You are on page 1of 3

Voice Deep Dive Workbook

Version 3.5

Module 4

Users, Credentials, Multi-Level Roles and

LDAP :: Tasks
Lab Instructions:
Prior to starting this lab, ensure that you have both read through the Voice Rack Rental
Guide before beginning this lab, so that you are fully aware of how all equipment works
and is accessed, and that you have loaded both the initial router/switch configs from
INEs members site, and that you have manually loaded the CUCM initial configs as
described below.

- Most Deep Dive lab scenarios require existing configuration before they can begin to
be configured. Also, most lab scenarios use different pre-configuration from other Deep
Dive labs. Therefore it is necessary to load the "Startup Configs" prior to beginning any
of these lab scenarios.
- To load your router and switch configs, first log into your Members account,
then navigate to the "Rack Rental" tab, and click on "Control Panel" >> "Click here to
choose a configuration to be loaded on your Voice Rack", then choose the appropriately
named selection for this module. This will only load your router and switch configs
(pstn, r1, r2, r3, sw1, sw2).
- To load your CUCM server initial configs, please log into the CUCM Admin WebUI,
and use the Bulk Administration tool to upload & import the appropriately named DDModXX-CUCM-Startup.tar" file that was included in your Members account for this
module. Here are two brief demonstration videos on how to successfully accomplish this
upload and import into CUCM: Importing or Exporting Configurations in CSV file from
CUCM (15 mins), and Fixing Any Issues That May Arise With Importing CSS and
CdPTP & CngPTPs (8 mins).

Copyright 2011 Internetwork Expert

Voice Deep Dive Workbook





Version 3.5

Module 4

CUCM Credentials
Change all users' default PIN to 99999. Do this with one click of the "save" button
Ensure that each user must change that PIN once they login for the first time

CUCM Credentials
Ensure that any users' authenticating to the CUCM Pub server directly only have
the ability to attempt authentication 5 times before being locked out
o They should automatically be able to try again in 15 minutes
o The counter should reset every hour against their 5 login attempts
Ensure that every user authenticating to the CUCM Pub server directly must
change their credentials every 6 months, and may not use any of the previous 3
o Users (logging in) should be warned at least 7 days in advance of their
credentials expiring
The minimum length for credentials of users authenticating directly to the CUCM
Pub server must be at least 5 characters and they should not be permitted to use
trivial passwords
If a user does not authenticate directly with the CUCM Pub server within 3
months, that user should be locked out and require administrative assistance

CUCM LDAP: Synchronization

Integrate the Unified Contact Center Express (UCCX) server with the CUCM
Ensure that AXL authentication is challenged against the CUCM Pub server only,
and that the both CTI roles are authenticated against the Sub and Pub servers, in
that respective order
o Friendly Note: You may want to read ahead to the next task before
performing this task
o Another Friendly Note: You would not have been given the previous
friendly note in an actual CCIE Practical Exam :-)

CUCM LDAP: Synchronization

Provision the CUCM Pub server to synchronize users from the Island Natural
Exports (INE) LDAP that resides on the INE Active Directory Domain Controller
(Win2k8-DC1). Use the AD Schema to garner information about the server and
about the LDAP schema
o Only synchronize users from the "executive", "sales", "it" and "security"
Organizational Units
o Ensure that each user has his/her proper phone number synchronized
(this may take some experimentation - so experiment!)
o Do not cause any harm to the existing UCCX integration
o Ensure that the LDAP re-synchronizes its user base as frequently as is
allowed by the system

Copyright 2011 Internetwork Expert

Voice Deep Dive Workbook






Version 3.5

Module 4

CUCM End Users: Roles and Multi-Level Admin

Allow the user "Jack Shepherd" to have access to see and manipulate
information on the CUCM server relating to other End Users
Allow the user "Hugo Reyes" to have full access to the CUCM Informix DB via
Allow the user "Kate Austen" to have access to modify any Phones and DNs on
the system, however do not allow her to see or modify anything relating to any
sort of a CTI Application
Allow the user "Desmond Hume" to run diagnostics on any phone calls using the
DNA tool, as well as perform any debugging or tracing on any aspect of the
Allow the user "Benjamin Linus" to be able to see, but not modify, any
information on the CUCM server
Allow the user "Eloise Hawking" to be able to act as a call recording and
monitoring server for any CTI application
Allow the user "Charlie Pace" to be able to control any and all phones remotely

CUCM LDAP: Authentication

Provision the CUCM Pub server to allow all users to authenticate their password
credentials against the INE LDAP Active Directory Domain Controller

User Attributes: Phone Association

Perform every kind of association between End Users and Phones/DNs that is
possible, based on the imported telephone number field
o Do this for every End User in the DC Directory

User Attributes: UCCX

Assign the users "Kate Austen" and "Jack Shepherd" to be UCCX Contact
Center agents

User Attributes: CUPS

Assign all users able to interact with CUPS
Assign the users "Benjamin Linus", "Kate Austen" and "Jack Shepherd" to be
licensed for the CUPC client

Copyright 2011 Internetwork Expert