Contents Introduction About the Cisco TelePresence Video Communication Server (VCS) VCS base applications Standard features Optional features Installation and initial configuration About this guide Typographical conventions Using the web interface Using the command line interface (CLI) Web page features and layout What’s new in this version?
Page 3
H.323 endpoint registration H.323 configuration About SIP VCS as a SIP registrar VCS as a SIP proxy server Proxying registration requests VCS as a SIP Presence Server SIP configuration Configuring SIP domains Cisco VCS Administrator Guide (X7.1) Page 3 of 479...
Page 4
Structuring your dial plan Flat dial plan Structured dial plan Hierarchical dial plan About the Local Zone and subzones Bandwidth management Local Zone searches About zones Default Zone Zone configuration Configuring neighbor zones Cisco VCS Administrator Guide (X7.1) Page 4 of 479...
Page 5
Query a zone for original and transformed alias Query a zone for two or more transformed aliases Stripping @domain for dialing to H.323 numbers Transforms for alphanumeric H.323 ID dial strings Cisco VCS Administrator Guide (X7.1) Page 5 of 479...
Page 6
Configuring Call Policy Configuring Call Policy rules using the web interface Configuring Call Policy using a CPL script Configuring VCS to use the Cisco TelePresence Advanced Media Gateway Configuring the VCS Usage features and limitations Configuring Cisco AM GW policy rules...
Page 7
Usage features and limitations Configuring the Microsoft OCS/Lync B2BUA Configuring the B2BUA's trusted hosts Configuring transcoder policy rules Configuring B2BUA transcoders Restarting the B2BUA service FindMe™ User (FindMe) account configuration How are devices specified? Cisco VCS Administrator Guide (X7.1) Page 7 of 479...
Page 8
Resetting user account passwords Configuring administrator accounts Password security Configuring administrator groups Configuring user accounts Configuring a user's principal devices Configuring user groups Backing up and restoring VCS data Creating a backup Cisco VCS Administrator Guide (X7.1) Page 8 of 479...
Page 9
Software version history X6.1 X5.2 X5.1 About Event Log levels Event Log format Administrator and FindMe user events Message details field Events and levels CPL reference CPL address-switch node otherwise not-present Cisco VCS Administrator Guide (X7.1) Page 9 of 479...
Page 10
Command reference — xCommand xCommand commands Command reference — xStatus xStatus elements About policy services Policy service request parameters Policy service responses Cryptography support Flash status word reference table Bibliography Glossary Legal notices Cisco VCS Administrator Guide (X7.1) Page 10 of 479...
Page 11
Intellectual property rights Copyright notice Patent information Cisco VCS Administrator Guide (X7.1) Page 11 of 479...
Introduction This section provides an overview of the Cisco TelePresence Video Communication Server, including: About the Cisco TelePresence Video Communication Server Base applications Standard features Optional features About this guide Using the web interface What’s new in this version? Cisco VCS Administrator Guide (X7.1)
About the Cisco TelePresence Video Communication Server (VCS) The Cisco TelePresence Video Communication Server (VCS) enhances the video experience and provides seamless communication between SIP and H.323 devices utilizing IETF and ITU standards. The VCS is the center of the video communication network, and connects all H.323 and SIP endpoints, infrastructure, and management devices.
Control over which endpoints are allowed to register Call Policy (also known as Administrator Policy) including support for CPL Can be managed with Cisco TelePresence Management Suite (TMS) 12.6 or later Cisco VCS Administrator Guide (X7.1) Page 14 of 479...
Introduction AD authentication for administrators of the VCS Pre-configured defaults for: Cisco Unified Communications Manager neighbor zones Cisco TelePresence Advanced Media Gateway Microsoft Office Communications Server (OCS) 2007 / Lync neighbor zones Nortel Communication Server neighbor zones Embedded setup wizard using a serial port for initial configuration...
Virtual appliance support The VCS can run on VMware on Cisco UCS C200 M2 and UCS C210 M2 servers. Installation and initial configuration Full installation and initial configuration instructions for the VCS are contained in VCS Getting Started Guide.
Name of the page that you will be taken to. Where command line interface (CLI) commands are included, they are shown in the format: xConfiguration <Element> <SubElement> xCommand <Command> Cisco VCS Administrator Guide (X7.1) Page 17 of 479...
It may work with Opera and Safari, but you could encounter unexpected behavior. JavaScript and cookies must be enabled to use the VCS web interface. Cisco VCS Administrator Guide (X7.1) Page 18 of 479...
Typing an xConfiguration path into the CLI followed by a ? returns information about the usage for that element and sub-elements. Typing an xCommand command into the CLI with or without a ? returns information about the usage of that command. Cisco VCS Administrator Guide (X7.1) Page 19 of 479...
Information icon or click inside a field. This box gives you information about the particular field, including where applicable the valid ranges and default value. To close the information box, click on the X at its top right corner. Cisco VCS Administrator Guide (X7.1) Page 20 of 479...
Page 21
LAN 1 IPv4 address if no system name is configured), local system time, currently selected language, hardware serial number and VCS software version are shown at the bottom of the page. Note that you cannot change configuration settings if your administrator account has read-only privileges. Cisco VCS Administrator Guide (X7.1) Page 21 of 479...
Call processing Improved interworking between VCS and Cisco Unified Communications Manager (CUCM). VCS now always stays in the call signaling route for calls to neighbor zones that are configured with the Cisco Unified Communications Manager or the Infrastructure device zone profiles.
Overview and status information You can view information about the current status, registrations, current calls and call history, and configuration of the VCS by using the Status menu options. Cisco VCS Administrator Guide (X7.1) Page 23 of 479...
Clustered VCS systems If the VCS is part of a cluster, then details for each peer are shown as well as totals for the entire cluster. About clusters for more information. Cisco VCS Administrator Guide (X7.1) Page 24 of 479...
If an NTP server has been configured, the system time in local time (UTC adjusted according to the time local time zone) is shown. If no NTP server has been configured, the time according to the VCS’s operating system is shown. Cisco VCS Administrator Guide (X7.1) Page 25 of 479...
MAC address The MAC address of the VCS’s Ethernet device for that LAN port. Speed The speed of the connection between the LAN port on the VCS and the Ethernet switch. The Ethernet speed can be configured via the Ethernet page. Cisco VCS Administrator Guide (X7.1) Page 26 of 479...
Specifies the name to be appended to the host name before a query to the DNS server is executed. The IP settings can be configured via the page. The Dual network interfaces option is enabled by the addition of the corresponding option key. Cisco VCS Administrator Guide (X7.1) Page 27 of 479...
To maintain the same capacity for your cluster, you should ensure that either the problem with the peer is resolved or new option keys are installed on another peer in the cluster. About clusters for more information. Cisco VCS Administrator Guide (X7.1) Page 28 of 479...
Note that this page does not apply if the VCS is using the TMS Provisioning Extension services to provide user account data; in this case, user accounts are maintained through TMS. Cisco VCS Administrator Guide (X7.1) Page 29 of 479...
To limit the list of registrations, enter one or more characters in the Filter field and click Filter. Only those registrations that contain (in any of the displayed fields) the string you entered will be shown. To return to the full list of registrations, click Reset. Cisco VCS Administrator Guide (X7.1) Page 30 of 479...
The following information is displayed: Field Description Name The H.323 alias or SIP AOR that the device registered. Clicking on an individual Name takes you to the Registrations details page for that registration. Cisco VCS Administrator Guide (X7.1) Page 31 of 479...
Click Unregister and block to unregister the device and add the alias to the Deny List page, thus preventing the device from automatically re-registering. (This option is only available if the Restriction policy has been set to Deny List.) Cisco VCS Administrator Guide (X7.1) Page 32 of 479...
Call disconnection works differently for H.323 and SIP calls due to differences in the way the protocols work: H.323 calls, and interworked H.323 to SIP calls: the Disconnect command will actually disconnect the call. Cisco VCS Administrator Guide (X7.1) Page 33 of 479...
To limit the list of calls, enter one or more characters in the Filter field and click Filter. Only those calls that contain (in any of the displayed fields) the characters you entered are shown. To return to the full list of calls, click Reset. Cisco VCS Administrator Guide (X7.1) Page 34 of 479...
Corresponding VCS call link to see details of the leg passing through the VCS. Further information about the call can be viewed via the links in the Related tasks section at the bottom of the page: Cisco VCS Administrator Guide (X7.1) Page 35 of 479...
Page 36
(accessed from the B2BUA calls page) shows information about the media channels (audio and video) that made up the call between the VCS, the OCS/Lync server and, if applicable, the transcoder. Cisco VCS Administrator Guide (X7.1) Page 36 of 479...
To limit the list of calls, enter one or more characters in the Filter field and click Filter. Only those calls that contain (in any of the displayed fields) the characters you entered are shown. To return to the full list of calls, click Reset. Cisco VCS Administrator Guide (X7.1) Page 37 of 479...
It takes you to a new Search details page which lists full information about all the searches associated with the call's Call Tag. Cisco VCS Administrator Guide (X7.1) Page 38 of 479...
Traversal Subzone, so they will show up twice; once in the originating subzone and once in the Traversal Subzone. Bandwidth The total amount of bandwidth used by all calls passing through the subzone. used Cisco VCS Administrator Guide (X7.1) Page 39 of 479...
Checking: the protocol is enabled for that zone and the system is currently trying to establish a connection Search This area is used to indicate if that zone is not a target of any search rules. rule status Cisco VCS Administrator Guide (X7.1) Page 40 of 479...
The total number of calls currently traversing the pipe. Note that a single call may traverse more than one pipe, depending on how your system is configured. Bandwidth The total bandwidth of all the calls currently traversing the pipe. used Cisco VCS Administrator Guide (X7.1) Page 41 of 479...
This field displays the server address currently selected for use by the VCS. Status The current status of the service. Last Indicates when the service was last requested by a VCS process. used Cisco VCS Administrator Guide (X7.1) Page 42 of 479...
View counters for this relay takes you to the TURN relay counters page, where you can view TURN request, response and error counters, as well as media counters, for the relay. Cisco VCS Administrator Guide (X7.1) Page 43 of 479...
The number of endpoints who have requested information about that particular presentity. To view the list of all subscribers who are requesting information about a particular presentity, click on the presentity’s URI. Cisco VCS Administrator Guide (X7.1) Page 44 of 479...
The number of local presentities about whom this endpoint is requesting information. To view the list of all local presentities whose information is being requested by a particular endpoint, click on the endpoint’s URI. Cisco VCS Administrator Guide (X7.1) Page 45 of 479...
FindMe ID. Subscription Indicates whether the OCS Relay application has subscribed successfully to the FindMe ID's state presence information. Doing so allows MOC clients to view the presence information of FindMe users. Cisco VCS Administrator Guide (X7.1) Page 46 of 479...
B2BUA) displays the status of Microsoft OCS/Lync B2BUA service. The Microsoft OCS/Lync back-to-back user agent (B2BUA) on the VCS is used to route SIP calls between the VCS and a Microsoft OCS/Lync Server. Cisco VCS Administrator Guide (X7.1) Page 47 of 479...
VCS with provisioning and FindMe data that is managed and maintained exclusively within TMS. The provisioning server status reporting provided by this page is available only when the VCS is operating in Provisioning Extension mode, or when running in Starter Pack mode. Cisco VCS Administrator Guide (X7.1) Page 48 of 479...
You can view the data records provided by the TMS Provisioning Extension Users service by going to Status > Applications > TMS Provisioning Extension services > Users > ... and then the relevant table: Cisco VCS Administrator Guide (X7.1) Page 49 of 479...
You can click View to display further details about the selected record. Many views also allow you to click on related information to see the data records associated with that item. For example, when viewing a FindMe user, you can also access the related location and device records. Cisco VCS Administrator Guide (X7.1) Page 50 of 479...
Checking provisioned data Check provisioned data page is used to check the configuration data that the VCS's Provisioning Server will provision to a specific user and device combination. Cisco VCS Administrator Guide (X7.1) Page 51 of 479...
Page 52
If the actual Version used by the endpoint is not listed, select the nearest earlier version. 3. Click Check provisioned data. The Results section will show the data that would be provisioned out to that user and device combination. Cisco VCS Administrator Guide (X7.1) Page 52 of 479...
You can click the Alarm ID to generate a filtered view of the Event Log, showing all occurrences of when that alarm has been raised and lowered. See the alarms list for further information about the specific alarms that can be raised. Cisco VCS Administrator Guide (X7.1) Page 53 of 479...
Event Log color coding Certain events in the Event Log are color-coded so that you can identify them more easily. These events are as follows: Green events: System Start Admin Session Start/Finish Cisco VCS Administrator Guide (X7.1) Page 54 of 479...
The Filter section lets you filter the Configuration Log. Enter the words you want to search for and click Filter. Only those events that contain all the words you entered are shown. To do more advanced filtering, click more options. This gives you additional filtering methods: Cisco VCS Administrator Guide (X7.1) Page 55 of 479...
Contains any of the words: includes any events that contain at least one of the words entered here. Not containing any of the words: filters out any events containing any of the words entered here. Cisco VCS Administrator Guide (X7.1) Page 56 of 479...
Page 57
Module= filters the list to show all the events of that particular type. The events that appear in the Network Log are dependent on the log levels configured on the Network Log configuration page. Cisco VCS Administrator Guide (X7.1) Page 57 of 479...
The LCD panel on the front of the VCS hardware unit has a rotating display of the VCS's system name, IP addresses, alarms, and the number of current traversal calls, non-traversal calls and registrations. Cisco VCS Administrator Guide (X7.1) Page 58 of 479...
These options enable you to configure the VCS in relation to the network in which it is located, for example its IP settings and the external services used by the VCS (for example DNS, NTP and SNMP). Cisco VCS Administrator Guide (X7.1) Page 59 of 479...
IP routes can be configured using the CLI only: routes can be added by using the xCommand RouteAdd command and can be modified by using the xConfiguration IP Route commands. Cisco VCS Administrator Guide (X7.1) Page 60 of 479...
LAN 1. If the Cisco VCS Expressway is in the DMZ, the outside IP address of the Cisco VCS Expressway must be a public IP address, or if static NAT mode is enabled, the static NAT address must be publicly accessible.
(for example ldapserver.mydomain.com) or is in the form of an IP address, the domain name is not appended to the server address before querying the DNS server. It applies to the following configuration settings in the VCS: Cisco VCS Administrator Guide (X7.1) Page 62 of 479...
Page 63
For each additional per-domain DNS server address you can specify up to 2 Domain names. Any DNS queries under those domains are forwarded to the specified DNS server instead of the default DNS servers. Cisco VCS Administrator Guide (X7.1) Page 63 of 479...
