Administrative Access Overview

Cisco IPC Express is a converged office communications system deployed by several different types of businesses:

These different ways in which you can deploy Cisco IPC Express require different types of administrative interfaces and different levels of access. For that reason, a Cisco IPC Express system offers a full command-line interface (CLI), a browser-based graphical user interface (GUI) for the key features, and several setup wizards to expedite system initialization tasks.

System installation and setup always require CLI access to install and provision enough of the system to be able to drive a GUI. You can set up the general call processing, AA, and voice mail features using either the CLI or the GUI. End-user interaction with voice mailboxes uses a Telephony User Interface (TUI), which means that users use a phone to interact with the system.

User IDs, logins, and passwords are defined at various levels. Different types of administrator accounts exist to partition access to different aspects of the system.

Cisco CME also offers several application programming interfaces (APIs) to interface with external applications for monitoring, configuration, and end-user phone applications.

Command-Line Interface

CLI is typically preferred by large enterprises and managed services networks where hundreds or thousands of systems must be provisioned. These are often scripted by higher-level network management systems centralized in a data center or a network operations center (NOC). Resellers and system integrators often use the CLI for initial system setup before they bring the system to your office. For the expert user, CLI access is often more expeditious than using a GUI.

The CLI for Cisco CME is part of the Cisco IOS router CLI. Access to the Cisco UE CLI requires that you log into the router CLI and then open a session to the Cisco UE application's CLI, which is modeled on Cisco IOS CLI but is not exactly the same. If you're a system administrator and are familiar with Cisco IOS and CLI commands, you can Telnet to the Cisco CME router (or use the console port), access the Cisco UE service engine from the same Cisco CME router, and perform all the setup and configuration tasks by using CLI commands.

Users unfamiliar with CLI in general and Cisco IOS router CLI in particular might find it much more intuitive to perform day-to-day moves, adds, and changes using the system GUI after an administrator or system reseller has set up the initial system for you and created a GUI account.

The following sections briefly summarize the Cisco CME and Cisco UE CLI commands.

Cisco CME CLI Command Summary

General Cisco CME CLI commands are under the telephony-service command on the router. Other key Cisco CME commands are ephone and ephone-dn, where many of the phone and call processing features are configured. You can find a more in-depth description of all the Cisco CME commands in the Cisco CME Administrator and Command Reference Guides on Cisco.com (http://www.cisco.com/go/ccme under "Feature Guides").

Example 13-1 shows the parameters of the telephony-service command.

Example 13-1. Summary of the Cisco CME telephony-service Command

router(config)#configure terminal router(config)#telephony-service router(config-telephony)#? Cisco Call Manager Express configuration commands. For detailed documentation see: www.cisco.com/univercd/cc/td/doc/product/access/ip_ph/ip_ks/index.htm after-hours define after-hours patterns, date, etc application The selected application auto Define dn range for auto assignment call-forward Configure parameters for call forwarding caller-id Configure caller id parameters calling-number Replace calling number with local for hairpin create create cnf for ethernet phone date-format Set date format for IP Phone display default Set a command to its defaults dialplan-pattern Define E.164 telephone number prefix directory Define directory naming order or add an entry dn-webedit enable Edit DN through Web exit Exit from telephony-service configuration mode fxo FXO port support option in ITS ip Define IP address and port for Telephony-Service/Fallback keepalive Define keepalive timeout period to unregister IP phones load Select the IP phone firmware load file log Define log table parameters login set the login timeouts max-conferences Define max number of 3 party G.711 conferences max-dn Maximum directory numbers supported max-ephones Define max number of IP phones max-redirect Define max number of redirect per call moh Define music-on-hold filename multicast Configure ip multicast parameters mwi Define IP address and port for MWI Server network-locale Define ephone network locale night-service define night-service options no Negate a command or set its defaults reset reset ethernet phone restart restart ethernet phone secondary-dialtone configure the secondary dial tone service Service configuration in ITS system Define system message time-format Set time format for IP Phone display time-webedit enable Edit Time through Web timeouts Define timeout value for IP phone transfer-pattern Define valid call transfer destinations transfer-system Define call transfer system: blind/consult and local/end-to-end url Define Ephone URL's user-locale Define ephone user locale voicemail Set the voicemail access number called when the MESSAGES IP phone button is pressed web define username for admin user xmlschema Command for setting xml schema xmltest Command for testing xml apis xmlthread Command for setting xml thread

Example 13-2 displays the parameters of the ephone-dn command.

