08-02-2012 12:17 PM - edited 03-17-2019 11:33 PM
What all is considered for an endpoint to be considered authenticated either true or false when it is applied to search rules?
We have several endpoints ranging from C-Series to E20s that don't authenticate or require credentials when they register, and we have Jabber Video that of course authenticates. I'm asking as this applies to call policies and want to try to do some testing, but due to the authenticated true/false of some of the endpoints I want to get it right.
Default Zone: Do not check credentials
Default SubZone: Treat as authenticated
Subzones: Treat as authenticated
The SubZones are set so that they will allow presence.
08-03-2012 12:28 AM
Endpoints are considered authenticated if the zone or subzone they are in is set to Treat as authenticated. Or if the zone or subzone is set to check credentials and the endpoint supplies the right credentials. for example on my EX90 it has settings:
xConfiguration H323 Profile 1 Authentication LoginName:
xConfiguration H323 Profile 1 Authentication Password:
xConfiguration SIP Profile 1 Authentication 1 LoginName:
xConfiguration SIP Profile 1 Authentication 1 Password:
and if these are set correctly and the endpoint is challenege for it's credentials, and provides the correct ones, it will then be considered authenticated.
08-03-2012 07:18 AM
What promted my questions, was I did some checking on previous searches against the VCS from some of our local endpoints, and some of the searches are showing as being false and others as true.
08-03-2012 08:33 AM
Here are a few examples of the search history, it's a combination of SIP and H323.
---------------------------------------
---------------------------------------
---------------------------------------
08-06-2012 12:30 AM
Hi Patrick,
This is likely due to differences between SIP and H.323 - SIP can be challenged for authentication on every single message, but H.323 is only challenged on registration.
08-06-2012 09:49 AM
Thanks, it makes sence and why I'm seening different statuses for authentication for the protocols. Am I correct that in order to have all unknown endpoints (not locally registered to the VCS) to be affected by a call policy I would need to create my own CPL using the "unauthenticated-origin" method, as the call policy generator in the VCS web gui doesn't write it correct, and the end result is all calls are capable of making it through? From what I've been reading in the other call policy discussions I've searched and read through.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide