cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1462
Views
5
Helpful
2
Replies

VCS CPL block call between SubZones

ma.romero
Level 2
Level 2

Hi,

I am looking, it is possible to create a script to block calls between SubZones, I mean, I don't want, for example, that the Subzone Sales can call to SubZone Marketing.

I haven't different Alias Prefix, the Alias prefix are the same in both SubZones, Is it possible to block call due to IP addressing or the name of SubZone?

In the CPL extensions xsd file and CPL XSD file I didn't find any about Block by IP addressing or between SubZones.

I could find the follwoing example script:

*****************************************************************************************+

<?xml version="1.0" encoding="UTF-8" ?>

<cpl xmlns="urn:ietf:params:xml:ns:cpl"

  xmlns:taa="http://www.tandberg.net/cpl-extensions"

  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

  xsi:schemaLocation="urn:ietf:params:xml:ns:cpl cpl.xsd">

  <taa:routed>

    <address-switch field="registered-origin">

      <not-present>

        <address-switch field="originating-zone">

          <address is="DefaultZone">

            <!-- Reject call with a status code of 403 (Forbidden) -->

            <reject status="403" reason="Denied by policy"/>

          </address>

          <address is="DefaultSubZone">

            <!-- Reject call with a status code of 403 (Forbidden) -->

            <reject status="403" reason="Denied by policy"/>

          </address>

          <otherwise>

            <proxy/>

          </otherwise>

        </address-switch>

      </not-present>

    </address-switch>

  </taa:routed>

</cpl>

*******************************************************************************************

But only block calls between DefaultZone and DefaultSubZone.

Thakns in advance.

Best regards.

1 Accepted Solution

Accepted Solutions

awinter2
Level 7
Level 7

Hi,

at the time when the CPL is processed, the location of the destination device is not yet known, and you therefore can't do CPL decisions based on destination zone or subzone.

To work around this, you could for instance use a unique prefix/syntax for each subzone, so that you can implicitly identify the destination zone/subzone based on this prefix/syntax.

It would also be possible to 'outsource' this decision making with the use of Policy Service, which is an off-box service which can be customized greatly. The external Policy server could for example have an SQL database containing information about all your devices and their associated zone/subzone, and base its decision making on the information which the VCS provides about source and destination aliases for a given call, along with a variety of other metrics.

http://www.cisco.com/en/US/docs/telepresence/infrastructure/vcs/config_guide/Cisco_VCS_External_Policy_Deployment_Guide_X7.pdf  would be a great starting point if you wish to look further into Policy Service.

Hope this helps,

Andreas

View solution in original post

2 Replies 2

awinter2
Level 7
Level 7

Hi,

at the time when the CPL is processed, the location of the destination device is not yet known, and you therefore can't do CPL decisions based on destination zone or subzone.

To work around this, you could for instance use a unique prefix/syntax for each subzone, so that you can implicitly identify the destination zone/subzone based on this prefix/syntax.

It would also be possible to 'outsource' this decision making with the use of Policy Service, which is an off-box service which can be customized greatly. The external Policy server could for example have an SQL database containing information about all your devices and their associated zone/subzone, and base its decision making on the information which the VCS provides about source and destination aliases for a given call, along with a variety of other metrics.

http://www.cisco.com/en/US/docs/telepresence/infrastructure/vcs/config_guide/Cisco_VCS_External_Policy_Deployment_Guide_X7.pdf  would be a great starting point if you wish to look further into Policy Service.

Hope this helps,

Andreas

Hi Andreas,

Thanks for the information.

I am going to try the External Policy.

Best regards.