Instruction/ maintenance manual of the product N3 TANDBERG
Go to page of 59
T ANDBERG Gatekeeper User Manual Software version N3 D13381.03 This document is not to be repro duced in whole or in part without pe rmission in w riting from:.
TANDBERG Gatek eeper User Manual ii Trademarks and copyright Copyright 1993-2005 TANDBERG ASA. All rights reserved. This document contains information that is proprietary to TANDBERG ASA.
TANDBERG Gatek eeper User Manual iii Environmental Issues Thank y ou for bu y ing a product which contributes to a reduction in pollution , and thereby helps save the en vironment. Our produc ts reduce the need f or travel and transpor t and thereby reduce pol lution.
TANDBERG Gatek eeper User Manual iv Operator Safety Summary For your protection , please read these saf ety instructions com pletely before operating the equipment and k eep this manual for f uture reference. T he information in this summ ary is intended for opera tors.
v Table Of Contents TANDBERG Gatek eeper User Manual .............................. ................................. ........................i Trademark s and copyright .............................. ................................. ................
TANDBERG Gatek eeper User Manual vi 4.1 Upgrading Us ing HTTP(S) ........................................................ ................................ 30 4.2 Upgrading Us ing SCP .................................... ...............................
1 1 I ntroduction This User Manu al is provided to he lp you make the best us e of your TANDBERG Gatekeeper. A Gatekeeper is a ce ntral part of an H. 323 infrastructure. It prov ides address translat ion and controls access to t he network for H.323 terminals, Gatewa y s and MCUs .
TANDBERG Gatek eeper User Manual 2 1.1 TANDBERG Gatekeeper Overview On the front of the Gatekeeper there are t hree LAN interf aces, a serial port (Data 1) and a Light Emitting Diod e (Power). T he LAN 1 interface is used f or connecting the s y stem to your local area network , LAN interfac e 2 and 3 are disabled.
3 2 I nst allation Precautions: Never install com munication equipm ent during a lightning stor m. Never install jack s for comm unication cables in wet loc ations unless the jack is specificall y designed f or wet locations.
TANDBERG Gatek eeper User Manual 4 Do not place hea vy objects directl y on top of the Gatekeeper. Do not place hot o bjects directly on top, or directly beneath the G atekeeper. Use a grounded AC power outlet for the G atekeeper. 2.2 Mounting The Gatek eeper comes with brack ets for mounting in standard 19" racks.
5 2.5 Gatekeeper Initial Configuration The TANDBERG Gat ekeeper requires s ome configuration before it can be used. This m ust be done using a PC connected to the ser ial port (Data 1). The main thing that needs to be conf igured is the IP settings of the Gatekeeper.
TANDBERG Gatek eeper User Manual 6 xConfiguration Gatekeeper AutoDiscovery comm and in section 5.2 for more inf ormation. 12. Reboot the Gat ekeeper by t y ping the com mand xCommand boot to m ake your new settings take ef fect. 13. Disconnect the ser ial cable.
7 3 Using t he Gatekeeper The Gatek eeper is used by H.323 term inals, Gatewa ys and MCUs. These device s register with the Gatek eeper and the Gatek eeper then provides address translation and c ontrols access to the net work.
TANDBERG Gatek eeper User Manual 8 NOTE Automatic disc overy is a function that a llows the Gatek eeper to reply to multicast G atekeeper discovery m essages from the endpoint. NOTE If you have probl ems registering the endpoint, try turning on au tomatic discover y.
9 Remote z ones can be conf igured through the web interface of the TANDBERG Gatek eeper by navigating to Gat ekeeper Configurat ion > Gatekeeper . See Figure 1 for a sc reenshot of the configuration. Figure 1 Screen shot of the A dding a New Zone configuration NOTE W hen u sing a local zone prefix do not start the E.
TANDBERG Gatek eeper User Manual 10 W hen a Gatekeeper rece ives a Location Requ est, if it cannot respond f rom its own registration database, it will quer y all of its Altern ates before respond ing. This allows the poo l of registrations to be treated as if the y were register ed with a single G atekeeper.
11 3.5 Call Control W hen a n end-point wants t o call another endpo int it presents the address it wants to call to the Gatekeeper usi ng a protocol kno ws as RAS. The Gatek eeper tries to resolve t his address and supplies the ca lling endpoint with infor mation about the cal led endpoint.
TANDBERG Gatek eeper User Manual 12 Figure 3 Admiss ion Request Processing.
13 Figure 4 Location Req uest Processing.
TANDBERG Gatek eeper User Manual 14 3.6 Bandwidth Control The TANDBERG Gat ekeeper allows you to control endpoints ’ use of bandwidth on your network.
15 xConfiguration Links Link [1..100] Pipe2 Name Each subzone m ay be configured with its o wn bandwidth lim its. Calls placed between t wo endpoints in the s ame subzone cons ume resource f rom the subzone ’ s allocation .
