Cisco Cisco TelePresence Video Communication Server Expressway 관리 매뉴얼
Network and system settings
Cisco VCS Administrator Guide (X7.2)
Page 62 of 498
For each additional per-domain DNS server address you can specify up to 2 Domain names. Any DNS
queries under those domains are forwarded to the specified DNS server instead of the default DNS servers.
queries under those domains are forwarded to the specified DNS server instead of the default DNS servers.
You can specify redundant per-domain servers by adding an additional per-domain DNS server address and
associating it with the same Domain names. In this scenario, DNS requests for those domains will be sent
in parallel to both DNS servers.
associating it with the same Domain names. In this scenario, DNS requests for those domains will be sent
in parallel to both DNS servers.
Tip: you can also use the
tool (
Maintenance > Tools > Network utilities > DNS lookup
) to
check which domain name server (DNS server) is responding to a request for a particular hostname.
Configuring Quality of Service settings
The
Quality of Service
(QoS) page (
System > Quality of Service
) is used to configure QoS options for
outbound traffic from the VCS.
This allows the network administrator to tag all signaling and media packets flowing through the VCS with
one specific QoS tag and hence provide the ability to prioritize video traffic over normal data traffic.
Management traffic, for example SNMP messages, is not tagged.
one specific QoS tag and hence provide the ability to prioritize video traffic over normal data traffic.
Management traffic, for example SNMP messages, is not tagged.
Supported mechanisms
The VCS supports the DiffServ (Differentiated Services) mechanism which puts the specified Tag value in
the TOS (Type Of Service) field of the IPv4 header or TC (Traffic Class) field of the IPv6 header.
the TOS (Type Of Service) field of the IPv4 header or TC (Traffic Class) field of the IPv6 header.
Configuring firewall rules
Firewall rules provide the ability to configure IP table rules to control access to the VCS at the IP level.
The VCS has a set of built-in rules that cannot be modified. The built-in rules can be supplemented by user-
configured rules that refine — and typically restrict — what can access the VCS.
configured rules that refine — and typically restrict — what can access the VCS.
Built-in rules
There are 2 sets of built-in rules that always apply:
n
The first set of built-in rules is a single rule that enables the loopback interface. As it is applied before the
user-configured rules, it cannot be overridden.
user-configured rules, it cannot be overridden.
n
The second set of built-in rules is applied after the user-configured rules. They enable some specific
services and enable access to all traffic destined to this VCS. These rules can be overridden, or refined, by
the user-configured rules.
services and enable access to all traffic destined to this VCS. These rules can be overridden, or refined, by
the user-configured rules.
This means that by default everything is allowed access to the VCS. You have to actively configure extra
rules to lock down the box to your specifications.
rules to lock down the box to your specifications.
The following table shows the built-in rules, and the sequence in which the built-in and the user-configured
rules are applied:
rules are applied:
Source
address
address
Destination
address
address
Protocol Port
Action Comment
Any
lo
Any
Any
Allow
VCS loopback interface