Tandberg gatekeeper user manual software version n3 d13381.03 this document is not to be reproduced in whole or in part without permission in writing from:.
Tandberg gatekeeper user manual ii trademarks and copyright copyright 1993-2005 tandberg asa. All rights reserved. This document contains information that is proprietary to tandberg asa. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form, or by a...
Tandberg gatekeeper user manual iii environmental issues thank you for buying a product which contributes to a reduction in pollution, and thereby helps save the environment. Our products reduce the need for travel and transport and thereby reduce pollution. Our products have either none or few cons...
Tandberg gatekeeper user manual iv operator safety summary for your protection, please read these safety instructions completely before operating the equipment and keep this manual for future reference. The information in this summary is intended for operators. Carefully observe all warnings, precau...
V table of contents tandberg gatekeeper user manual .......................................................................................I trademarks and copyright ...................................................................................................... Ii environmental issues...........
Tandberg gatekeeper user manual vi 4.1 upgrading using http(s) ........................................................................................ 30 4.2 upgrading using scp ............................................................................................... 31 5 configuring the gate...
1 1 introduction this user manual is provided to help you make the best use of your tandberg gatekeeper. A gatekeeper is a central part of an h.323 infrastructure. It provides address translation and controls access to the network for h.323 terminals, gateways and mcus. The gatekeeper also provides ...
Tandberg gatekeeper user manual 2 1.1 tandberg gatekeeper overview on the front of the gatekeeper there are three lan interfaces, a serial port (data 1) and a light emitting diode (power). The lan 1 interface is used for connecting the system to your local area network, lan interface 2 and 3 are dis...
3 2 installation precautions: never install communication equipment during a lightning storm. Never install jacks for communication cables in wet locations unless the jack is specifically designed for wet locations. Never touch uninstalled communication wires or terminals unless the communication li...
Tandberg gatekeeper user manual 4 do not place heavy objects directly on top of the gatekeeper. Do not place hot objects directly on top, or directly beneath the gatekeeper. Use a grounded ac power outlet for the gatekeeper. 2.2 mounting the gatekeeper comes with brackets for mounting in standard 19...
5 2.5 gatekeeper initial configuration the tandberg gatekeeper requires some configuration before it can be used. This must be done using a pc connected to the serial port (data 1). The main thing that needs to be configured is the ip settings of the gatekeeper. This includes the ip address, the ip ...
Tandberg gatekeeper user manual 6 xconfiguration gatekeeper autodiscovery command in section 5.2 for more information. 12. Reboot the gatekeeper by typing the command xcommand boot to make your new settings take effect. 13. Disconnect the serial cable. Note to secure the gatekeeper you should disabl...
7 3 using the gatekeeper the gatekeeper is used by h.323 terminals, gateways and mcus. These devices register with the gatekeeper and the gatekeeper then provides address translation and controls access to the network. 3.1 system administration to configure and monitor the tandberg gatekeeper you ca...
Tandberg gatekeeper user manual 8 note automatic discovery is a function that allows the gatekeeper to reply to multicast gatekeeper discovery messages from the endpoint. Note if you have problems registering the endpoint, try turning on automatic discovery. Some endpoints require automatic registra...
9 remote zones can be configured through the web interface of the tandberg gatekeeper by navigating to gatekeeper configuration > gatekeeper. See figure 1 for a screenshot of the configuration. Figure 1 screenshot of the adding a new zone configuration note when using a local zone prefix do not star...
Tandberg gatekeeper user manual 10 when a gatekeeper receives a location request, if it cannot respond from its own registration database, it will query all of its alternates before responding. This allows the pool of registrations to be treated as if they were registered with a single gatekeeper. T...
11 3.5 call control when an end-point wants to call another endpoint it presents the address it wants to call to the gatekeeper using a protocol knows as ras. The gatekeeper tries to resolve this address and supplies the calling endpoint with information about the called endpoint. The destination ad...
Tandberg gatekeeper user manual 12 figure 3 admission request processing.
13 figure 4 location request processing.
Tandberg gatekeeper user manual 14 3.6 bandwidth control the tandberg gatekeeper allows you to control endpoints ’ use of bandwidth on your network. Figure 5 shows a typical deployment: a broadband lan, where high bandwidth calls are acceptable, a pipe to the internet with restricted bandwidth, and ...
15 xconfiguration links link [1..100] pipe2 name each subzone may be configured with its own bandwidth limits. Calls placed between two endpoints in the same subzone consume resource from the subzone ’ s allocation. Subzone bandwidths are configured on the gatekeeper configuration > subzones page (s...
Tandberg gatekeeper user manual 16 figure 6 configuration of a subzone through the web interface figure 7 adding a new pipe through the web interface figure 8 configuring the downspeeding parameters of the gatekeeper 3.6.1 bandwidth control and firewall traversal when a border controller and gatekee...
