator Guide (X6.1) Page 251 of 401...
  • Page 252 <!-- Reject call with a status code of 403 (Forbidden) --> <reject status="403" reason="Denied by policy"/> </address> <address is="DefaultSubZone"> <!-- Reject call with a status code of 403 (Forbidden) --> <reject status="403" reason="Denied by policy"/> </address> <otherwise> <proxy/> Cisco VCS Administrator Guide (X6.1) Page 252 of 401...
  • Page 253 <!-- Reject call with a status code of 403 (Forbidden) --> <reject status="403" reason="Denied by policy"/> </address> </address-switch> </address> </address-switch> </taa:routed> </cpl> Using the taa:rule-switch node <?xml version="1.0" encoding="UTF-8" ?> <cpl xmlns="urn:ietf:params:xml:ns:cpl" xmlns:taa="http://www.tandberg.net/cpl-extensions" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:cpl cpl.xsd"> <taa:routed> Cisco VCS Administrator Guide (X6.1) Page 253 of 401...
  • Page 254 <!-- Proxy the call normally, but redirect to different recorded messages based on --> <!-- the particular error response we get --> <proxy> <failure status="403"> <!-- Call attempt failed with 403 (Forbidden) --> <taa:location url="forbidden-message@example.com" clear="yes"> <proxy/> </taa:location> </failure> <failure status="404"> Cisco VCS Administrator Guide (X6.1) Page 254 of 401...
  • Page 255 <taa:rule origin=".*" destination="user@example.com" message- regex="^SUBSCRIBE.*"> <!-- Cannot subscribe to user@example.com --> <!-- Reject call with a status code of 403 (Forbidden) --> <reject status="403" reason="Denied by policy"/> </taa:rule> </taa:rule-switch> </taa:routed> </cpl> Cisco VCS Administrator Guide (X6.1) Page 255 of 401...
  • Page 256: Ldap Configuration For Device Authentication

    Open a command prompt and for each file execute the following command: ldifde -i -c DC=X <ldap_base> -f filename.ldf where: <ldap_base> is the base DN for your Active Directory server. Adding H.350 objects Create the organizational hierarchy: Cisco VCS Administrator Guide (X6.1) Page 256 of 401...
  • Page 257 Device authentication using LDAP section. Securing with TLS To enable Active Directory to use TLS, you must request and install a certificate on the Active Directory server. The certificate must meet the following requirements: Cisco VCS Administrator Guide (X6.1) Page 257 of 401...
  • Page 258: Configuring An Openldap Server

    Adding H.350 objects Create the organizational hierarchy: 1. Create an ldif file with the following contents: # This example creates a single organizational unit to contain the H.350 objects dn: ou=h350,dc=my-domain,dc=com objectClass: organizationalUnit Cisco VCS Administrator Guide (X6.1) Page 258 of 401...
  • Page 259 The connection to the LDAP server can be encrypted by enabling Transport Level Security (TLS) on the connection. To do this you must create an X.509 certificate for the LDAP server to allow the VCS Cisco VCS Administrator Guide (X6.1) Page 259 of 401...
  • Page 260 To configure the VCS to use TLS on the connection to the LDAP server you must upload the CA’s certificate as a trusted CA certificate. This can be done on the VCS by navigating to: Maintenance > Certificate management > Security certificates. Cisco VCS Administrator Guide (X6.1) Page 260 of 401...
  • Page 261: Dns Configuration Examples

    To see if this is the case on your system, run ps aux | grep named Cisco VCS Administrator Guide (X6.1) Page 261 of 401...
  • Page 262: Changing The Default Ssh Key

    Select (q) to quit. 5. Type exit to log out of the root account. Finally, you must restart every VCS. You are recommended to do this from the web interface: Cisco VCS Administrator Guide (X6.1) Page 262 of 401...
  • Page 263: Restoring Default Configuration

    Level: 3 and their reset values. Configuration item Reset value Administration HTTP Mode Administration HTTPS Mode Administration SSH Mode Administration Telnet Mode Ethernet [1..2] IP V4 Address 192.168.0.100 Ethernet [1..2] IP V4 StaticNAT Address <blank> Cisco VCS Administrator Guide (X6.1) Page 263 of 401...
  • Page 264: Configuration Items Reset By Defaultvaluesset Level 2

    The following table lists the configuration items that are reset by xCommand DefaultValuesSet Level: 2 and their reset values. Configuration item Reset value Alternates Cluster Name <blank> Authentication ADS ADDomain <blank> Cisco VCS Administrator Guide (X6.1) Page 264 of 401...
  • Page 265 Login Remote LDAP VCS BindPassword <blank> Login Remote LDAP VCS BindUsername <blank> Login Remote Protocol LDAP Login User Groups Group [1..15] Access ReadWrite Login User Groups Group [1..15] Name <blank> Login User Source Local Cisco VCS Administrator Guide (X6.1) Page 265 of 401...
  • Page 266: Password Encryption

    CLI are shown in the table below. Password type Maximum plain text Maximum displayed encrypted characters characters Admin account Administrator accounts Local Database authentication credentials Outbound connection credentials LDAP server FindMe accounts Cisco VCS Administrator Guide (X6.1) Page 266 of 401...
  • Page 267: Pattern Matching Variables

    LAN 1 and Address LAN 2. %ipv6_1% xConfiguration Ethernet 1 IP V6 Matches the IPv6 Replaces the Address address currently string with the configured for LAN 1. LAN 1 IPv6 address. Cisco VCS Administrator Guide (X6.1) Page 267 of 401...
  • Page 268 VCS’s System Name. You can test whether a pattern matches a particular alias and is transformed in the expected way by using the Check pattern tool (Maintenance > Tools > Check pattern). Cisco VCS Administrator Guide (X6.1) Page 268 of 401...
  • Page 269: Port Reference

