Cisco IOS XR Session Border Controller Configuration Guide Release 3.6
Interim Authentication Header Support
Downloads: This chapterpdf (PDF - 379.0KB) The complete bookPDF (PDF - 12.8MB) | Feedback

Interim Authentication Header Support

Table Of Contents

Interim Authentication Header Support

Contents

Restrictions for Interim Authentication Header Support

Information About Interim Authentication Header Support

Configuring Interim Authentication Header Support

Additional References

Related Documents

Standards

MIBs

Technical Assistance


Interim Authentication Header Support


An interim authentication header (IAH) is part of every H.248 message generated by the DBE to a resource admission control subsystem (RACS). All its fields are set to zero. DBE accepts any H.248 message sent to it that includes an IAH, but it does not verify any of its content. DBE checks for correct syntax only. This functionality works similarly to the RACS (SBE) behavior, since RACS also only checks that an H.248 message contains an IAH, but does not verify its content.

Feature History for Interim Authentication Header Support

Release
Modification

Release 3.5.0

This command was first introduced on the Cisco CRS-1.

Release 3.6.0

No modification.


Contents

This module contains the following sections:

Restrictions for Interim Authentication Header Support

Information About Interim Authentication Header Support

Configuring Interim Authentication Header Support

Additional References

Restrictions for Interim Authentication Header Support

IAH is checked on the receiving message only for correct syntax.

This feature provides no security support, but lays the groundwork for future security support.

Information About Interim Authentication Header Support

The H.248/Megaco MGC operates over transports secured with IPSec or an IAH, as defined in the H.248/Megaco specifications.

Zero interim header authentication is a Cisco-specified requirement for the SBC implementation of H.248/Megaco and deviates from the standard specification as follows:

Messages sent over non-IPSec transports have an added Interim AH header, but all fields in this header are explicitly set to zero:

SecurityParmIndex is set to 0x00000000

SequenceNum is set to 0x00000000

AuthData is set to 0x000000000000000000000000

Messages received over non-IPSec transports should contain an IAH, but this header is not verified for its content. Rather, it is verified for syntactical correctness.

You cannot enable or disable the level of IAH support at runtime (whether or not validation is actually performed).


Note The transport protocol default setting is UDP.


Configuring Interim Authentication Header Support

This section contains the steps for configuring IAH support. The new interim-auth-header keyword is added to the transport command to insert the IAH into H.248 messages.

SUMMARY STEPS

1. configure

2. sbc service-name

3. dbe

4. vdbe

5. controller h248 controller-index

6. transport [tcp|udp] interim-auth-header

7. commit

8. exit

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

configure

Example:

RP/0/0/CPU0:router# configure

Enables the configuration mode.

Step 2 

sbc service-name

Example:

RP/0/0/CPU0:router(config)# sbc mysbc

Enters the mode of an SBC service.

Use the service-name argument to define the name of the SBC.

Step 3 

dbe

Example:

RP/0/0/CPU0:router(config-sbc)# dbe

Enters the mode of the data border element (DBE) function of the SBC.

Step 4 

vdbe

Example:

RP/0/0/CPU0:router(config-sbc-dbe)# vdbe

Enters a submode to the DBE for configuring virtual (vDBE) parameters.

Step 5 

controller h248 controller-index

Example:

RP/0/0/CPU0:router(config-sbc-dbe-vdbe)# controller h248 1

Enters the submode for configuring an H.248 media gateway controller.

Step 6 

transport [udp|tcp] interim-auth-header

Example:

RP/0/0/CPU0:router(config-sbc-dbe-vdbe-h248)# transport tcp interim-auth-header

Configures an H.248 media gateway controller to use a specified transport protocol and inserts an interim authentication header into H.248 messages.

Valid protocols:

udp—Use UDP as a transport protocol for H.248 signaling

tcp—Use TCP as a transport for H.248 signaling

Step 7 

commit

Example:

RP/0/0/CPU0:router(config-sbc-dbe-vdbe-h248)# commit

Saves the configuration changes. Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Step 8 

exit

Example:

RP/0/0/CPU0:router(config-sbc-dbe-vdbe-h248)# exit

Exits the current configuration mode.

Additional References

The following documentation provides references related to Interim Authentication Header Support.

Related Documents

Related Topic
Document Title

Cisco IOS XR master command reference

Cisco IOS XR Master Commands List

Cisco IOS XR SBC interface configuration commands

Cisco IOS XR Session Border Controller Command Reference

Initial system bootup and configuration information for a router using the Cisco IOS XR Software

Cisco IOS XR Getting Started Guide

Cisco IOS XR command modes

Cisco IOS XR Command Mode Reference


Standards

Standards
Title

H.248.1

Media Gateway Control (Megaco) Protocol Standard, v. 1


MIBs

MIBs
MIBs Link

To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at the following URL and choose a platform under the Cisco Access Products menu:

http://cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml


Technical Assistance

Description
Link

The Cisco Technical Support website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.

http://www.cisco.com/techsupport