TANDBERG Gatek eeper User Manual 16 Figure 6 Config uration of a SubZone th rough the web int erface Figure 7 Adding a new Pipe through t he web interface Figure 8 Config uring the dow nspeeding parameters of the Gatekeeper 3.
17 3.6.2 Bandwidth Control Examples One possible conf iguration for the deplo y ment in Figure 5 is sho wn in Figure 9. Each of the offices is r epresented as a separate sub zone, with band wi dth configur ed according to loca l policy.
TANDBERG Gatek eeper User Manual 18 In Figure , the end points in the enterpr ise register with the Gat ekeeper, whilst thos e in the branch and hom e office register wi th the Border Controller.
19 Figure 12 Gatek eeper example configu ration All of the endpo ints in the enterprise will be ass igned to the defau lt subzone. The T raversal subzone controls tra versal traffic f lowing through the Gatek eeper, whilst the T raversal Zone controls all traf fic traversing the enterprise f irewall and pass ing on to the Border Control ler.
TANDBERG Gatek eeper User Manual 20 match an entr y on the D enyList. Allow lists and De ny lists are m utually exclusive: onl y one may be in use at an y given tim e.
21 To configure the G atekeeper to use the local database of credentials during auth entication issue the follo wing commands xConfiguration Authentication Mode: On xConfiguration Authentication Database: LocalDatabase Each credential in the local database has a username and a pass word.
TANDBERG Gatek eeper User Manual 22 xConfiguration LDAP UserDN: "Your user DN" xConfiguration LDAP Password: "password" The status of the con nection betwee n the Gatekeeper and th.
23 Figure 16 Configu ring the Gatekeeper to aut henticate w ith an LDAP server u sing TLS encryption 3.9 URI Dialing If an alias is not located in the Gatek eeper ’ s list of registrations, it m ay attempt to find an authoritative Gatek eeper through the DNS s ystem.
TANDBERG Gatek eeper User Manual 24 Figure 17 IP Conf iguration Screen 3.9.1 URI Dialing and firewall traversal If URI dialing is be ing used in conju nction with firewall t raversal, DNSResolut ionMode should only be enabled on the Border Controller.
25 To configure the G atekeeper for firewall traversal, use the W eb or console interf ace (see Figure 18 for this configuration screen on the web interf ace).
TANDBERG Gatek eeper User Manual 26 xConfiguration Gatekeeper Policy Mode <On/Off> Policy interacts with authentication (sec tion 3.7.2, Authenticatio n).
27 “ display ” Not defined for a ny alias types address The address cons truct is used within an a ddress-switch to spec ify addresses to match. Please note that al l address com parisons ignore upper /lower case differences so <address is= “ Fred ” > will matc h “ fred ” , “ freD ” etc .
TANDBERG Gatek eeper User Manual 28 an E.164 num ber. proxy On executing a prox y node the Gatek eeper will attem pt to forward the cal l to the locations specified in the curr ent location set.
29 User "fred" will n ot accept calls from anyone at "annoying.com ", or from any unauthenticate d users. All other users will allow an y calls.
TANDBERG Gatek eeper User Manual 30 4 Sof t w are Upg rade Software upgrade c an be done in one of two ways: Using a web bro wser (HTTP/HTT PS). Using secure cop y (SCP). NOTE To upgrade the G atekeeper, a valid Rel ease key and sof tware file is required.
31 4. Enter the release k ey and press Install Sof tware. You will get a new screen where you can upload the sof tware image: 5. Browse to the f ile containing the sof tware and press Install. You should see a pag e indicating that up load is in progress: 6.
TANDBERG Gatek eeper User Manual 32 NOTE Make sure y ou transfer the release key file bef ore transferring the soft ware image. Also m ake sure you name the f iles exactly as descr ibed below. NOTE The release ke y file should contain j ust the 16 character release key.
33 5 Configuri ng the Gatekeeper This chapter lists the basic usage of each command. The com mands also support more advanced usage, which is outside th e scope of this do cument. 5.1 Status The status root com mand, xstatus, returns s tatus inform ation from the Gatekeeper.
TANDBERG Gatek eeper User Manual 34 Command Usage Description ResourceUsage xstatus Reso urceUsage Reports usage of sy stem resource s. Registration s : Number of curr ently registered endpoints. MaxRegistrat ions : Max imum number of registered endpoints since sys tem start.
35 xconfigurati on ? To list all configur ation data, type xconfigurati on To show a specif ic configuration value, t ype xconfigurati on <name> To show usage inf ormation for a specific configu.
TANDBERG Gatek eeper User Manual 36 Configuration com mands Description xConfigurati on Gatekeepe r Alternate GK [1..5]: <IPA ddr> List of Alternate Ga tekeepers ’ IP addresses . xConfigurati on Gatekeepe r AutoDiscover y: <On/Off> Specifies if the Gate keeper suppor ts automatic regi stration of endpoints.
37 Configuration com mands Description xConfigurati on HTTPS Mod e: <On/Off> Enables /disables HTTPS support. No te that HTTP must al so be enabled. You must restart the system for ch anges to take e ffect. xConfigurati on IP Addres s: <IPAddr> Specify the IP address of the system.