The VCS supports the DiffServ (Differentiated Services) mechanism which puts the specified Tag value in the TOS (Type Of Service) field of the IPv4 header or TC (Traffic Class) field of the IPv6 header. Cisco VCS Administrator Guide (X7.1) Page 64 of 479...
VCS. towards the total number of current administrator sessions. A value of 0 turns session limits off. Telnet Determines whether the VCS service can be accessed via Telnet. Default is Off. Cisco VCS Administrator Guide (X7.1) Page 65 of 479...
Page 66
The LCD panel on the front of the VCS hardware unit has a rotating display of the VCS's system name, IP addresses, alarms, and the number of current traversal calls, non-traversal calls and registrations. To control the display of status items: Cisco VCS Administrator Guide (X7.1) Page 66 of 479...
You can configure the front panel to hide this identifying information, if required for security reasons for example, by using the CLI command xConfiguration Administration LCDPanel Mode. If the mode is set to Off the front panel only displays "Cisco". Configuring SNMP settings...
The NTP server provides the VCS with UTC time. You are strongly recommended to configure an NTP server as accurate time is necessary for correct system operation and to ensure correct timestamps in system logs. Cisco VCS Administrator Guide (X7.1) Page 68 of 479...
Page 69
DNS Domain name configured in addition to one or more DNS servers, you can use the server address, FQDN or IP address. The NTP server address fields default to one of three NTP servers provided by Cisco: 0.ntp.tandberg.com, 1.ntp.tandberg.com, or 2.ntp.tandberg.com.
Page 70
It also adjusts the local time to account for summer time (also known as daylight saving time) when appropriate. Note that a UTC timestamp is included at the end of each entry in the Event Log. Cisco VCS Administrator Guide (X7.1) Page 70 of 479...
VCS's connection to an external management system. An external manager is a remote system, such as the Cisco TelePresence Management Suite (TMS), used to monitor events occurring on the VCS, for example call attempts, connections and disconnections, and as a place for where the VCS can send alarm information.
You must add the certificate of the issuer of the TMS server's certificate to the file containing the VCS's trusted CA certificates. This is done from the Security certificates page (Maintenance > Certificate management > Security certificates). Cisco VCS Administrator Guide (X7.1) Page 72 of 479...
Page 73
VCS then click Check for updates instead. Further status information The menu options under Status > Applications > TMS Provisioning Extension services provide full status information about the TMS Provisioning Extension services, including: Cisco VCS Administrator Guide (X7.1) Page 73 of 479...
All events have an associated level in the range 1-4, with Level 1 Events considered the most important. The table below gives an overview of the levels assigned to different events. Cisco VCS Administrator Guide (X7.1) Page 74 of 479...
To enable remote logging, you must configure the VCS with the IP addresses or Fully Qualified Domain Names (FQDNs) of the Remote syslog servers to where the Event Log is written. Up to 4 servers can be specified. Note that these servers cannot be another VCS. Cisco VCS Administrator Guide (X7.1) Page 75 of 479...
H.323 configuration options available on the VCS overview of SIP and the SIP configuration options available on the VCS how to configure the VCS to act as a SIP to H.323 gateway Cisco VCS Administrator Guide (X7.1) Page 76 of 479...
The default VCS configuration uses standard port numbers so UDP port UDP registrations. Default is you can use H.323 services out of the box without having to first 1719. set these up. Cisco VCS Administrator Guide (X7.1) Page 77 of 479...
Page 78
Specifies whether the prefix of Including the prefix allows the recipient to directly return the call. the ISDN gateway is inserted into the caller's E.164 number presented on the destination endpoint. Cisco VCS Administrator Guide (X7.1) Page 78 of 479...
(VCS or VCS cluster) with which they want to register, and the endpoint will attempt to register with that registrar only. The VCS is a SIP server and a SIP registrar. Cisco VCS Administrator Guide (X7.1) Page 79 of 479...
If the VCS receives a registration request for a domain for which it is not acting as a Registrar (the VCS does not have that SIP domain configured), then the VCS may proxy the registration request onwards. This depends on the SIP registration proxy mode setting, as follows: Cisco VCS Administrator Guide (X7.1) Page 80 of 479...
Enables and disables SIP functionality (SIP registrar This mode must be enabled to use and SIP proxy services) on the VCS. Default is On. either the Presence Server or the Presence User Agent. Cisco VCS Administrator Guide (X7.1) Page 81 of 479...
Page 82
The VCS never returns a value higher than what was requested. This applies only to endpoints registered with the VCS. It does not apply to endpoints whose registrations are proxied through the VCS. Cisco VCS Administrator Guide (X7.1) Page 82 of 479...
Page 83
Outbound. Requests for a value refresh greater than this will result in a lower value being maximum returned (calculated according to the Outbound registration refresh strategy). The default is 3600 seconds. Cisco VCS Administrator Guide (X7.1) Page 83 of 479...
(dot). A level name cannot start or end with a hyphen, and the final level name must start with a letter. An example valid domain name is 100.example-name.com. You can configure up to 200 SIP domains. Cisco VCS Administrator Guide (X7.1) Page 84 of 479...
So if you dial 123 from a SIP endpoint, the search will be placed for 123@domain. If the H.323 endpoint being dialed is just registered as 123, the VCS will not be able to locate the alias 123@domain and the call will fail. The solutions are to either: Cisco VCS Administrator Guide (X7.1) Page 85 of 479...
Page 86
See the pre-search transforms section for information about how to configure pre-search transforms, and stripping @domain for dialing to H.323 numbers section for an example of how to do this. Cisco VCS Administrator Guide (X7.1) Page 86 of 479...
This section provides information about the pages that appear under the VCS configuration > Registration menu. It includes the following information: overview of the VCS's registration policies how to control registrations using Allow Lists and Deny Lists Cisco VCS Administrator Guide (X7.1) Page 87 of 479...
If a traversal-enabled endpoint registers directly with a VCS Expressway, the VCS Expressway will provide the same services to that endpoint as a VCS Control, with the addition of firewall traversal. Traversal- enabled endpoints include all Cisco TelePresence Expressway™ endpoints and third-party endpoints which support the ITU H.460.18 and H.460.19 standards.
Note that the Cisco TelePresence MPS 200 and MPS 800, and the Cisco TelePresence Content Server both support Expressway. They can therefore register directly with a VCS Expressway for firewall traversal.
Users of other registered endpoints can then call the endpoint by dialing any of these aliases. You are recommended to register your H.323 endpoints using a URI. This facilitates interworking between SIP and H.323, as SIP endpoints register using a URI as standard. Cisco VCS Administrator Guide (X7.1) Page 90 of 479...
H.323 endpoints may use "light" re-registrations which do not contain all the aliases presented in the initial registration, so the re-registration may not get filtered by the restriction policy. If this is the case, the Cisco VCS Administrator Guide (X7.1) Page 91 of 479...
Page 92
The frequency of re-registrations is determined by the Registration expire delta setting for (VCS configuration > Protocols > SIP > Configuration) and the Time to live setting for H.323 (VCS configuration > Protocols > H.323). Cisco VCS Administrator Guide (X7.1) Page 92 of 479...
Prefix: the alias must begin with the Pattern. Suffix: the alias must end with the Pattern. Regex: the Pattern is a regular expression. Description An optional free-form description of the entry. Cisco VCS Administrator Guide (X7.1) Page 93 of 479...
Prefix: the alias must begin with the Pattern. Suffix: the alias must end with the Pattern. Regex: the Pattern is a regular expression. Description An optional free-form description of the entry. Cisco VCS Administrator Guide (X7.1) Page 94 of 479...
Movi and Windows how to configure the username and password that is used by the VCS whenever it is required to authenticate with external systems Cisco VCS Administrator Guide (X7.1) Page 95 of 479...
Default Zone if the endpoint is not registered. The relevant Authentication policy must be set to either Check credentials or Treat as authenticated, otherwise PUBLISH messages will fail. Hierarchical dial plan (directory VCS) deployments and device authentication Cisco VCS Administrator Guide (X7.1) Page 96 of 479...
The VCS can check the credentials supplied within the message against either: an on-box local database of usernames and passwords real time access via LDAP to an external database which has an H.350 schema real time access to an Active Directory Service Cisco VCS Administrator Guide (X7.1) Page 97 of 479...
Page 98
Note: accurate timestamps play an important part in authentication, helping to guard against replay attacks. For this reason, if you are using device authentication, both the VCS and the endpoints must use an server to synchronize their system time. Cisco VCS Administrator Guide (X7.1) Page 98 of 479...
All messages are classified as rejected. unauthenticated. Messages that pass authentication are Any existing P-Asserted-Identity headers classified as authenticated and a P- are removed. Asserted-Identity header is inserted into the message. Cisco VCS Administrator Guide (X7.1) Page 99 of 479...
Page 100
Messages with an existing P-Asserted- unchanged. Identity header are passed on unchanged. Messages without an existing P-Asserted- Messages without an existing P-Asserted- Identity header have one inserted. Identity header are classified as unauthenticated. Cisco VCS Administrator Guide (X7.1) Page 100 of 479...
Do not check Messages are not challenged for credentials authentication. All messages are classified as unauthenticated. Treat as Messages are not challenged for authenticated authentication. All messages are classified as authenticated. Cisco VCS Administrator Guide (X7.1) Page 101 of 479...
You are recommended to enable authentication trust only if the neighbor zone is part of a network of trusted SIP servers. Authentication trust is automatically implied between traversal server and traversal client zones. Cisco VCS Administrator Guide (X7.1) Page 102 of 479...
VCS, for example when attempting to register and the relevant subzone's Authentication Policy is set to Check credentials. For Cisco endpoints using H.323, the username is typically the endpoint’s Authentication ID; for Cisco endpoints using SIP it is typically the endpoint’s Authentication username.
TLS: TLS encryption is used for the connection to the for the LDAP server. Click Upload a CA LDAP server. certificate file for TLS to go to the Off: no encryption is used. Security certificates page. The default is Off. Cisco VCS Administrator Guide (X7.1) Page 104 of 479...
Page 105
The current status of the connection to the specified LDAP server is displayed at the bottom of the page. Note that if you want to use an LDAP database for device authentication, you must also go to the Authentication configuration page and select a Database type of LDAP database. Cisco VCS Administrator Guide (X7.1) Page 105 of 479...
Click Download to display the required schema in your browser from where you can use the browser's Save command to store it on your file system. LDAP configuration for device authentication for more information. Cisco VCS Administrator Guide (X7.1) Page 106 of 479...
Pack, do not delete or modify the StarterPackTURNUser entry in the local authentication database. If device authentication using the local database is enabled, all other credentials that are required to support Starter Pack provisioned devices have to be added manually for each user account. Cisco VCS Administrator Guide (X7.1) Page 107 of 479...
VCS configuration > Authentication > Devices > Configuration and ensure that NTLM protocol challenges is set to Auto. The VCS can now start to authenticate Movi credentials. 4. A Movi endpoint then attempts to register with the VCS. Cisco VCS Administrator Guide (X7.1) Page 108 of 479...
Auto: automatically adapts to the domain controller's settings. Enabled: always attempts to use a secure channel. Disabled: does not use a secure channel. The default is Auto. Cisco VCS Administrator Guide (X7.1) Page 109 of 479...
Page 110
VCS. This is why you must enter the credentials every time you attempt to join the domain. The current status of the connection to the Active Directory Service is displayed at the bottom of the page. Cisco VCS Administrator Guide (X7.1) Page 110 of 479...
Page 111
LDAP communications with the Domain Controller TCP/389 Microsoft-DS RPC communications with the Domain Controller TCP/445 (used for the authentication of client credentials) Note that if TCP/445 cannot be reached, the system falls back to using TCP/139. Cisco VCS Administrator Guide (X7.1) Page 111 of 479...
Note that these settings are not used by traversal client zones. Traversal clients, which must always authenticate with traversal servers before they can connect, configure their connection credentials per traversal client zone. Cisco VCS Administrator Guide (X7.1) Page 112 of 479...
It includes the following information: an overview of your video communications network ways of structuring a dial plan an overview of the Local Zone and its subzones how to configure different zone types Cisco VCS Administrator Guide (X7.1) Page 113 of 479...
The Local Zone is also connected to external VCSs and to the internet via different types of zones. All these components are described in more detail in the sections that follow. Cisco VCS Administrator Guide (X7.1) Page 114 of 479...
VCS as a neighbor zone search rules for each zone that have a Mode of Alias pattern match and the target VCS's prefix (as with the structured dial plan) as the Pattern string Cisco VCS Administrator Guide (X7.1) Page 115 of 479...
Page 116
However, if the node VCSs have a neighbor zone relationship then the message will be identified as coming through that neighbor zone, the VCS will not perform any credential checking and the message will be accepted. Cisco VCS Administrator Guide (X7.1) Page 116 of 479...
Local Zone and out to external zones, and speed up the search process. For further information about how to configure search rules for the Local Zone, see the Configuring search and zone transform rules section. Cisco VCS Administrator Guide (X7.1) Page 117 of 479...
Default Zone's Authentication Policy Note that the Default Zone cannot be deleted and its only configurable option is its Authentication Policy setting. Cisco VCS Administrator Guide (X7.1) Page 118 of 479...
You create a neighbor relationship with the other system by adding it as a neighbor zone on your local VCS. After you have added it, you can: Cisco VCS Administrator Guide (X7.1) Page 119 of 479...
Page 120
(depending on which SIP Transport mode is in use). Transport Determines which transport type is used for SIP calls to and from the neighbor system. The default is TLS. Cisco VCS Administrator Guide (X7.1) Page 120 of 479...
Page 121
Do not use the Custom option or Custom: allows you to configure each setting configure the individual Advanced individually. settings except on the advice of Cisco Preconfigured profiles: choose one of the customer support. preconfigured profiles to automatically use the appropriate settings required for connections to that type of system.
Protocol Determines which of the two firewall traversal Firewall traversal protocols and protocols (Assent or H.460.18) to use for calls to the ports for more information. traversal server. Cisco VCS Administrator Guide (X7.1) Page 122 of 479...
Page 123
SIP messages that originate from non-local domains. Client settings section: Retry interval The interval in seconds with which a failed attempt to establish a connection to the traversal server should be retried. Location section: Cisco VCS Administrator Guide (X7.1) Page 123 of 479...
This count assigned, the lower of the two field specifies the hop count to use when sending a values is used. search request to this particular zone. Connection credentials section: Cisco VCS Administrator Guide (X7.1) Page 124 of 479...
Page 125
If TLS verify mode is enabled, a TLS verify subject name must be specified. This is the certificate holder's name to look for in the traversal client's X.509 certificate. Cisco VCS Administrator Guide (X7.1) Page 125 of 479...
ENUM zones allow you to locate endpoints via an ENUM lookup. You can create one or more search rules for ENUM zones based on the ENUM DNS suffix used and/or by pattern matching of the endpoints’ aliases. After you have configured one or more ENUM zones, you can: Cisco VCS Administrator Guide (X7.1) Page 126 of 479...
Hop counts section for more information). This field assigned, the lower of the two values is used. specifies the hop count to use when sending a search request to this particular zone. Cisco VCS Administrator Guide (X7.1) Page 127 of 479...
The table below describes the Advanced and Custom zone configuration options. Some of these settings only apply to specific zone types. Note: you should only use the Custom zone profile settings on the advice of Cisco customer support. Cisco VCS Administrator Guide (X7.1)
Page 129
Nortel Communication Server 1000 Cisco Advanced Media Gateway (see Microsoft OCS 2007, Lync 2010, Cisco AM GW and VCS deployment guide for more information) Infrastructure device (typically used for non-gatekeeper devices such as an MCU) Custom: allows you to configure each Advanced setting individually. These settings are listed in the remainder of this table below.
Page 130
Note that the settings for the pre-configured SDP are configurable via the CLI using the xConfiguration Zones Zone [1..1000] [Neighbor/DNS] Interworking SIP commands. They should only be changed on the advice of Cisco customer support. SIP poison On: SIP requests sent to systems located via this zone are "poisoned" such...
Page 131
UDP/BFCP protocol, so this must be set to On for connections to a Cisco Unified Communications Manager. zones On: any media line referring to the UDP/BFCP protocol is replaced with TCP/BFCP and disabled.
Page 132
Off: the VCS will not query for A and AAAA records and instead will continue with the search, querying the remaining lower priority zones. Cisco VCS Administrator Guide (X7.1) Page 132 of 479...
When a SIP TLS connection is established between a VCS and a neighbor system, the VCS can be configured to check the X.509 certificate of the neighbor system to verify its identity. You do this by Cisco VCS Administrator Guide (X7.1) Page 133 of 479...
In this scenario, when viewing the zone, you can ignore the warning indicating that search rules have not been configured. Cisco VCS Administrator Guide (X7.1) Page 134 of 479...
FindMe, Presence the purpose of the cluster subzone how to neighbor a local VCS or cluster to a remote VCS cluster Cisco VCS Administrator Guide (X7.1) Page 135 of 479...
You should only make configuration changes on the master VCS. Any changes made on other peers are not reflected across the cluster, and will be overwritten the next time the master’s configuration is replicated across the peers. The only exceptions to this are: Cisco VCS Administrator Guide (X7.1) Page 136 of 479...
Page 137
For H.323 the Alternates returned in a Registration Confirm message list all the peers in the cluster. Also note that some versions of TMS refer to peers as "members". Cisco VCS Administrator Guide (X7.1) Page 137 of 479...
If any one of the peers is temporarily taken out of service the full set of call licenses will remain available to the entire cluster. However, it is recommended that, where possible, the number of licenses is configured evenly across all peers in the cluster. Cisco VCS Administrator Guide (X7.1) Page 138 of 479...
You should make configuration changes on the master VCS. Any changes made on other peers are not reflected across the cluster, and will be overwritten the next time the master’s configuration is replicated across the peers. The only exceptions to this are: Cisco VCS Administrator Guide (X7.1) Page 139 of 479...
If the VCS is running in TMS Agent legacy mode, you can go to the TMS Agent replication status page. This shows the current status of the TMS Agent database and can be used to assist in troubleshooting replication problems. Cisco VCS Administrator Guide (X7.1) Page 140 of 479...
MCU is peer-specific, as it must be unique for each peer in the cluster. CA certificates The security certificates and certificate revocation lists (CRLs) used by the VCS must be uploaded individually per peer. Cisco VCS Administrator Guide (X7.1) Page 141 of 479...
Sharing bandwidth across peers When clustering has been configured, all peers share the bandwidth available to the cluster. Peers must be configured identically for all aspects of bandwidth control including subzones, links and pipes. Cisco VCS Administrator Guide (X7.1) Page 142 of 479...
Clustering supports the use of FindMe. The configuration options available to the VCS administrator depend upon whether or not the VCS is using the Provisioning Extension services to manage FindMe account information. TMS Provisioning Extension services in use Cisco VCS Administrator Guide (X7.1) Page 143 of 479...
Subscribers shows each endpoint from which a subscription request has been received on the local VCS only. Clustering and TMS You are recommended to use TMS when running a cluster of VCSs. Cisco VCS Administrator Guide (X7.1) Page 144 of 479...
When configuring a connection to a remote cluster, you create a single zone and configure it with details of all the peers in the cluster. Adding this information to the zone ensures that the call is passed to that cluster regardless of the status of the individual peers. Cisco VCS Administrator Guide (X7.1) Page 145 of 479...
Note that the TMS Agent replication status is only relevant if the VCS has the FindMe or Device Provisioning option keys enabled and is using the legacy TMS Agent database. Cisco VCS Administrator Guide (X7.1) Page 146 of 479...
This will delete the non-master VCS configuration and force it to update its configuration from the master VCS. CAUTION: never issue this command on the master VCS, otherwise all configuration for the cluster will be lost. Cisco VCS Administrator Guide (X7.1) Page 147 of 479...
Call Policy to manage calls routing calls via the Cisco TelePresence Advanced Media Gateway the different address dial formats that can be used to initiate a call how to set up your network to handle incoming and outgoing calls made via...
Neighbor zone: one of the VCS's configured external neighbor zones, or a DNS or ENUM lookup zone. Policy service: an external service or application, such as a Cisco TelePresence Conductor. The service will return some CPL which could, for example, specify the zone to which the call should be routed, or it could specify a new destination alias.
Page 150
Dial plan and call processing Cisco VCS Administrator Guide (X7.1) Page 150 of 479...
You can configure the VCS to use the directory service in the following areas: Registration restriction policies: as an alternative to using Allow and Deny Lists Call Policy configuration: where it can be applied in addition to locally-defined Call Policy Cisco VCS Administrator Guide (X7.1) Page 151 of 479...
3. In the Configuration section, in the Hop count field, enter the hop count value you want to use for this zone. For full details on other zone options, see the Zone configuration section. Cisco VCS Administrator Guide (X7.1) Page 152 of 479...
You may want to configure your fallback alias to be that of your receptionist, so that all calls that do not specify an alias are still answered personally and can then be redirected appropriately. Cisco VCS Administrator Guide (X7.1) Page 153 of 479...
Page 154
This means that any calls made directly to example.com (that is, without being prefixed by an alias), are forwarded to reception@example.com, where the receptionist can answer the call and direct it appropriately. Cisco VCS Administrator Guide (X7.1) Page 154 of 479...
(because it will interwork the call only if one of the endpoints is locally registered). If Interworking mode is set to On, or the request has come from a locally registered endpoint, the VCS searches the Local Zone and all external zones using both protocols. Cisco VCS Administrator Guide (X7.1) Page 155 of 479...
Aliases are compared against each transform in order of Priority, until a transform is found where the alias matches the Pattern in the manner specified by the pattern Type. The alias is then transformed according to the Behavior and Replace rules. Cisco VCS Administrator Guide (X7.1) Page 156 of 479...
Page 157
Replace. You can use regular expressions. Additional text The string to add as a prefix or suffix. Only applies if the Pattern behavior is Add Prefix or Add Suffix. Cisco VCS Administrator Guide (X7.1) Page 157 of 479...
For example, if searches for a particular domain should always be routed to a specific zone this option lets you make the search process more efficient and stop the VCS from searching any other zones unnecessarily. Cisco VCS Administrator Guide (X7.1) Page 158 of 479...
Alias pattern match: the alias must match the specified Pattern type and Pattern string. Any alias: any alias (providing it is not an IP address) is allowed. Any IP Address: the alias must be an IP address. Cisco VCS Administrator Guide (X7.1) Page 159 of 479...
Page 160
Conference Factory. The service will return some CPL which could, for example, specify a new destination alias which would start the search process over again. Cisco VCS Administrator Guide (X7.1) Page 160 of 479...
Page 161
Click on the rule you want to configure (or click New to create a new rule, or click Delete to remove a rule). You can test whether the VCS can find an endpoint identified by a given alias, without actually placing a call to that endpoint by using the Locate tool. Cisco VCS Administrator Guide (X7.1) Page 161 of 479...
New) set up an associated search rule as follows: Field Value Rule name Regional sales office Description Calls to aliases with a suffix of @sales.example.com Priority Source Request must be authenticated Mode Alias pattern match Pattern type Suffix Cisco VCS Administrator Guide (X7.1) Page 162 of 479...
Create search rule page (VCS configuration > Dial plan > Search rules > New) set up a search rule as follows: Field Value Rule name Transform to example.co.uk Description Transform example.com to example.co.uk Cisco VCS Administrator Guide (X7.1) Page 163 of 479...
Overseas office - original alias Description Query overseas office with the original alias Priority Source Request must be authenticated Mode Any alias On successful match Continue Target zone Overseas office State Enabled Rule #2 Cisco VCS Administrator Guide (X7.1) Page 164 of 479...
New) set up two search rules as follows: Rule #1 Field Value Rule name Transform to example.co.uk Description Transform example.com to example.co.uk Priority Source Request must be authenticated Mode Alias pattern match Cisco VCS Administrator Guide (X7.1) Page 165 of 479...
Together these will let users place calls from both SIP and H.323 endpoints to H.323 endpoints registered using their H.323 E164 number only. Cisco VCS Administrator Guide (X7.1) Page 166 of 479...
Page 167
Request must be authenticated Mode Alias pattern match Pattern type Regex Pattern string (\d+)@domain Pattern behavior Replace Replace string On successful match Continue Target zone Local Zone State Enabled Rule #2 Cisco VCS Administrator Guide (X7.1) Page 167 of 479...
ID or a full URI — but uses a different regex (regular expression) that supports alphanumeric characters. Pre-search transform On the Create transforms page (VCS configuration > Dial plan > Transforms > New): Field Value Priority Description Append @domain to any alphanumeric dial string Pattern type Regex Cisco VCS Administrator Guide (X7.1) Page 168 of 479...
Page 169
On successful match Continue Target zone Local Zone State Enabled Rule #2 Field Value Rule name Dialing H.323 strings with domain Description Place calls to string@domain with no alias transform Priority Source Cisco VCS Administrator Guide (X7.1) Page 169 of 479...
Allow calls to IP addresses only from a known zone Priority Source All zones Request must be authenticated Mode Any IP address On successful match Continue Target zone Overseas office State Enabled Cisco VCS Administrator Guide (X7.1) Page 170 of 479...
This defaults to <reject status='403' service is unavailable. reason='Service Unavailable'/> but you could change it, for example, to redirect to an answer service or recorded message. About policy services for more information. Cisco VCS Administrator Guide (X7.1) Page 171 of 479...
Call Policy rules page; to use the page you must first delete the CPL script that has been uploaded. Cisco VCS Administrator Guide (X7.1) Page 172 of 479...
Page 173
This defaults to <reject status='403' service is unavailable. reason='Service Unavailable'/> but you could change it, for example, to redirect to an answer service or recorded message. About policy services for more information. Cisco VCS Administrator Guide (X7.1) Page 173 of 479...
CPL script as a text file, after which you upload it to the VCS. However, due to the complexity of writing CPL scripts you are recommended to use an external policy service instead. Cisco VCS Administrator Guide (X7.1) Page 174 of 479...
The VCS polls for CPL script changes every 5 seconds, so the VCS will almost immediately start using the updated CPL script. Deleting an existing CPL script If a CPL script has already been uploaded, a Delete uploaded file button will be visible. Click it to delete the file. Cisco VCS Administrator Guide (X7.1) Page 175 of 479...
By default, all OCS calls are routed via the Cisco AM GW. If you want to control which calls go through the Cisco AM GW you have to set up policy rules. To do this, set Policy mode to On and then go to the Advanced Media Gateway policy rules page.
Cisco AM GW. By default, after a VCS has been configured with the Cisco AM GW to use for OCS calls, all calls to or from the OCS zone are routed via the Cisco AM GW.
Page 178
State Indicates if the rule is enabled or not. When you are making or testing configuration changes to your Cisco AM GW policy rules, you may want to temporarily enable or disable certain rules. You may also want to configure certain rules but only apply them occasionally.
If the destination endpoint is not locally registered, URI dialing may make use of DNS to locate the destination endpoint. To support URI dialing via DNS, you must configure the VCS with at least one DNS server and at least one DNS zone. Cisco VCS Administrator Guide (X7.1) Page 179 of 479...
To support ENUM dialing on the VCS you must configure it with at least one DNS server and the appropriate ENUM zones. Full instructions on how to configure the VCS to support ENUM dialing (both outbound and inbound) are given in the ENUM dialing section. Cisco VCS Administrator Guide (X7.1) Page 180 of 479...
Although most calls are made between endpoints that are registered with such systems, it is sometimes necessary to place a call to an unregistered endpoint. There are two ways to call to an unregistered endpoint: Cisco VCS Administrator Guide (X7.1) Page 181 of 479...
Expressway to see if that system is able to place the call on the VCS Control’s behalf. 3. The VCS Expressway receives the call and because its Calls to unknown IP addresses setting is Direct, it will make the call directly to the called IP address. Cisco VCS Administrator Guide (X7.1) Page 182 of 479...
Stripping @domain for dialing to H.323 numbers for an example of how to do this. SIP endpoints always register with an AOR in the form of a URI, so no special configuration is required. Cisco VCS Administrator Guide (X7.1) Page 183 of 479...
(that is, for _ h323ls) then the VCS will send an A/AAAA record query for each name record returned. These will resolve to one or more IP addresses, and the VCS then sends, in priority order, an LRQ for the full URI to those IP addresses. Cisco VCS Administrator Guide (X7.1) Page 184 of 479...
Page 185
If the Include address record setting for the DNS zone being queried is set to Off, the VCS will not query for A and AAAA records and instead will continue with the search, querying the remaining lower priority zones. Cisco VCS Administrator Guide (X7.1) Page 185 of 479...
The H.323 and SIP sections allow you to filter calls to systems and endpoints located via this zone, and SIP based on whether the call is located using SIP or H.323 SRV lookups. modes Cisco VCS Administrator Guide (X7.1) Page 186 of 479...
The ability of the VCS to receive incoming calls made using URI dialing via DNS relies on the presence of DNS records for each domain the VCS is hosting. These records can be of various types including: Cisco VCS Administrator Guide (X7.1) Page 187 of 479...
