Network Bulls
www.networkbulls.com
Best Institute for CCNA CCNP CCSP CCIP CCIE Training in India
M-44, Old Dlf, Sector-14 Gurgaon, Haryana, India
Call: +91-9654672192
CUCM Presence has multiple ways of limiting Presence information. Presence-enabled
speed dials are configured statically by the CUCM administrator and cannot be configured
or modified directly by a user. The administrator maintains control of the monitored
Presence Policies 443
Presence entities for each watcher. Subscribe calling search spaces (CSS) also apply to
Presence-enabled speed dials.
Access control for Presence-enabled call and directory lists can be provided by partitions
and subscribe CSSs and by Presence groups. Each of the two methods can be used
independently of each other. If both are used, both have to permit a subscription for
successful watching of the Presence entity’s status.
A subscribe CSS is applied to a watcher. A watcher can be a SIP trunk, an IP phone, or
an end user. Subscribe CSSs do not use the concept of a device and line CSS. Watching
a Presence entity is always a global function of the IP phone.
Subscribe CSSs determine which Presence entities a watcher is allowed to monitor. A
subscription is permitted only if the watcher has the partition of the desired Presence entity
in its subscribe CSS.
A partition can be used for both calling privileges and Presence policies. If no partition
is applied to the desired Presence entity, the Presence entity is available to all watchers.
Presence policies and calling privileges share a configuration element. The partitions that
are applied to lines or route patterns apply to both. Therefore, implementing Presence
policies impacts existing calling privileges and vice versa.
Whenever partition configuration is changed because of the implementation of one of the
two features, the other one is affected. Therefore, calling privileges and Presence policies
have to be designed and implemented together.
Figure 17-10 consists of three CSSs:
■ CSS C-1 contains partitions P-1 and P-2.
■ CSS C-2 contains partitions P-1, P-2, and P-3.
■ CSS C-3 contains partition P-1 only.
Phone 1 has partition P-1 applied to its line, which is configured with DN 1001. CSS C-1
is assigned to Phone 1.
Phone 2 has partition P-2 applied to its line, which is configured with DN 1002. CSS C-2
is assigned to Phone 2.
A SIP phone with number 1003 can be reached through a SIP trunk. The corresponding
route pattern 8.1003 is in partition P-3. CSS C-3 is assigned to the SIP trunk.
444 Chapter 17: Presence-Enabled Speed Dials and Lists
The effective permissions for Presence subscriptions are as follows:
■ Phone 1 is allowed to watch the status of 1002 but not of 1003.
■ Phone 2 is allowed to watch both other phones.
■ Phone 3 is allowed to subscribe to Presence information of 1001 but not of 1002.
Figure 17-10 Subscribe CSS Example
Presence policies watchers and Presence entities are put into Presence groups. Subscriptions
can be allowed or denied at an intergroup level. Within a Presence group, subscriptions are
always permitted (unless denied by partitions and subscribe CSS).
IP phones are configured with two or more Presence groups: One is applied to the device
(in the role as a watcher), and each line can be configured with a Presence group in its role
as a Presence entity.
Only one Presence group is configured on a SIP trunk. The SIP trunk can be used in both
watcher and Presence entity roles. A Presence group cannot be applied to a route pattern.
Presence groups can also be assigned to end users. They are used when the end users are
logging in to the phone using extension mobility or when the users are associated with a
device.
Route Pattern: 8.1003
Partition: P-3
SIP Trunk:
Subscribe CSS: C-3
1003
Line: 1001
Partition: P-1
Phone 1:
Subscribe CSS: C-1
Line: 1002
Partition: P-2
Phone 2:
Subscribe CSS: C-2
Calling Search
Spaces:
C-1: P-1, P-2
C-2: P-1, P-2, P-3
C-3: P-1
Effective Permissions:
Phone 1 to 1002: Permitted
Phone 1 to 1003: Denied
Phone 2 to 1001: Permitted
Phone 2 to 1003: Permitted
Phone 3 to 1001: Permitted
Phone 3 to 1002: Denied
Phone 1
Phone 2
Phone 3
IP
IP
SIP
Presence Policies 445
Figure 17-11 uses three Presence groups: G-1, G-2, and G-3. Inter-Presence group subscriptions
are permitted from G-2 to G-3 and G-3 to G-1. All other inter-Presence group
subscriptions are denied.
Phone 1 has Presence group G-1 applied to its line, which is configured with DN 1001.
Presence group G-2 is assigned to Phone 1.
Phone 2 has Presence group G-2 applied to its line, which is configured with DN 1002.
Presence group G-2 is also assigned to Phone 2.
A SIP phone with number 1003 can be reached through a SIP trunk. Presence group G-3 is
assigned to the SIP trunk.
The effective permissions for Presence subscriptions are as follows:
■ Phone 1 is allowed to watch the status of 1002 and 1003.
■ Phone 2 is allowed to watch 1003 but not 1001.
■ Phone 3 is allowed to subscribe to Presence information of 1001 but not of 1002.
Figure 17-11 Presence Group Example
NOTE Presence groups apply only to Presence-enabled call lists; they do not apply to
Presence-enabled speed dials.
