Cisco Cisco Expressway Maintenance Manual
■
Show CPL XSD file: displays in your browser the XML schema used for the CPL script.
■
Show CPL Extensions XSD file: displays in your browser the XML schema used for additional CPL elements
supported by the Expressway.
supported by the Expressway.
Uploading a CPL script
To upload a new CPL file:
1.
Go to Configuration > Call Policy > Configuration.
2.
From the Policy files section, in the Select the new Call Policy file field, enter the file name or Browse to the
CPL script you want upload.
CPL script you want upload.
3.
Click Upload file.
The Expressway polls for CPL script changes every 5 seconds, so the Expressway will almost immediately start using
the updated CPL script. CPL scripts cannot be uploaded using the command line interface.
the updated CPL script. CPL scripts cannot be uploaded using the command line interface.
Deleting an existing CPL script
If a CPL script has already been uploaded, a Delete uploaded file button will be visible. Click it to delete the file.
Configuring Call Policy to Use an External Service
To configure Call Policy to refer all policy decisions out to an external service:
1.
Go to Configuration > Call policy > Configuration.
2.
Select a Call Policy mode of Policy service.
3.
Configure the fields that are presented as follows:
Field
Description
Usage tips
Protocol
The protocol used to connect to the policy
service.
service.
The default is HTTPS.
The Expressway automatically supports
HTTP to HTTPS redirection when
communicating with the policy service
server.
HTTP to HTTPS redirection when
communicating with the policy service
server.
Certificate
verification
mode
verification
mode
When connecting over HTTPS, this setting
controls whether the certificate presented by
the policy server is verified.
controls whether the certificate presented by
the policy server is verified.
If On, for the Expressway to connect to a policy
server over HTTPS, the Expressway must have
a root CA certificate loaded that authorizes that
server’s server certificate. Also the certificate's
Subject Common Name or Subject Alternative
Name must match one of the Server address
fields below.
server over HTTPS, the Expressway must have
a root CA certificate loaded that authorizes that
server’s server certificate. Also the certificate's
Subject Common Name or Subject Alternative
Name must match one of the Server address
fields below.
The Expressway’s root CA certificates are
loaded via (Maintenance > Security
certificates > Trusted CA certificate).
loaded via (Maintenance > Security
certificates > Trusted CA certificate).
HTTPS
certificate
revocation
list (CRL)
checking
certificate
revocation
list (CRL)
checking
Enable this option if you want to protect
certificate checking using CRLs and you have
manually loaded CRL files, or you have enabled
automatic CRL updates.
certificate checking using CRLs and you have
manually loaded CRL files, or you have enabled
automatic CRL updates.
Go to Maintenance > Security
certificates > CRL management to
configure how the Expressway uploads
CRL files.
certificates > CRL management to
configure how the Expressway uploads
CRL files.
138
Cisco Expressway Administrator Guide