- DL manuals
- TANDBERG
- Conference System
- Gatekeeper
- User Manual
TANDBERG Gatekeeper User Manual
Summary of Gatekeeper
Page 1
Tandberg gatekeeper user manual software version n3 d13381.03 this document is not to be reproduced in whole or in part without permission in writing from:.
Page 2: Trademarks And Copyright
Tandberg gatekeeper user manual ii trademarks and copyright copyright 1993-2005 tandberg asa. All rights reserved. This document contains information that is proprietary to tandberg asa. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form, or by a...
Page 3: Environmental Issues
Tandberg gatekeeper user manual iii environmental issues thank you for buying a product which contributes to a reduction in pollution, and thereby helps save the environment. Our products reduce the need for travel and transport and thereby reduce pollution. Our products have either none or few cons...
Page 4: Operator Safety Summary
Tandberg gatekeeper user manual iv operator safety summary for your protection, please read these safety instructions completely before operating the equipment and keep this manual for future reference. The information in this summary is intended for operators. Carefully observe all warnings, precau...
Page 5: Table Of Contents
V table of contents tandberg gatekeeper user manual .......................................................................................I trademarks and copyright ...................................................................................................... Ii environmental issues...........
Page 6
Tandberg gatekeeper user manual vi 4.1 upgrading using http(s) ........................................................................................ 30 4.2 upgrading using scp ............................................................................................... 31 5 configuring the gate...
Page 7: 1 Introduction
1 1 introduction this user manual is provided to help you make the best use of your tandberg gatekeeper. A gatekeeper is a central part of an h.323 infrastructure. It provides address translation and controls access to the network for h.323 terminals, gateways and mcus. The gatekeeper also provides ...
Page 8: Overview
Tandberg gatekeeper user manual 2 1.1 tandberg gatekeeper overview on the front of the gatekeeper there are three lan interfaces, a serial port (data 1) and a light emitting diode (power). The lan 1 interface is used for connecting the system to your local area network, lan interface 2 and 3 are dis...
Page 9: 2 Installation
3 2 installation precautions: never install communication equipment during a lightning storm. Never install jacks for communication cables in wet locations unless the jack is specifically designed for wet locations. Never touch uninstalled communication wires or terminals unless the communication li...
Page 10: 2.2 Mounting
Tandberg gatekeeper user manual 4 do not place heavy objects directly on top of the gatekeeper. Do not place hot objects directly on top, or directly beneath the gatekeeper. Use a grounded ac power outlet for the gatekeeper. 2.2 mounting the gatekeeper comes with brackets for mounting in standard 19...
Page 11
5 2.5 gatekeeper initial configuration the tandberg gatekeeper requires some configuration before it can be used. This must be done using a pc connected to the serial port (data 1). The main thing that needs to be configured is the ip settings of the gatekeeper. This includes the ip address, the ip ...
Page 12
Tandberg gatekeeper user manual 6 xconfiguration gatekeeper autodiscovery command in section 5.2 for more information. 12. Reboot the gatekeeper by typing the command xcommand boot to make your new settings take effect. 13. Disconnect the serial cable. Note to secure the gatekeeper you should disabl...
Page 13: 3 Using The Gatekeeper
7 3 using the gatekeeper the gatekeeper is used by h.323 terminals, gateways and mcus. These devices register with the gatekeeper and the gatekeeper then provides address translation and controls access to the network. 3.1 system administration to configure and monitor the tandberg gatekeeper you ca...
Page 14: 3.3 Neighbor Gatekeepers
Tandberg gatekeeper user manual 8 note automatic discovery is a function that allows the gatekeeper to reply to multicast gatekeeper discovery messages from the endpoint. Note if you have problems registering the endpoint, try turning on automatic discovery. Some endpoints require automatic registra...
Page 15
9 remote zones can be configured through the web interface of the tandberg gatekeeper by navigating to gatekeeper configuration > gatekeeper. See figure 1 for a screenshot of the configuration. Figure 1 screenshot of the adding a new zone configuration note when using a local zone prefix do not star...
