Cisco Cisco Expressway Manual De Mantenimiento
1. On Expressway-C, go to
Configuration > Domains
.
2. Click New (or click View/Edit if the required domain already exists).
3. Enter your local Domain name to be federated.
4. Set XMPP federation to On.
5. Click Save.
6. Repeat for any other local domains requiring federation.
Configuring Expressway-E for XMPP federation
We recommend that XMPP federation configuration changes are made 'out of hours'. Enabling XMPP
federation will restart the XCP router on all Expressway-E systems within the cluster. This will temporarily
interrupt any existing mobile and remote access IM&P client sessions. Depending on the number of clients,
full client reconnection may take several minutes. (See
federation will restart the XCP router on all Expressway-E systems within the cluster. This will temporarily
interrupt any existing mobile and remote access IM&P client sessions. Depending on the number of clients,
full client reconnection may take several minutes. (See
1. On Expressway-E, go to
Configuration > Unified Communications
.
2. Set XMPP federation support to On.
When you apply this change, you may need to restart the XCP Routers on the IM&P server(s). The other
settings on this page will not require a restart.
settings on this page will not require a restart.
3. Configure the remaining fields as follows:
Use static
routes
routes
Indicates whether a controlled list of static routes are used to locate the federated XMPP
domains and chat node aliases, rather than DNS lookups. See
domains and chat node aliases, rather than DNS lookups. See
Dialback
secret
secret
Enter the dialback secret to use for identity verification with federated XMPP servers. If you
have multiple Expressway-E systems in the same deployment, they must all be configured with
the same dialback secret.
have multiple Expressway-E systems in the same deployment, they must all be configured with
the same dialback secret.
.
Security
mode
mode
Indicates if a TLS connection to federated XMPP servers is required, preferred or not required.
TLS required: the system guarantees a secure (encrypted) connection with the foreign domain.
TLS optional: the system attempts to establish a TLS connection with the foreign domain. If it
fails to establish a TLS connection, it reverts to TCP.
fails to establish a TLS connection, it reverts to TCP.
No TLS: the system will not establish a TLS connection with the foreign domain. It uses a non-
encrypted connection to federate with the foreign domain.
encrypted connection to federate with the foreign domain.
In all cases, server dialback is used to verify the identity of the foreign server. The foreign server
must be configured to use server dialback. Note that SASL External is not a supported
configuration on the local server. Foreign servers may be configured to use SASL, but SASL
exchanges will not be supported by the local server.
must be configured to use server dialback. Note that SASL External is not a supported
configuration on the local server. Foreign servers may be configured to use SASL, but SASL
exchanges will not be supported by the local server.
The default, and recommended setting, is TLS required.
Require
client-side
security
certificates
client-side
security
certificates
Controls whether the certificate presented by the external client is verified against the
Expressway's current trusted CA list and, if loaded, the revocation list.
Expressway's current trusted CA list and, if loaded, the revocation list.
This setting does not apply if Security mode is No TLS.
Note that the federated domain name and any chat node aliases must be present in the
certificate's subject alternate name, regardless of this setting.
certificate's subject alternate name, regardless of this setting.
Cisco Expressway Administrator Guide (X8.5)
Page 82 of 394
Unified Communications
External XMPP federation