Cisco Cisco TelePresence Video Communication Server Expressway 관리 매뉴얼
Device authentication
Device authentication configuration
The Device authentication configuration page (
VCS configuration > Authentication > Devices
> Configuration
) is used to control the type of database used by the Cisco VCS to store the
authentication credentials used by systems and devices that attempt to communicate with the Cisco
VCS.
VCS.
Authentication database
To verify the identity of a device, the Cisco VCS needs access to a database on which all
authentication credential information (usernames, passwords, and other relevant information) is
stored. This database may be located either locally on the Cisco VCS, or on an LDAP Directory
Server. The Cisco VCS looks up the endpoint’s username in the database and retrieves the
authentication credentials for that entry. If the credentials match those supplied by the endpoint, the
registration is allowed to proceed.
authentication credential information (usernames, passwords, and other relevant information) is
stored. This database may be located either locally on the Cisco VCS, or on an LDAP Directory
Server. The Cisco VCS looks up the endpoint’s username in the database and retrieves the
authentication credentials for that entry. If the credentials match those supplied by the endpoint, the
registration is allowed to proceed.
The Database type setting determines which database the Cisco VCS uses during authentication:
n
Local database: the local authentication database is used. You must configure the
to use this option.
n
LDAP database: a remote LDAP database is used. You must configure the
to use this
option.
The default is Local database.
Note that:
n
If the Cisco VCS is a traversal server, you must ensure that each traversal client’s authentication
credentials are entered into the selected database.
credentials are entered into the selected database.
n
The Cisco VCS supports the ITU H.235 [
] specification for authenticating the identity of H.323
network devices with which it communicates.
Endpoint credentials used for authentication
An endpoint must supply the Cisco VCS with a username and password if it is required to authenticate
with the Cisco VCS, for example when attempting to register and the relevant subzone's
Authentication Policy is set to Check credentials.
with the Cisco VCS, for example when attempting to register and the relevant subzone's
Authentication Policy is set to Check credentials.
For Cisco endpoints using H.323, the username is typically the endpoint’s Authentication ID; for
Cisco endpoints using SIP it is typically the endpoint’s Authentication username.
Cisco endpoints using SIP it is typically the endpoint’s Authentication username.
For details of how to configure endpoints with a username and password, please consult the endpoint
manual.
manual.
Device authentication using LDAP
The Device LDAP configuration page (
VCS configuration > Authentication > Devices > LDAP
configuration
) is used to configure a connection to the LDAP database used during device
authentication.
Authentication process
If the Cisco VCS is using an LDAP server for authentication, the process is as follows:
1. The endpoint presents its username and authentication credentials (these are generated using its
password) to the Cisco VCS, and the aliases with which it wants to register.
2. The Cisco VCS looks up the username in the LDAP database and obtains the authentication and
alias information for that entry.
Cisco VCS Administrator Guide (X6)
Page 75 of 295