Location SRV records For each domain hosted by the VCS, you should configure a Location SRV record as follows: _Service is _h323ls _Proto is _udp Cisco VCS Administrator Guide (X7.1) Page 188 of 479...
SRV record for _sip._tcp.example.com returns vcs.example.com SRV record for _sips._tcp.example.com returns vcs.example.com A record for vcs.example.com returns the IPv4 address of the VCS AAAA record for vcs.example.com returns the IPv6 address of the VCS Cisco VCS Administrator Guide (X7.1) Page 189 of 479...
Expressway as the authoritative gatekeeper/proxy for the enterprise (the DNS configuration examples section for more information). This ensures that incoming calls placed using URI dialing enter the enterprise through the VCS Expressway, allowing successful traversal of the firewall. Cisco VCS Administrator Guide (X7.1) Page 190 of 479...
To allow locally registered endpoints to dial out to other endpoints using ENUM, you must: configure at least one ENUM zone, and configure at least one DNS Server This is described in the ENUM dialing for outgoing calls section. Cisco VCS Administrator Guide (X7.1) Page 191 of 479...
4. The target zones associated with any matching search rules are queried in rule priority order. If a target zone is a neighbor zone, the neighbor is queried for the E.164 number. If the neighbor supports ENUM dialing, it may route the call itself. Cisco VCS Administrator Guide (X7.1) Page 192 of 479...
For locally registered endpoints to use ENUM dialing, you must configure an ENUM zone and related search rules for each ENUM service used by remote endpoints. Adding and configuring ENUM zones To set up an ENUM zone: Cisco VCS Administrator Guide (X7.1) Page 193 of 479...
For example, you want to enable ENUM dialing from your network to a remote office in the UK where the endpoints’ E.164 numbers start with 44. You would configure an ENUM zone on your VCS, and then an associated search rule with: Cisco VCS Administrator Guide (X7.1) Page 194 of 479...
NAPTR records. This domain could reside within your corporate network (for internal use of ENUM) or it could use a public ENUM database such as http://www.e164.org. Configuring DNS NAPTR records Cisco VCS Administrator Guide (X7.1) Page 195 of 479...
ENUM dialing: to query for NAPTR records that map E.164 numbers to URIs URI dialing: to look up endpoints that are not locally registered or cannot be accessed via neighbor systems To configure the DNS servers used by the VCS for DNS queries: Cisco VCS Administrator Guide (X7.1) Page 196 of 479...
Page 197
2. Enter in the Address 1 to Address 5 fields the IP addresses of up to 5 DNS servers that the VCS will query when attempting to locate a domain. These fields must use an IP address, not a FQDN. Cisco VCS Administrator Guide (X7.1) Page 197 of 479...
Off: the VCS will not detect and fail search loops. You are recommended to use this setting only in advanced deployments. Cisco VCS Administrator Guide (X7.1) Page 198 of 479...
Call Tag. Note: Call Tags are supported by VCS (version X3.0 or later) and Cisco TelePresence Conductor. If a call passes through a system that is not a VCS or Conductor then the Call Tag information will be lost.
Page 200
Dial plan and call processing Cisco VCS Administrator Guide (X7.1) Page 200 of 479...
Note: endpoints that support SIP session timers (see 4028) have a call refresh timer which allows them to detect a hung call (signaling lost between endpoints). The endpoints will release their resources after the next session-timer message exchange. Cisco VCS Administrator Guide (X7.1) Page 201 of 479...
(VCS configuration > Local Zone VCS configuration > Bandwidth). It includes the following information: an overview of bandwidth control subzones how to configure subzones membership rules how to configure links pipes some bandwidth control examples Cisco VCS Administrator Guide (X7.1) Page 202 of 479...
In this example each pool of endpoints has been assigned to a different subzone, so that suitable limitations can be applied to the bandwidth used within and between each subzone based on the amount of bandwidth they have available via their internet connections. Cisco VCS Administrator Guide (X7.1) Page 203 of 479...
Page 204
Bandwidth control Cisco VCS Administrator Guide (X7.1) Page 204 of 479...
In this situation endpoint users will get one of the following messages, depending on the system that initiated the search: "Exceeds Call Capacity" "Gatekeeper Resources Unavailable" Cisco VCS Administrator Guide (X7.1) Page 205 of 479...
1024 and 65533. Ports are allocated from this range in pairs, with the first port number of each pair being an even number. Therefore the range must start with an even number and end with an odd number. Cisco VCS Administrator Guide (X7.1) Page 206 of 479...
Default Subzone as to whether it will accept registrations assigned to it via the subzone membership rules. This provides additional flexibility when defining your registration policy. For example you can: Cisco VCS Administrator Guide (X7.1) Page 207 of 479...
A descriptive name for the membership rule. Description An optional free-form description of the rule. The description appears as a tooltip if you hover your mouse pointer over a rule in the list. Cisco VCS Administrator Guide (X7.1) Page 208 of 479...
Applying bandwidth limitations to subzones You can apply bandwidth limits to the Default Subzone, Traversal Subzone and all manually configured subzones. The limits you can apply vary depending on the type of subzone, as follows: Cisco VCS Administrator Guide (X7.1) Page 209 of 479...
– once for the call from the subzone to the Traversal Subzone, and again for the call from the Traversal Subzone back to the Cisco VCS Administrator Guide (X7.1) Page 210 of 479...
Page 211
Bandwidth control originating subzone. In addition, as this call passes through the Traversal Subzone, it will consume an amount of bandwidth from the Traversal Subzone equal to that of the call. Cisco VCS Administrator Guide (X7.1) Page 211 of 479...
You can edit any of these default links in the same way you would edit manually configured links. If any of these links have been deleted you can re-create them, either: Cisco VCS Administrator Guide (X7.1) Page 212 of 479...
Shows the total number of calls currently traversing all links to which the pipe is applied. Bandwidth Shows the total amount of bandwidth currently being consumed by all calls traversing all links to used which the pipe is applied. You can configure up to 1000 pipes. Cisco VCS Administrator Guide (X7.1) Page 213 of 479...
Pipe B, which represents the Home Office’s dial-up connection to the internet. Each pipe would have bandwidth restrictions placed on it to represent its maximum capacity, and a call placed via this link would have the lower of the two bandwidth restrictions applied. Cisco VCS Administrator Guide (X7.1) Page 214 of 479...
Page 215
Bandwidth control Cisco VCS Administrator Guide (X7.1) Page 215 of 479...
With a firewall If the example deployment above is modified to include firewalls between the offices, we can use Cisco’s Expressway firewall traversal solution to maintain connectivity. We do this by adding a VCS Expressway Cisco VCS Administrator Guide (X7.1)
Page 217
All of the endpoints in the Head Office are assigned to the Default Subzone. This is linked to the Traversal Subzone, through which all calls leaving the Head Office must pass. Cisco VCS Administrator Guide (X7.1) Page 217 of 479...
VCS as a traversal client and as a traversal server firewall traversal protocols and ports firewall configuration guidelines an overview of ICE and TURN services Cisco VCS Administrator Guide (X7.1) Page 218 of 479...
However, firewalls can be configured to allow outgoing requests to certain trusted destinations, and to allow responses from those destinations. This principle is used by Cisco's Expressway technology to enable secure traversal of any firewall.
The VCS Expressway has all the functionality of a VCS Control (including being able to act as a firewall traversal client). However, its main feature is that it can act as a firewall traversal server for other Cisco systems and any traversal-enabled endpoints that are registered directly to it. It can also provide TURN relay services to ICE-enabled endpoints.
Configure all the modes and ports in the H.323 and SIP protocol sections to match identically those of the traversal server zone on the VCS Expressway. Enter the VCS Expressway’s IP address or FQDN in the Peer 1 address field. Cisco VCS Administrator Guide (X7.1) Page 221 of 479...
H.323 firewall traversal protocols The VCS supports two different firewall traversal protocols for H.323: Assent and H.460.18/H.460.19. Assent is Cisco’s proprietary protocol. H.460.18 and H.460.19 are ITU standards which define protocols for the firewall traversal of signaling and media respectively. These standards are based on the original Assent protocol.
Assent to traverse the firewall. The default ports are client and server. the same as for H.323: UDP/2776: RTP media port UDP/2777: RTCP media control port Cisco VCS Administrator Guide (X7.1) Page 223 of 479...
TCP/5061: signaling UDP/3478 (default): TURN services UDP/1719: signaling UDP/5060 (default): signaling UDP/60000-61200 (default range): media UDP/50000-52399: media UDP/50000-52399: media TCP/15000-19999: signaling TCP: a temporary port in the range 25000-29999 is allocated Cisco VCS Administrator Guide (X7.1) Page 224 of 479...
Authentication, in zone, in the Connection credentials section. the External Registration Credentials section. There must also be an entry in the VCS Expressway’s authentication database with the corresponding client username and password. Cisco VCS Administrator Guide (X7.1) Page 225 of 479...
The system time on a VCS is provided by a remote NTP server. Therefore, for firewall traversal to work, all systems involved must be configured with details of an server. Cisco VCS Administrator Guide (X7.1) Page 226 of 479...
Note: all ports configured on the VCS, including those relating to firewall traversal, apply to both IP addresses; it is not possible to configure these ports separately for each IP address. Cisco VCS Administrator Guide (X7.1) Page 227 of 479...
VCS Expressway back to the originating client Cisco offers a downloadable tool, the Expressway Port Tester, that allows you to test your firewall configuration for compatibility issues with your network and endpoints. It will advise if necessary which ports may need to be opened on your firewall in order for the Expressway™...
H.323 Assent call signaling port Port used for Assent signaling. Default is 2776. H.323 H.460.18 call signaling port Port used for H.460.18 signaling. Default is 2777. Firewall traversal protocols and ports for more information. Cisco VCS Administrator Guide (X7.1) Page 229 of 479...
After the media route has been selected the TURN relay allocations are released if the chosen connection paths do not involve routing via the TURN server. Note that the signaling always goes via the VCS, regardless of the final media communication path chosen by the endpoints. Cisco VCS Administrator Guide (X7.1) Page 230 of 479...
TURN relay status information TURN relays page lists all the currently active TURN relays on the VCS. You can also review further details of each TURN relay including permissions, channel bindings and counters. Cisco VCS Administrator Guide (X7.1) Page 231 of 479...
You may need to purchase the appropriate option key in order to use each of these applications. They are: Conference Factory Presence services OCS Relay Microsoft OCS/Lync B2BUA FindMe TMS Provisioning Starter Pack Provisioning Cisco VCS Administrator Guide (X7.1) Page 232 of 479...
Multiway is supported in Cisco TelePresence endpoints including the E20 (software version TE1.0 or later) and MXP range (software version F8.0 or later). Check with your Cisco representative for an up-to-date list of the Cisco endpoints and infrastructure products that support Multiway.
Page 234
(VCS configuration > Protocols > Interworking). Multiway deployment guide for full details on how to configure individual components of your network (endpoints, MCUs and VCSs) in order to use Multiway in your deployment. Cisco VCS Administrator Guide (X7.1) Page 234 of 479...
Presentity Manager for information about that presentity, and forwards the information that is returned to the subscriber. The Subscription Manager also receives notifications from the Presentity Manager when a presentity’s status has changed, and sends this information to all subscribers. Cisco VCS Administrator Guide (X7.1) Page 235 of 479...
However, endpoints that support presence may provide other, more detailed status, for example away or do not disturb. For this reason, information provided by the PUA is used by the Presentity Manager as follows: Cisco VCS Administrator Guide (X7.1) Page 236 of 479...
These services can be enabled and disabled separately from each other, depending on the nature of your deployment. Both are disabled by default. Note that SIP mode must be enabled for the Presence services to function. Cisco VCS Administrator Guide (X7.1) Page 237 of 479...
Page 238
PUA (if enabled) remote SIP Proxies Note that Presence Server is automatically enabled when the Starter Pack option key is installed. Cisco VCS Administrator Guide (X7.1) Page 238 of 479...
Page 239
VCS clusters: for information about how Presence works within a VCS cluster, see Clustering and Presence. Note: any defined transforms also apply to any Publication, Subscription or Notify URIs handled by the Presence Services. Cisco VCS Administrator Guide (X7.1) Page 239 of 479...
OCS, including configuring Call Policy and Presence. As this is a complex procedure beyond the scope of this guide, you are recommended to see Microsoft OCS 2007, Lync 2010 and VCS deployment guide which describes in detail all the steps required. Cisco VCS Administrator Guide (X7.1) Page 240 of 479...
VCS to B2BUA leg in effect also controls the B2BUA to OCS/Lync leg implicitly. As Microsoft Lync Server does not support IPv6, only IPv4 networks can be supported. Cisco VCS Administrator Guide (X7.1) Page 241 of 479...
VCS to the B2BUA uses a special zone profile of Microsoft OCS Lync — this profile is only used by the B2BUA and cannot be selected against any manually configured zones. For more information about configuring VCS, OCS/Lync and the Cisco AM GW, see the following documents: Microsoft OCS 2007, Lync 2010 and VCS deployment guide.
Page 243
TURN services The password to access the TURN server. password Advanced settings: you should only modify the advanced settings on the advice of Cisco customer support. Encryption Controls how the B2BUA handles encrypted A call via the B2BUA comprises two legs: and unencrypted call legs.
The B2BUA will only accept messages from devices whose IP address is included in the list of trusted hosts. service restart is required to enable changes to the list of trusted hosts to take effect. The configurable options are: Cisco VCS Administrator Guide (X7.1) Page 244 of 479...
The type of device that may send signaling messages to the B2BUA. OCS/Lync device: this includes Hardware Load Balancers, Directors and Front End Processors Transcoder: a transcoder device such as a Cisco TelePresence Advanced Media Gateway Configuring transcoder policy rules Microsoft OCS/Lync B2BUA transcoder policy rules page (Applications >...
B2BUA is the Cisco TelePresence Advanced Media Gateway (Cisco AM GW). The B2BUA can use the Cisco AM GW to transcode between standard codecs (such as H.264) and Microsoft RT Video and RT Audio to allow high definition calls between Microsoft Office Communicator (MOC) clients and Cisco endpoints.
On a clustered VCS you have to restart the B2BUA service on every peer. You are recommended to ensure the service is configured and running correctly on the master peer before restarting the B2BUA service on the other peers. Cisco VCS Administrator Guide (X7.1) Page 247 of 479...
FindMe ID is called by entering the alias with which that device has registered. Principal devices A user's account should be configured with one or more principal devices. These are the main devices associated with that account. Cisco VCS Administrator Guide (X7.1) Page 248 of 479...