Example 13-2. Summary of the Cisco CME ephone-dn Command

router(config)#ephone-dn 100 router(config-ephone-dn)#? Ephone DN configuration commands - configure phone lines for ephone For detailed documentation see: www.cisco.com/univercd/cc/td/doc/product/access/ip_ph/ip_ks/index.htm application The selected application call-forward Define E.164 telephone number for call forwarding caller-id Configure port caller id parameters cor Class of Restriction on dial-peer for this dn default Set a command to its defaults description dn desc, for DN Qualified Display Name exit Exit from ephone-dn configuration mode feed set live feed multicast stream mode hold-alert Set Call On-Hold timeout alert parameters huntstop Stop hunting on Dial-Peers intercom Define intercom/auto-call extension number label dn label, for DN Display text loopback-dn Define dn-tag to create loopback dn pair with this ephone-dn moh set live-feed music-on-hold mode (with optional multicast) mwi set message waiting indicator options (mwi) name Define dn user name night-service Define night-service bell no Negate a command or set its defaults number Define E.164 telephone number paging set audio paging mode park-slot set ephone-dn as park slot pickup-group set the call pickup group number for the DN preference Preference for the attached dial-peer for the primary dn number transfer-mode Define call transfer mode: blind vs. consult translate Translation rule

Example 13-3 shows the parameters of the ephone command.

Example 13-3. Summary of the Cisco CME ephone Command

router(config)#ephone 40 router(config-ephone)#? Ethernet phone configuration commands For detailed documentation see: www.cisco.com/univercd/cc/td/doc/product/access/ip_ph/ip_ks/index.htm after-hour ephone exempt from after-hour blocking auto-line Automatically select the most appropriate phone line when the telephone handset is lifted offhook for both incoming and outgoing calls. The 'no' form of this command requires the phone user to always explicitly select the phone line to use by pressing the appropriate phone Line button button Assign ephone-dn phone lines to phone using format with feature options. default Set a command to its defaults exit Exit from ephone configuration mode fastdial Define ip-phone fastdial number keepalive Define keepalive timeout period to unregister IP phone keyphone Identify an IP phone as keyphone mac-address define ethernet phone MAC address night-service Define night-service bell no Negate a command or set its defaults paging-dn set audio paging dn group for phone pin Define 4-8 digit personal identification number reset reset ethernet phone restart restart ethernet phone speed-dial Define ip-phone speed-dial number type Define ip-phone type username define username to access ethernet phone from Web vm-device-id define voice-mail id string

 

Cisco UE CLI Command Summary

You access the Cisco UE CLI by using the service-module service-engine x/y session command on the router (where x/y denotes the slot number where Cisco UE is present on your system).

You can find a more in-depth description of the Cisco UE CLI commands in the Cisco UE Administrator Guide on Cisco.com (http://www.cisco.com/go/cueunder "Administration Guides").

Example 13-4 briefly lists the general Cisco UE CLI administration commands.

Example 13-4. Summary of Cisco UE Basic CLI Commands

router#service-module service-engine 1/0 session Trying 172.19.153.38, 2033 ... Open cue> cue#? ccn Telephony application configure Enter configuration mode copy Copy data from one location to another disable Turn off privileged commands echo print the arguments enable enter privileged mode erase Erase a configuration exit quit the cli groupname Group descriptions and accounts mwi Message Waiting Indicator no Negate a command offline Change the system to administration mode ping Send echo messages reload Reboot the system remote commands associated with remote info show Show running system information shutdown Halt the system terminal Configure this session's terminal trace Enable trace events for debugging username User descriptions and accounts voicemail voicemail application web define username for GUI user write Write running configuration to memory or terminal

Example 13-5 shows the Cisco UE configuration commands.

Example 13-5. Summary of Cisco UE Configuration CLI Commands

cue#configure terminal cue(config)#? backup Save data to a server calendar Configure calendar schedule information ccn Telephony application clock software clock default Return a configuration value to its default end Exit from configure mode exit Exit configuration mode groupname Group descriptions and accounts hostname set the system name ip internet protocol list Public Distribution List log System event messages network network application no delete configuration command ntp Network Time Protocol privilege Privileges remote Remote info. security Configure security features username User descriptions and accounts voicemail voicemail application

Example 13-6 summarizes the Cisco UE show commands.