Route Pattern: 8.1003
SIP Trunk:
Presence Group: G-3
1003
Line: 1001
Presence Group: G-1
Phone 1:
Presence Group: G-2
Line: 1002
Presence Group: G-2
Phone 2:
Presence Group: G-2
Presence Groups:
G-2 to G-3 Permitted
G-3 to G-1 Permitted
Rest Denied
Effective Permissions:
Phone 1 to 1002: Permitted
Phone 1 to 1003: Permitted
Phone 2 to 1001: Denied
Phone 2 to 1003: Permitted
Phone 3 to 1001: Permitted
Phone 3 to 1002: Denied
Phone 1
Phone 2
Phone 3
IP
IP
SIP
446 Chapter 17: Presence-Enabled Speed Dials and Lists
Subscribe CSSs can be used with Presence groups, or either one of them can be used alone
to restrict watcher access. If both are implemented, both mechanisms have to permit the
subscription to allow successful watching.
Combining both Presence policy mechanisms provides two hierarchy levels, which can
prove useful in larger deployments or complex scenarios.
The following example explains how subscribe CSSs and partitions and Presence groups
can be effectively combined to fulfill the given requirements:
■ Requirements: No subscriptions are allowed between different departments. Within a
department, managers can be watched only by their assistants. All other subscriptions
within a department should be possible.
■ Solution: One Presence group is configured per department. Inter-Presence group
subscriptions are denied by setting the default inter-Presence group policy accordingly.
One partition is configured per manager. Each of these partitions is listed only in the
subscribe CSS of the respective manager’s assistant.
Presence groups are used for the first level of Presence policies at the department level, and
subscribe CSSs and partitions are used for additional access control within a department for
the assistants to watch the managers.
Presence Policy Configuration
The CUCM Presence policy configuration is done via Presence groups, but a subscribe CSS
can limit the Presence entities that the watcher can receive status information for.
Subscribe CSSs are configured the same way as traditional CSSs. The application of the
CSS is focused on restricting Presence information. The CEO of the company might not
want an intern to watch his phone status. The following procedure is required to implement
subscribe CSSs:
Step 1 Configure partitions and CSSs.
Step 2 Assign partitions to lines and route patterns.
Step 3 Assign subscribe CSSs to phones and trunks.
Presence Policies 447
Presence groups represent a straightforward mechanism to limit what Presence entities a
watcher can watch. If the organizational goal includes restricting Presence information
within a group, subscribe CSSs must be used. The following procedure is required to
implement Presence groups:
Step 1 Configure Presence groups.
Step 2 Set the default inter-Presence group policy.
Step 3 Assign Presence groups to lines, phones, or SIP trunks.
The first two steps of implementing subscribe CSSs involve standard partitions and CSSs
that will be used for Presence information. Figures 17-12 and 17-13 display subscribe CSS
applications to an IP phone and SIP trunk (respectively). The subscribe CSS at the phone
level limits the Presence entities that the phone can watch. The subscribe CSS at the trunk
level restricts the DNs that can be watched over the SIP trunk.
Figure 17-12 Subscribe CSS Application: Phone
Figure 17-13 Subscribe CSS Application: Trunk
448 Chapter 17: Presence-Enabled Speed Dials and Lists
Presence groups can be configured from System > Presence Group. One Presence group
exists by default and cannot be deleted. The default Presence group is called the Standard
Presence group. All phones, lines, and SIP trunks by default are members of the Standard
Presence group. The Standard Presence group can be modified in the way that the
permissions to other groups can be set, but it cannot be deleted.
When adding a new Presence group, enter a name and description and configure the
permission for subscriptions toward other Presence groups. The permission does not have
to be entered toward all other Presence groups; the permission for subscriptions toward
unconfigured Presence groups is determined by system default, which is configurable as a
Cisco CallManager service parameter. Figure 17-14 shows the configuration of a Presence
group.
Figure 17-14 Presence Group Configuration
The Default Inter-Presence Group Subscription service parameter specifies the system
default for Presence subscriptions. The system default is applied for subscriptions toward
Presence groups for which no explicit permission has been set in the configuration of the
Presence group from which the subscription request has been sourced.
The Default Inter-Presence Group Subscription parameter is a service parameter of the
Cisco CallManager service and is therefore configured from System > Service Parameter.
The Inter-Presence Group Subscription service parameter is illustrated in Figure 17-15.
NOTE Subscription permissions are configured in a unidirectional manner between
pairs of Presence groups. It is possible to permit subscriptions from one group to another
but to deny subscriptions in the opposite direction.
Presence Policies 449
Figure 17-15 Inter-Presence Group Subscription Service Parameter
Figure 17-16 displays the Presence group configuration of the Cisco IP Phone.
Figure 17-16 Cisco IP Phone Presence Group
IP phones are both watchers and Presence entities. An IP phone generates subscriptions
when using Presence-enabled speed dials or Presence-enabled call lists. The DN of the IP
phone can be watched by other subscribers. Presence groups must be applied to both the
phone in the role as a subscriber and the DNs in the role as a Presence entity. Figure 17-17
displays the Presence group configuration performed at the DN.
Figure 17-17 Directory Number Presence Group
CUCM sends subscribe messages on a SIP trunk when watching a Presence entity located
on the other side of the SIP trunk. CUCM can also receive subscriptions over the SIP trunk
when a DN on the cluster is being watched by a subscriber located on the other side of the
trunk. The trunk can perform both subscriber and Presence entity roles. Only one Presence
group can be configured on a trunk, forcing the trunk to have similar restrictions in both
directions of the trunk. Figure 17-18 displays the SIP trunk Presence group configuration.
No comments:
Post a Comment