    Used for encrypted 443 TCP inbound web administration. configurable Also used to replicate FindMe data if the VCS is part of a cluster with FindMe enabled. Reserved for inbound future use configurable Cisco VCS Administrator Guide (X6.1) Page 269 of 401...
  • Page 270 Used on the VCS 2776 UDP inbound 1024 - 65534 VCS configuration > server media Expressway for outbound Expressway > Ports demultiplexing demultiplexing RTP xConfiguration media. Traversal Server Media Demultiplexing RTP Port Cisco VCS Administrator Guide (X6.1) Page 270 of 401...
  • Page 271 Configuration xConfiguration SIP UDP Port SIP TCP Listens for incoming 5060 TCP inbound 1024 - 65534 VCS configuration > SIP TCP calls. Protocols > SIP > Configuration xConfiguration SIP TCP Port Cisco VCS Administrator Guide (X6.1) Page 271 of 401...
  • Page 272 29999 Protocols > SIP > range TCP/TLS SIP Configuration connections to a xConfiguration remote SIP device. SIP TCP Outbound Port Start xConfiguration SIP TCP Outbound Port End Cisco VCS Administrator Guide (X6.1) Page 272 of 401...
  • Page 273 TMS Agent Used to connect to uses a TCP source port from the another VCS or TMS ephemeral range for data replication. Cisco VCS Administrator Guide (X6.1) Page 273 of 401...
  • Page 274 LDAP server for login ephemeral range account authentication. Note that the range of ephemeral ports can be configured by using the CLI commands xConfiguration IP Ephemeral PortRange Start and xConfiguration IP Ephemeral PortRange End. Cisco VCS Administrator Guide (X6.1) Page 274 of 401...
  • Page 275: Regular Expressions

    - character and then the last character in the range. You cannot use special characters within the [] - they will be taken literally. Cisco VCS Administrator Guide (X6.1) Page 275 of 401...
  • Page 276 @example.com. present in order for there to be a match. Note that regex comparisons are not case sensitive. For an example of regular expression usage, see the CPL examples section. Cisco VCS Administrator Guide (X6.1) Page 276 of 401...
  • Page 277: Supported Characters

    Administrator user groups Case sensitivity Text items entered through the CLI and web interface are case insensitive. The only exception is passwords which are case sensitive. Cisco VCS Administrator Guide (X6.1) Page 277 of 401...
  • Page 278: Tms Agent

    TMS agent is accessed via two accounts: one for connecting via LDAP into the TMS Agent database, and one for managing the replication of the TMS Agent database. These accounts are only used by the Cisco VCS Administrator Guide (X6.1) Page 278 of 401...
  • Page 279: Tms Agent Passwords

    If your VCS is not managed by TMS, you have to change these passwords by logging into the VCS as the root user (by default you can only do this using a serial connection or SSH). To change the password for the TMS Agent LDAP account: Cisco VCS Administrator Guide (X6.1) Page 279 of 401...
  • Page 280 3. Type exit to log out of the root account. Note: if your VCS is subsequently reconfigured to use TMS, the password must first be reset to the default value of TANDBERG. Cisco VCS Administrator Guide (X6.1) Page 280 of 401...
  • Page 281: What Are Traversal Calls

    VCS by purchasing and installing the appropriate option key. Note that a non-traversal call on a VCS Expressway will consume a traversal license if there are no non-traversal call licenses available. Cisco VCS Administrator Guide (X6.1) Page 281 of 401...
  • Page 282: Warnings List

    10015 Configuration warning: H.323 and SIP modes are set to Off; Configure H.323 and/or one or both of them should be enabled modes Cisco VCS Administrator Guide (X6.1) Page 282 of 401...
  • Page 283 10033 Cluster replication error: the NTP server is unreachable Reconfigure the NTP server 10034 Cluster replication error: configuration master ID is View cluster replication inconsistent, manual synchronization of configuration is troubleshooting instructions required Cisco VCS Administrator Guide (X6.1) Page 283 of 401...
  • Page 284 10048 Restart required: the TMS Agent service has stopped Restart the VCS unexpectedly. If the problem persists, contact your Cisco support representative 10049 Reboot required: the advanced account security mode has...
  • Page 285 Contact your Cisco translated representative to obtain the correct language pack version 10064 VCS database failure Contact your Cisco support representative 10073 Uncontrolled shutdown detected Contact your Cisco representative if the problem persists Cisco VCS Administrator Guide (X6.1) Page 285 of 401...
  • Page 286 10088 The release key is not valid. If you do not have a valid key, Add/remove option keys contact your Cisco support representative. 10089 Cluster replication error: this peer's cluster configuration Configure this peer's cluster...
  • Page 287: Xconfiguration Commands