Example 13-6. Summary of Cisco UE show CLI Commands

cue#show ? arp ARP table backup Print backup utility configuration calendar Print calendar schedule information ccn Telephony Application clock Display the system clock configuration Contents of Non-Volatile memory crash Show kernel crash information debugging State of each debugging option errors Print statistics about system events exception Exception information group Print information about a single group groups Print list of known group names hosts IP domain-name, lookup style, nameservers, and host table interfaces Show interface status and configuration ip IP application list Print information about a single distribution list lists Distribution lists log Print recent system event messages logging Show console logging options logs List the logs memory Memory statistics network Networking application ntp Network time protocol packets Network traffic privilege Print information about a single privilege privileges Print list of known privileges processes Application subsystem state remote Commands associated with remote info running-config Current operating configuration security Print information about a security settings software Program and Options startup-config Contents of startup configuration sysdb System configuration database tech-support Summary of diagnostic information for Cisco TAC trace Show trace information user Print information about a single user users Print list of known usernames version System hardware and software status voicemail Telephony application web GUI interface

 

Browser-Based GUI

The GUI is helpful to users interested in doing ongoing maintenance on the system, such as day-to-day moves, adds, and changes. For example, you might use the GUI when a new employee joins your company and needs a phone, extension, and mailbox, or when you want your AA menu to change to provide location information to callers to your business.

By using the GUI, you can accomplish configuration tasks without having the expert-level understanding of the system that is often required by the CLI. You cannot access all the Cisco IPC Express features and capabilities via the GUI. Most notably, installation, upgrading, and troubleshooting always require CLI access. You can access most other features via either the CLI or GUI.

The Cisco IPC Express GUI integrates Cisco CME and Cisco UE features and allows you to add, delete, and configure IP phones, extensions, and some of the Cisco CME system-wide dial plan and phone-based features, such as call-forward-no-answer (CFNA) destination. The GUI also lets you set up the Cisco UE subscriber voice mail, group voice mail, and the AA.

The Cisco CME GUI uses HTTP to transfer information between the Cisco CME router and the administrator's computer or a user's phone. The Cisco UE GUI also uses an HTTP server that resides on the Cisco UE module itself. Therefore, the integrated Cisco IPC Express GUI is implemented using HTTP servers and by proxying requests between the two.

The following sections cover the GUI's highlights and introduce how to set up the GUI for a Cisco CME system.

Cisco IPC Express GUI Highlights

You can configure and change many of the general system features via the GUI. These include viewing, adding, changing, and deleting IP phones, extensions, voice mailboxes, AA scripts, and AA voice prompts. Call processing features, such as hunting and speed dials, can also be administered via the GUI.

Access to administering system features is based on the administrator's access level. The section "Levels of Administrative Access" discusses this in more detail.

Setting Up a System for GUI Access

The Cisco IPC Express system requires Microsoft Internet Explorer (IE) 6.0 or later. The Netscape browser is not supported because of its lack of support for some of the standard HTML 4.0 tags and attributes that cause the back and forward buttons to work correctly. You must enable JavaScript in the browser.

If you have a Cisco CME system where Cisco UE is not installed, to access the Cisco CME GUI, go to http://router_ipaddr/ccme.html, where router_ipaddr is the IP address of your Cisco CME router. For example, if the IP address of your Cisco CME router is 172.19.153.129, you would enter http://172.19.153.129/ccme.html in your browser. You can also use HTTP over SSL (HTTPS) to administer Cisco CME.

Note

Cisco UE up to release 2.1 does not support HTTPS access.

Figure 13-1 shows the login pop-up menu you use to log into the system.

Figure 13-1. Cisco CME Login Screen

If you have an integrated Cisco CME and Cisco UE system, go to http://CUE_ipaddr/ to access the Cisco IPC Express GUI, where CUE_ipaddr is the IP address of your Cisco UE module. For example, if the IP address of your Cisco UE module is 172.19.153.40, you would go to http://172.19.153.40/.

Figure 13-2 shows the login pop-up menu you use to log into the combined Cisco CME and Cisco UE systems.

Figure 13-2. Cisco IPC Express Login Screen

 

Telephony User Interface

Systems with an integrated Cisco UE offer a TUI, which is used to access AA and voice mail. A TUI means that you interact with the system from a phone and press digits on the keypad in response to menus or prompts spoken by the system.

Callers use the TUI to interact with your business's AA and to leave voice mail for your employees. End users (subscribers) use it to access their voice mail, and administrators use it to set up and change AA greetings.

Levels of Administrative Access

Cisco IPC Express CLI access offers no user ID or password control beyond that which is already offered by the Cisco IOS router. In other words, access to the CLI is controlled by normal router methods. All the tools to restrict access to certain commands or to configure authentication, authorization, and accounting (AAA)/Remote Authentication Dial-In User Service (RADIUS) authentication for CLI access can be reused for Cisco CME and UE. Access to the service-module service-engine x/y session command to access Cisco UE from the router CLI requires enable mode on the router and, hence, requires enable password access.

Cisco IPC Express GUI access is controlled by defining user IDs and passwords that must be provided on the web login screens shown in Figures 13-1 and 13-2. The features available to you in the GUI after you are logged in depend on the access level of the user ID you entered.

