Forced Authorization Codes (FAC) became available in Cisco CallManager Release 3.3(4). It is not included in Cisco CallManager Release 4.0 but has been included since Cisco CallManager Release 4.1. In Cisco CallManager Administration, various levels of authorization can be configured. With FAC, sensitive destinations can be "secured" by requiring use of authorization codes for such destinations. When a call is routed through a FAC-enabled route pattern, Cisco CallManager plays a tone and requests an authorization code. If the authorization code entered by the user does not meet or exceed the level of authorization that is specified to route the dialed number, the user receives a reorder tone. If the authorization is accepted, the call is routed. The authorization is logged to call detail records (CDRs) so that the information can be used by the CDR Analysis and Reporting (CAR) tool to generate reports for accounting and billing.
FAC is useful for colleges and universities or any business or organization for which limiting access to specific classes of calls proves beneficial. An additional benefit is that when you assign unique authorization codes, the users who can place calls can be determined. For example, for each user, a unique authorization code can be specified.
Enable FAC for relevant route patterns by checking the appropriate check box and specifying the minimum authorization level for calls through that route pattern. After updating the route patterns in Cisco CallManager Administration, the dial plan documents have to be updated to define the FAC-enabled route patterns and configured authorization level.
To implement FAC, devise a list of authorization levels and corresponding descriptions to define the levels. Authorization levels must be specified in the range of 0 to 255. Cisco allows authorization levels to be arbitrary, so define what the numbers mean for your organization. Before defining the levels, review the following examples of levels that can be configured for a system:
Incrementing authorization levels by 10 establishes a structure that provides scalability when more authorization codes need to be added. The range for authorization codes is from 0 to 255.
Client Matter Codes (CMC) can also be used by companies to keep track of private calls placed by their employees. For example, a company could allow employees to place private calls using the company telephony infrastructure but require the employee to pay the cost. External route patterns (for example, those for long-distance and international calls and those for the 900 area code) can be configured to request a Client Matter Code to be entered and, therefore, to be logged accordingly.
This feature does not prevent users from making private calls using business telephones, but it allows a company to have a policy that does not deny private calls in general but requests that users identify them as such and pay for them. In both situations (denying private calls in general or permitting them if properly flagged), additional tools (logging, reporting) are needed to detect improper usage.
When CMC is configured, users hear a tone prompting them to enter any valid Client Matter Code. The CDR will include the code that is entered for later processing.
CMC was first available in Cisco CallManager Release 3.3(4). It is not included in Cisco CallManager Release 4.0 but has been included since Cisco CallManager Release 4.1.
A complete description of Forced Authorization Codes (FAC) and Client Matter Codes (CMC) and their configuration can be found in Chapter 17, "Configuring User Features, Part 2."
Restricting External Transfers
Part I: Cisco CallManager Fundamentals
Introduction to Cisco Unified Communications and Cisco Unified CallManager
Cisco Unified CallManager Clustering and Deployment Options
Cisco Unified CallManager Installation and Upgrades
Part II: IPT Devices and Users
Cisco IP Phones and Other User Devices
Configuring Cisco Unified CallManager to Support IP Phones
Cisco IP Telephony Users
Cisco Bulk Administration Tool
Part III: IPT Network Integration and Route Plan
Cisco Catalyst Switches
Configuring Cisco Gateways and Trunks
Cisco Unified CallManager Route Plan Basics
Cisco Unified CallManager Advanced Route Plans
Configuring Hunt Groups and Call Coverage
Implementing Telephony Call Restrictions and Control
Implementing Multiple-Site Deployments
Part IV: VoIP Features
Configuring User Features, Part 1
Configuring User Features, Part 2
Configuring Cisco Unified CallManager Attendant Console
Configuring Cisco IP Manager Assistant
Part V: IPT Security
Securing the Windows Operating System
Securing Cisco Unified CallManager Administration
Preventing Toll Fraud
Hardening the IP Phone
Understanding Cryptographic Fundamentals
Understanding the Public Key Infrastructure
Understanding Cisco IP Telephony Authentication and Encryption Fundamentals
Configuring Cisco IP Telephony Authentication and Encryption
Part VI: IP Video
Introducing IP Video Telephony
Configuring Cisco VT Advantage
Part VII: IPT Management
Introducing Database Tools and Cisco Unified CallManager Serviceability
Configuring Alarms and Traces
Using Additional Management and Monitoring Tools
Part VIII: Appendix
Appendix A. Answers to Review Questions