Page 16
Tandberg gatekeeper user manual 10 when a gatekeeper receives a location request, if it cannot respond from its own registration database, it will query all of its alternates before responding. This allows the pool of registrations to be treated as if they were registered with a single gatekeeper. T...
Page 17: 3.5 Call Control
11 3.5 call control when an end-point wants to call another endpoint it presents the address it wants to call to the gatekeeper using a protocol knows as ras. The gatekeeper tries to resolve this address and supplies the calling endpoint with information about the called endpoint. The destination ad...
Page 18
Tandberg gatekeeper user manual 12 figure 3 admission request processing.
Page 19
13 figure 4 location request processing.
Page 20: 3.6 Bandwidth Control
Tandberg gatekeeper user manual 14 3.6 bandwidth control the tandberg gatekeeper allows you to control endpoints ’ use of bandwidth on your network. Figure 5 shows a typical deployment: a broadband lan, where high bandwidth calls are acceptable, a pipe to the internet with restricted bandwidth, and ...
Page 21
15 xconfiguration links link [1..100] pipe2 name each subzone may be configured with its own bandwidth limits. Calls placed between two endpoints in the same subzone consume resource from the subzone ’ s allocation. Subzone bandwidths are configured on the gatekeeper configuration > subzones page (s...
Page 22
Tandberg gatekeeper user manual 16 figure 6 configuration of a subzone through the web interface figure 7 adding a new pipe through the web interface figure 8 configuring the downspeeding parameters of the gatekeeper 3.6.1 bandwidth control and firewall traversal when a border controller and gatekee...
Page 23
17 3.6.2 bandwidth control examples one possible configuration for the deployment in figure 5 is shown in figure 9. Each of the offices is represented as a separate subzone, with bandwidth configured according to local policy. The enterprise ’ s leased line connection to the internet, and the dsl co...
Page 24
Tandberg gatekeeper user manual 18 in figure , the endpoints in the enterprise register with the gatekeeper, whilst those in the branch and home office register with the border controller. Border controller branch office home office traversal sub-zone home sub-zone branch sub-zone enterprise pipe ho...
Page 25: 3.7 Registration Control
19 figure 12 gatekeeper example configuration all of the endpoints in the enterprise will be assigned to the default subzone. The traversal subzone controls traversal traffic flowing through the gatekeeper, whilst the traversal zone controls all traffic traversing the enterprise firewall and passing...
Page 26: 3.7.2 Authentication
Tandberg gatekeeper user manual 20 match an entry on the denylist. Allow lists and deny lists are mutually exclusive: only one may be in use at any given time. Matching uses a simple form of wild card expansion: 12345678 exact match only 1234567? First 7 characters are an exact match, last may be an...
Page 27
21 to configure the gatekeeper to use the local database of credentials during authentication issue the following commands xconfiguration authentication mode: on xconfiguration authentication database: localdatabase each credential in the local database has a username and a password. To manage the c...
Page 28
Tandberg gatekeeper user manual 22 xconfiguration ldap userdn: "your user dn" xconfiguration ldap password: "password" the status of the connection between the gatekeeper and the ldap server can be verified using the command xstatus ldap the details of the ldap server can also be configured via the ...
Page 29: 3.9 Uri Dialing
23 figure 16 configuring the gatekeeper to authenticate with an ldap server using tls encryption 3.9 uri dialing if an alias is not located in the gatekeeper ’ s list of registrations, it may attempt to find an authoritative gatekeeper through the dns system. Uri dialing makes it easier for endpoint...
Page 30: 3.10 Firewall Traversal
Tandberg gatekeeper user manual 24 figure 17 ip configuration screen 3.9.1 uri dialing and firewall traversal if uri dialing is being used in conjunction with firewall traversal, dnsresolutionmode should only be enabled on the border controller. The dns records should be updated with the address of ...
Page 31: 3.11 Call Policy
25 to configure the gatekeeper for firewall traversal, use the web or console interface (see figure 18 for this configuration screen on the web interface). You will need to set the ip address of the border controller xconfiguration traversal server address: you will need to enter the name of your ga...