    <element> <sub-element> ? to return all available sub-elements and their valuespace, description and default values xConfiguration commands All of the available xConfiguration commands are listed in the table below: Cisco VCS Administrator Guide (X6.1) Page 287 of 401...
  • Page 288 The maximum number of concurrent administrator sessions allowed on the VCS. This includes web, SSH, Telnet and serial sessions. A value of 0 turns session limits off. Default: 0 Example: xConfiguration Administration MaxConcurrentSessions Total: 2 Cisco VCS Administrator Guide (X6.1) Page 288 of 401...
  • Page 289 The alias that will be dialed by the endpoints when the Multiway feature is activated. This must be pre- configured on all endpoints that may be used to initiate the Multiway feature. Example: xConfiguration Applications ConferenceFactory Alias: "multiway@example.com" Cisco VCS Administrator Guide (X6.1) Page 289 of 401...
  • Page 290 The SIP domain in use on the Microsoft Office Communications Server. This must be selected from one of the SIP domains already configured on the VCS, and must be the same domain used by all FindMe names. Example: xConfiguration Applications OCS Relay OCS Domain: "example.com" Cisco VCS Administrator Guide (X6.1) Page 290 of 401...
  • Page 291 Specifies the time (in seconds) after which the Presence User Agent will attempt to resend a PUBLISH to the Presence Server. This will occur if the original attempt failed due to resource issues or other transitory errors. Default: 1800 Example: xConfiguration Applications Presence User Agent RetryDelta: 1800 Cisco VCS Administrator Guide (X6.1) Page 291 of 401...
  • Page 292 Example: xConfiguration Authentication ADS KDC 1 Port: 88 Authentication ADS Mode: <On/Off> Indicates if the VCS should attempt to form a relationship with the AD. Default: Off Example: xConfiguration Authentication ADS Mode: On Cisco VCS Administrator Guide (X6.1) Page 292 of 401...
  • Page 293 Endpoint: the aliases presented by the endpoint are used; any in the LDAP database are ignored. Combined: the aliases presented by the endpoint are used in addition to any listed in the LDAP database. Default: LDAP Example: xConfiguration Authentication LDAP AliasOrigin: LDAP Cisco VCS Administrator Guide (X6.1) Page 293 of 401...
  • Page 294 Default: On Example: xConfiguration Bandwidth Downspeed Total Mode: On Bandwidth Link [1..3000] Name: <S: 1, 50> Assigns a name to this link. Example: xConfiguration Bandwidth Link 1 Name: "HQ to BranchOffice" Cisco VCS Administrator Guide (X6.1) Page 294 of 401...
  • Page 295 Determines whether or not this pipe is enforcing total bandwidth restrictions. NoBandwidth: no bandwidth available. No calls can be made on this pipe. Default: Unlimited Example: xConfiguration Bandwidth Pipe 1 Bandwidth Total Mode: Limited Cisco VCS Administrator Guide (X6.1) Page 295 of 401...
  • Page 296 Example: xConfiguration Call Services Fallback Alias: "reception@example.com" Certification AdvancedAccountSecurity Mode: <On/Off> Enables or disables advanced account security. Note: you must restart the system for any changes to take effect. Default: Off Example: xConfiguration Certification AdvancedAccountSecurity Mode: On Cisco VCS Administrator Guide (X6.1) Page 296 of 401...
  • Page 297 Ethernet [1..2] IP V4 SubnetMask: <S: 7,15> Specifies the IPv4 subnet mask of the specified LAN port. Note: you must restart the system for any changes to take effect. Example: xConfiguration Ethernet 1 IP V4 SubnetMask: "255.255.255.0" Cisco VCS Administrator Guide (X6.1) Page 297 of 401...
  • Page 298 H323 Gatekeeper CallSignaling PortRange End: <1024..65534> Specifies the upper port in the range to be used by calls once they are established. Default: 19999 Example: xConfiguration H323 Gatekeeper CallSignaling PortRange End: 19999 Cisco VCS Administrator Guide (X6.1) Page 298 of 401...
  • Page 299 Specifies the interval (in seconds) at which an H.323 endpoint must re-register with the VCS in order to confirm that it is still functioning. Default: 1800 Example: xConfiguration H323 Gatekeeper TimeToLive: 1800 Cisco VCS Administrator Guide (X6.1) Page 299 of 401...
  • Page 300 On: the VCS will act as SIP-H.323 gateway regardless of whether the endpoints are locally registered. RegisteredOnly: the VCS will act as a SIP-H.323 gateway but only if at least one of the endpoints is locally registered. Default: RegisteredOnly Example: xConfiguration Interworking Mode: RegisteredOnly Cisco VCS Administrator Guide (X6.1) Page 300 of 401...
  • Page 301 Example: xConfiguration IP External Interface: LAN1 IP Gateway: <S: 7,15> Specifies the IPv4 gateway of the VCS. Note: you must restart the system for any changes to take effect. Default: 127.0.0.1 Example: xConfiguration IP Gateway: "192.168.127.0" Cisco VCS Administrator Guide (X6.1) Page 301 of 401...
  • Page 302 IP V6 Gateway: <S: 0, 39> Specifies the IPv6 gateway of the VCS. Note: you must restart the system for any changes to take effect. Example: xConfiguration IP V6 Gateway: "3dda:80bb:6::9:144" Cisco VCS Administrator Guide (X6.1) Page 302 of 401...
  • Page 303 Controls the granularity of Event Logging. 1 is the least verbose, 4 the most. Note: this setting is not retrospective; it will determine which events are written to the Event Log from now onwards. Default: 1 Example: xConfiguration Log Level: 1 Cisco VCS Administrator Guide (X6.1) Page 303 of 401...
  • Page 304 Login Remote LDAP BaseDN Groups: <S: 0,255> Sets the Distinguished Name to use as the base when searching for administrator and user groups. Example: xConfiguration Login Remote LDAP BaseDN Groups: "ou=groups,dc=corporation,dc=int" Cisco VCS Administrator Guide (X6.1) Page 304 of 401...
  • Page 305 Login Remote LDAP Server Address: <S: 0,128> Sets the IP address or Fully Qualified Domain Name (FQDN) of the LDAP server to use when making LDAP queries. Example: xConfiguration Login Remote LDAP Server Address: "server.example.com" Cisco VCS Administrator Guide (X6.1) Page 305 of 401...
  • Page 306 Defines the access level for members of the specified user group. None: no access allowed. ReadWrite: configuration can be viewed and changed. Default: ReadWrite Example: xConfiguration Login User Groups Group 1 Access: ReadWrite Cisco VCS Administrator Guide (X6.1) Page 306 of 401...
  • Page 307 Policy AdministratorPolicy Service DefaultCPL: <S: 0,255> The CPL used by the VCS when the remote service is unavailable. Default: <reject status='403' reason='Service Unavailable'/> Example: xConfiguration Policy AdministratorPolicy Service DefaultCPL: "<reject status='403' reason='Service Unavailable'/>" Cisco VCS Administrator Guide (X6.1) Page 307 of 401...
