TANDBERG Gatekeeper Network Card User Manual


 
TANDBERG Gatekeeper User Guide
Page 36 of 105
8. Registration Control
The TANDBERG Gatekeeper can control which endpoints are allowed to register with it. Two separate
mechanisms are provided: a simple Registration Restriction Policy, and an authentication process based
on user names and passwords. It is possible to use both mechanisms at once: authentication to verify
an endpoint's identity from a corporate directory, and registration restriction to control which of those
authenticated endpoints may register with a particular Gatekeeper.
8.1. Setting Registration Restriction Policy
When an endpoint registers with your Gatekeeper it presents a list of aliases. You can control which
endpoints are allowed to register by including any one of its aliases on the Allow List or the Deny list.
Entries on the Allow and Deny Lists are in the form of patterns. When an endpoint attempts to register,
each of its aliases are compared with the patterns in the relevant list to see if they match. A pattern can
either specify an exact alias, or use wildcards to specify a group of aliases whose registration you want
to control.
For example, if the Registration Restriction policy is set to Deny and an endpoint attempts to register
using three aliases, one of which matches a pattern on the Deny list, that endpoints registration will be
denied. Likewise, if the Registration Restriction policy is set to Allow, only one of the endpoints aliases
needs to match a pattern on the Allow list for it to be allowed to register using all its aliases.
8.1.1. Viewing the Allow and Deny lists
To view the entries in the Allow and Deny lists, either issue the following commands:
xConfiguration Gatekeeper Registration AllowList
xConfiguration Gatekeeper Registration DenyList
or go to Gatekeeper Configuration -> Restrictions. The Allow and Deny list entries appear in the Allowed
Registrations and Denied Registrations boxes respectively (see Figure 17).
8.1.2. Activating use of Allow or Deny lists
To activate the use of Allow or Deny lists when determining which aliases are allowed to register with the
Gatekeeper, either issue the following command:
xConfiguration Gatekeeper Registration RestrictionPolicy
[None|AllowList|DenyList ]
or go to Gatekeeper Configuration > Restrictions and select one of the options from the Registration
restriction policy drop-down menu .
The options are as follows:
None (default)
Any endpoint may register.
AllowList
Only those endpoints with an alias that matches an entry in the Allow List may
register.
DenyList
All endpoints may register, unless they match an entry on the Deny List.
Note: Allow Lists and Deny Lists are mutually exclusive: only one may be in use at any given time.