Configuration) is used to enable and configure FindMe User Policy. Note that the FindMe configuration page can only be accessed if the FindMe option key is installed. The configurable options are: Cisco VCS Administrator Guide (X7.1) Page 249 of 479...
Page 250
This setting does not apply if users configure their FindMe settings via TMS (when VCS and TMS are running in TMS Provisioning Extension mode). Cisco VCS Administrator Guide (X7.1) Page 250 of 479...
Page 251
If you use FindMe without TMS (known as "standalone FindMe") you are recommended to switch from using the TMS Agent to using the VCS’s local database for storing FindMe data as soon as is practicable. Cisco VCS Administrator Guide (X7.1) Page 251 of 479...
See Clustering and FindMe for more information. This page only applies if the VCS is using the legacy TMS Agent database to store FindMe data. Cisco VCS Administrator Guide (X7.1) Page 252 of 479...
The Phone books service provides the data that allows users to search for contacts within phone books books. Access to phone books is controlled on a per user basis according to any access control lists that have been defined (within TMS). Cisco VCS Administrator Guide (X7.1) Page 253 of 479...
FindMe data between VCS and TMS. This is the mode used by earlier versions of VCS and TMS. TMS Provisioning Extension mode: this uses the TMS Provisioning Extension services to provide the VCS with provisioning and FindMe data that is managed and maintained exclusively within TMS. Cisco VCS Administrator Guide (X7.1) Page 254 of 479...
Page 255
VCS's local authentication database, an LDAP directory if remote authentication is selected, or via a direct connection to an Active Directory Service. See the device authentication section for more information about authentication policy settings. Cisco VCS Administrator Guide (X7.1) Page 255 of 479...
The ClearPath section lists each supported device type and lets you choose whether or not to enable the provisioning of ClearPath for that device. Provisioning users To provision individual users, you must set up user accounts. Cisco VCS Administrator Guide (X7.1) Page 256 of 479...
Page 257
When you configure a user account, you can choose the devices to provision for that user. User accounts are also used to configure a user's FindMe settings. VCS Starter Pack Express deployment guide for full details on setting up Starter Pack provisioning. Cisco VCS Administrator Guide (X7.1) Page 257 of 479...
— additional manual steps may be required Contact your Cisco representative for more information on how to obtain these. Backing up before upgrading You should backup your system configuration before upgrading. Click...
New features may also become available with each major release of the VCS platform component, and you may need to install new option keys to take advantage of these new features. Contact your Cisco representative for more information on all the options available for the latest release of VCS software.
2. Upload the software image using SCP/PSCP. For the VCS platform component: Upload to the /tmp folder on the system. The target name must be /tmp/tandberg-image.tar.gz, for example: scp s42700x5.tar.gz root@10.0.0.1:/tmp/tandberg-image.tar.gz Cisco VCS Administrator Guide (X7.1) Page 261 of 479...
Page 262
CLI, and reboot the VCS. After about five minutes the system will be ready to use. Note: if you make any further configuration changes before rebooting, those changes will be lost when the system restarts, so you are recommended to reboot your system immediately. Cisco VCS Administrator Guide (X7.1) Page 262 of 479...
Options are used to add additional features to the VCS. Your VCS may have been shipped with one or more optional features pre-installed. To purchase further options, contact your Cisco representative. The System information section summarizes the existing features installed on the VCS. The options that you may see here include: Expressway: enables the VCS to work as an Expressway™...
CA. To upload a new file of CA certificates, Browse to the required PEM file and click Upload CA certificate. This will replace any previously uploaded CA certificates. Cisco VCS Administrator Guide (X7.1) Page 265 of 479...
CRL files can be manually uploaded to the VCS. To upload a CRL file: 1. Click Browse and select the required file from your file system. The CRL file must be in PEM encoded format. Cisco VCS Administrator Guide (X7.1) Page 266 of 479...
3. Use the Client certificate testing page to verify that the client certificate you intend to use is valid. 4. Set Client certificate-based security to Certificate validation (on the System administration page). Cisco VCS Administrator Guide (X7.1) Page 267 of 479...
Page 268
VCS may be possible. This lack of protection may also apply if the certificates are stored in the browser, although some browsers do allow you to password protect their certificate store. Cisco VCS Administrator Guide (X7.1) Page 268 of 479...
The fields default to the currently configured settings on the Certificate- Cisco VCS Administrator Guide (X7.1) Page 269 of 479...
Page 270
The regex is applied to a plain text version of an encoded certificate. The system uses the command openssl x509 -text -nameopt RFC2253 -noout to extract the plain text certificate from its encoded format. Cisco VCS Administrator Guide (X7.1) Page 270 of 479...
VCS is blocked for 60 seconds immediately after logging in, the current user is shown statistics of when they previously logged in and details of any failed attempts to log in using that account Cisco VCS Administrator Guide (X7.1) Page 271 of 479...
Page 272
The Event Log, Configuration Log, Network Log, call history, search history and registration history are cleared whenever the VCS is taken out of advanced account security mode. Cisco VCS Administrator Guide (X7.1) Page 272 of 479...
The selected language pack is then verified and uploaded, and then made available for selection in the Language drop-down. Note that you cannot create your own language packs. Language packs can only be obtained from Cisco. Refer to your Cisco support representative for information on currently available language packs.
User accounts are used by individuals in an enterprise to configure the devices and locations on which they can be contacted through their FindMe ID. Each user account is accessed using a username and password. Cisco VCS Administrator Guide (X7.1) Page 274 of 479...
Account authentication using LDAP Login account LDAP configuration page (Maintenance > Login accounts > LDAP configuration) is used to configure an LDAP connection to a remote directory service for administrator and/or user account authentication. Cisco VCS Administrator Guide (X7.1) Page 275 of 479...
Page 276
The SASL (Simple Authentication and Security Layer) mechanism to use when binding to the LDAP server. None: no mechanism is used. DIGEST-MD5: the DIGEST-MD5 mechanism is used. The default is DIGEST-MD5. Cisco VCS Administrator Guide (X7.1) Page 276 of 479...
1. Log in to the VCS as root. By default you can only do this using a serial connection or SSH. 2. Type passwd. You will be asked for the new password. Cisco VCS Administrator Guide (X7.1) Page 277 of 479...
1. Go to the Edit user account page (Maintenance > Login accounts > User accounts, then click View/Edit or the username) for the account whose password you want to reset. Cisco VCS Administrator Guide (X7.1) Page 278 of 479...
If the VCS is operating in Enforce strict passwords mode (set on the Password security page, Maintenance > Login accounts > Password security) the password must be Strong before it will be accepted. Note: you cannot set blank passwords for any administrator account. Cisco VCS Administrator Guide (X7.1) Page 279 of 479...
If Enforce strict passwords is set to Off, no checks are made on administrator passwords. Note that: Regardless of this setting, it is not possible to set a blank password for any administrator account. Cisco VCS Administrator Guide (X7.1) Page 280 of 479...
Configuring user accounts User accounts page (Maintenance > Login accounts > User accounts) lists all the user accounts that have been configured on the VCS, and lets you add, edit and delete accounts. Cisco VCS Administrator Guide (X7.1) Page 281 of 479...
Page 282
To do this, click Edit principal devices from the Edit user account page. If the Starter Pack option key is installed, there is a separate section for specifying the user's principal devices (see below). Cisco VCS Administrator Guide (X7.1) Page 282 of 479...
Page 283
The credential name must be the same as account username and the credential password must be the same as the password configured on the provisioned devices. Cisco VCS Administrator Guide (X7.1) Page 283 of 479...
If the user account belongs to more than one group, the highest level permission is assigned. The configurable options are: Cisco VCS Administrator Guide (X7.1) Page 284 of 479...
Page 285
FindMe details, devices and locations. None: users are not allowed to log in to their account. To create a new user group, click New; to edit an existing user group, click View/Edit. Cisco VCS Administrator Guide (X7.1) Page 285 of 479...
If the system is still running in legacy TMS Agent database mode you have an additional option to create a backup of the VCS’s TMS Agent database, which includes: user accounts and FindMe settings (when the Starter Pack option key is not installed) TMS Agent provisioning accounts and settings Cisco VCS Administrator Guide (X7.1) Page 286 of 479...
4. The VCS checks the file and restores its contents. If the backup file is not valid, you will receive an error message at the top of the Backup and restore page. Cisco VCS Administrator Guide (X7.1) Page 287 of 479...
7. Click Download log to save the diagnostic log to your local file system. You are prompted to save the file (the exact wording depends on your browser). 8. Send the downloaded diagnostic log file to your Cisco support representative, if you have been requested to do so.
2. Click Download snapshot. A pop-up window appears and prompts you to save the file (the exact wording depends on your browser). Select a location from where you can easily send the file to your support representative. Cisco VCS Administrator Guide (X7.1) Page 289 of 479...
Network Log message modules. CAUTION: changing the logging levels can affect the performance of your system. You should only change a log level on the advice of Cisco customer support. To change a logging level: 1.
AUTOMATIC CONFIGURATION FEATURE. Instead, copy the data from the Incident detail page and paste it into a text file. You can then edit out any sensitive information before forwarding the file on to Cisco customer support. Incident reports are always saved locally, and can be viewed via the Incident view page.
If you need to edit the report before sending it to Cisco (for example, if you need to remove any potentially sensitive information) you must copy and paste the information from the...
To view the information contained in a particular incident report, click on the report's Time. You will be taken to the Incident detail page, from where you can view the report on screen, or download it as an XML file for forwarding manually to Cisco customer support. Incident report details Incident detail page (Maintenance >...
VCS Cisco AM GW policy rules to determine which calls are routed via the Cisco AM GW To use this tool: 1. Enter an Alias against which you want to test the transform.
The locate process performs the search as though the VCS received a call request from the selected Source zone. For more information, see the Call routing process section. Cisco VCS Administrator Guide (X7.1) Page 295 of 479...
(Maintenance > Tools > Port usage > Local VCS outbound ports) shows the source IP ports used by this VCS. These are the IP ports on the VCS used to send outbound communications to other systems. Cisco VCS Administrator Guide (X7.1) Page 296 of 479...
VCS will be able to communicate with all remote devices. You only need to use the information on this page if you want to limit the IP ports opened on your firewall to these remote systems and ports. Cisco VCS Administrator Guide (X7.1) Page 297 of 479...
1. In the Host field, enter the IP address or hostname of the host system to which you want to trace the route. 2. Click Traceroute. A new section will appear with a banner stating the results of the trace, and showing the following information for each router in the path: Cisco VCS Administrator Guide (X7.1) Page 298 of 479...
<system_domain> is the Domain name as configured on the page) If the supplied Host is not fully qualified: DNS is queried first for Host.<system_domain> If the lookup for Host.<system_domain> fails, then an additional query for Host is performed Cisco VCS Administrator Guide (X7.1) Page 299 of 479...
Page 300
All would result in the following DNS queries: host_name.example.com AAAA host_name.example.com NAPTR host_name.example.com host_name.example.com _h323ls._udp.host_name.example.com _h323cs._tcp.host_name.example.com _sips._tcp.host_name.example.com _sip._tcp.host_name.example.com _sip._udp.host_name.example.com In each of these cases, if the query is unsuccessful an additional query would be made for host_name only. Cisco VCS Administrator Guide (X7.1) Page 300 of 479...
VCS while the red ALM LED on the front of the box is on. This indicates a hardware fault. Contact your Cisco representative. The restart function shuts down and restarts the VCS application software, but not the operating system or hardware.
VCS while the red ALM LED on the front of the box is on. This indicates a hardware fault. Contact your Cisco representative. The reboot function shuts down and restarts the VCS application software, operating system and hardware.
VCS while the red ALM LED on the front of the box is on. This indicates a hardware fault. Contact your Cisco representative. The system must be shut down before it is unplugged. Avoid uncontrolled shutdowns, in particular the removal of power to the VCS during normal operation.
The VCS web interface contains a number of pages that are not intended for use by customers. These pages exist for the use of Cisco support and development teams only. Do not access these pages unless it is under the advice and supervision of your Cisco support representative.
Offline. This is the presentity status published by the Presence User Agent for registered endpoints when they are not "In-Call". See Configuring Presence for more information. Enhanced SIP registration expiry controls Cisco VCS Administrator Guide (X7.1) Page 306 of 479...
Page 307
It allows you to generate a diagnostic log of system activity over a period of time, and then to download the log so that it can be sent to your Cisco customer support representative.
TMS Agent database credentials included within local authentication database lookups In addition to any manually created entries, the Cisco VCS now checks credentials stored within the TMS Agent database when the device authentication database type is set to Local database.
Page 309
Cisco AM GW available on VCS Expressway Cisco AM GW features are now available on both VCS Control and VCS Expressway platforms. Movi ClearPath provisioning The Cisco VCS Starter Pack now supports the provisioning of ClearPath to Movi.
User interface language packs Multiple language support has been enabled on the VCS's web interface. Language packs will be made available for download in the future. Contact your Cisco support representative for more information on supported languages. Enhanced online help The context-sensitive help available through the Help link at the top of every page on the web interface now contains additional conceptual and reference information.
"Add suffix" and "add prefix" transform options: new pre-search transform pattern behavior options let you add a prefix or suffix to the matching alias. Previously, regular expressions would have been required to do this. Cisco VCS Administrator Guide (X7.1) Page 311 of 479...
Page 312
VCS to connect to one or more service providers. Note that the existing Outbound connection credentials username and password are still used for connections to all other (non traversal server) external systems. Conference Factory generated alias ranges Cisco VCS Administrator Guide (X7.1) Page 312 of 479...
Page 313
10-999 will generate aliases 010 through 999. Cisco TelePresence Advanced Media Gateway support The Cisco TelePresence Advanced Media Gateway (Cisco AM GW) provides support for transcoding between standard codecs (such as H.264) and Microsoft RT Video to allow high definition calls between Microsoft Office Communicator (MOC) clients and Cisco endpoints.
Page 314
Caller ID displayed on the destination endpoint includes the prefix of the ISDN gateway when displaying the caller's E.164 number. Subzone configuration VCS now supports up to 1000 subzones (previously 200). Cisco VCS Administrator Guide (X7.1) Page 314 of 479...
Page 315
Number of links increased from 600 to 3000. Zone configuration VCS now supports up to 1000 zones (previously 200). New Cisco Unified Communications Manager zone profile option configures the settings required for connections to a Cisco UCM. Zone matches replaced by search rules Instead of specifying up to 5 matches when configuring a zone, you now set up separate search rules and associate each rule with a target zone to where the query is forwarded.