Page 32
Tandberg gatekeeper user manual 26 xconfiguration gatekeeper policy mode policy interacts with authentication (section 3.7.2, authentication). If authentication is enabled on the local gatekeeper and a call received from a remote, unauthenticated gatekeeper, the call ’ s source aliases will be remov...
Page 33: 3.11.2 Cpl Script Actions
27 “ display ” not defined for any alias types address the address construct is used within an address-switch to specify addresses to match. Please note that all address comparisons ignore upper/lower case differences so is= “ fred ” > will match “ fred ” , “ fred ” etc. Is= selected field and subfi...
Page 34: 3.11.4 Cpl Examples
Tandberg gatekeeper user manual 28 an e.164 number. Proxy on executing a proxy node the gatekeeper will attempt to forward the call to the locations specified in the current location set. If multiple entries are in the location set then they are treated as different aliases for the same destination ...
Page 35
29 user "fred" will not accept calls from anyone at "annoying.Com", or from any unauthenticated users. All other users will allow any calls. Call redirection redirect all calls to user "barney" to voicemail..
Page 36: 4 Software Upgrade
Tandberg gatekeeper user manual 30 4 software upgrade software upgrade can be done in one of two ways: using a web browser (http/https). Using secure copy (scp). Note to upgrade the gatekeeper, a valid release key and software file is required. Contact your tandberg representative for more informati...
Page 37
31 4. Enter the release key and press install software. You will get a new screen where you can upload the software image: 5. Browse to the file containing the software and press install. You should see a page indicating that upload is in progress: 6. When the upload is completed you should see the ...
Page 38
Tandberg gatekeeper user manual 32 note make sure you transfer the release key file before transferring the software image. Also make sure you name the files exactly as described below. Note the release key file should contain just the 16 character release key. To upgrade using scp, do the following...
Page 39: 5.1 Status
33 5 configuring the gatekeeper this chapter lists the basic usage of each command. The commands also support more advanced usage, which is outside the scope of this document. 5.1 status the status root command, xstatus, returns status information from the gatekeeper. To list all xstatus commands ty...
Page 40: 5.2 Configuration
Tandberg gatekeeper user manual 34 command usage description resourceusage xstatus resourceusage reports usage of system resources. Registrations : number of currently registered endpoints. Maxregistrations : maximum number of registered endpoints since system start. Portregistrations : total number...
Page 41
35 xconfiguration ? To list all configuration data, type xconfiguration to show a specific configuration value, type xconfiguration to show usage information for a specific configuration value, type xconfiguration ? To set a configuration element type xconfiguration : value1 : value2 there is also a...
Page 42
Tandberg gatekeeper user manual 36 configuration commands description xconfiguration gatekeeper alternategk [1..5]: list of alternate gatekeepers ’ ip addresses. Xconfiguration gatekeeper autodiscovery: specifies if the gatekeeper supports automatic registration of endpoints. The default is on. Xcon...
Page 43
37 configuration commands description xconfiguration https mode: enables/disables https support. Note that http must also be enabled. You must restart the system for changes to take effect. Xconfiguration ip address: specify the ip address of the system. You must restart the system for changes to ta...
Page 44
Tandberg gatekeeper user manual 38 configuration commands description xconfiguration pipes pipe [1..100] bandwidth total limit: bandwidth associated with a pipe, keyed by index. Xconfiguration pipes pipe [1..100] bandwidth total mode: whether or not a given pipe is enforcing total bandwidth restrict...
Page 45
39 configuration commands description xconfiguration subzones traversalsubzone bandwidth total mode: whether or not the traversal subzone is enforcing total bandwidth restrictions. None corresponds to no bandwidth available. Xconfiguration subzones subzone [1..100] bandwidth percall limit: per-call ...
Page 46: 5.3 Command
Tandberg gatekeeper user manual 40 configuration commands description xconfiguration zones zone [1..100] gatekeeper ip port: specifies the ip port of the neighbor gatekeeper xconfiguration zones zone [1..100] gatekeeper hopcount: maximum hop count to use when issuing lrqs to gatekeepers in this zone...