The next sections describe access levels for Cisco CME and Cisco UE.

Cisco CME Access Levels

Cisco CME implements three levels of access and shows the appropriate screen based on the login name and password entered:

The system administrator can access all the Cisco CME GUI functions, whereas the customer administrator is limited to what the system administrator allows his or her login to do. Only an administrator can perform the following functions:

A customer administrator might have access to all or a subset of the features the system administrator can access. On the Cisco CME system, you can configure which features the customer administrator can access. Doing so is further discussed in the later section "Cisco CME GUI Customization Via XML."

A phone user login (where the username and password are configured in ephone configuration mode) is granted limited access rights to perform certain operations:

Cisco UE Access Levels

Cisco UE implements two levels of access and shows the appropriate screen based on the login name and password entered:

The Cisco UE system administrator can carry out all the GUI functions, including the following:

The Cisco UE administrator privileges cannot be customized via XML. An administrator has full access to all system features available in the GUI.

A subscriber login is granted limited access rights to perform operations such as

User Login Authentication

User and administrator access to both Cisco CME and Cisco UE requires a login/password combination and, therefore, a user authentication cycle. However, Cisco CME and Cisco UE use different methods of login authentication, as discussed in the following sections.

Cisco CME

Before gaining access to the Cisco CME GUI, all users are required to log in and are authenticated. The Cisco CME GUI provides a login dialog box for local authentication via HTTP 1.1 and the Cisco IOS HTTP login infrastructure. The Cisco CME router must be configured as an HTTP server.

Cisco CME logins for the system administrator can be configured to use AAA. The customer administrator and normal phone user logins are authenticated against local accounts on the router and are clear-text-based.

You can configure Cisco CME login accounts for the system administrator and customer administrator under the telephony-service configuration modes via the CLI. You can configure a phone user under the ephone CLI. These commands are shown in Example 13-7.

Example 13-7. Cisco CME Login Account Sample Configuration

router#show running-config telephony-service web admin system name admin password admpswd web admin customer name custadmin password custpswd ! ephone 1 username "user1" password user1-pswd mac-address 000D.BC50.DEC6 type 7960 button 1:1

You might also configure or change the customer administrator and phone user login accounts via the Cisco CME GUI. From the Configure > System Parameters menu, choose Administrator's Login Account. The resulting screen is shown in Figure 13-7.

Figure 13-7. Configuring and Changing the Customer Administrator's Login Account

You can change the phone user login accounts from the Configure > Phone menu. Select and click the phone to which the normal user has been assigned, and then scroll down to Login Account, as shown in Figure 13-8.

Figure 13-8. Configuring and Changing the Normal Phone User Login Account

Note

To prevent a phone user from accidentally gaining access to system administrator pages by having the same password as the router enable password, Cisco CME must have ip http authentication aaa or ip http authentication local configured. As soon as Cisco CME has either of these commands configured, the user must have privilege level 15 router access in local configuration or in the AAA server (in case the ip http authentication aaa command is used) to access system administrator pages. Refer to Cisco IOS documentation on Cisco.com for more information on router enable password and privilege level 15 access if you are unfamiliar with these router capabilities.

 

Cisco UE

Cisco UE logins for the system administrator are stored in the local Lightweight Directory Access Protocol (LDAP) directory on Cisco UE. They cannot be authenticated with any external directory.

First configure login accounts for Cisco UE system administrators as normal users on the Cisco UE system, and then add them as members of the administrators group. This group membership awards administrator privileges to the user account. A subscriber does not have this group membership. These commands are shown in Example 13-8.

Example 13-8. Cisco UE Login Account Sample Configuration

cue#show running-config username ggarrett create username admin create username ggarrett phonenumberE164 "4445553001" groupname Administrators member admin

You might also configure and change the system administrator and subscriber accounts via the Cisco UE GUI. From the Configure > Users menu, choose the user ID of the account to change. The resulting screen is shown in Figure 13-9.

Figure 13-9. Configuring and Changing the Cisco UE Administrator Login Account

At this level of configuration, there is no difference between a Cisco UE administrator and subscriber. The screen shown in Figure 13-9 looks the same for both types of accounts. The attribute that awards administrator privileges to a user ID on the Cisco UE system is its membership in the administrators group, as shown in Figure 13-10.

Figure 13-10. Configuring and Changing the Cisco UE Administrator Login Account

 

Application Programming Interfaces

Several programming interfaces to Cisco CME let management applications interface with the system. CME supports the following:

Cisco UE with Cisco CME deployments does not support any programmatic interfaces at this time.

System Installation and Initial Setup
Related

Категории