  • Page 308 Example: xConfiguration Policy AdministratorPolicy Service TLS Verify Mode: On Policy AdministratorPolicy Service UserName: <S: 0,30> Specifies the user name used by the VCS to log in and query the remote policy service. Example: xConfiguration Policy AdministratorPolicy Service UserName: "user123" Cisco VCS Administrator Guide (X6.1) Page 308 of 401...
  • Page 309 Policy FindMe Server UserName: <S: 0, 30> Specifies the user name used by the VCS to log in and query the remote FindMe Manager. Example: xConfiguration Policy FindMe Server UserName: "user123" Cisco VCS Administrator Guide (X6.1) Page 309 of 401...
  • Page 310 Policy Services Service [1..5] Server [1..3] Address: <S: 0,128> Specifies the IP address or Fully Qualified Domain Name (FQDN) of the remote service. Example: xConfiguration Policy Services Service 1 Server 1 Address: "192.168.0.0" Cisco VCS Administrator Guide (X6.1) Page 310 of 401...
  • Page 311 Specifies an entry to be added to the Allow List. If one of an endpoint’s aliases matches one of the patterns in the Allow List, the registration will be permitted. Example: xConfiguration Registration AllowList 1 Pattern String: "john.smith@example.com" Cisco VCS Administrator Guide (X6.1) Page 311 of 401...
  • Page 312 Directory: only endpoints who register an alias listed in the local Directory, may register. PolicyService: only endpoints who register with details allowed by the Policy Service, may register. Default: None Example: xConfiguration Registration RestrictionPolicy Mode: None Cisco VCS Administrator Guide (X6.1) Page 312 of 401...
  • Page 313 Controls certificate revocation list checking of the certificate supplied by the policy service. When enabled, the server's X.509 certificate will be checked against the revocation list of the certificate authority of the certificate. Default: Off Example: xConfiguration Registration RestrictionPolicy Service TLS CRLCheck Mode: Cisco VCS Administrator Guide (X6.1) Page 313 of 401...
  • Page 314 SIP Authentication Digest Nonce Maximum Use Count: <1..1024> Maximum number of times that a nonce generated by the VCS may be used by a client. Default: 128 Example: xConfiguration SIP Authentication Digest Nonce Maximum Use Count: 128 Cisco VCS Administrator Guide (X6.1) Page 314 of 401...
  • Page 315 Allow: the call can connect via the Advanced Media Gateway. Deny: the call can connect but it will not use Advanced Media Gateway resources. Default: Allow Example: xConfiguration Services AdvancedMediaGateway Policy Rules Rule 1 Action: Allow Cisco VCS Administrator Guide (X6.1) Page 315 of 401...
  • Page 316 Enabled Services AdvancedMediaGateway Zone Name: <S: 0,50> The zone used by the VCS to connect to one or more Advanced Media Gateways. Example: xConfiguration Services AdvancedMediaGateway Zone Name: "AM gateway zone" Cisco VCS Administrator Guide (X6.1) Page 316 of 401...
  • Page 317 SIP Require Duo Video Mode: <On/Off> Controls whether the VCS will require the use of the com.tandberg.sdp.duo.enable extension for endpoints that support it. Default: On Example: xConfiguration SIP Require Duo Video Mode: On Cisco VCS Administrator Guide (X6.1) Page 317 of 401...
  • Page 318 SIP Routes Route [1..20] Method: <S:0,64> SIP method to match to select this route (e.g. INVITE, SUBSCRIBE). Note: this command is intended for developer use only. Example: xConfiguration SIP Routes Route 1 Method: "SUBSCRIBE" Cisco VCS Administrator Guide (X6.1) Page 318 of 401...
  • Page 319 Example: xConfiguration SIP Session Refresh Value: 1800 SIP TCP Mode: <On/Off> Determines whether incoming and outgoing SIP calls using the TCP protocol will be allowed. Default: On Example: xConfiguration SIP TCP Mode: On Cisco VCS Administrator Guide (X6.1) Page 319 of 401...
  • Page 320 Specifies the listening port for incoming SIP UDP calls. Default: 5060 Example: xConfiguration SIP UDP Port: 5060 SNMP CommunityName: <S: 0, 16> Sets the VCS’s SNMP community name. Default: public Example: xConfiguration SNMP CommunityName: "public" Cisco VCS Administrator Guide (X6.1) Page 320 of 401...
  • Page 321 Sets SNMP Version 3 authentication type. Example: xConfiguration SNMP V3 Authentication Type: SHA SNMP V3 Mode: <On/Off> Enables or disables SNMP Version 3 support. Default: On Example: xConfiguration SNMP V3 Mode: On Cisco VCS Administrator Guide (X6.1) Page 321 of 401...
  • Page 322 SystemUnit Maintenance Mode: <On/Off> Sets the VCS into maintenance mode. New calls and registrations are disallowed and existing registrations are allowed to expire. Default: Off Example: xConfiguration SystemUnit Maintenance Mode: Off Cisco VCS Administrator Guide (X6.1) Page 322 of 401...
  • Page 323 Example: xConfiguration Transform 1 Pattern Behavior: Replace Transform [1..100] Pattern Replace: <S: 0, 60> The text string to use in conjunction with the selected Pattern behavior. Example: xConfiguration Transform 1 Pattern Replace: "example.com" Cisco VCS Administrator Guide (X6.1) Page 323 of 401...
  • Page 324 Ports are allocated from this range in pairs, the first of each being even. Therefore the range must start with an even number. Default: 50000 Example: xConfiguration Traversal Media Port Start: 50000 Cisco VCS Administrator Guide (X6.1) Page 324 of 401...
  • Page 325 Example: xConfiguration Traversal Server TURN Media Port End: 61799 Traversal Server TURN Media Port Start: <1024..65534> The lower port in the range used for TURN relays. Default: 60000 Example: xConfiguration Traversal Server TURN Media Port Start: 60000 Cisco VCS Administrator Guide (X6.1) Page 325 of 401...
  • Page 326 Specifies the bandwidth limit (in kbps) for any one call to or from an endpoint in the Default Subzone (applies only if the mode is set to Limited). Default: 1920 Example: xConfiguration Zones LocalZone DefaultSubZone Bandwidth PerCall Inter Limit: 1920 Cisco VCS Administrator Guide (X6.1) Page 326 of 401...
  • Page 327 Example: xConfiguration Zones LocalZone DefaultSubZone Bandwidth Total Mode: Limited Zones LocalZone DefaultSubZone Registrations: <Allow/Deny> Controls whether registrations assigned to the Default Subzone are accepted. Default: Allow Example: xConfiguration Zones LocalZone DefaultSubZone Registrations: Allow Cisco VCS Administrator Guide (X6.1) Page 327 of 401...
  • Page 328 Zones LocalZone SubZones MembershipRules Rule [1..3000] SubZoneName: <S: 0,50> The subzone to which an endpoint is assigned if its address satisfies this rule. Example: xConfiguration Zones LocalZone SubZones MembershipRules Rule 1 SubZoneName: "Branch Office" Cisco VCS Administrator Guide (X6.1) Page 328 of 401...
  • Page 329 Determines whether there is a limit on the bandwidth for any one call to or from an endpoint in this subzone. NoBandwidth: no bandwidth available. No calls can be made to or from this subzone. Default: Unlimited Example: xConfiguration Zones LocalZone SubZones SubZone 1 Bandwidth PerCall Inter Mode: Limited Cisco VCS Administrator Guide (X6.1) Page 329 of 401...