17 3.6.2 bandwidth control examples one possible configuration for the deployment in figure 5 is shown in figure 9. Each of the offices is represented as a separate subzone, with bandwidth configured according to local policy. The enterprise ’ s leased line connection to the internet, and the dsl co...
Tandberg gatekeeper user manual 18 in figure , the endpoints in the enterprise register with the gatekeeper, whilst those in the branch and home office register with the border controller. Border controller branch office home office traversal sub-zone home sub-zone branch sub-zone enterprise pipe ho...
19 figure 12 gatekeeper example configuration all of the endpoints in the enterprise will be assigned to the default subzone. The traversal subzone controls traversal traffic flowing through the gatekeeper, whilst the traversal zone controls all traffic traversing the enterprise firewall and passing...
Tandberg gatekeeper user manual 20 match an entry on the denylist. Allow lists and deny lists are mutually exclusive: only one may be in use at any given time. Matching uses a simple form of wild card expansion: 12345678 exact match only 1234567? First 7 characters are an exact match, last may be an...
21 to configure the gatekeeper to use the local database of credentials during authentication issue the following commands xconfiguration authentication mode: on xconfiguration authentication database: localdatabase each credential in the local database has a username and a password. To manage the c...
Tandberg gatekeeper user manual 22 xconfiguration ldap userdn: "your user dn" xconfiguration ldap password: "password" the status of the connection between the gatekeeper and the ldap server can be verified using the command xstatus ldap the details of the ldap server can also be configured via the ...
23 figure 16 configuring the gatekeeper to authenticate with an ldap server using tls encryption 3.9 uri dialing if an alias is not located in the gatekeeper ’ s list of registrations, it may attempt to find an authoritative gatekeeper through the dns system. Uri dialing makes it easier for endpoint...
Tandberg gatekeeper user manual 24 figure 17 ip configuration screen 3.9.1 uri dialing and firewall traversal if uri dialing is being used in conjunction with firewall traversal, dnsresolutionmode should only be enabled on the border controller. The dns records should be updated with the address of ...
25 to configure the gatekeeper for firewall traversal, use the web or console interface (see figure 18 for this configuration screen on the web interface). You will need to set the ip address of the border controller xconfiguration traversal server address: you will need to enter the name of your ga...
Tandberg gatekeeper user manual 26 xconfiguration gatekeeper policy mode policy interacts with authentication (section 3.7.2, authentication). If authentication is enabled on the local gatekeeper and a call received from a remote, unauthenticated gatekeeper, the call ’ s source aliases will be remov...
27 “ display ” not defined for any alias types address the address construct is used within an address-switch to specify addresses to match. Please note that all address comparisons ignore upper/lower case differences so is= “ fred ” > will match “ fred ” , “ fred ” etc. Is= selected field and subfi...
Tandberg gatekeeper user manual 28 an e.164 number. Proxy on executing a proxy node the gatekeeper will attempt to forward the call to the locations specified in the current location set. If multiple entries are in the location set then they are treated as different aliases for the same destination ...
29 user "fred" will not accept calls from anyone at "annoying.Com", or from any unauthenticated users. All other users will allow any calls. Call redirection redirect all calls to user "barney" to voicemail..
Tandberg gatekeeper user manual 30 4 software upgrade software upgrade can be done in one of two ways: using a web browser (http/https). Using secure copy (scp). Note to upgrade the gatekeeper, a valid release key and software file is required. Contact your tandberg representative for more informati...
31 4. Enter the release key and press install software. You will get a new screen where you can upload the software image: 5. Browse to the file containing the software and press install. You should see a page indicating that upload is in progress: 6. When the upload is completed you should see the ...
Tandberg gatekeeper user manual 32 note make sure you transfer the release key file before transferring the software image. Also make sure you name the files exactly as described below. Note the release key file should contain just the 16 character release key. To upgrade using scp, do the following...
33 5 configuring the gatekeeper this chapter lists the basic usage of each command. The commands also support more advanced usage, which is outside the scope of this document. 5.1 status the status root command, xstatus, returns status information from the gatekeeper. To list all xstatus commands ty...
Tandberg gatekeeper user manual 34 command usage description resourceusage xstatus resourceusage reports usage of system resources. Registrations : number of currently registered endpoints. Maxregistrations : maximum number of registered endpoints since system start. Portregistrations : total number...
35 xconfiguration ? To list all configuration data, type xconfiguration to show a specific configuration value, type xconfiguration to show usage information for a specific configuration value, type xconfiguration ? To set a configuration element type xconfiguration : value1 : value2 there is also a...
Tandberg gatekeeper user manual 36 configuration commands description xconfiguration gatekeeper alternategk [1..5]: list of alternate gatekeepers ’ ip addresses. Xconfiguration gatekeeper autodiscovery: specifies if the gatekeeper supports automatic registration of endpoints. The default is on. Xcon...
37 configuration commands description xconfiguration https mode: enables/disables https support. Note that http must also be enabled. You must restart the system for changes to take effect. Xconfiguration ip address: specify the ip address of the system. You must restart the system for changes to ta...
Tandberg gatekeeper user manual 38 configuration commands description xconfiguration pipes pipe [1..100] bandwidth total limit: bandwidth associated with a pipe, keyed by index. Xconfiguration pipes pipe [1..100] bandwidth total mode: whether or not a given pipe is enforcing total bandwidth restrict...
39 configuration commands description xconfiguration subzones traversalsubzone bandwidth total mode: whether or not the traversal subzone is enforcing total bandwidth restrictions. None corresponds to no bandwidth available. Xconfiguration subzones subzone [1..100] bandwidth percall limit: per-call ...
Tandberg gatekeeper user manual 40 configuration commands description xconfiguration zones zone [1..100] gatekeeper ip port: specifies the ip port of the neighbor gatekeeper xconfiguration zones zone [1..100] gatekeeper hopcount: maximum hop count to use when issuing lrqs to gatekeepers in this zone...
41 command usage description denylistadd xcommand denylistadd add an entry to the deny list, used by the registration restriction policy. Denylistdelete xcommand denylistdelete removes the pattern from the deny list at the specified index. Disconnectcall xcommand disconnectcall disconnects the speci...
Tandberg gatekeeper user manual 42 command usage description subzonedelete xcommand subzonedelete: deletes the indexed subzone. Zoneadd xcommand zoneadd adds a new zone with the specified name, zone prefix and ip address. E.G. Xcommand zoneadd b 65 10.0.0.30 note: the parameter order to this command...
43 xfeedback list to register a feedback expression, type xfeedback register to deregister the feedback expression with index , type xfeedback deregister to deregister all feedback expressions, type xfeedback deregister 0 feedback commands description xfeedback register status/ registers for feedbac...
Tandberg gatekeeper user manual 44 command usage description relkey relkey displays the release key that this software has been installed with. Syslog syslog [ipaddr] [ipaddr] ... Enables tracing. - is the log level, 0-3, 3 gives most logging. Ipaddr – specify up to 10 ip addresses to log informatio...
45 6 appendix: configuring dns servers in the examples below, we set up an srv record to handle h.323 uris of the form user@example.Com. These are handled by the gatekeeper with the fully qualified domain name of gatekeeper1.Example.Com which is listening on port 1719, the default registration port....
Tandberg gatekeeper user manual 46 then instruct named to reload the files kill – s sighup pid 4. Check the log files for any discrepancies tail /var/log/messages for more details of how to configure bind servers and the dns system in general see the book “ dns and bind ” 6 . 6.3 verifying the srv r...
47 7 appendix: configuring ldap servers 7.1 microsoft active directory 7.1.1 prerequisites these comprehensive step by step instructions assume that active directory is installed. For details on installing active directory please consult your windows documentation. The following instructions are for...
Tandberg gatekeeper user manual 48 communiqueid: comm1 h323identityh323-id: meetingroom1 h323identitydialeddigits: 626262 h235identityendpointid: meetingroom1 h235identitypassword: mypassword add the ldif file to the server using the command: ldifde -i -c dc=x -f filename.Ldf this will add a single ...
49 h.350.2 – directory services architecture for h.235 - an ldap schema to represent h.235 elements. The schemas can be downloaded in ldif format from the web interface on the gatekeeper. To do this, navigate to the gatekeeper configuration > files page and click on the links for the schemas. Copy t...
Tandberg gatekeeper user manual 50 communiqueid: comm1 h323identityh323-id: meetingroom1 h323identitydialeddigits: 626262 h235identityendpointid: meetingroom1 h235identitypassword: mypassword add the ldif file to the server using the command: slapadd -l this will add a single h.323 endpoint with an ...
51 8 approvals the product has been approved by various international approval agencies, among others: ul and nemko. According to their follow-up inspection scheme, these agencies also perform production inspections at a regular basis, for all production of tandberg ’ s equipment. The test reports a...
Tandberg gatekeeper user manual 52 9 technical specifications system capacity 100-1000 registered endpoints 25-200 concurrent calls 0-100 traversal calls 100 zones (the system ’ s capacity depends on the system ’ s option key) ethernet interfaces 3 x lan/ethernet (rj-45) 10/100 base-tx (2 disabled) ...
53 10 index allowlist, 19, 36, 40 alternate, 9, 24, 36 authentication ldap, 35 local database, 35 bandwidth control, 37 cpl, 25, 36 examples, 28 unsupported elements, 28 credentials, 21 denylist, 19, 36, 41 dns, 23, 24, 36 bind, 45 microsoft dns server, 45 down-speed, 15 ethernet, 2 speed, 35 firewa...