Cisco Cisco TelePresence Video Communication Server Expressway 관리 매뉴얼
Device authentication
Authentication
policy
policy
Trust
In local domain
Outside local domain
Treat as
authenticated
authenticated
Off
Messages are not challenged for
authentication.
authentication.
All messages are classified as
authenticated.
authenticated.
Any existing P-Asserted-Identity
header is removed and a new one
containing the VCS's originator ID is
inserted into the message.
header is removed and a new one
containing the VCS's originator ID is
inserted into the message.
Messages are not challenged for
authentication.
authentication.
All messages are classified as
unauthenticated.
unauthenticated.
Any existing P-Asserted-Identity
headers are removed.
headers are removed.
On
Messages are not challenged for
authentication.
authentication.
All messages are classified as
authenticated.
authenticated.
Messages with an existing P-
Asserted-Identity header are passed
on unchanged. Messages without an
existing P-Asserted-Identity header
have one inserted.
Asserted-Identity header are passed
on unchanged. Messages without an
existing P-Asserted-Identity header
have one inserted.
Messages are not challenged for
authentication.
authentication.
Messages with an existing P-
Asserted-Identity header are
classified as authenticated, and the
header is passed on unchanged.
Asserted-Identity header are
classified as authenticated, and the
header is passed on unchanged.
Messages without an existing P-
Asserted-Identity header are
classified as unauthenticated.
Asserted-Identity header are
classified as unauthenticated.
Subzone-level Authentication Policy
The VCS's Authentication Policy at the subzone level controls how the VCS authenticates incoming
messages (including registration requests) from that subzone.
messages (including registration requests) from that subzone.
To configure a subzone's Authentication policy, go to the Edit subzone page (
VCS configuration
> Local Zone > Subzones
, then click View/Edit or the name of the subzone). You can also configure
the Default Subzone's Authentication policy. The policy is set to Do not check credentials by
default.
default.
The behavior varies for H.323 and SIP messages as shown in the tables below:
H.323
Authentication
policy
policy
Behavior
Check
credentials
credentials
Messages are classified as either authenticated or unauthenticated depending on
whether any credentials in the message can be verified against the authentication
database. Messages that pass authentication are classified as authenticated.
whether any credentials in the message can be verified against the authentication
database. Messages that pass authentication are classified as authenticated.
If no credentials are supplied, the message is always classified as
unauthenticated.
unauthenticated.
Note that unauthenticated registration requests are rejected.
Do not check
credentials
credentials
Message credentials are not checked and all messages are classified as
unauthenticated.
unauthenticated.
Treat as
authenticated
authenticated
Message credentials are not checked and all messages are classified as
authenticated.
authenticated.
Cisco VCS Administrator Guide (X6.1)
Page 73 of 401