  • Page 330 Example: xConfiguration Zones LocalZone SubZones SubZone 1 Name: "BranchOffice" Zones LocalZone SubZones SubZone [1..1000] Registrations: <Allow/Deny> Controls whether registrations assigned to this subzone are accepted. Default: Allow Example: xConfiguration Zones LocalZone SubZones SubZone 1 Registrations: Allow Cisco VCS Administrator Guide (X6.1) Page 330 of 401...
  • Page 331 Sets the number of times traversal-enabled endpoints registered directly with the VCS will attempt to send a TCP probe to the VCS. Default: 5 Example: xConfiguration Zones LocalZone Traversal H323 TCPProbe RetryCount: 5 Cisco VCS Administrator Guide (X6.1) Page 331 of 401...
  • Page 332 Determines whether there is a limit on the bandwidth of any one traversal call being handled by the VCS. NoBandwidth: no bandwidth available. No traversal calls can be made. Default: Unlimited Example: xConfiguration Zones LocalZone TraversalSubZone Bandwidth PerCall Mode: Limited Cisco VCS Administrator Guide (X6.1) Page 332 of 401...
  • Page 333 AnyAlias: queries the zone for any alias (but not IP address). AnyIPAddress: queries the zone for any given IP address (but not alias). Default: AnyAlias Example: xConfiguration Zones Policy SearchRules Rule 1 Mode: AnyAlias Cisco VCS Administrator Guide (X6.1) Page 333 of 401...
  • Page 334 The order in the search process that this rule is applied, when compared to the priority of the other search rules. All Priority 1 search rules are applied first, followed by all Priority 2 search rules, and so on. Default: 100 Example: xConfiguration Zones Policy SearchRules Rule 1 Priority: 100 Cisco VCS Administrator Guide (X6.1) Page 334 of 401...
  • Page 335 Determines whether, if no NAPTR (SIP) or SRV (SIP and H.323) records have been found for the dialed alias via this zone, the VCS will then query for A and AAAA DNS Records. Default: Off Example: xConfiguration Zones Zone 1 DNS IncludeAddressRecord: Off Cisco VCS Administrator Guide (X6.1) Page 335 of 401...
  • Page 336 Zones Zone [1..1000] DNS Interworking SIP Video DefaultResolution: <None/QCIF/CIF/4CIF/SIF/4SIF/VGA/SVGA/XGA> Specifies which video resolution to use when empty INVITEs are not allowed. Default: CIF Example: xConfiguration Zones Zone 1 DNS Interworking SIP Video DefaultResolution: CIF Cisco VCS Administrator Guide (X6.1) Page 336 of 401...
  • Page 337 On: the length will be truncated to the maximum length specified by the SIP SDP attribute line limit length setting. Off: the length will not be truncated. Example: xConfiguration Zones Zone 1 DNS SIP SDP Attribute Line Limit Mode: Off Cisco VCS Administrator Guide (X6.1) Page 337 of 401...
  • Page 338 Specifies the DNS zone to be appended to the transformed E.164 number to create an ENUM host name which this zone is then queried for. Example: xConfiguration Zones Zone 2 ENUM DNSSuffix: "e164.arpa" Cisco VCS Administrator Guide (X6.1) Page 338 of 401...
  • Page 339 Zones Zone [1..1000] Neighbor H323 Port: <1024..65534> Specifies the port on the neighbor to be used for H.323 calls to and from this VCS. Default: 1719 Example: xConfiguration Zones Zone 3 Neighbor H323 Port: 1719 Cisco VCS Administrator Guide (X6.1) Page 339 of 401...
  • Page 340 Zones Zone [1..1000] Neighbor Interworking SIP Video DefaultBitrate: <64..65535> Specifies which video bitrate to use when empty INVITEs are not allowed. Default: 384 Example: xConfiguration Zones Zone 3 Neighbor Interworking SIP Video DefaultBitrate: 384 Cisco VCS Administrator Guide (X6.1) Page 340 of 401...
  • Page 341 Controls whether authenticated SIP messages (ones containing a P-Asserted-Identity header) from this zone are trusted. On: messages are trusted without further challenge. Off: messages are challenged for authentication. Default: Off Example: xConfiguration Zones Zone 3 Neighbor SIP Authentication Trust Mode: On Cisco VCS Administrator Guide (X6.1) Page 341 of 401...
  • Page 342 IP address and port from which media from this zone is received (latching). Otherwise it will forward the media to the IP address and port signaled in the SDP (signaled). Default: Auto. Example: xConfiguration Zones Zone 3 Neighbor SIP MediaRouting Mode: Auto Cisco VCS Administrator Guide (X6.1) Page 342 of 401...
  • Page 343 If SIP SDP attribute line limit mode is set to On, sets the maximum line length of a=fmtp SDP lines. Default: 130 Example: xConfiguration Zones Zone 3 Neighbor SIP SDP Attribute Line Limit Length: 130 Cisco VCS Administrator Guide (X6.1) Page 343 of 401...
  • Page 344 On: any media line referring to the UDP/BFCP protocol is replaced with TCP/BFCP and disabled. Off: INVITE requests are not modified. Default: Off Example: xConfiguration Zones Zone 1 Neighbor SIP UDP BFCP Filter Mode: Off Cisco VCS Administrator Guide (X6.1) Page 344 of 401...
  • Page 345 "password123" Zones Zone [1..1000] TraversalClient Authentication UserName: <S: 0,128> The user name used by the VCS when connecting to the traversal server. Example: xConfiguration Zones Zone 1 TraversalClient Authentication UserName: "clientname" Cisco VCS Administrator Guide (X6.1) Page 345 of 401...
  • Page 346 Specifies the port on the traversal server to be used for SIP calls from this VCS. If your traversal server is a VCS Expressway, this must be the port number that has been configured in the traversal server zone for this VCS. Example: xConfiguration Zones Zone 4 TraversalClient SIP Port: 5061 Cisco VCS Administrator Guide (X6.1) Page 346 of 401...
  • Page 347 VCS, this must be the VCS’s authentication user name. If the traversal client is a gatekeeper, this must be the gatekeeper’s System Name. For other types of traversal clients, refer to the VCS Admin Guide for further information. Example: xConfiguration Zones Zone 5 TraversalServer Authentication UserName: "User123" Cisco VCS Administrator Guide (X6.1) Page 347 of 401...
  • Page 348 Specifies the port on the VCS being used for SIP firewall traversal from this traversal client. Default: 7001, incrementing by 1 for each new zone. Example: xConfiguration Zones Zone 5 TraversalServer SIP Port: 5061 Cisco VCS Administrator Guide (X6.1) Page 348 of 401...
  • Page 349 Zones Zone [1..1000] TraversalServer TCPProbe RetryInterval: <1..65534> Sets the frequency (in seconds ) with which the traversal client will send a TCP probe to the VCS. Default: 2 Example: xConfiguration Zones Zone 5 TraversalServer TCPProbe RetryInterval: 2 Cisco VCS Administrator Guide (X6.1) Page 349 of 401...
  • Page 350 TraversalServer: there is a firewall between the zones and the local VCS is a traversal server for the new zone. ENUM: the new zone contains endpoints discoverable by ENUM lookup. DNS: the new zone contains endpoints discoverable by DNS lookup. Example: xConfiguration Zones Zone 3 Type: Neighbor Cisco VCS Administrator Guide (X6.1) Page 350 of 401...
  • Page 351: Xcommand Commands

    Assigns a name to this Advanced Media Gateway policy rule. Description: <S: 0,64> A free-form description of the membership rule. Example: xCommand AMGWPolicyRuleAdd Name: "Deny branch calls" Description: "Deny all calls to branch office" Cisco VCS Administrator Guide (X6.1) Page 351 of 401...
  • Page 352 ReadWrite: configuration can be viewed and changed. Auditor: allows access to the Event Log, Configuration Log and the Overview page only. Default: ReadWrite Example: xCommand AdminLoginGroupAdd Name: "VCS" Access: ReadWrite Cisco VCS Administrator Guide (X6.1) Page 352 of 401...
  • Page 353 Specifies the port of a KDC that can be used when the VCS joins the AD domain. Default: 88 Example: xCommand AdsKdcAdd KerberosKDCAddress: "192.168.0.0" KerberosKDCPort: 88 AdsKdcDelete Deletes a configured Kerberos KDC. KerberosKDCId(r): <1..5> The index of the Kerberos KDC to be deleted. Example: xCommand AdsKdcDelete KerberosKDCId: 1 Cisco VCS Administrator Guide (X6.1) Page 353 of 401...
  • Page 354 Deletes an entry from the Allow List. AllowListId(r): <1..2500> The index of the entry to be deleted. Example: xCommand AllowListDelete AllowListId: 2 Boot Reboots the VCS. This command has no parameters. Example: xCommand boot Cisco VCS Administrator Guide (X6.1) Page 354 of 401...
  • Page 355 How the alias is modified. Replace: <S: 0, 60> The text string to use in conjunction with the selected Pattern behavior. Example: xCommand CheckPattern Target: "john.smith@example.net" Pattern: "@example.net" Type: "suffix" Behavior: replace Replace: "@example.com" Cisco VCS Administrator Guide (X6.1) Page 355 of 401...
  • Page 356 Level 2: resets configuration items related to remote authentication, plus Level 1 items to their default value. Level 3: resets all critical configuration items, plus Level 1 and Level 2 items to their default value. Example: xCommand DefaultValuesSet Level: 1 Cisco VCS Administrator Guide (X6.1) Page 356 of 401...
  • Page 357 The serial number of the call to be disconnected. Note: you must specify either a call index or call serial number when using this command. Example: xCommand DisconnectCall CallSerialNumber: "6d843434-211c-11b2-b35d- 0010f30f521c" Cisco VCS Administrator Guide (X6.1) Page 357 of 401...
  • Page 358 Descriptive name for the external application whose status is being referenced. Example: xCommand ExtAppStatusDelete Name: foo FeedbackDeregister Deactivates a particular feedback request. ID: <1..3> The index of the feedback request to be deactivated. Example: xCommand FeedbackDeregister ID: 1 Cisco VCS Administrator Guide (X6.1) Page 358 of 401...
  • Page 359 Example: xCommand FindRegistration Alias: "john.smith@example.com" ForceConfigUpdate Forces the relevant configuration on this peer to be updated to match that of the cluster master. This command has no parameters. Example: xCommand ForceConfigUpdate Cisco VCS Administrator Guide (X6.1) Page 359 of 401...
  • Page 360 Returns a list of all subscribers who are watching for the presence information of a particular presentity. Presentity(r): <S:1, 255> The URI of the presentity being watched. Example: xCommand ListSubscribers Presentity: "mary.jones@example.com" Cisco VCS Administrator Guide (X6.1) Page 360 of 401...
  • Page 361 The level of tracing to use on the specified module. Default returns the trace level to its default value. Example: xCommand Log Module: "foo" TraceLevel: Error LogPersist Saves the current log levels so that they will persist over a restart. This command has no parameters. Example: xCommand LogPersist Cisco VCS Administrator Guide (X6.1) Page 361 of 401...
  • Page 362 OptionKeyAdd Adds a new option key to the VCS. These are added to the VCS in order to add extra functionality, such as increasing the VCS's capacity. Contact your Cisco representative for further information. Key(r): <S: 0, 90> Specifies the option key of your software option.
  • Page 363 The CPL used by the VCS when the remote service is unavailable. Default: <reject status='403' reason='Service Unavailable'/> Example: xCommand PolicyServiceAdd Name: "Conference" Description: "Conference service" Protocol: HTTP Verify: On CRLCheck: On Address: "service.server.example.com" Path: "service" StatusPath: "status" UserName: "user123" Password: "password123" DefaultCPL: "<reject status='403' reason='Service Unavailable'/>" Cisco VCS Administrator Guide (X6.1) Page 363 of 401...
  • Page 364 Specifies the LAN interface to use for this route. Auto: the VCS will select the most appropriate interface to use. Default: Auto Example: xCommand RouteAdd Address: "10.13.8.0" PrefixLength: 32 Gateway: "192.44.0.1" Cisco VCS Administrator Guide (X6.1) Page 364 of 401...
  • Page 365 This command has no parameters. Example: xCommand SecureModeOff SecureModeOn Turns secure mode on - certain features and login accounts will be unavailable. This command has no parameters. Example: xCommand SecureModeOn Cisco VCS Administrator Guide (X6.1) Page 365 of 401...
  • Page 366 The index of the SIP route to be deleted. Tag: <S:0, 64> Tag value specified by external applications to uniquely identify routes that they create. Example: xCommand SIPRouteDelete SipRouteId: Tag: "Tag1" Cisco VCS Administrator Guide (X6.1) Page 366 of 401...
  • Page 367 Example: xCommand SubZoneAdd SubZoneName: "BranchOffice" TotalMode: Limited Total: 1024 PerCallInterMode: Limited PerCallInter: 512 PerCallIntraMode: Limited PerCallIntra: 512 SubZoneDelete Deletes a subzone. SubZoneId(r): <1..1000> The index of the subzone to be deleted. Example: xCommand SubZoneDelete SubZoneId: 2 Cisco VCS Administrator Guide (X6.1) Page 367 of 401...
  • Page 368 Example: xCommand SubZoneMembershipRuleAdd Name: "Home Workers" Type: Subnet SubZoneName: "Home Workers" Description: "Staff working at home" SubZoneMembershipRuleDelete Deletes a membership rule. SubZoneMembershipRuleId(r): <1..3000> The index of the membership rule to be deleted. Example: xCommand SubZoneMembershipRuleDelete SubZoneMembershipRuleId: 1 Cisco VCS Administrator Guide (X6.1) Page 368 of 401...
  • Page 369 Example: xCommand TransformAdd Pattern: "example.net" Type: suffix Behavior: replace Replace: "example.com" Priority: 3 Description: "Change example.net to example.com" State: Enabled TransformDelete Deletes a transform. TransformId(r): <1..100> The index of the transform to be deleted. Example: xCommand TransformDelete TransformId: 2 Cisco VCS Administrator Guide (X6.1) Page 369 of 401...
  • Page 370 The warning ID Example: xCommand WarningAcknowledge WarningID: "ab3d63f6-c0bb-4a9c-a121- e683abfedff0" WarningLower Lowers a warning. Note: this command is intended for developer use only. WarningID(r): <S:36, 36> The warning ID. Example: xCommand WarningLower WarningID: "ab3d63f6-c0bb-4a9c-a121-e683abfedff0" Cisco VCS Administrator Guide (X6.1) Page 370 of 401...
  • Page 371 Note that this command does not change any existing system configuration. Alias(r): <S: 1, 60> The alias to be searched for. Example: xCommand ZoneList Alias: "john.smith@example.com" Cisco VCS Administrator Guide (X6.1) Page 371 of 401...
  • Page 372: Xstatus Elements

