Solved: Call permission from hardphone and IP Communicator.

Ritesh Desai · ‎06-06-2016

Hey Hi folks,

I've client requirement where Supervisors will use 7962 model and agents will use CIPC on desktop. Agents should not be allowed to dial from supervisors phone.

Below is configuration;

1. 2 Partitions and CSS

2. 2 FAC codes

3. 2 Route pattern with 2 different partitions assigned. FAC enabled and authorization level defined.

4. Device pool.

Test-1 FAC authorization level for Supervisor is greater than agent authorization level.

Scenario1: Hardphone.

Agent calling from 7962 using his/her auth-code CUCM does not allow. Result: SUCCESS.

Scenario-2: CIPC.

Agent calling from CIPC using his/her auth-code, CUCM allows to dial. Result: SUCCESS.

Agent calling from CIPC using supervisor auth-code, CUCM allows to dial. Result: FAIL.

Scenario-3: 2 CIPC's (Here 7962 replaced with CIPC)

2 different extensions, 2 different partitions configured.

Partition: LD_TL_PT, LD_TL_CSS and LD_TL_PT2, LD_TL_CSS2.

Agent calling from CIPC using his/her auth-code, CUCM allows to dial. Result: SUCCESS.

Agent calling from CIPC using supervisor auth-code, CUCM do not allows to dial. Result: SUCCESS.

Supervisor: FAC-555, Auth level: 21

Agent: FAC-12345, Auth level:15

I don't understand here. refer underlined sentences above. Please suggest...

regards,

Ritesh Desai.

*** Please rate helpful post. Please mark as answer if it solves your problem/query.
regards, Ritesh Desai

Manish Gogna · ‎06-06-2016

As a best practice you should enable extension mobility on the supervisor phone and the supervisor should logout when he is not at his desk. The logout profile should have just the access to basic calls so even if the CIPC users try to use it the CSS of the logout profile will not allow them to reach any route pattern.

If you are looking at the scenario of the phone being unattended without the supervisor logging out or no extension mobility configured on the 7942 then you basically need to share the FAC code only with the supervisor, there's no way around it. If the CIPC users know the FAC code applied on the route pattern they can use it.

For the second query, answer remains the same as above. Do not share the FAC code or make sure that the CSS on CIPC phones does not have access to these route patterns.

HTH

Manish

View solution in original post

Manish Gogna · ‎06-06-2016

Hi Ritesh,

The question is not very clear however i would like to answer it based on what i could understand. The FAC code will be the same for route pattern. I am not sure what you mean by supervisor auth-code and CIPC user auth-code. If you want the CIPC users not to dial any external numbers then simply remove the partitions of the route patterns from the CSS applied on CIPC. If you want the CIPC users to be able to dial external numbers only from their IP phones then do the following:

1. Do not share the FAC code of route patterns that the 7942 phone uses with the CIPC users

2. Create a new partition and new route pattern(s) for external calls , apply the new partition to the new route pattern(s). Now, add this partition to the CSS already applied on CIPC's, also you will need to remove the partitions of the route patterns that 7942 phone uses from the CSS of CIPC's.

If your requirement is different please let us know the exact details.

HTH

Manish

Ritesh Desai · ‎06-06-2016

Manishbhai,

Query is "Agents should not be allowed to dial from supervisors phone". More simple, I want to block agents dial from supervisor's phone.

- Hardphone and CIPC both use different partition, different CSS, different route pattern.

I'm trying to achieve is

1. "Agents should not be allowed to dial from supervisors phone"

2. "Agent should not be able to dial from CIPC using supervisor FAC code"

Hope you got me.... :)

regards,

Ritesh Desai.

*** Please rate helpful post. Please mark as answer if it solves your problem/query.
regards, Ritesh Desai

Manish Gogna · ‎06-06-2016

As a best practice you should enable extension mobility on the supervisor phone and the supervisor should logout when he is not at his desk. The logout profile should have just the access to basic calls so even if the CIPC users try to use it the CSS of the logout profile will not allow them to reach any route pattern.

If you are looking at the scenario of the phone being unattended without the supervisor logging out or no extension mobility configured on the 7942 then you basically need to share the FAC code only with the supervisor, there's no way around it. If the CIPC users know the FAC code applied on the route pattern they can use it.

For the second query, answer remains the same as above. Do not share the FAC code or make sure that the CSS on CIPC phones does not have access to these route patterns.

HTH

Manish

Ritesh Desai · ‎06-08-2016

Dear Manish and Deepak,

Thanks all for your guidance.

FAC logic applied and closed the requirement.

regards,

Ritesh Desai.

*** Please rate helpful post. Please mark as answer if it solves your problem/query.
regards, Ritesh Desai

Deepak Rawat · ‎06-06-2016

As Manish correctly pointed out, those are the only possible options available within CUCM. There are 3rd party apps out there using which the phones can be locked etc but that is altogether a custom thing to do:

http://docwiki.cisco.com/wiki/Endpoints_FAQ#Can_I_lock_my_phone.2C_or_require_a_PIN_before_making_calls.3F.3F

Regards

Deepak