Terminal name registration, Interzone communication, Radius and tacacs – Cisco H.323 VC-289 User Manual

Configuring H.323 Gatekeepers and Proxies

H.323 Gatekeeper Features

VC-293

Cisco IOS Voice, Video, and Fax Configuration Guide

Terminal Name Registration

Gatekeepers recognize one of two types of terminal aliases, or terminal names:

•

H.323 IDs, which are arbitrary, case-sensitive text strings

•

E.164 addresses, which are telephone numbers

If an H.323 network deploys interzone communication, each terminal should at least have a fully
qualified e-mail name as its H.323 identification (ID), for example, [email protected]. The domain name
of the e-mail ID should be the same as the configured domain name for the gatekeeper of which it is to
be a member. As in the previous example, the domain name would be cisco.com.

Interzone Communication

To allow endpoints to communicate between zones, gatekeepers must be able to determine which zone
an endpoint is in and be able to locate the gatekeeper responsible for that zone. If the Domain Name
System (DNS) mechanism is available, a DNS domain name can be associated with each gatekeeper. See
the DNS configuration task in the

“Configuring Intergatekeeper Communication”

section to understand

how to configure DNS.

RADIUS and TACACS+

Version 1 of the H.323 specification does not provide a mechanism for authenticating registered
endpoints. Credential information is not passed between gateways and gatekeepers. However, by
enabling AAA on the gatekeeper and configuring for RADIUS and TACACS+, a rudimentary form of
identification can be achieved.

If the AAA feature is enabled, the gatekeeper attempts to use the registered aliases along with a password
and completes an authentication transaction to a RADIUS and TACACS+ server. The registration will
be accepted only if RADIUS and TACACS+ successfully authenticates the name.

The gatekeeper can be configured so that a default password can be used for all users. The gatekeeper
can also be configured so that it recognizes a password separator character that allows users to piggyback
their passwords onto H.323-ID registrations. In this case, the separator character separates the ID and
password fields.

Note

The names loaded into RADIUS and TACACS+ are probably not the same names provided for dial
access because they may all have the same password.

Accounting via RADIUS and TACACS+

If AAA is enabled on the gatekeeper, the gatekeeper will emit an accounting record each time a call is
admitted or disconnected.