    Each element has the sub-elements as described below: Alternates Alternates: Peer [1..6]: {Hidden for Peer [n] when Peer [n] is self} Status: <Active/Failed/Unknown> Cause: {visible if status is Failed} <No response Cisco VCS Administrator Guide (X6.1) Page 372 of 401...
  • Page 373 URI: <S: 1,255> Subscription: Count: <1..100> Count: <1..2500> Max: <1..2500> Expired: <1..2500> Presentities: Count: <0..10000> Max: <0..10000> Presentity [1..10000]: URI: <S: 1,255> Subscriber: Count: <1..100> ConferenceFactory: Status: <Inactive/Initializing/Active/Failed> NextId: <0.. 4294967295> External Cisco VCS Administrator Guide (X6.1) Page 373 of 401...
  • Page 374 Tag: <S: 1,255> State: <Connecting/Connected/Disconnecting> StartTime: <Seconds since boot/Date Time> Duration: <Time in seconds, precision in seconds> Legs: Leg [1..300]: Protocol: <H323/SIP> H323: {visible if Protocol = H323} CallSignalAddress: <IPv4Addr/[IPv6Addr]>:<1..65534> Aliases: Cisco VCS Administrator Guide (X6.1) Page 374 of 401...
  • Page 375 Route: Zone/Link: <S: 1,50 Node name> {0..150 entries} Media {visible if MediaRouted = True} Channels Channel [1..n] Type: <AUDIO/VIDEO/DATA/BFCP/H224/UNKNOWN> Protocol: <S: 1,20> {RTP Payload Type} Rate: <0.. 4294967295> bps Packets: Forwarded: Cisco VCS Administrator Guide (X6.1) Page 375 of 401...
  • Page 376 URL: <S: 0, 255> Feedback Feedback [1..3]: Status: <On/Off> URL: <S: 1,255> Expression: <S: 1,127> {0..15 entries} FindMeManager FindMeManager: Mode: <Off/Local/Remote> Status: <Active/Inactive/Unknown> {visible if Remote} Address: <1..1024> {Visible if Remote} Cisco VCS Administrator Guide (X6.1) Page 376 of 401...
  • Page 377 IPv4: {Visible if Status=Active} Address: <IPv4Addr> {1..2 entries} IPv6: {Visible if Status=Active} Address: <IPv6Addr> {1..2 entries} Protocol: <IPv4/IPv6/Both> IPv4: Gateway: <IPv4Addr> IPv6: Gateway: <IPv6Addr> DNS: Server [1-5]: Address: <IPv4Addr/IPv6Addr> Domain: <S: 0, 128> LDAP Cisco VCS Administrator Guide (X6.1) Page 377 of 401...
  • Page 378 CallSerialNumber: <S: 1,255> Loggers Loggers Logger [1..6] Module: TraceLevel: NTP: Status: <Inactive/Initializing/Active/Failed> Cause: {visible if status is Failed} <No response from NTP server/ DNS resolution failed> Address: <IPv4Addr/IPv6Addr> Port: <1..65534> Last Update: <date-time> Cisco VCS Administrator Guide (X6.1) Page 378 of 401...
  • Page 379 LastUsed: <Time not set/Date Time> Peers: Peer [1..3]: Host: <S: 0,255> Status: <Active/Failed> Reason: <S: 0,255> LastStatusChange: <Time not set/Date Time> Registrations Registrations: Registration [1..3750]: Protocol: <H323/SIP> Node: <S: 1,50 Node name> Cisco VCS Administrator Guide (X6.1) Page 379 of 401...
  • Page 380 SIP: {Visible if Protocol is SIP} AOR: <S: 1,128> Contact: <S: 1,255> Path: URI [1..10]: <S: 1,255> ResourceUsage ResourceUsage: Calls: Traversal: Current: <0..150> Max: <0..150> Total: <0..4294967295> NonTraversal: Current: <0..750> Max: <0..750> Total: <0..4294967295> Registrations: Cisco VCS Administrator Guide (X6.1) Page 380 of 401...
  • Page 381 TLS: Status: <Active/Inactive/Failed> Address: <IPv6Addr> SystemUnit SystemUnit: Product: TANDBERG VCS Uptime: <Time in seconds> SystemTime: <Time not set/date-time> TimeZone: <GMT or one of 300 other timezones> LocalTime: <local-date-time> Software: Version: X<n> Cisco VCS Administrator Guide (X6.1) Page 381 of 401...
  • Page 382 Relay [1..1400]: Address: <IPv4Addr/IPv6Addr> Client: Address: <IPv4Addr/IPv6Addr> CreationTime: <Date Time> ExpireTime: <Date Time> Permissions: Count: <0..65535> Permission [0..65535]: Address: <IPv4Addr/IPv6Addr> CreationTime: <Date Time> ExpireTime: <Date Time> Channels: Count: <0..65535> Channel [0..65535]: Cisco VCS Administrator Guide (X6.1) Page 382 of 401...
  • Page 383 Refresh: <0..65535> Permission: <0..65535> ChannelBind: <0..65535> Media: Forwarded: From: <0..65535> To: <0..65535> Errors: From: NoChannel: <0..65535> NoPermission: <0..65535> InvalidType: <0..65535> FilterFailure: <0..65535> NoChannel: <0..65535> NoPermission: <0..65535> InvalidType: <0..65535> FilterFailure: <0..65535> Warnings Cisco VCS Administrator Guide (X6.1) Page 383 of 401...
  • Page 384 ClusterUsage: <0..100000000> Calls: {visible only if there are calls} Call [0..900]: {0..900 entries} CallId: <S: 1,255> ClusterSubZone: Name: “ClusterSubZone” Bandwidth: LocalUsage: <0..100000000> ClusterUsage: <0..100000000> Calls: {visible only if there are calls} Cisco VCS Administrator Guide (X6.1) Page 384 of 401...
  • Page 385 LastStatusChange: <Time not set/Date Time> SIP: {visible if SIP Mode=On for Zone} Status: <Unknown/Active/Failed> Cause: {visible if Status is Failed} <No response from gatekeeper/DNS resolution failed/Invalid IP address> Address: <IPv4Addr/IPv6Addr> {One Address Cisco VCS Administrator Guide (X6.1) Page 385 of 401...
  • Page 386 SIP: {visible if SIP Mode=On for Zone} Status: Active Address: <IPv4Addr/IPv6Addr> {One Address line per address from DNS lookup} Port: <1..65534> LastStatusChange: <Time not set/Date Time> Calls: {0..900 entries} Call [0..900]: CallID: <S: 1,255> Cisco VCS Administrator Guide (X6.1) Page 386 of 401...
  • Page 387: About Policy Services