Page 316
Local host name. This is the DNS host name that this VCS is known by. The NTP server field on the Time page now defaults to one of four NTP servers provided by Cisco, either: 0.ntp.tandberg.com, 1.ntp.tandberg.com, 2.ntp.tandberg.com or 3.ntp.tandberg.com. SIP configuration New parameters have been added to the SIP configuration page.
Page 317
Activation Level: <0..100> Clustering The replication of configuration information (including FindMe information) no longer requires the use of TMS. Information is replicated across the peers in a cluster within 60 seconds. Call processing Cisco VCS Administrator Guide (X7.1) Page 317 of 479...
Page 318
VCS, regardless of whether these belong to the same device. Login banner You can upload an image and text that will be displayed when administrators or FindMe users log in the VCS. Cisco VCS Administrator Guide (X7.1) Page 318 of 479...
VCS. message_details The body of the message (see the Message details field section for further information). Administrator and FindMe user events Administrator session related events are: Cisco VCS Administrator Guide (X7.1) Page 319 of 479...
The source IP address of the user who has logged in. Protocol Specifies which protocol was used for the communication. Valid values are: Reason Textual string containing any reason information associated with the event. Cisco VCS Administrator Guide (X7.1) Page 320 of 479...
Page 321
The Tag is common to all searches and protocol messages across a VCS network for all forks of a call. Call- Indicates if the VCS took the signaling for the call. routed Cisco VCS Administrator Guide (X7.1) Page 321 of 479...
Application Exit The VCS application has been exited. Further information may be provided in the Detail event parameter. Application The VCS application is out of service due to an unexpected failure. Failed Cisco VCS Administrator Guide (X7.1) Page 322 of 479...
Page 323
Cleared Decode Error A syntax error was encountered when decoding a SIP or H.323 message. Diagnostic Indicates that diagnostic logging is in progress. The Detail event parameter provides Logging additional details. Cisco VCS Administrator Guide (X7.1) Page 323 of 479...
Page 324
FindMe user accounts have been migrated across clusters. The Detail event parameter Transfer provides additional details. Hardware There is an issue with the VCS hardware. If the problem persists, contact your Cisco Failure support representative. Cisco VCS Administrator Guide (X7.1)
Page 325
Possible values for the detail field are: Non Traversal Call Limit Reached Traversal Call Limit Reached If this occurs frequently, you may want to contact your Cisco representative to purchase more licenses. Message An incoming RAS message has been received.
Page 326
Response Sent A non-call-related SIP response has been sent. Restart A system restart has been requested. The Reason event parameter provides specific Requested information. Search A search has been attempted. Attempted Cisco VCS Administrator Guide (X7.1) Page 326 of 479...
Page 327
An error occurred while attempting a system restore. error System restore The system restore process has started. started System The operating system was shutdown. Shutdown System A system snapshot has been initiated. snapshot started Cisco VCS Administrator Guide (X7.1) Page 327 of 479...
Page 328
An unsuccessful attempt has been made to log in as a FindMe user. This could be Login failure because either an incorrect username or password (or both) was entered. User session A FindMe user has logged on to the system. start Cisco VCS Administrator Guide (X7.1) Page 328 of 479...
Selected field and subfield contain the given string. Note that the CPL standard only allows for this matching on the display subfield; however the VCS allows it on any type of field. Cisco VCS Administrator Guide (X7.1) Page 329 of 479...
Page 330
If the selected field contains multiple aliases then the VCS will attempt to match each address node with all of the aliases before proceeding to the next address node, that is, an address node matches if it matches any alias. Cisco VCS Administrator Guide (X7.1) Page 330 of 479...
The taa:location node allows the location set to be modified so that calls can be redirected to different destinations. At the start of script execution the location set is initialized to the original destination. Cisco VCS Administrator Guide (X7.1) Page 331 of 479...
If multiple entries are in the location set then this results in a forked call. If the current location set is empty the call is forwarded to its original destination. The proxy node supports the following optional parameters: Cisco VCS Administrator Guide (X7.1) Page 332 of 479...
VCS will continue to use its existing policy. The following elements are not currently supported: time-switch string-switch language-switch priority-switch redirect mail subaction Cisco VCS Administrator Guide (X7.1) Page 333 of 479...
In this example, user ceo will only accept calls from users vpsales, vpmarketing or vpengineering. <?xml version="1.0" encoding="UTF-8" ?> <cpl xmlns="urn:ietf:params:xml:ns:cpl" xmlns:taa="http://www.tandberg.net/cpl-extensions" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:cpl cpl.xsd"> <taa:routed> <address-switch field="destination"> <address is="ceo"> <address-switch field="authenticated-origin"> <address regex="vpsales|vpmarketing|vpengineering"> Cisco VCS Administrator Guide (X7.1) Page 334 of 479...
Page 335
In this example, Example Inc has changed its domain from example.net to example.com. For a period of time some users are still registered at example.net. The following script would attempt to connect calls Cisco VCS Administrator Guide (X7.1) Page 335 of 479...
After you have downloaded the H.350 schemas, install them as follows: Open a command prompt and for each file execute the following command: ldifde -i -c DC=X <ldap_base> -f filename.ldf where: Cisco VCS Administrator Guide (X7.1) Page 340 of 479...
Page 341
Note: the SIP URI in the ldif file must be prefixed by sip:. For information about what happens when an alias is not in the LDAP database see Alias origin in the Device authentication using LDAP section. Cisco VCS Administrator Guide (X7.1) Page 341 of 479...
2. Edit /etc/openldap/slapd.conf to add the new schemas. You need to add the following lines: include /etc/openldap/schemas/commobject.ldif include /etc/openldap/schemas/h323identity.ldif include /etc/openldap/schemas/h235identity.ldif include /etc/openldap/schemas/sipidentity.ldif The OpenLDAP daemon (slapd) must be restarted for the new schemas to take effect. Cisco VCS Administrator Guide (X7.1) Page 342 of 479...
Page 343
For information about what happens when an alias is not in the LDAP database see Alias origin in the Device authentication using LDAP section. Cisco VCS Administrator Guide (X7.1) Page 343 of 479...
To configure the VCS to use TLS on the connection to the LDAP server you must upload the CA’s certificate as a trusted CA certificate. This can be done on the VCS by navigating to: Maintenance > Certificate management > Security certificates. Cisco VCS Administrator Guide (X7.1) Page 344 of 479...
BIND is a commonly used DNS server on UNIX and Linux systems. Configuration is based around two sets of text files: named.conf which describes which zones are represented by the server, and a selection of Cisco VCS Administrator Guide (X7.1) Page 345 of 479...
Page 346
For more details of how to configure BIND servers and the DNS system in general see the publication DNS and BIND. Cisco VCS Administrator Guide (X7.1) Page 346 of 479...
VCS has changed. Please follow the appropriate process for your SSH client to suppress this warning. If your VCS is subsequently downgraded to an earlier version of VCS firmware, the default SSH keys will be restored. Cisco VCS Administrator Guide (X7.1) Page 347 of 479...
Page 350
Login Remote LDAP VCS BindPassword <blank> Login Remote LDAP VCS BindUsername <blank> Login Remote Protocol LDAP Login User Groups Group [1..15] Access ReadWrite Login User Groups Group [1..15] Name <blank> Login User Source Local Cisco VCS Administrator Guide (X7.1) Page 350 of 479...
CLI are shown in the table below. Password type Maximum plain text Maximum displayed encrypted characters characters Admin account Administrator accounts Local Database authentication credentials Outbound connection credentials Cisco VCS Administrator Guide (X7.1) Page 351 of 479...
Page 352
Reference material Password type Maximum plain text Maximum displayed encrypted characters characters LDAP server FindMe accounts Cisco VCS Administrator Guide (X7.1) Page 352 of 479...
LAN with the LAN 1 IPv6 address. %ipv6_2% xConfiguration Ethernet 2 IP V6 Matches the IPv6 address Replaces the string Address currently configured for LAN with the LAN 2 IPv6 address. Cisco VCS Administrator Guide (X7.1) Page 353 of 479...
Page 354
VCS’s System Name. You can test whether a pattern matches a particular alias and is transformed in the expected way by using Check pattern tool (Maintenance > Tools > Check pattern). Cisco VCS Administrator Guide (X7.1) Page 354 of 479...
Also used configurable to replicate FindMe data if the VCS is part of a cluster with FindMe enabled and is using the legacy TMS Agent database. Reserved for future use inbound configurable Cisco VCS Administrator Guide (X7.1) Page 355 of 479...
Page 356
CallSignaling Port H.460.18 call signaling Used on the VCS 2777 TCP inbound 1024 - 65534 VCS configuration > Expressway for H.460.18 Expressway > Ports signaling. xConfiguration Traversal Server H323 H46018 CallSignaling Port Cisco VCS Administrator Guide (X7.1) Page 356 of 479...
Page 357
1 for xConfiguration Zones from a particular traversal each new Zone [1..1000] client. zone TraversalServer SIP Port TMS Agent (legacy Used for Device 8989 TCP inbound mode) Provisioning and FindMe. configurable Cisco VCS Administrator Guide (X7.1) Page 357 of 479...
Page 358
LDAP Used for outbound uses a TCP source port from the connection to an LDAP ephemeral range server (if the VCS is configured to use an LDAP server for H.350 authentication). Cisco VCS Administrator Guide (X7.1) Page 358 of 479...
Page 359
Domain Controller for account authentication. Note that the range of ephemeral ports can be configured by using the CLI commands xConfiguration IP Ephemeral PortRange Start and xConfiguration IP Ephemeral PortRange End. Cisco VCS Administrator Guide (X7.1) Page 359 of 479...
Matches n \d{3} matches 3 digits repetitions of the previous character or expression {n,m} Matches n to \d{3,5} matches 3, 4 or 5 digits m repetitions of the previous character or expression Cisco VCS Administrator Guide (X7.1) Page 360 of 479...
Page 361
- character and then the last character in the range. You cannot use special characters within the [] - they will be taken literally. Cisco VCS Administrator Guide (X7.1) Page 361 of 479...
Page 362
.*(?<!net) matches any string that does not end with net lookbehind. Defines a subexpression that must not be present. Note that regex comparisons are not case sensitive. For an example of regular expression usage, see the CPL examples section. Cisco VCS Administrator Guide (X7.1) Page 362 of 479...
Note that some specific text fields have different restrictions and these are noted in the relevant sections of this guide, including: Administrator user groups Case sensitivity Text items entered through the CLI and web interface are case insensitive. The only exception is passwords which are case sensitive. Cisco VCS Administrator Guide (X7.1) Page 363 of 479...
TMS and also across to other VCS clusters managed by the same TMS. Note that the FindMe option key must be installed on the VCS. Cisco VCS Administrator Guide (X7.1) Page 364 of 479...
Note that if your VCS is subsequently reconfigured to use TMS, the password must first be reset to the default value of TANDBERG. See the TMS Agent passwords section for full instructions on changing passwords. Cisco VCS Administrator Guide (X7.1) Page 365 of 479...
1. From the CLI, logged in as root, type tmsagent_ldap_passwd. You are asked for the new password. 2. Enter the new password and, when prompted, retype the password. 3. Type exit to log out of the root account. Cisco VCS Administrator Guide (X7.1) Page 366 of 479...
Page 367
3. Type exit to log out of the root account. Note: if your VCS is subsequently reconfigured to use TMS, the password must first be reset to the default value of TANDBERG. Cisco VCS Administrator Guide (X7.1) Page 367 of 479...
(in this situation, the call will remain a non-traversal call — the VCS Expressway will not take the media, even though it is using a traversal license). Cisco VCS Administrator Guide (X7.1) Page 368 of 479...
Warning restore from backup, then reboot the system 15006 Restart required A language pack has been Restart the system Warning installed, however a restart is required for this to take effect Cisco VCS Administrator Guide (X7.1) Page 369 of 479...
Page 370
Error failed detected in <module> 15012 Language pack Some text labels may not be Contact your Cisco representative to see if an Warning mismatch translated up-to-date language pack is available 15013 Factory reset Factory reset failed Alert...
Page 371
IPv4 addresses defined 25004 IP configuration IP protocol is set to both IPv4 and Configure IP settings Warning mismatch IPv6, but the system does not have an IPv4 gateway defined Cisco VCS Administrator Guide (X7.1) Page 371 of 479...
Page 372
Warning levels Support Log have been set to a Support Log are set to a level of Info, unless configured level of Debug or Trace advised otherwise by your support representative Cisco VCS Administrator Guide (X7.1) Page 372 of 479...
Page 373
<n> from the cluster configuration peer hours. Their licenses will be removed from the total available for use across the cluster as follows: <details>. Cisco VCS Administrator Guide (X7.1) Page 373 of 479...
Page 374
<details>. 30018 Provisioning The number of concurrently Provisioning limits are set by Cisco TMS; Warning licenses limit provisioned devices has reached contact your Cisco representative if you require reached...
Page 375
No CRL distribution points have Check CRL configuration Warning been defined for automatic updates 40002 Security alert Automatic updating of CRL files If the problem persists, contact your Cisco Warning has failed representative 40003 Insecure The root user has the default View instructions on...
Page 376
40023 Security alert The TMS agent database has the View instructions on changing the TMS Agent Warning default replication password set replication password Cisco VCS Administrator Guide (X7.1) Page 376 of 479...
Page 377
Set authentication policy to either 'Check Warning warning authentication policy must be credentials' or 'Treat as authenticated' for each enabled on the Default Zone and relevant zone any other relevant zone that receives provisioning requests Cisco VCS Administrator Guide (X7.1) Page 377 of 479...
Page 378
55007 B2BUA The OCS/Lync transport type is Check B2BUA configuration Warning misconfiguration misconfigured 55008 B2BUA Missing FQDN of service Check the VCS's local host name and domain Warning misconfiguration name Cisco VCS Administrator Guide (X7.1) Page 378 of 479...
Page 379
B2BUA configuration (transcoder Warning misconfiguration rules is misconfigured settings) 55025 B2BUA The B2BUA has been enabled to Configure one or more transcoders Warning misconfiguration use transcoders, but there are no transcoders configured Cisco VCS Administrator Guide (X7.1) Page 379 of 479...
Page 380
Warning misconfiguration contact your Cisco representative 55105 B2BUA Invalid VCS next hop host Restart the service; if the problem persists, Warning misconfiguration configuration contact your Cisco representative Cisco VCS Administrator Guide (X7.1) Page 380 of 479...
Page 381
Warning misconfiguration configuration contact your Cisco representative 55126 B2BUA Invalid VCS authorized host IP Restart the service; if the problem persists, Warning misconfiguration address contact your Cisco representative Cisco VCS Administrator Guide (X7.1) Page 381 of 479...
Page 382
B2BUA service configuration is missing 55130 B2BUA Missing cluster name Restart the service; if the problem persists, Warning misconfiguration contact your Cisco representative Cisco VCS Administrator Guide (X7.1) Page 382 of 479...
For example IP Route [1..50] Address <S: 0,39> means that up to 50 IP routes can be specified with each route requiring an address of up to 39 characters in length. xConfiguration commands All of the available xConfiguration commands are listed in the table below: Cisco VCS Administrator Guide (X7.1) Page 383 of 479...
Page 384
The number of concurrent sessions that each individual administrator account is allowed on the VCS. This includes web, SSH, Telnet and serial sessions. A value of 0 turns session limits off. Default: 0 Example: xConfiguration Administration MaxConcurrentSessions PerUser: 2 Cisco VCS Administrator Guide (X7.1) Page 384 of 479...
Page 385
The alias that will be dialed by the endpoints when the Multiway feature is activated. This must be pre-configured on all endpoints that may be used to initiate the Multiway feature. Example: xConfiguration Applications ConferenceFactory Alias: "multiway@example.com" Cisco VCS Administrator Guide (X7.1) Page 385 of 479...
Page 386
Applications Presence Server Mode: <On/Off> Enables and disables the SIMPLE Presence Server. Note: SIP mode must also be enabled for the Presence Server to function. Default: Off Example: xConfiguration Applications Presence Server Mode: On Cisco VCS Administrator Guide (X7.1) Page 386 of 479...
Page 387
Authentication ADS Clockskew: <1..65535> Maximum allowed clockskew between the VCS and the KDC before the Kerberos message is assumed to be invalid (in seconds). Default: 300 Example: xConfiguration Authentication ADS Clockskew: 300 Cisco VCS Administrator Guide (X7.1) Page 387 of 479...
Page 388
Example: xConfiguration Authentication ADS Workgroup: "corporation" Authentication Database: <LocalDatabase/LDAPDatabase> Selects between a local authentication database and a remote LDAP repository for the storage of password information for authentication. Default: LocalDatabase Example: xConfiguration Authentication Database: LocalDatabase Cisco VCS Administrator Guide (X7.1) Page 388 of 479...
Page 389
Default: On Example: xConfiguration Bandwidth Downspeed Total Mode: On Bandwidth Link [1..3000] Name: <S: 1, 50> Assigns a name to this link. Example: xConfiguration Bandwidth Link 1 Name: "HQ to BranchOffice" Cisco VCS Administrator Guide (X7.1) Page 389 of 479...
Page 390
Example: xConfiguration Bandwidth Pipe 1 Name: "512Kb ASDL" Call Loop Detection Mode: <On/Off> Specifies whether the VCS will check for call loops. Default: On Example: xConfiguration Call Loop Detection Mode: On Cisco VCS Administrator Guide (X7.1) Page 390 of 479...
Page 391
Example: xConfiguration Error Reports Mode: Off Error Reports URL: <S: 0, 128> The URL of the web service to which error reports are sent. Default: https://cc-reports.cisco.com/submitapplicationerror/ Example: xConfiguration Error Reports URL: "https://cc- reports.cisco.com/submitapplicationerror/" Cisco VCS Administrator Guide (X7.1) Page 391 of 479...
Page 392
Sets the URL of the external manager. Default: tms/public/external/management/SystemManagementService.asmx Example: xConfiguration ExternalManager Path: "tms/public/external/management/SystemManagementService.asmx" ExternalManager Protocol: <HTTP/HTTPS> The protocol used to connect to the external manager. Default: HTTPS Example: xConfiguration ExternalManager Protocol: HTTPS Cisco VCS Administrator Guide (X7.1) Page 392 of 479...
Page 393
Example: xConfiguration H323 Gatekeeper Registration ConflictMode: Reject H323 Gatekeeper Registration UDP Port: <1024..65534> Specifies the port to be used for H.323 UDP registrations. Default: 1719 Example: xConfiguration H323 Gatekeeper Registration UDP Port: 1719 Cisco VCS Administrator Guide (X7.1) Page 393 of 479...
Page 394
On: the VCS will act as SIP-H.323 gateway regardless of whether the endpoints are locally registered. RegisteredOnly: the VCS will act as a SIP-H.323 gateway but only if at least one of the endpoints is locally registered. Default: RegisteredOnly Example: xConfiguration Interworking Mode: RegisteredOnly Cisco VCS Administrator Guide (X7.1) Page 394 of 479...
Page 395
Example: xConfiguration IP External Interface: LAN1 IP Gateway: <S: 7,15> Specifies the IPv4 gateway of the VCS. Note: you must restart the system for any changes to take effect. Default: 127.0.0.1 Example: xConfiguration IP Gateway: "192.168.127.0" Cisco VCS Administrator Guide (X7.1) Page 395 of 479...
Page 396
Example: xConfiguration IP Route 1 PrefixLength: 16 IP V6 Gateway: <S: 0, 39> Specifies the IPv6 gateway of the VCS. You must restart the system for any changes to take effect. Example: xConfiguration IP V6 Gateway: "3dda:80bb:6::9:144" Cisco VCS Administrator Guide (X7.1) Page 396 of 479...
Page 397
A comma-separated list of IP addresses or Fully Qualified Domain Names (FQDNs) of the remote syslog servers to where the Event Log is written. These servers must support the BSD syslog protocol. They cannot be another VCS. Example: xConfiguration Log Server Address: "syslog.server.example.com" Cisco VCS Administrator Guide (X7.1) Page 397 of 479...
Page 398
Example: xConfiguration Login Remote LDAP CRLCheck: Peer Login Remote LDAP DirectoryType: <ActiveDirectory> Defines the type of LDAP directory that is being accessed. ActiveDirectory: directory is Windows Active Directory. Default: ActiveDirectory Example: xConfiguration Login Remote LDAP DirectoryType: ActiveDirectory Cisco VCS Administrator Guide (X7.1) Page 398 of 479...
Page 399
Login Remote LDAP VCS BindUsername: <S: 0,255> Sets the username to use when binding to the LDAP server. Only applies if using SASL. Example: xConfiguration Login Remote LDAP VCS BindUsername: "VCSmanager" Cisco VCS Administrator Guide (X7.1) Page 399 of 479...
Page 400
LocalCPL: uses policy from an uploaded CPL file. LocalService: uses group policy information and a local file. PolicyService: uses an external policy server. Default: Off Example: xConfiguration Policy AdministratorPolicy Mode: Off Cisco VCS Administrator Guide (X7.1) Page 400 of 479...
Page 401
Example: xConfiguration Policy AdministratorPolicy Service TLS Verify Mode: On Policy AdministratorPolicy Service UserName: <S: 0,30> Specifies the user name used by the VCS to log in and query the remote policy service. Example: xConfiguration Policy AdministratorPolicy Service UserName: "user123" Cisco VCS Administrator Guide (X7.1) Page 401 of 479...
Page 402
Policy Services Service [1..5] DefaultCPL: <S: 0,255> The CPL used by the VCS when the remote service is unavailable. Default: Example: xConfiguration Policy Services Service 1 DefaultCPL: "<reject status='403' reason='Service Unavailable'/>" Cisco VCS Administrator Guide (X7.1) Page 402 of 479...
Page 403
FQDN or IP address, as specified in the address field, must be contained within the server's X.509 certificate (in either the Subject Common Name or the Subject Alternative Name attributes). Default: On Example: xConfiguration Policy Services Service [1..5] TLS Verify Mode: On Cisco VCS Administrator Guide (X7.1) Page 403 of 479...
Page 404
Suffix: the string must appear at the end of the alias. Regex: the string will be treated as a regular expression. Default: Exact Example: xConfiguration Registration DenyList 1 Pattern Type: Exact Cisco VCS Administrator Guide (X7.1) Page 404 of 479...
Page 405
Controls certificate revocation list checking of the certificate supplied by the policy service. When enabled, the server's X.509 certificate will be checked against the revocation list of the certificate authority of the certificate. Default: Off Example: xConfiguration Registration RestrictionPolicy Service TLS CRLCheck Mode: Off Cisco VCS Administrator Guide (X7.1) Page 405 of 479...
Page 406
On: the VCS will always include NTLM in its challenges. Auto: the VCS will decide based on endpoint type whether to challenge with NTLM. Default: Auto Example: xConfiguration SIP Authentication NTLM Mode: Auto Cisco VCS Administrator Guide (X7.1) Page 406 of 479...
Page 407
Services AdvancedMediaGateway Policy Rules Rule [1..200] Pattern String: <S: 0,60> The pattern against which the alias is compared. Example: xConfiguration Services AdvancedMediaGateway Policy Rules Rule 1 Pattern String: ".branch@example.com" Cisco VCS Administrator Guide (X7.1) Page 407 of 479...
Page 408
Controls whether the VCS takes the media for an ICE to non-ICE call where the ICE participant is thought to be behind a NAT device. Default: Off Example: xConfiguration SIP MediaRouting ICE Mode: Off Cisco VCS Administrator Guide (X7.1) Page 408 of 479...
Page 409
ProxyToKnownOnly: registration requests will be proxied to neighbors only. ProxyToAny: registration requests will be proxied in accordance with the VCS’s existing call processing rules. Default: Off Example: xConfiguration SIP Registration Proxy Mode: Off Cisco VCS Administrator Guide (X7.1) Page 409 of 479...
Page 410
On: only forward requests along route if incoming message has been authenticated. Off: always forward messages that match this route. Default: Off Note: this command is intended for developer use only. Example: xConfiguration SIP Routes Route 1 Authenticated: On Cisco VCS Administrator Guide (X7.1) Page 410 of 479...
Page 411
The minimum value the VCS will negotiate for the session refresh interval for SIP calls. For further information refer to the definition of Min-SE header in RFC 4028. Default: 500 Example: xConfiguration SIP Session Refresh Minimum: 500 Cisco VCS Administrator Guide (X7.1) Page 411 of 479...
Page 412
Determines whether incoming and outgoing SIP calls using the UDP protocol will be allowed. Default: Off Example: xConfiguration SIP UDP Mode: On SIP UDP Port: <1024..65534> Specifies the listening port for incoming SIP UDP calls. Default: 5060 Example: xConfiguration SIP UDP Port: 5060 Cisco VCS Administrator Guide (X7.1) Page 412 of 479...
Page 413
Sets SNMP Version 3 authentication type. Default: SHA Example: xConfiguration SNMP V3 Authentication Type: SHA SNMP V3 Mode: <On/Off> Enables or disables SNMP Version 3 support. Default: On Example: xConfiguration SNMP V3 Mode: On Cisco VCS Administrator Guide (X7.1) Page 413 of 479...
Page 414
Defines the name of the VCS. The system name appears in various places in the web interface and on the front panel of the unit. Choose a name that uniquely identifies the system. Example: xConfiguration SystemUnit Name: "VCS HQ" Cisco VCS Administrator Guide (X7.1) Page 414 of 479...
Page 415
Prefix: the string must appear at the beginning of the alias. Suffix: the string must appear at the end of the alias. Regex: the string is treated as a regular expression. Default: Prefix Example: xConfiguration Transform 1 Pattern Type: Suffix Cisco VCS Administrator Guide (X7.1) Page 415 of 479...
Page 416
Specifies the port on the VCS to be used for demultiplexing RTP media. You must restart the system for any changes to take effect. Default: 2776 Example: xConfiguration Traversal Server Media Demultiplexing RTP Port: 2776 Cisco VCS Administrator Guide (X7.1) Page 416 of 479...
Page 417
SIP messages that originate from non-local domains. See the Administrator Guide for further information. Default: DoNotCheckCredentials Example: xConfiguration Zones LocalZone DefaultSubZone Authentication Mode: DoNotCheckCredentials Cisco VCS Administrator Guide (X7.1) Page 417 of 479...
Page 418
Example: xConfiguration Zones LocalZone DefaultSubZone Bandwidth Total Mode: Limited Zones LocalZone DefaultSubZone Registrations: <Allow/Deny> Controls whether registrations assigned to the Default Subzone are accepted. Default: Allow Example: xConfiguration Zones LocalZone DefaultSubZone Registrations: Allow Cisco VCS Administrator Guide (X7.1) Page 418 of 479...
Page 419
The number of bits of the subnet address which must match for an IP address to belong in this subnet. Default: 32 Example: xConfiguration Zones LocalZone SubZones MembershipRules Rule 1 Subnet PrefixLength: 32 Cisco VCS Administrator Guide (X7.1) Page 419 of 479...
Page 420
Sets the total bandwidth limit (in kbps) of this subzone (applies only if the mode is set to Limited). Default: 500000 Example: xConfiguration Zones LocalZone SubZones SubZone 1 Bandwidth Total Limit: 500000 Cisco VCS Administrator Guide (X7.1) Page 420 of 479...
Page 421
TCP probe to the VCS once a call is established, in order to keep the firewall’s NAT bindings open. Default: 20 Example: xConfiguration Zones LocalZone Traversal H323 TCPProbe KeepAliveInterval: 20 Cisco VCS Administrator Guide (X7.1) Page 421 of 479...
Page 422
Specifies the total bandwidth (in kbps) allowed for all traversal calls being handled by the VCS (applies only if the mode is set to Limited). Default: 500000 Example: xConfiguration Zones LocalZone TraversalSubZone Bandwidth Total Limit: 500000 Cisco VCS Administrator Guide (X7.1) Page 422 of 479...
Page 423
Strip: the matching prefix or suffix is removed from the alias. Replace: the matching part of the alias is substituted with the text in the replace string. Default: Strip Example: xConfiguration Zones Policy SearchRules Rule 1 Pattern Behavior: Strip Cisco VCS Administrator Guide (X7.1) Page 423 of 479...
Page 424
Zones Policy SearchRules Rule [1..2000] State: <Enabled/Disabled> Indicates if the search rule is enabled or disabled. Disabled search rules are ignored. Default: Enabled Example: xConfiguration Zones Policy SearchRules Rule 1 State: Enabled Cisco VCS Administrator Guide (X7.1) Page 424 of 479...
Page 425
Zones Zone [1..1000] DNS Interworking SIP Video DefaultResolution: <None/QCIF/CIF/4CIF/SIF/4SIF/VGA/SVGA/XGA> Specifies which video resolution to use when empty INVITEs are not allowed. Default: CIF Example: xConfiguration Zones Zone 1 DNS Interworking SIP Video DefaultResolution: CIF Cisco VCS Administrator Guide (X7.1) Page 425 of 479...