Page 47
41 command usage description denylistadd xcommand denylistadd add an entry to the deny list, used by the registration restriction policy. Denylistdelete xcommand denylistdelete removes the pattern from the deny list at the specified index. Disconnectcall xcommand disconnectcall disconnects the speci...
Page 48: 5.4 History
Tandberg gatekeeper user manual 42 command usage description subzonedelete xcommand subzonedelete: deletes the indexed subzone. Zoneadd xcommand zoneadd adds a new zone with the specified name, zone prefix and ip address. E.G. Xcommand zoneadd b 65 10.0.0.30 note: the parameter order to this command...
Page 49: 5.6 Other Commands
43 xfeedback list to register a feedback expression, type xfeedback register to deregister the feedback expression with index , type xfeedback deregister to deregister all feedback expressions, type xfeedback deregister 0 feedback commands description xfeedback register status/ registers for feedbac...
Page 50
Tandberg gatekeeper user manual 44 command usage description relkey relkey displays the release key that this software has been installed with. Syslog syslog [ipaddr] [ipaddr] ... Enables tracing. - is the log level, 0-3, 3 gives most logging. Ipaddr – specify up to 10 ip addresses to log informatio...
Page 51: Servers
45 6 appendix: configuring dns servers in the examples below, we set up an srv record to handle h.323 uris of the form user@example.Com. These are handled by the gatekeeper with the fully qualified domain name of gatekeeper1.Example.Com which is listening on port 1719, the default registration port....
Page 52
Tandberg gatekeeper user manual 46 then instruct named to reload the files kill – s sighup pid 4. Check the log files for any discrepancies tail /var/log/messages for more details of how to configure bind servers and the dns system in general see the book “ dns and bind ” 6 . 6.3 verifying the srv r...
Page 53: Servers
47 7 appendix: configuring ldap servers 7.1 microsoft active directory 7.1.1 prerequisites these comprehensive step by step instructions assume that active directory is installed. For details on installing active directory please consult your windows documentation. The following instructions are for...
Page 54: 7.1.3 Securing With Tls
Tandberg gatekeeper user manual 48 communiqueid: comm1 h323identityh323-id: meetingroom1 h323identitydialeddigits: 626262 h235identityendpointid: meetingroom1 h235identitypassword: mypassword add the ldif file to the server using the command: ldifde -i -c dc=x -f filename.Ldf this will add a single ...
Page 55
49 h.350.2 – directory services architecture for h.235 - an ldap schema to represent h.235 elements. The schemas can be downloaded in ldif format from the web interface on the gatekeeper. To do this, navigate to the gatekeeper configuration > files page and click on the links for the schemas. Copy t...
Page 56: 7.2.4 Securing With Tls
Tandberg gatekeeper user manual 50 communiqueid: comm1 h323identityh323-id: meetingroom1 h323identitydialeddigits: 626262 h235identityendpointid: meetingroom1 h235identitypassword: mypassword add the ldif file to the server using the command: slapadd -l this will add a single h.323 endpoint with an ...
Page 57: 8 Approvals
51 8 approvals the product has been approved by various international approval agencies, among others: ul and nemko. According to their follow-up inspection scheme, these agencies also perform production inspections at a regular basis, for all production of tandberg ’ s equipment. The test reports a...
Page 58: 9 Technical Specifications
Tandberg gatekeeper user manual 52 9 technical specifications system capacity 100-1000 registered endpoints 25-200 concurrent calls 0-100 traversal calls 100 zones (the system ’ s capacity depends on the system ’ s option key) ethernet interfaces 3 x lan/ethernet (rj-45) 10/100 base-tx (2 disabled) ...
Page 59: 10 Index
53 10 index allowlist, 19, 36, 40 alternate, 9, 24, 36 authentication ldap, 35 local database, 35 bandwidth control, 37 cpl, 25, 36 examples, 28 unsupported elements, 28 credentials, 21 denylist, 19, 36, 41 dns, 23, 24, 36 bind, 45 microsoft dns server, 45 down-speed, 15 ethernet, 2 speed, 35 firewa...