Cisco Cisco Expressway Maintenance Manual
Device Authentication
This section provides information about the Expressway's authentication policy and the pages that appear under the
Configuration > Authentication menu.
Configuration > Authentication menu.
About Device Authentication
Device authentication is the verification of the credentials of an incoming request to the Expressway from a device or
external system. It is used so that certain functionality may be reserved for known and trusted users.
external system. It is used so that certain functionality may be reserved for known and trusted users.
Unified Communications mobile and remote access devices
You do not have to make any explicit configuration on the Expressway regarding the authentication of devices that
are registering to Unified CM via the Expressway. The Expressway automatically handles the authentication of these
devices against its home Unified CM cluster.
are registering to Unified CM via the Expressway. The Expressway automatically handles the authentication of these
devices against its home Unified CM cluster.
Rich media sessions
Devices communicating with the Expressway that are participating in rich media sessions are subject to the
Expressway's configurable authentication policy.
Expressway's configurable authentication policy.
When device authentication is enabled, any device that attempts to communicate with the Expressway is challenged
to present its credentials (typically based on a username and password). The Expressway will then verify those
credentials against its
to present its credentials (typically based on a username and password). The Expressway will then verify those
credentials against its
Expressway authentication policy can be configured separately for each zone. This means that both authenticated
and unauthenticated devices could be allowed to communicate with the same Expressway if required. Subsequent
call routing decisions can then be configured with different rules based upon whether a device is authenticated or
not.
and unauthenticated devices could be allowed to communicate with the same Expressway if required. Subsequent
call routing decisions can then be configured with different rules based upon whether a device is authenticated or
not.
Controlling System Behavior for Authenticated and Non-authenticated Devices
How calls and other messaging from authenticated and non-authenticated devices are handled depends on how
search rules, external policy services and CPL are configured.
search rules, external policy services and CPL are configured.
Search rules
When configuring a search rule, use the Request must be authenticated attribute to specify whether the search rule
applies only to authenticated search requests or to all requests.
applies only to authenticated search requests or to all requests.
External policy services
External policy services are typically used in deployments where policy decisions are managed through an external,
centralized service rather than by configuring policy rules on the Expressway itself. You can configure the Expressway
to use policy services in the following areas:
centralized service rather than by configuring policy rules on the Expressway itself. You can configure the Expressway
to use policy services in the following areas:
■
■
■
■
Cisco Systems, Inc.
118