TANDBERG Gatek eeper User Manual 38 Configuration com mands Description xConfigurati on Pipes Pip e [1..100] Bandwidth To tal Limit: < 1..10000000 0> Bandw idth associated w ith a pipe, keye d by index .
39 Configuration com mands Description xConfigurati on SubZones TraversalSub Zone Bandwid th Total Mo de: <None/Limite d/Unlimited> Whether or not the traversal subzo ne is enforcing total bandw idth restrictions. None correspon ds to no bandw idth available.
TANDBERG Gatek eeper User Manual 40 Configuration com mands Description xConfigurati on Zones Zon e [1..100] Gatekeeper I P Port: <1.. 65534> Specifies the IP port of the neighb or gatekeeper xConfigurati on Zones Zon e [1..100] Gatekeeper H opCount: <1.
41 Comma nd Usage Description DenyListAdd xCommand DenyList Add <denied_alia s> Add an entry to the de ny list, used by the registration restriction policy . DenyListDelete xCommand Den yListDelete <index> Removes the pattern from the den y list at the specified index.
TANDBERG Gatek eeper User Manual 42 Comma nd Usage Description SubZoneDelete xCommand Sub ZoneDelete: <index> Deletes the index ed subzone. ZoneAdd x Command Zone Add <name> <address> <p refix> Adds a new zo ne with the specifie d name, zone prefix and IP address.
43 xfeedback li st To register a feed back expression, t y pe xfeedback re gister <expr ession> To deregister the f eedback expres sion with index <n>, type xfeedback de register <n>.
TANDBERG Gatek eeper User Manual 44 Comma nd Usage Description relkey Relkey Displays the relea se key that this software has been installed with. syslog syslog <leve l> [ipaddr] [ipaddr] ... Enables tracing. <level> - is the log level, 0-3, 3 giv es most logging .
45 6 Appendix: Configuring DNS Servers In the exam ples below, we set up an SRV record to handle H.323 U RIs of the for m user@exam ple.com. These are handled by the Gatekeeper with t he fully qualified dom ain name of G atekeeper1.exam ple.com which is listening on port 1719, the defau lt registration port.
TANDBERG Gatek eeper User Manual 46 then instruct nam ed to reload the files kill – s SIGHUP pid 4. Check the log f iles for any discrepanc ies tail /var/log/messages For m ore detail s of ho w to configure BIND ser vers and the DNS s ystem in general see the book “ DNS and BIND ” 6 .
47 7 Appendix: Configuring LDAP Servers 7.1 Microsoft Active Directory 7.1.1 Prerequisites These com prehensive step by step instructions assume tha t Active Director y is ins talled. For details on installing Active Directory please co nsult your W indows documentation .
TANDBERG Gatek eeper User Manual 48 commUniqueId: comm1 h323Identityh323-ID: MeetingRoom1 h323IdentitydialedDigits: 626262 h235IdentityEndpointID: meetingroom1 h235IdentityPassword: mypassword Add the ldif f ile to the server using the comm and: ldifde -i -c DC=X <ldap_base> -f filename.
49 H.350.2 – Director y services architecture for H.235 - An LDAP schem a to represent H.235 elem ents. The schem as can be downloaded in l dif format fr om the web interface on the Gat ekeeper. To do this, navigate t o the Gatekeeper Conf iguration > Files pag e and click on the link s for the schemas.
TANDBERG Gatek eeper User Manual 50 commUniqueId: comm1 h323Identityh323-ID: MeetingRoom1 h323IdentitydialedDigits: 626262 h235IdentityEndpointID: meetingroom1 h235IdentityPassword: mypassword Add the ldif f ile to the server using the comm and: slapadd -l <ldif _file> This will add a sing le H.
51 8 Approvals The product has been approved b y various international appro val agencies, am ong others: UL and Nemk o. According to their Fo llow-Up Inspection Schem e, these agenci es also perform produc tion inspections at a regular basis, for all product ion of TANDBERG ’ s equipment.
TANDBERG Gatek eeper User Manual 52 9 T echnical Specifications System Capacit y 100-1000 register ed endpoints 25-200 concurrent calls 0-100 traversal ca lls 100 zones (The s y stem ’ s capacit y d.
53 10 Index AllowList, 19, 36, 40 Alternate, 9, 24, 36 Authentication LDAP, 35 local database, 35 Bandwidth Contro l, 37 CPL, 25, 36 examples, 28 unsupported elem ents, 28 Credentials, 21 DenyList, 19.
An important point after buying a device TANDBERG N3 (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought TANDBERG N3 yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data TANDBERG N3 - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, TANDBERG N3 you will learn all the available features of the product, as well as information on its operation. The information that you get TANDBERG N3 will certainly help you make a decision on the purchase.
If you already are a holder of TANDBERG N3, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime TANDBERG N3.
However, one of the most important roles played by the user manual is to help in solving problems with TANDBERG N3. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device TANDBERG N3 along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center
