CUCME : PIN Code per user : Is it possible? how to?

Unanswered Question
Mar 5th, 2010
User Badges:

Hi,


Is it possible to configure PIN Code per user four outbound calls dial-peers?

If yes how to, is there any documents that i can read?


Best regards,


Antra

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Rob Huffman Fri, 03/05/2010 - 06:48
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 IP Telephony, Unified Communications

Hi Antra,


To use a PIN code to authorize calls (like FAC codes in CUCM). In CME use Call Blocking and Override funtionality. Have a look;


Call blocking to prevent unauthorized use of phones is implemented by matching a pattern of specified digits during a specified time of day and day of week or date. Up to 32 patterns of digits can be specified. Call blocking is supported on IP phones only and not on analog foreign exchange station (FXS) phones.


When a user attempts to place a call to digits that match a pattern that has been specified for call blocking during a time period that has been defined for call blocking, a fast busy signal is played for approximately 10 seconds. The call is then terminated, and the line is placed back in on-hook status.


Call blocking applies to all IP phones in a Cisco CME system, although individual IP phones can be exempted from all call blocking.


Individual phone users can be allowed to override call blocking associated with designated time periods by entering **personal identification numbers (PINs)** that have been assigned to their phones.


For IP phones that support soft keys, such as the Cisco IP Phone 7940G and the Cisco IP Phone 7960G, the call-blocking override feature allows individual phone users to override the call blocking that has been defined for designated time periods. The system administrator must first assign a personal identification number (PIN) to any phone that will be allowed to override call blocking.


Then, to override call blocking, the phone user presses the Login soft key on the phone and enters the PIN that is associated with the phone. Note that logging in to a phone with a PIN only allows the user to override call blocking that is associated with particular time periods. Blocking patterns that are created with the 7-24 keyword in the after-hours block pattern command are in effect 7 days a week, 24 hours a day, and they cannot be overridden by using a PIN.


When PINs are configured for call-blocking override, they are cleared at a specific time of day or after phones have been idle for a specific amount of time. The time of day and amount of time can be set by the system administrator.


From this good CME doc;


http://www.cisco.com/en/US/docs/voice_ip_comm/cucme/admin/configuration/guide/cmeblock.html



There is also this 3rd party product;



http://www.andtek.com/communications-products-lockout.html



Hope this helps!

Rob

iantra123 Wed, 04/27/2011 - 04:12
User Badges:

Call-block override = Failed  :-(


The IOS is : c2800nm-advipservicesk9-mz.124-22.YB.bin


This is the conf

telephony service


sdspfarm units 5
sdspfarm tag 1 MTP_001
conference hardware
em logout 0:0 0:0 0:0
max-ephones 30
max-dn 30
ip source-address 10.74.4.1 port 2000
auto assign 12 to 12
system message Welcome To PAMF
cnf-file location flash:
load 7960-7940 P00308000500.loads
time-zone 31
time-format 24
max-conferences 8 gain -6
moh music-on-hold.au
multicast moh 239.1.1.1 port 16384
web admin system name CORALL password Amazon
dn-webedit
time-webedit
transfer-system full-consult
transfer-pattern .T
after-hours block pattern 1 100
after-hours day Sun 00:00 23:30
after-hours day Mon 12:30 13:30
after-hours day Tue 12:30 13:30
after-hours day Wed 12:30 15:00
after-hours day Thu 12:30 13:30
after-hours day Fri 12:30 13:30
after-hours day Sat 00:00 23:30
after-hours override-code 7890


!



ephone  5

device-security-mode none

mac-address XXX.XXX.XXX

type 7940

button  1:5

pin 1234


ephone  12
device-security-mode none
mac-address XXXXXXXXX
type CIPC
button  1:12
pin 1234



dial-peer voice 1000 voip
service aa
destination-pattern 100
session target ipv4:1.1.1.1
incoming called-number 100
dtmf-relay h245-alphanumeric
codec g711ulaw
no vad

filiberto.aguirre Tue, 05/11/2010 - 07:43
User Badges:

Hi Antra


some months ago I found the following solution in Netpro (I guess) for UC500 but it works fine for CME also and if you need to define users.


try to check the link where I got the info



http://supportwiki.cisco.com/ViewWiki/index.php/SBCS:Call_Handling_-_Cisco_Unified_Communications_500_Series_-_Cisco_Smart_Business_Communication_Systems#Can_UC500.2FCME_be_configured_to_prompt_a_caller_for_a_PIN_before_placing_a_call.3F



Can UC500/CME be configured to prompt a caller for a PIN before placing a call?
Yes, this is possible using a built-in script on the UC500. This feature is called Forced Access Code (FAC) or Auth Codes and UC500 supports a very simple implementation of it. This is how it works:



1) IP Phone user dials a particular pattern (international destination, for example)
2) If this destination is enabled for FAC, the user will hear a voice prompt asking for an Account number and PIN
3) The user enters the Account/PIN pair. If valid, the call proceeds, if not the call is dropped.


Configuration Steps



1) Obtain the application package from our FTP location. The package contains two audio files that need to be moved to the UC500 flash:
Simple-FAC-SBCS.zip
2) Copy the individual audio files to the UC500, using TFTP for example.
3) Enter the following commands in configuration mode, to load and activate the script (in this example the Account and PIN are three digits long):



application
service clid_authen_collect
  param uid-len 3
  param pin-len 3


4) Create usernames for authentication. Notice that the username/password will represent the Account and PIN that the caller will have to dial to be successfully authenticated. You can create multiple usernames and then hand those out to select personnel that will be allowed to place premium calls. In this example both Account and PIN are three digits long. The system supports a maximum of 16 digits for codes:


aaa new-model
aaa authentication login h323 local
aaa authorization exec h323 local
aaa authorization network h323 local
username 123 password 123
username 321 password 321


5) Create a dial-peer for each pattern that you want cover using this application. Start with index 2500. In this example, only one dial-peer is shown with 9011.T as the pattern, which is the International prefix in the US. Notice that the pattern is preceded by an access code (9) that could vary per implementation:


dial-peer voice 2500 voip
description International Calls
service clid_authen_collect
destination-pattern 9011.T
session target ipv4:10.1.1.1
incoming called-number 9011.T
dtmf-relay h245-alphanumeric
codec g711ulaw
no vad



dial-peer voice 2501 pots
description International Calls POTS
corlist outgoing International
destination-pattern 9011.T
port 0/1/0
prefix 011

iantra123 Tue, 05/11/2010 - 08:17
User Badges:

Thank you,


That's nice.


I'll try.


Best regards,


Antra

iantra123 Wed, 04/27/2011 - 02:25
User Badges:

Hi,

I've put the config but the CLI ask me where is the file script.


Can someone give me the TCL file for this FAC??


2/ The Call block Override doesn't work, I'm still blocked

I'm using CUCME7.0



regards,


Antra

filiberto.aguirre Wed, 04/27/2011 - 09:15
User Badges:

Hi Antra the only files you need to load in flash are the  audio file, I attach them.


if you applied CLI commands



application
service clid_authen_collect
  param uid-len 3
  param pin-len 3


you activate the necessary application, you have only to complete the procedure I recommend you.


regards

Attachment: 

Actions

This Discussion