Cisco Cisco Expressway Maintenance Manual
About device authentication
Device authentication is the verification of the credentials of an incoming request to the Expressway from a
device or external system. It is used so that certain functionality may be reserved for known and trusted
users.
device or external system. It is used so that certain functionality may be reserved for known and trusted
users.
Unified Communications mobile and remote access devices
You do not have to make any explicit configuration on the Expressway regarding the authentication of
devices that are registering to Unified CM via the Expressway. The Expressway automatically handles the
authentication of these devices against its home Unified CM cluster.
devices that are registering to Unified CM via the Expressway. The Expressway automatically handles the
authentication of these devices against its home Unified CM cluster.
Rich media sessions
Devices communicating with the Expressway that are participating in rich media sessions are subject to the
Expressway's configurable authentication policy.
Expressway's configurable authentication policy.
When device authentication is enabled, any device that attempts to communicate with the Expressway is
challenged to present its credentials (typically based on a username and password). The Expressway will
then verify those credentials against its
challenged to present its credentials (typically based on a username and password). The Expressway will
then verify those credentials against its
.
Expressway authentication policy can be configured separately for each zone. This means that both
authenticated and unauthenticated devices could be allowed to communicate with the same Expressway if
required. Subsequent call routing decisions can then be configured with different rules based upon whether a
device is authenticated or not.
authenticated and unauthenticated devices could be allowed to communicate with the same Expressway if
required. Subsequent call routing decisions can then be configured with different rules based upon whether a
device is authenticated or not.
Controlling system behavior for authenticated and non-
authenticated devices
authenticated devices
How calls and other messaging from authenticated and non-authenticated devices are handled depends on
how search rules, external policy services and CPL are configured.
how search rules, external policy services and CPL are configured.
Search rules
When configuring a search rule, use the Request must be authenticated attribute to specify whether the
search rule applies only to authenticated search requests or to all requests.
search rule applies only to authenticated search requests or to all requests.
External policy services
External policy services are typically used in deployments where policy decisions are managed through an
external, centralized service rather than by configuring policy rules on the Expressway itself. You can
configure the Expressway to use policy services in the following areas:
external, centralized service rather than by configuring policy rules on the Expressway itself. You can
configure the Expressway to use policy services in the following areas:
n
n
When the Expressway uses a policy service it sends information about the call request to the service in a
POST message using a set of name-value pair parameters. Those parameters include information about
whether the request has come from an authenticated source or not.
POST message using a set of name-value pair parameters. Those parameters include information about
whether the request has come from an authenticated source or not.
More information about policy services, including example CPL, can be found in External Policy on
Expressway Deployment Guide.
Expressway Deployment Guide.
Cisco Expressway Administrator Guide (X8.1.1)
Page 71 of 343
Device authentication
About device authentication