Page 426
Off: a SIP OPTION message will be sent to the zone. On: searches will be responded to automatically, without being forwarded to the zone. Default: Off Example: xConfiguration Zones Zone 1 DNS SIP SearchAutoResponse: Off Cisco VCS Administrator Guide (X7.1) Page 426 of 479...
Page 427
Default: 15 Example: xConfiguration Zones Zone 2 HopCount: 15 Zones Zone [1..1000] Name: <S: 1, 50> Assigns a name to this zone. Example: xConfiguration Zones Zone 3 Name: "UK Sales Office" Cisco VCS Administrator Guide (X7.1) Page 427 of 479...
Page 428
Off: SIP INVITEs will be generated and a pre-configured SDP will be inserted before the INVITEs are sent to this neighbor. Default: On Example: xConfiguration Zones Zone 3 Neighbor Interworking SIP EmptyInviteAllowed: On Cisco VCS Administrator Guide (X7.1) Page 428 of 479...
Page 429
Example: xConfiguration Zones Zone 3 Neighbor Peer 1 Address: "192.44.0.18" Zones Zone [1..1000] Neighbor Registrations: <Allow/Deny> Controls whether proxied SIP registrations routed through this zone are accepted. Default: Allow Example: xConfiguration Zones Zone 3 Neighbor Registrations: Allow Cisco VCS Administrator Guide (X7.1) Page 429 of 479...
Page 430
Controls whether multipart MIME stripping is performed on requests from this zone. This must be set to On for connections to a Microsoft Office Communications Server 2007. Default: Off Example: xConfiguration Zones Zone 3 Neighbor SIP MIME Strip Mode: Off Cisco VCS Administrator Guide (X7.1) Page 430 of 479...
Page 431
If SIP SDP attribute line limit mode is set to On, sets the maximum line length of a=fmtp SDP lines. Default: 130 Example: xConfiguration Zones Zone 3 Neighbor SIP SDP Attribute Line Limit Length: 130 Cisco VCS Administrator Guide (X7.1) Page 431 of 479...
Page 432
Determines whether or not the VCS will strip the UPDATE method from the Allow header of all requests and responses going to and from this zone. Default: Off Example: xConfiguration Zones Zone 3 Neighbor SIP UPDATE Strip Mode: Off Cisco VCS Administrator Guide (X7.1) Page 432 of 479...
Page 433
"password123" Zones Zone [1..1000] TraversalClient Authentication UserName: <S: 0,128> The user name used by the VCS when connecting to the traversal server. Example: xConfiguration Zones Zone 1 TraversalClient Authentication UserName: "clientname" Cisco VCS Administrator Guide (X7.1) Page 433 of 479...
Page 434
Determines which firewall traversal protocol will be used for SIP calls to and from the traversal server. Note: the same protocol must be set on the server for calls to and from this traversal client. Default: Assent Example: xConfiguration Zones Zone 1 TraversalClient SIP Protocol: Assent Cisco VCS Administrator Guide (X7.1) Page 434 of 479...
Page 435
Determines which of the two firewall traversal protocols will be used for calls to and from the traversal client. Note: the same protocol must be set on the client for calls to and from this traversal server. Default: Assent Example: xConfiguration Zones Zone 5 TraversalServer H323 Protocol: Assent Cisco VCS Administrator Guide (X7.1) Page 435 of 479...
Page 436
Sets the interval (in seconds) with which the traversal client will send a TCP probe to the VCS once a call is established, in order to keep the firewall’s NAT bindings open. Default: 20 Example: xConfiguration Zones Zone 5 TraversalServer TCPProbe KeepAliveInterval: 20 Cisco VCS Administrator Guide (X7.1) Page 436 of 479...
Page 437
TraversalServer: there is a firewall between the zones and the local VCS is a traversal server for the new zone. ENUM: the new zone contains endpoints discoverable by ENUM lookup. DNS: the new zone contains endpoints discoverable by DNS lookup. Example: xConfiguration Zones Zone 3 Type: Neighbor Cisco VCS Administrator Guide (X7.1) Page 437 of 479...
Assigns a name to this Advanced Media Gateway policy rule. Description: <S: 0,64> A free-form description of the membership rule. Example: xCommand AMGWPolicyRuleAdd Name: "Deny branch calls" Description: "Deny all calls to branch office" Cisco VCS Administrator Guide (X7.1) Page 438 of 479...
Page 439
Default: ReadWrite Example: xCommand AdminLoginGroupAdd Name: "VCS" Access: ReadWrite AdminLoginGroupDelete Deletes an administrator login group. AdminLoginGroupId(r): <1..30> The index of the administrator login group to be deleted. Example: xCommand AdminLoginGroupDelete AdminLoginGroupId: 1 Cisco VCS Administrator Guide (X7.1) Page 439 of 479...
Page 440
Suffix: the string must appear at the end of the alias. Regex: the string will be treated as a regular expression. Default: Exact. Description: <S: 0,64> A free-form description of the Allow List rule. Example: xCommand AllowListAdd PatternString: "John.Smith@example.com" PatternType: Exact Description: "Allow John Smith" Cisco VCS Administrator Guide (X7.1) Page 440 of 479...
Page 441
Example: xCommand CheckPattern Target: "john.smith@example.net" Pattern: "@example.net" Type: "suffix" Behavior: replace Replace: "@example.com" DefaultLinksAdd Restores links between the Default Subzone, Traversal Subzone and the Default Zone. This command has no parameters. Example: xCommand DefaultLinksAdd Cisco VCS Administrator Guide (X7.1) Page 441 of 479...
Page 442
The serial number of the call to be disconnected. Note: you must specify either a call index or call serial number when using this command. Example: xCommand DisconnectCall CallSerialNumber: "6d843434-211c-11b2-b35d- 0010f30f521c" Cisco VCS Administrator Guide (X7.1) Page 442 of 479...
Page 443
Descriptive name for the external application whose status is being referenced. Example: xCommand ExtAppStatusDelete Name: foo FeedbackDeregister Deactivates a particular feedback request. ID: <1..3> The index of the feedback request to be deactivated. Example: xCommand FeedbackDeregister ID: 1 Cisco VCS Administrator Guide (X7.1) Page 443 of 479...
Page 444
Specifies the first pipe to be associated with this link. Pipe2: <S: 1, 50> Specifies the second pipe to be associated with this link. Example: xCommand LinkAdd LinkName: "Subzone1 to UK" Node1: "Subzone1" Node2: "UK Sales Office" Pipe1: "512Kb ASDL" Cisco VCS Administrator Guide (X7.1) Page 444 of 479...
Page 445
OptionKeyAdd Adds a new option key to the VCS. These are added to the VCS in order to add extra functionality, such as increasing the VCS's capacity. Contact your Cisco representative for further information. Key(r): <S: 0, 90> Specifies the option key of your software option.
Page 446
Example: xCommand PipeAdd PipeName: "512k ADSL" TotalMode: Limited Total: 512 PerCallMode: Limited PerCall: 128 PipeDelete Deletes a pipe. PipeId(r): <1..1000> The index of the pipe to be deleted. Example: xCommand PipeDelete PipeId: 2 Cisco VCS Administrator Guide (X7.1) Page 446 of 479...
Page 447
"service" StatusPath: "status" UserName: "user123" Password: "password123" DefaultCPL: "<reject status='403' reason='Service Unavailable'/>" PolicyServiceDelete Deletes a policy service. PolicyServiceId(r): <1..5> The index of the policy service to be deleted. Example: xCommand PolicyServiceDelete PolicyServiceId: 1 Cisco VCS Administrator Guide (X7.1) Page 447 of 479...
Page 448
The zone or policy service to query if the alias matches the search rule. Description: <S: 0, 64> A free-form description of the search rule. Example: xCommand SearchRuleAdd Name: "DNS lookup" ZoneName: "Sales Office" Description: "Send query to the DNS zone" Cisco VCS Administrator Guide (X7.1) Page 448 of 479...
Page 449
Tag value specified by external applications to identify routes that they create. Example: xCommand SIPRouteAdd Method: "SUBSCRIBE" RequestLinePattern: ".*@(%localdomains%|%ip%)" HeaderName: "Event" HeaderPattern: "(my-event-package)(.*)" Authenticated: On Address: "127.0.0.1" Port: 22400 Transport: TCP Tag: "Tag1" Cisco VCS Administrator Guide (X7.1) Page 449 of 479...
Page 450
Example: xCommand SubZoneAdd SubZoneName: "BranchOffice" TotalMode: Limited Total: 1024 PerCallInterMode: Limited PerCallInter: 512 PerCallIntraMode: Limited PerCallIntra: 512 SubZoneDelete Deletes a subzone. SubZoneId(r): <1..1000> The index of the subzone to be deleted. Example: xCommand SubZoneDelete SubZoneId: 2 Cisco VCS Administrator Guide (X7.1) Page 450 of 479...
Page 451
Indicates if the transform is enabled or disabled. Disabled transforms are ignored. Default: Enabled Example: xCommand TransformAdd Pattern: "example.net" Type: suffix Behavior: replace Replace: "example.com" Priority: 3 Description: "Change example.net to example.com" State: Enabled Cisco VCS Administrator Guide (X7.1) Page 451 of 479...
Page 452
Note: this command is intended for developer use only. WarningID(r): <S:36, 36> The warning ID. WarningText(r): <S:0, 255> The description of the warning. Example: xCommand WarningRaise WarningID: "ab3d63f6-c0bb-4a9c-a121-e683abfedff0" WarningText: "Module foo is malfunctioning” Cisco VCS Administrator Guide (X7.1) Page 452 of 479...
Page 453
Note that this command does not change any existing system configuration. Alias(r): <S: 1, 60> The alias to be searched for. Example: xCommand ZoneList Alias: "john.smith@example.com" Cisco VCS Administrator Guide (X7.1) Page 453 of 479...
The current xStatus elements are: Alternates Applications Calls Ethernet ExternalManager Feedback FindMeManager H323 LDAP Links Loggers Options Pipes Policy Registrations ResourceUsage SystemUnit TURN Zones Each element has the sub-elements as described below: Cisco VCS Administrator Guide (X7.1) Page 454 of 479...
Page 463
Calls: {visible only if there are calls} Call [0..900]: {0..900 entries} CallId: <S: 1,255> TraversalSubZone: Name: “TraversalSubZone” Bandwidth: LocalUsage: <0..100000000> ClusterUsage: <0..100000000> Calls: {visible only if there are calls} Call [0..900]: {0..900 entries} CallId: <S: 1,255> ClusterSubZone: Cisco VCS Administrator Guide (X7.1) Page 463 of 479...
Page 464
H323: {visible if H323 Mode=On for Zone} Status: <Unknown/Active/Failed> Cause: {visible if Status is Failed} <No response from gatekeeper/DNS resolution failed/Invalid alias/Authentication Failed/Invalid IP address> Address: <IPv4Addr/IPv6Addr> {One Address line per address from DNS lookup} Cisco VCS Administrator Guide (X7.1) Page 464 of 479...
Page 465
SIP: {visible if SIP Mode=On for Zone} Status: Active Address: <IPv4Addr/IPv6Addr> {One Address line per address from DNS lookup} Port: <1..65534> LastStatusChange: <Time not set/Date Time> Calls: {0..900 entries} Call [0..900]: CallID: <S: 1,255> Cisco VCS Administrator Guide (X7.1) Page 465 of 479...
Policy service request parameters When the Cisco VCS uses a policy service it sends information about the call or registration request to the service in a POST message using a set of name-value pair parameters. The service can then make decisions based upon these parameters combined with its own policy decision logic and supporting data (for example lists of aliases that are allowed to register or make and receive calls, via external data lookups such as an LDAP database or other information sources).
The service response must be a 200 OK message with CPL contained in the body. Cryptography support External policy servers should support TLS and AES-256/AES-128/3DES-168. SHA-1 is required for MAC and Diffie-Hellman / Elliptic Curve Diffie-Hellman key exchange; the VCS does not support MD5. Cisco VCS Administrator Guide (X7.1) Page 467 of 479...
ITU Specification: H.350 Directory services architecture for http://www.itu.int/rec/T-REC-H.350/en multimedia conferencing Management Information Base for Network Management of http://tools.ietf.org/html/rfc1213 TCP/IP-based internets: MIB-II Microsoft OCS 2007 / Lync 2010, Cisco AM GW and VCS D14652 www.cisco.com deployment guide Microsoft OCS 2007, Lync 2010 and VCS deployment guide D14269 www.cisco.com...
Page 470
Traversal Using Relays around NAT (TURN): Relay Extensions http://tools.ietf.org/html/rfc5766 to Session Traversal Utilities for NAT (STUN) VCS Administrator Guide (this document) D14049 www.cisco.com VCS and Cisco Unity Connection Voicemail Integration D14809 www.cisco.com deployment guide VCS Cluster creation and maintenance deployment guide D14367 www.cisco.com...
Cisco TMS A Cisco product used for the management of video networks. Cisco TelePresence Management Suite Cisco VCS A generic term for the Cisco product which acts as a gatekeeper and SIP proxy/server. Cisco TelePresence Video Communication Server Cisco VCS Control A VCS whose main function is to act as a gatekeeper, SIP proxy and firewall traversal client.
Page 472
The act of crossing a firewall or NAT device. FindMe™ Cisco TelePresence FindMe is a User Policy feature that allows users to have a single alias on which they can be reached regardless of the endpoints they are currently using.
Page 473
2460. Internet Protocol version A request sent to an endpoint requesting information about its status. Information Request A geographically limited computer network, usually with a high bandwidth throughput. Local Area Network Cisco VCS Administrator Guide (X7.1) Page 473 of 479...
Page 474
The MOC client can be used for instant messaging, presence, voice and video calls client and ad hoc conferences. Multiway Cisco TelePresence Multiway enables endpoint users to create a conference while in a call even if their endpoint does not have this functionality built in. See the Conference Factory section for more information.
Page 475
An encrypted protocol used to provide a secure CLI. Secure Shell SIMPLE An instant messaging and presence protocol based on SIP. Session Initiation Protocol for Instant Messaging and Presence Leveraging Extensions Cisco VCS Administrator Guide (X7.1) Page 475 of 479...
Page 476
Traversal-enabled Any endpoint that supports the Assent and/or ITU H.460.18 and H.460.19 standards endpoint for firewall traversal. This includes all Cisco TelePresence MXP endpoints. TURN Relay extensions to STUN (Session Traversal Utilities for NAT). Traversal Using Relays around NAT Cisco VCS Administrator Guide (X7.1)
Page 477
VCS has a neighbor, traversal client or traversal server relationship, and to configure the way in which the VCS performs ENUM and DNS searches. Cisco VCS Administrator Guide (X7.1) Page 477 of 479...
Page 479
MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners.