cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1077
Views
4
Helpful
15
Replies

Restricting access to PSTN/Telco Lines

kelloggs4life
Level 1
Level 1

Hi,

I have a client that has CME 4 installed on a router and they use 7921 I phones. There are 4 PSTN lines connected to the router allowing users to make external calls. The configuration is such that 2 of these lines ring out at specific users extensions while the other 2 ring out at the receptionist's desk. When users want to make external calls, they are able to use any of the available 4 lines at random.

The client now wants access restricted on the 2 first lines that ring out at 2 different users extensions such that calls going out and coming in on these lines are tied to the respective extension of the user. Access however is still granted to all users on the other 2 lines.

Can someone please help with a sample config or a how to go about this?

Please see the router config attached. I have used thr trunk command here but its still not working, what am I doing wrong?

Regards,

Femi

1 Accepted Solution

Accepted Solutions

unfortunately a voice port can belong to only one trunk group, but multiple voice ports can belong to the same trunk group.

Therefore it would not be possible to configure two specific trunk groups, one with only two of the voice-ports and another trunk group with all four voice-ports.

One possible option which comes to mind involves reconfiguring the COR lists as described below:-

Firstly configure two separate distinct dial-peer COR Lists for each pattern for both sets of phones. For example:

dial-peer COR custom

name Set1-Call-Local

name Set2-Call-Local

dial-peer cor list Set1-Call-Local

member Set1-Call-Local

!

dial-peer cor list Set2-Call-Local

member Set2-Call-Local

!

dial-peer voice 1 pots

corlist outgoing Set1-Call-Local

description ** FXO pots dial-peer **

destination-pattern 9T

preference 1

port 0/0/1

!

dial-peer voice 2 pots

corlist outgoing Set1-Call-Local

description ** FXO pots dial-peer **

destination-pattern 9T

preference 2

port 0/0/2

!

dial-peer voice 3 pots

corlist outgoing Set2-Call-Local

description ** FXO pots dial-peer **

destination-pattern 9T

preference 1

port 0/0/3

!

dial-peer voice 4 pots

corlist outgoing Set2-Call-Local

description ** FXO pots dial-peer **

destination-pattern 9T

preference 2

port 0/0/2

!

dial-peer voice 5 pots

corlist outgoing Set2-Call-Local

description ** FXO pots dial-peer **

destination-pattern 9T

preference 3

port 0/0/1

!

dial-peer voice 4 pots

corlist outgoing Set2-Call-Local

description ** FXO pots dial-peer **

destination-pattern 9T

preference 4

port 0/0/0

!

dial-peer cor list Set1-user-local

member Set1-Call-Local

!

dial-peer cor list Set2-user-local

member Set2-Call-Local

!

You can then assign the ephones-dn to the appropriate incoming COR list to either one of the above.

This will enable users assigned to Set2 for example to be able to dial-out across all four voice-ports, whereas set1 can only dial-out across two.

In the example I have changed the order of the ports for Set2. This is simply to ensure that outbound calls do not necessarily tie up the ports specifically for Set1.

Pls rate this post if you find it helpful.

Regards

Allan.

View solution in original post

15 Replies 15

paolo bevilacqua
Hall of Fame
Hall of Fame

Hi,

what is not working, incoming or outgoing ?

What happens when the press the line button ?

unfortunately a voice port can belong to only one trunk group, but multiple voice ports can belong to the same trunk group.

Therefore it would not be possible to configure two specific trunk groups, one with only two of the voice-ports and another trunk group with all four voice-ports.

One possible option which comes to mind involves reconfiguring the COR lists as described below:-

Firstly configure two separate distinct dial-peer COR Lists for each pattern for both sets of phones. For example:

dial-peer COR custom

name Set1-Call-Local

name Set2-Call-Local

dial-peer cor list Set1-Call-Local

member Set1-Call-Local

!

dial-peer cor list Set2-Call-Local

member Set2-Call-Local

!

dial-peer voice 1 pots

corlist outgoing Set1-Call-Local

description ** FXO pots dial-peer **

destination-pattern 9T

preference 1

port 0/0/1

!

dial-peer voice 2 pots

corlist outgoing Set1-Call-Local

description ** FXO pots dial-peer **

destination-pattern 9T

preference 2

port 0/0/2

!

dial-peer voice 3 pots

corlist outgoing Set2-Call-Local

description ** FXO pots dial-peer **

destination-pattern 9T

preference 1

port 0/0/3

!

dial-peer voice 4 pots

corlist outgoing Set2-Call-Local

description ** FXO pots dial-peer **

destination-pattern 9T

preference 2

port 0/0/2

!

dial-peer voice 5 pots

corlist outgoing Set2-Call-Local

description ** FXO pots dial-peer **

destination-pattern 9T

preference 3

port 0/0/1

!

dial-peer voice 4 pots

corlist outgoing Set2-Call-Local

description ** FXO pots dial-peer **

destination-pattern 9T

preference 4

port 0/0/0

!

dial-peer cor list Set1-user-local

member Set1-Call-Local

!

dial-peer cor list Set2-user-local

member Set2-Call-Local

!

You can then assign the ephones-dn to the appropriate incoming COR list to either one of the above.

This will enable users assigned to Set2 for example to be able to dial-out across all four voice-ports, whereas set1 can only dial-out across two.

In the example I have changed the order of the ports for Set2. This is simply to ensure that outbound calls do not necessarily tie up the ports specifically for Set1.

Pls rate this post if you find it helpful.

Regards

Allan.

Hi Allan,

Technically, COR is not necessary in this case.

Let's recall that when DPs is used with trunkgroup, one can specify multiple trunkgroups with different priorities.

So for example, DP 82 (created for "trunk" command", would use first a trunkgroup made of the preferential lines, then the other one.

Note, that is necessary only to give the preferential users access to a second line. If that is not desired, no multiple trunkgroups are necessary.

Hi Allan,

I was just going through you suggestions here and i also identify with it. But like i said, I will try out PB's suggestion first but if i am to try out yours, i was thinking i would need to create 3 trunk groups and not 2. 1 each for the 2 private lines and the 3rd for the rest of the users.

Please see below the config i plan to use:

dial-peer COR custom

name Set1-Call-Local

name Set2-Call-Local

name set3-call-Local

dial-peer cor list Set1-Call-Local

member Set1-Call-Local

!

dial-peer cor list Set2-Call-Local

member Set2-Call-Local

!

dial-peer cor list Set3-Call-Local

member Set3-Call-Local

!

dial-peer voice 1 pots

corlist outgoing Set1-Call-Local

description ** FXO pots dial-peer **

destination-pattern 9T

preference 1

port 0/0/0

!

dial-peer voice 2 pots

corlist outgoing Set1-Call-Local

description ** FXO pots dial-peer **

destination-pattern 9T

preference 2

port 0/0/1

!

dial-peer voice 3 pots

corlist outgoing Set2-Call-Local

description ** FXO pots dial-peer **

destination-pattern 9T

preference 1

port 0/0/2

!

dial-peer voice 4 pots

corlist outgoing Set3-Call-Local

description ** FXO pots dial-peer **

destination-pattern 9T

preference 1

port 0/0/3

!

dial-peer cor list Set1-user-local

member Set1-Call-Local

!

dial-peer cor list Set2-user-local

member Set2-Call-Local

!

dial-peer cor list Set3-user-local

member Set3-Call-Local

!

This config I believe will restrict access to ports 0/0/0 and 0/0/1 for the respective users while ports 0/0/2 and 0/0/3 will be picked on random by the other users.

My headache though is how to fit this into the present configuration i have on the router.

Femi

Hi,

I still think using 'trunk XX' under ephone is simpler than COR. With that you will have two dedicated DPs each one with the matching XX as destination-pattern and the corresponding port.

Then put 0/0/2 and 0/0/2 in a trunkgroup and reference it for for the DP with '9T' as destination pattern.

Then use COR only to limit call as necessary, unrelated to the preferential lines mentioned above. From you inital config, I think your COR config can be simplified a lot.

Hi PB,

I honestly am looking for the easier and faster way out.

Using 'trunk XX' under ephone - how do u go about that? Is it any different from my present config?

Kindly take a minute to look at what I have in my attached router config.

"Then put 0/0/2 and 0/0/2 in a trunkgroup and reference it for for the DP with '9T' as destination pattern" ???

Femi

Hi Femi,

I glanced over your config, but honestly is not possible to go into a deep "off-line" analysis.

My sentence above is about placing the lines not reserved in a trunkgroup that is accessed by everyone with 9.

Hope the indications given can put you on the right track, then it's also a matter of trial and error.

good luck!

Hi,

What is not working is that all users when they wanna make external calls use any of the 4 PSTN lines available. This is not supposed to be so. Only 2 lines are supposed to be available to all users. The other 2 lines are direct lines which are to be restricted for use by only the users, incoming and outgoing. Calls to the 2 private lines terminate on the IP phones of the respective users, but when either of the 2 users try to make calls, they tend to use any of the 4 lines available in the company instead of strictly using their own private lines.

I'm sorry, i dont know what line button you are referring to?

Hi,

the simplest and most effective approach is to trunkgroup:

voice-port X/0

trunk-group pstn

voice-port X/1

trunk-group pstn

dial-peer voice 100 pots

destination-pattern 9T

trunkgroup pstn

repeat the DP for as many specific destiantion-pattern you have.

Do not place the "reserved" lines in trunk group and these will never be used.

This will simplfy you config a whole lot.

Note, you might need COR in case users get to know the access codes used for "trunk" under "ephone-dn" and try to use them anyway.

Never mind the line button, it just means, going off-hook for an ephone.

Hope this helps, please rate post if it does!

Hello guys,

Thanks a lot to both of you for your suggestions.

Taking a look at Allan's, it actually does look some what complex but I will try it out also.

Since the client wants this solution asap, i will go with PB's suggestions first to see if it works cos it actually does look simpler and I kinda identify with it easier that Allan's suggestions.

I will keep you both informed as soon as I carry out the config changes on the router.

Thanks again.

Femi.

HI PB,

"Do not place the "reserved" lines in trunk group and these will never be used."

Does this imply that all i need to do is specify 1 trunkgroup on 2 of the ports only (port 0/0/0 and port 0/0/1)? This implies access will be restricted to ports 0 and 1 for all users?

What about ports 2 and 3? How will each user of each of the 2 private lines be restricted to use his own line only?

Femi

Hi,

for the ports tied to ephone-dn via trunk "trunk XX" command, you don't need to necessarily use trunkgroup, just port will be fine. But, if you want to give them the possibility of making a second call (albeit not on their reserved line that is busy already), you would then use trunkgroup and priorities, eg:

ephone-dn 20

trunk 80

number 20

ephone-dn 21

trunk 81

number 21

voice-port 0/0

trunkgroup 1st

connection plar opx 20

voice-port 0/1

trunkgroup 2nd

connection plar opx 21

voice-port 0/2

trunkgroup 3rd

voice-port 0/3

trunkgroup 3rd

dial-peer voice 20 pots

destination-pattern 80T

trunkgroup 1st 4

trunkgroup 2nd

dial-peer voice 21 pots

destination-pattern 81T

trunkgroup 1st

trunkgroup 2nd 4

dial-peer voice 22 pots

destination-pattern 9T

trunkgroup 3rd

I understand all that can seem confusing, but the result should be what you want.

I agree that this simplifies the configuration, the only issue as p.bevilacqua mentioned earlier is that the trunk access code can be used incorrectly.

This was the main reason for configuring the COR list example in a previous post. Having said that COR lists can be applied in either scenario.

Regards

Allan.

Hi Allan/PB,

Thank you both for your immense contributions. After taking time out to study both solutions offered, I was more at home with that which Allan put forward using COR list. Though i believe using PB's idea would make the whole config a lot simpler.

I have wrote configs for both solutions but I have only been able to test out the first one using COR list. It worked perfectly and I am quite glad for that.

Please see the config applied below:

dial-peer COR custom

name Set1-Call-Local

name Set2-Call-Local

name Set3-Call-Local

dial-peer cor list Set1-Call-Local

member Set1-Call-Local

!

dial-peer cor list Set2-Call-Local

member Set2-Call-Local

!

dial-peer cor list Set3-Call-Local

member Set3-Call-Local

!

dial-peer voice 3 pots

corlist outgoing Set1-Call-Local

description ** FXO pots dial-peer **

destination-pattern 9T

preference 1

port 0/0/0

!

dial-peer voice 10 pots

corlist outgoing Set1-Call-Local

description ** FXO pots dial-peer **

destination-pattern 9T

preference 2

port 0/0/1

!

dial-peer voice 17 pots

corlist outgoing Set2-Call-Local

description ** FXO pots dial-peer **

destination-pattern 9T

preference 1

port 0/0/2

!

dial-peer voice 24 pots

corlist outgoing Set3-Call-Local

description ** FXO pots dial-peer **

destination-pattern 9T

preference 1

port 0/0/3

!

dial-peer cor list Set1-user-local

member Set1-Call-Local

!

dial-peer cor list Set2-user-local

member Set2-Call-Local

!

dial-peer cor list Set3-user-local

member Set3-Call-Local

!

!

!

ephone-dn 3 dual-line

number 1000

pickup-group 2

label IDY

description IDY

name IDY

call-forward busy 20

corlist incoming Set1-user-local

!

!

ephone-dn 4 dual-line

number 1001

pickup-group 1

label AKIN

description AKIN

name AKIN

call-forward busy 20

call-forward noan 1000 timeout 20

corlist incoming Set1-user-local

!

!

ephone-dn 5 dual-line

number 1002 secondary 94627034

pickup-group 1

label AYO

description AYO

name AYO

call-forward busy 20

call-forward noan 1000 timeout 20

corlist incoming Set2-user-local

!

!

ephone-dn 6 dual-line

number 1003 secondary 94627035

pickup-group 1

label TOYE

description TOYE

name TOYE

call-forward busy 20

call-forward noan 1000 timeout 20

corlist incoming Set3-user-local

!

!

ephone-dn 7 dual-line

number 1004

pickup-group 2

label ACCT

description ACCT

name ACCT

call-forward busy 20

corlist incoming Set1-user-local

!

!

ephone-dn 8 dual-line

number 1005

pickup-group 2

label BECKY

description BECKY

name BECKY

call-forward busy 20

corlist incoming Set1-user-local

!

!

ephone-dn 9 dual-line

number 1006

pickup-group 2

label TIWA

description TIWA

name TIWA

call-forward busy 20

corlist incoming Set1-user-local

!

!

ephone-dn 10 dual-line

number 1007

pickup-group 2

label WALE

description WALE

name WALE

call-forward busy 20

corlist incoming Set1-user-local

!

!

ephone-dn 11 dual-line

number 1008

pickup-group 2

label OPE

description OPE

name OPE

call-forward busy 20

corlist incoming Set1-user-local

!

!

ephone-dn 12 dual-line

number 1009

pickup-group 2

label BDEV

description BDEV

name BDEV

call-forward busy 20

corlist incoming Set1-user-local

!

!

!

!

ephone 9

username "OPE" password 1008

mac-address 001B.5300.0910

paging-dn 1

type 7920

button 1:11

!

!

As you can see, contrary to what Allan initially suggested, I have 3 COR lists defined. 1 for each of the 2 private line users, the 3rd for the rest of the team.

Once again, thanks to both you guys. I definitely will be trying out the other config with PB's suggestion later on.

Cheers.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: