CUPS7 - RCC in OCS inter-domain env

Answered Question
Jun 30th, 2009

Hi,

Inter-domain between CUPS and OCS will work Presence and IM as per documentation. what about RCC?

looks RCC doesn't work since OCS has different domain (correct me if I'm wrong). if then, RCC via intra-domain only?

Advise please,

Correct Answer by htluo about 7 years 7 months ago

CUCM does not support two AD domains. For example, if you have john in domain A and john and domain B, there's no way to avoid the conflict in AD synchronization.

For the same reason, RCC never expect this.

Michael

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
htluo Tue, 06/30/2009 - 14:52

RCC will work regardless inter or intra domain.

You specify the tel URI in the format of abcd@domain. Where abcd is the extension number. domain can be one of the following:

1) SIP domain configured on CUPS

2) hostname of CUPS

3) FQDN of CUPS

Michael

http://htluo.blogspot.com

jhongrack-choi Thu, 07/02/2009 - 11:06

I now resolved the RCC issue which I was confused with inter-domain but want to know the behavior

what I found was,

-domain_a=Cisco side domain

-domain_b=OCS side domain

-user_a@domain_a.com with extension 2001

-user_b@domain_a.com with extension 2002

-user_a@domain_b.com with RCC 2001 (2001:domain_a.com)

-user_b@domain_b.com with RCC 2002 (2002:domain_a.com)

1) my understanding was, when call request from MOC, CUPS lookup a user with extension x2001 and let the IP Phone belong to MOC regardless the user ID

2) when I using different user ID between Cisco and OCS, I got "401 unauthorized" error message when MOC login

3) everthing okay when I match the user ID between Cisco and OCS (**they are different domain)

Is it mandatory match the user ID between Cisco and MOC user to able to RCC? If then, there are two values to match that extension and user ID (with different domain name)

Advise please,

htluo Fri, 07/03/2009 - 07:26

See answers inline:

1) my understanding was, when call request from MOC, CUPS lookup a user with extension x2001 and let the IP Phone belong to MOC regardless the user ID

[Michael] If this was true, it would be a big security breach. Because anyone can control any phone.

2) when I using different user ID between Cisco and OCS, I got "401 unauthorized" error message when MOC login

[Michael] This is expected. Because CUCM would look up that user ID in CUCM user base and see if the phone device is actually associated with this user or not.

3) everthing okay when I match the user ID between Cisco and OCS (**they are different domain)

Sure.

Michael

cjrchoi11 Fri, 07/03/2009 - 08:11

Thanks Michael,

-Cisco side, user_a@domain_a.com with extension 2001

-OCS side, user_a@domain_b.com with RCC 2001 (2001:domain_a.com)

1. when MOC login, send INVITE to OCS

-from: user_a@domain_b

-to: 2001@domain_a.com

2. OCS routing the INVITE to CUPS as per routing rule

3. CUPS receiving the INVITE command and gather information to authorizing

-from: user_a@domain_b ->extract user ID only (**ignore domain name)

-to: 2001@domain_a.com ->extrace extension

4. CUPS runs DB query

-user ID=user_a

-DN=2001

->"user_a" from domain_b and re-use this to authorize against CUPS/CUCM. and that's why must match between Cisco and OCS since there is no static mapping logic.

This mechanism will make problem in case the OCS side user ID already exists in Cisco (**still different domain) which will happen when company merging.

-john@domain_a - already exist in Cisco side

-john@domain_b - new merged company's user ID with MOC

->in this case, I must change the user ID to match each other, or create new one in Cisco side and static mapping to MOC.

Any plan static mapping capability?

Correct Answer
htluo Fri, 07/03/2009 - 18:44

CUCM does not support two AD domains. For example, if you have john in domain A and john and domain B, there's no way to avoid the conflict in AD synchronization.

For the same reason, RCC never expect this.

Michael

Actions

This Discussion