- User's Guide
- ACL Configuration
- Access Control for a Realm
Access Control for a Realm
Each host within a realm can be policed based on average rate, peak rate, and maximum burst size of signaling messages. These parameters take effect only when the host is trusted. You can also set the trust level for the host within the realm. All untrusted hosts share the bandwidth defined for the media manager: maximum untrusted bandwidth and minimum untrusted bandwidth.
To configure access control for a realm:
- Access the Realm Config. Click the Configuration tab, Network, Realm Config
- On the Realm Config page, do the
following:
Access Control Trust Level Indicate the trust level for the host with the realm. The default value is none. The valid values are: - none—Host is always untrusted. It is never promoted to the trusted list or demoted to the deny list.
- low—Host can be promoted to the trusted list or demoted to the deny list.
- medium—Host can be promoted to the trusted list but is only demoted to untrusted. It is never added to the deny list.
- high—Host is always trusted.
Invalid Signal Threshold Enter the number of invalid signaling messages that trigger host demotion. The value you enter here is only valid when the trust level is low or medium. Available values are: - Minimum—Zero (0) is disabled.
- Maximum—999999999
If the number of invalid messages exceeds this value based on the tolerance window parameter, configured in the media manager, the host is demoted.
The tolerance window default is 30 seconds. Bear in mind, however, that the system uses the same calculation it uses for specifying "recent" statistics in show commands to determine when the number of signaling messages exceeds this threshold. This calculation specifies a consistent start time for each time period to compensate for the fact that the event time, such as a user running a show command, almost never falls on a time-period's border. This provides more consistent periods of time for measuring event counts.
The result is that this invalid signal count increments for two tolerance windows, 60 seconds by default, within which the system monitors whether or not to demote the host. The signal count for the current tolerance window is always added to the signal count of the previous tolerance window and compared against your setting.
Maximum Signal Threshold - Minimum—Zero (0) is disabled.
- Maximum—999999999
If the number of messages received exceeds this value within the tolerance window, the host is demoted.
Untrusted Signal Threshold Set the maximum number of untrusted messages the host can send within the tolerance window. Use to configure different values for trusted and un-trusted endpoints for valid signaling message parameters. Also configurable per realm. The default value is 0, disabling this parameter. The valid range is: - Minimum—Zero (0) is disabled.
- Maximum—999999999
Deny Period Indicate the time period in seconds after which the entry for this host is removed from the deny list. The default value is 30. The valid range is: - Minimum—Zero (0) is disabled.
- Maximum—999999999
- Click OK.
- Save the configuration.