    DESTINATION_ALIAS GLOBAL_CALL- SERIAL_NUMBER LOCAL_CALL_ SERIAL_NUMBER METHOD INVITE / ARQ / LRQ / OPTIONS / SETUP / REGISTER NETWORK_TYPE IPV4 / IPV6 POLICY_TYPE REGISTRATION SEARCH ADMIN USER PROTOCOL SIP / H323 REGISTERED_ALIAS Cisco VCS Administrator Guide (X6.1) Page 387 of 401...
  • Page 388: Policy Service Responses

    SOURCE_ALIAS UTCTime ZONE_NAME Policy service responses The VCS expects the response from the policy service to include an item of CPL which will then be validated and processed by the VCS. Cisco VCS Administrator Guide (X6.1) Page 388 of 401...
  • Page 389: Bibliography

    Session Traversal Utilities for NAT http://tools.ietf.org/html/rfc5389 (STUN) Traversal Using Relays around NAT http://tools.ietf.org/html/rfc5766 (TURN): Relay Extensions to Session Traversal Utilities for NAT (STUN) RFC 4787: Network Address http://www.ietf.org/rfc/rfc4787.txt Translation (NAT) Behavioral Requirements for Unicast UDP Cisco VCS Administrator Guide (X6.1) Page 389 of 401...
  • Page 390 VCS Getting Started Guide www.tandberg.com D14525 VCS Deployment Guide - FindMe www.tandberg.com D14526 VCS Deployment Guide - www.tandberg.com Authenticating VCS accounts using LDAP D14465 VCS Deployment Guide - ENUM www.tandberg.com dialing on VCS Cisco VCS Administrator Guide (X6.1) Page 390 of 401...
  • Page 391 VCS Deployment Guide - Cisco Unified www.tandberg.com Communications Manager with VCS using a SIP trunk D14652 VCS Deployment Guide - Microsoft www.tandberg.com OCS 2007, VCS and Cisco AM GW RFC 5245: Interactive Connectivity http://tools.ietf.org/html/rfc5245 Establishment (ICE) D14049 Cisco TelePresence Video www.tandberg.com...
  • Page 392: Glossary

    (Also referred to as Administrator Policy.) A Cisco product used for the management of video networks. Cisco TelePresence Management Suite A generic term for the Cisco product which acts as a gatekeeper and SIP Cisco TelePresence proxy/server. Video...
  • Page 393 An ITU standard for structured telephone numbers. Each telephone number consists of a country code, area code and subscriber number. ENUM A means of mapping E.164 numbers to URIs using DNS. Defined by RFC E.164 Number 3761 [8]. Mapping Cisco VCS Administrator Guide (X6.1) Page 393 of 401...
  • Page 394 The act of crossing a firewall or NAT device. FindMe™ Cisco TelePresence FindMe is a User Policy feature that allows users to have a single alias on which they can be reached regardless of the endpoints they are currently using.
  • Page 395 The client application released with Microsoft Office Communications Server Communications (OCS). The MOC client can be used for instant messaging, presence, voice (MOC) client and video calls and ad hoc conferences. Cisco VCS Administrator Guide (X6.1) Page 395 of 401...
  • Page 396 Reference material Term Definition Multiway Cisco TelePresence Multiway enables endpoint users to create a conference while in a call even if their endpoint does not have this functionality built in. See the Conference Factory section for more information. NAPTR record A type of DNS record.
  • Page 397 SRV record A type of DNS record. Defined by RFC 2782 [3]. Service record STUN Firewall NAT traversal for SIP. Defined by RFC 3489 [21]. Simple Traversal of UDP through NAT Cisco VCS Administrator Guide (X6.1) Page 397 of 401...
  • Page 398 Traversal-enabled Any endpoint that supports the Assent and/or ITU H.460.18 and H.460.19 endpoint standards for firewall traversal. This includes all Cisco TelePresence MXP endpoints. TURN Relay extensions to STUN (Session Traversal Utilities for NAT).
  • Page 399 External zones are used to configure connections to external systems with which the VCS has a neighbor, traversal client or traversal server relationship, and to configure the way in which the VCS performs ENUM and DNS searches. Cisco VCS Administrator Guide (X6.1) Page 399 of 401...
  • Page 400: Legal Notices

    This product is Copyright © 2011, Tandberg Telecom UK Limited. All rights reserved. TANDBERG is now part of Cisco. Tandberg Telecom UK Limited is a wholly owned subsidiary of Cisco Systems, Inc. This product includes copyrighted software licensed from others. A list of the copyright notices and the terms and conditions of use can be found at: http://www.tandberg.com/collateral/documentation/User_Manuals/Cisco_VCS_EULA.pdf...
  • Page 401: Disclaimers And Notices

    THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners.