ZXSS10 SS1b: Authentication and Call Restriction Service Provisioning Manual

ZXSS10 SS1b
SoftSwitch Control Equipment

Authentication and Call Restriction
Service Provisioning Manual
Version V2.0.1.06.1
ZTE CORPORATION
ZTE Plaza, Keji Road South,
Hi-Tech Industrial Park,
Nanshan District, Shenzhen,
P. R. China
518057
Tel: (86) 755 26771900
Fax: (86) 755 26770801
URL: http://ensupport.zte.com.cn
E-mail: support@zte.com.cn
LEGAL INFORMATION
Copyright © 2006 ZTE CORPORATION.
The contents of this document are protected by copyright laws and international treaties. Any reproduction or distribution of
this document or any portion of this document, in any form by any means, without the prior written consent of ZTE CORPO-
RATION is prohibited. Additionally, the contents of this document are protected by contractual confidentiality obligations.
All company, brand and product names are trade or service marks, or registered trade or service marks, of ZTE CORPORATION
or of their respective owners.
This document is provided “as is”, and all express, implied, or statutory warranties, representations or conditions are dis-
claimed, including without limitation any implied warranty of merchantability, fitness for a particular purpose, title or non-in-
fringement. ZTE CORPORATION and its licensors shall not be liable for damages resulting from the use of or reliance on the
information contained herein.
ZTE CORPORATION or its licensors may have current or pending intellectual property rights or applications covering the subject
matter of this document. Except as expressly provided in any written license between ZTE CORPORATION and its licensee,
the user of this document shall not acquire any license to the subject matter herein.
ZTE CORPORATION reserves the right to upgrade or make technical change to this product without further notice.
Users may visit ZTE technical support website http://ensupport.zte.com.cn to inquire related information.
The ultimate right to interpret this product resides in ZTE CORPORATION.
Revision History
Revision No. Revision Date Revision Reason

R1.0 2009-9-20 First Edition
Serial Number: sjzl20092704

Contents
About This Manual.............................................. i

Service Description ...........................................1
Introduction................................................................... 1
Service Characteristics .................................................... 2
Service Functions ........................................................... 2
Service Advantages ........................................................ 3
Black and White List Configuration....................5
Overview....................................................................... 5
Enabling Authentication of Black and White List
Function ................................................................ 6
Restriction Conditions Configuration .................................. 9
Entering Configuration Interface of Restriction
Conditions for Black and White Lists ..................... 9
Configuring Black and White Lists Control in Compliance
with Threshold Value ..........................................11
with IP Address Template....................................11
with Call Ratio...................................................13
with Call Time Bucket.........................................14
Basic Black and White Lists Configuration .........................15
Entering Configuration Interface of Black and White
Lists ................................................................15
Configuring Black and White Lists of Global
Number............................................................16
Configuring Black and White Lists of Trunk ....................18
Configuring Black and White Lists of SS Domain ............19
Configuring IP Black and White Lists ...........................20
Configuring a Large-Area Black/White List.....................21
Configuring an Area Code for a Large Area....................22
Configuring a Call Limit Group .....................................23
Authentication Configuration .......................... 27
Overview......................................................................27
Enabling Authentication of Black and White List
Function ...............................................................28
Configuring failure Disposal Index....................................31
Configuring a Compound Authentication Template ..............35
Configuring an Authentication Right Template....................36
Applying an Authentication Right Template to a Trunk
Group ..................................................................39
Applying an Authentication Template to a User ..................41
Figures ............................................................ 43
Tables ............................................................. 45
List of Glossary................................................ 47
About This Manual
Purpose This manual provides procedures and guidelines that support the
operation activities regarding authentication and call restriction
service on ZXSS10 SS1b SoftSwitch Control Equipment.
Intended This document is intended for engineers and technicians who
Audience perform operation activities on ZXSS10 SS1b SoftSwitch Control
Equipment.
Prerequisite Skill To use this document effectively, users must have a general un-
and Knowledge derstanding of SoftSwitch technologies. Familiarity with following
aspects is helpful.
¡ ZXSS10 SS1b SoftSwitch system and its various components
¡ Local operating procedures
¡ Equipment Environment
¡ User interface of ZXSS10 SS1b SoftSwitch
¡ Operation and functionality of ZXSS10 SS1b SoftSwitch
What Is in This This manual contains the following chapters:
Manual
TABLE 1 CHAPTER SUMMARY
Chapter Summary
Chapter 1, Service This chapter describes supplementary service

Description description, including its character and capability
requirements.
Chapter 2, Black This chapter describes restriction conditions

and White List configuration, black and white list configuration.
Configuration
Chapter 3, This chapter describes authentication

Authentication configuration.
Configuration
Related The following documentation is related to this manual:

Documentation
¡ ZXSS10 SS1b SoftSwitch Control Equipment IP CENTREX Ser-
vice Provisioning Manual
¡ ZXSS10 SS1b SoftSwitch Control Equipment Supplementary
Service Provisioning Manual (Volume I)
¡ ZXSS10 SS1b SoftSwitch Control Equipment Supplementary
Service Provisioning Manual (Volume II)
Confidential and Proprietary Information of ZTE CORPORATION i

ZXSS10 SS1b Authentication and Call Restriction Service Provisioning Manual
This page is intentionally blank.
ii Confidential and Proprietary Information of ZTE CORPORATION

Chapter 1
Service Description
Table of Contents
Introduction....................................................................... 1
Service Characteristics ........................................................ 2
Service Functions ............................................................... 2
Service Advantages ............................................................ 3
Introduction
Overview SS authentication modes fall into two following types.
1. Call attribute authentication (call authentication and compound
authentication)
� Call source (local domain, incoming domain or incoming
trunk)
� Call category (local, toll or special service)
� Call period and call number
� User attributes (type, CPC, owing-user or non-owing user)
� Number attributes (length, type, address)
2. Destination code authentication (white/black list, destination
code restriction)
Office code, area code, country code, and special service num-
bers, etc
SS uses one of the above ways to authenticate calls. If a
call cannot pass the authentication, a failure code is returned.
Then, the service follows the action specified by the failure
code in the next process.
Definition With the use of the authentication or call limit function, the ex-
change, according to caller numbers or incoming trunk numbers,
forbids/allows some callers (or incoming trunk calls) to be con-
nected to some destination codes.
Applicable Objects H.248/MGCP/SIP/H.323/end office users
Confidential and Proprietary Information of ZTE CORPORATION 1

Service Characteristics
Authentication ZXSS10, as a tandem exchange, improves and perfects the au-
Functions thentication function on the basis of original function, which mainly
involves following two parts.
¡ Basic authentication: Before digit analysis starts, mainly used
to check validity as well as handle failures with regard to in-
coming trunk (incoming domain) calling numbers. Still, Checks
if calling/called numbers in trunks or IP network are too long
(means exceeding the preset range). If so, calls are restricted.
¡ Compound authentication: After digit analysis, performs
authentication on outgoing trunk calls or out-domain calls.
Uses optional combinations (calling/called number, outgoing
trunk/domain ID, destination code, call attribute, call period,
caller type) to determine if calls should be connected.
Black/White List ¡ Relations between white lists and black lists at the call-
ing/called side
Calling numbers or incoming trunk numbers, defined in the
calling-side white lists, are only allowed to call destination
codes in the called-side white lists. Calling numbers or in-
coming trunk numbers, defined in the calling-side white lists,
are not restricted by the called-side black lists. Table 2lists
detailed relations.
TABLE 2 RELATIONS BETWEEN BLACK AND WHITE LIST AT

CALLING/CALLED SIDES
Call-
ing/Called White List Black List Undefined
side
White List Allowed Allowed Allowed
Black List Allowed Restricted Restricted
Undefined Allowed Restricted Allowed
¡ Capacity Requirements
The number of black lists is at least 20000 and the number of
white lists is at least 2000.
At present, SS can hold up to 500,000 white lists and black
lists.
Service Functions
Basic Functions ¡ Basic authentication
¡ Call authentication
¡ Call limit group
¡ Designated destination code connection/restriction
2 Confidential and Proprietary Information of ZTE CORPORATION

Chapter 1 Service Description
¡ Compound authentication
¡ White list/black list
Function
Comparison Authen- Used Con-
Applied
Function tication figuration Priority
Object
Condition Template
Basic au- By number Incoming Basic au- 1

thentication attribute trunk users; thentication
incoming templates
domain
users
Call authen- By call Global users Call right 2

tication attribute templates
Call limit By Local office Call limit 3

group destination users templates
code and
address
attribute
Designated By Local office 4

destination destination users;
code con- code additional
nection/re- services
striction
Compound By call Incoming Compound 5

authentica- attribute trunk users; authentica-
tion and incoming tion tem-
destination domain plates
code users
Black/white By Global users Black/white 6

list destination list
code and templates
address
attribute
Service Advantages
Overview For restricted destination codes, used types can be a prefix, coun-
try code, toll zone code, office code, special service number or
user number. The maximum length is 20 digits.
As an exchange’s system functions, authentication and call limit
can be applied to all types of terminal users.


Chapter 2
Black and White List

Configuration
Table of Contents
Overview........................................................................... 5
Enabling Authentication of Black and White List Function ......... 6
Restriction Conditions Configuration ...................................... 9
Basic Black and White Lists Configuration .............................15
Overview
Introduction This chapter introduces IP Centrex services.
Generalization Frequently used in PSTN network, black/white lists are mainly ap-
plied to the call limit function among different user groups. In
general, the calling users (or called users) fall into three types.
¡ Black list users
¡ White list users
¡ Common users
In SS, as a kind of groups, white/black lists have no actual asso-
ciation with the traditional default call limit function. Controlled
objects in SS1b may be
¡ Global users
¡ Trunk groups
¡ SS domain node
¡ IP address
Maintenance personnel can flexibly select controlled objects ac-
cording to requirements.

Enabling Authentication
of Black and White List
Function
Prerequisites The Data Configure window is open.
Context This topic describes the procedure to enable the authentication
and black/white list functions.
Steps 1. Select Global > System > Global Service Data from the
menu bar.
The Global Service Data dialog box appears as shown in Fig-
ure 1.
FIGURE 1 GLOBAL SERVICE DATA
2. Use one of the following ways to select the authentication and

black/white list functions.
� Double-click the Service directory node in the left pane.
Select 90009-Authorization Black White list Limit
switch .
� Enter the condition in the text box beside the Query but-
ton, and click the Query button.
The 90009-Authorization Black White list Limit switch in-
terface appears as shown in Figure 2.

Chapter 2 Black and White List Configuration
FIGURE 2 90009-AUTHORIZATION BLACK WHITE LIST LIMIT SWITCH
3. Click the Modify button.

The Modify Authentication Black and White List Control
dialog box appears as shown in Figure 3.
FIGURE 3 MODIFY AUTHENTICATION BLACK AND WHITE LIST CONTROL

TABLE 4 PARAMETER DESCRIPTION
Parameter Description
Combined Authentication Enables the combined

Control authentication function
Black and White List Control Enables the black/white list

function
Enable IP address Black and Enables the black/white list

White List function associated with the IP
address segment.
Enable Limits Black and White Enables the black/white list

List function associated with
thresholds
Enable Percent Black and White Enables the black/white list

percentages
Enable Period of Time Black and Enables the black/white list

White List function associated with periods
Original Called No. Validity Checks validity of original called

numbers
Number Validity Redirect Checks validity of redirection

numbers
Original Called No. Authenticates original called

Authentication numbers
Number Authentication Redirect Authenticates redirection

numbers
Original Called No. Black and Enables the black/white list

White List function for the original called
numbers
Number Black and White List Enables the black/white list

Redirect function for the redirection
numbers
LS Black and White List Control Enables the black/white list

function for LS users
CF CID Auth. Switch Authenticates callers when call

forwarding services are used
Compound Authorization No. Performs compound

authentication when call
Authorization Assignment Connect calls regardless of the

authentication results
4. Set or select parameters according to actual requirements, and

click the OK button.
END OF STEPS

Result The authentication and black/white list functions are successfully

configured as required.
Restriction Conditions
Configuration
Overview As an application index, limit conditions for black/white lists can be
used in many occasions, e.g., global code black/white lists, trunk
black/white lists, SS-domain black/white lists, IP black/white lists,
large-area black/white lists, call limit group black/white lists.
Contents Black/white lists can be controlled according to the following limit
conditions.
¡ Configuring a Gate Value
¡ Configuring an IP Address Model
¡ Configuring a Ratio
¡ Configuring Call Period
Entering Configuration Interface of

Restriction Conditions for Black and
White Lists
Context This topic describes the procedure to enter the black/white list limit
condition interface.
Steps 1. Select Service Manage > Authorization Black White List
Limit Configuration > Black White List Limit Configura-
tion from the menu bar.
The The Limit Condition of Black and White List dialog box
appears as shown in Figure 4.

FIGURE 4 THE LIMIT CONDITION OF BLACK AND WHITE LIST
2. Click the Add button.

The Add The Limit Condition of Black and White List dialog
box appears as shown in Figure 5.
FIGURE 5 ADD THE LIMIT CONDITION OF BLACK AND WHITE LIST
END OF STEPS
Result The operator successfully enters the black/white list limit condition
interface.

Configuring Black and White Lists

Control in Compliance with Threshold
Value
Prerequisites The Add The Limit Condition of Black and White List dialog
box is open.
Context This topic describes the procedure to configure a gate value.
Steps 1. Enter a solo number in the Index field.
2. Enter a name in the Remark field.
3. Enter a number in the Gate field.
Note:
For example, the gate value is set to 5. Then, when the 6th
call starts, the black/white list begins to function.
4. Click the OK button.

END OF STEPS
Result The operator successfully configures a gate value.

Control in Compliance with IP
Address Template
box is open.
Context This topic describes the procedure to configure an IP address
model.
3. Double-click the IP Address Model field.
The BrowseIP Address Authentication Model Configura-
tion dialog box appears.
The Add IP Address Authentication Model Configuration

FIGURE 6 ADD IP ADDRESS AUTHENTICATION MODEL CONFIGURATION
5. Enter a number in the IP Address Model field. Enter an index

number (corresponding to the IP address model number) in the
Index field.
Note:
An IP address model number can have several indexes.
6. Set a name in the Remark field. Set an IP address and mask

respectively in the IP Address and IP Address Mask fields.
Return to the BrowseIP Address Authentication Model
Configuration dialog box. A new record is added in the list
box.
8. Double-click the record.
Return to the Add The Limit Condition of Black and White
List dialog box. The IP address module number is displayed in
the IP Address Model field.
Note:
The black/white list is effective only for those gateway ad-
dresses in such IP address segment.

END OF STEPS
Result The operator successfully configures the IP address model.


Control in Compliance with Call Ratio
box is open.
Context This topic describes the procedure to configure a ratio.
3. Enter a number, like 30, in the Ratio field, as shown in Figure
7.
Note:
In such case, for 100 calls in total, 30 calls are restricted by
the black/white list.

END OF STEPS
Result The operator successfully configures the ratio.


Control in Compliance with Call Time
Bucket
box is open.
Context This topic describes the procedure to configure call periods.
3. Enter the number of days in the Days field.
4. Enter a date when the black/white list begins to function in the
Start Date field.
Note:
If the date is not configured or set to 0, the sub-period settings
cannot take effect. Then, calls in all periods are restricted.
Therefore, to validate sub-period settings, it is necessary to
set a start date as well as the number of days (like 1000).
Days=0 means calls during the day (set in the Start Date
field) are restricted.
5. Set required periods in the Start Time and End Time fields,
as shown in Figure 8.
Note:
These periods must not be overlapped.


END OF STEPS
Result The operator successfully configures the call periods.
Basic Black and White Lists

Configuration
Overview Black/white lists can be configured as follows.
¡ Configuring a Global Code Black/White List
¡ Configuring a Trunk Black/White List
¡ Configuring a SS-Domain Black/White List
¡ Configuring an IP Black/White List
¡ Configuring a Large-Area Black/White List
¡ Configuring a Call Limit Group
Entering Configuration Interface of

Black and White Lists
Context This topic describes the procedure to enter the Black White List
Configuration interface.
Limit Configuration > Black White List Configuration
from the menu bar.
The Black White List Configuration dialog box appears as
shown in Figure 9.

FIGURE 9 BLACK WHITE LIST CONFIGURATION
END OF STEPS
Result The operator successfully enters the Black White List Configu-
ration interface.
Configuring Black and White Lists of

Global Number
Prerequisites ¡ The Black White List Configuration dialog box is open.
¡ Related function is enabled. For more information, see En-
abling Authentication of Black and White List FunctionEnabling
Authentication of Black and White List Function.
Context This topic describes the procedure to configure a global code
black/white list.
Global code white list: Defines destination codes white list users
can dial.

Global code black list: Defines destination codes black list users
cannot dial.
Steps 1. Click the Global Code Black and White List tab. Click the
Add button.
The Add Global Black and White List dialog box appears as
shown in Figure 10.
FIGURE 10 ADD GLOBAL BLACK AND WHITE LIST
2. Select a network type from the Net Type drop-down list box.
3. Select a type from the Black and White List Type drop-down
list box.
4. Set a user number, digit analysis, toll code or special service
number in the Dest Code field.
5. Double-click the Limit Condition Index field. For more con-
figuration information, see Limit Conditions Configuration.
6. Select one or more attributes concerning destination numbers
in the Destination Number Address Attribute field.
Note:
As the address attributes are used to distinguish identical num-
bers, dialing any one of the numbers can still be restricted.
This method is used during international gateway configura-
tion. By default, identical destination codes are not further
distinguished.

END OF STEPS
Result The operator successfully configures a global code black/white list.


Trunk
Context This topic describes the procedure to configure a trunk group
black/white list.
Trunk white list: Allows a trunk group to dial a destination code,
which can be respectively set corresponding to incoming/outgoing
trunk groups.
Trunk black list: Restricts a trunk group to dial a destination
code, which can be respectively set corresponding to incom-
ing/outgoing trunk groups.
Steps 1. Click the Black and White List of Trunk tab. Click the Add
button.
The Add Black and White List of Trunk dialog box appears
FIGURE 11 ADD BLACK AND WHITE LIST OF TRUNK
2. Set a trunk group number in the Trunk No. field.

list box.
4. Set a user number, digit analysis, toll code or office code in the
Dest Code field.

Note:
For Black and White List Type=INCOMING CALLED
BLACK LIST, Trunk No.=1, Dest code=original called num-
ber or number segment, incoming trunk calls are restricted if
original called numbers which the no.1 incoming trunk group
dials match the destination code.
END OF STEPS
Result The operator successfully configures a trunk group black/white list.

SS Domain
Context This topic describes the procedure to configure a SS domain
black/white list.
SS domain white list: Allows a node within the SS domain to
dial a destination code.
SS domain black list: Restricts a node within the SS domain to
dial a destination code.
Steps 1. Click the Black and White List of SS Domain tab. Click the
Add button.
The Add Black and White List of SS Domain dialog box
FIGURE 12 ADD BLACK AND WHITE LIST OF SS DOMAIN
2. Set a domain node number in the Node No. of Domain field.

list box.
Dest Code field.
END OF STEPS
Result The operator successfully configures a SS-domain black/white list.
Configuring IP Black and White Lists

Context This topic describes the procedure to configure an IP black/white
list.
Distinguished by IP addresses or address segments, incom-
ing/outgoing calls, regarding some gateway nodes (like IAD and
TG) within the local SS domain or other SS domains, can be
controlled.
IP white list: Allows an IP address to originate/receive outgoing/
incoming calls.
IP black list: Restricts an IP address to originate/receive outgo-
ing/ incoming calls.
Steps 1. Click the Black and White List of IP tab. Click the Add but-
ton.
The Add Black and White List of IP dialog box appears as
shown in Figure 13.
FIGURE 13 ADD BLACK AND WHITE LIST OF IP
list box.

3. Set an IP address and mask in related fields.

END OF STEPS
Result The operator successfully configures an IP black/white list.
Configuring a Large-Area Black/White

List
Context This topic describes the procedure to configure a large-area
black/white list.
Large-area white list: Allows a large-area destination code to
originate calls or receive calls.
Large-area Black list: Restricts a large-area destination code
originate calls or receive calls.
Steps 1. Click the Lata Black White List tab. Click the Add button.
The Add Lata Black White List dialog box appears as shown
in Figure 14.
FIGURE 14 ADD LATA BLACK WHITE LIST
2. Select a network type from the Net Type drop-down list box.
3. Set a number (the large-area no.) in the Calling Lata field.
For more configuration information, see Configuring an Area
Code for a Large AreaConfiguring an Area Code for a Large
Area.

list box.
Dest Code field.
in the destination Number Address Attribute field.
END OF STEPS
Result The operator successfully configures a large-area black/white list.
Configuring an Area Code for a Large

Area
Context This topic describes the procedure to configure an area code for a
large area.
Steps 1. Click the Lata Black White List tab, then click the Lata Black
White List Control button.
The Lata Configuration dialog box appears.
The Add LATA Configuration dialog box appears as shown in
Figure 15.
FIGURE 15 ADD LATA CONFIGURATION
3. Select a network type from the Network Type drop-down list

box.
4. Set an area code of the large area in the Area Code field.

5. Set the city name in the City field.

6. Select the Open Local Black White List check box or Close
Global Black White List check box according to require-
ments.
Note:
Open Local Black White List: Enables the black/white list
function for local network.
Close Global Black White List: Disables the black/white list
function for global numbers.

END OF STEPS
Result The operator successfully configures the area code for the large
area.
Configuring a Call Limit Group

Context This topic describes the procedure to configure a call limit group.
Steps 1. Click the Call Limit Group tab, then click the Add button.
The Add Call Limit Group dialog box appears as shown in
Figure 16.
FIGURE 16 ADD CALL LIMIT GROUP
2. Set a number in the Call Limit Group field, and set a group
name in the Remark field.
The newly-added call limit group is listed, as shown in Figure
17. At present, the type uses the default value 0.

FIGURE 17 NEWLY-ADDED CALL LIMIT GROUP
4. Select the record, and click the Limited Call Num. Conf but-
ton.
The Limited Call Number Configuration dialog box appears.
The Add Limited Call Number Configuration dialog box ap-
pears as shown in Figure 18.
FIGURE 18 ADD LIMITED CALL NUMBER CONFIGURATION
6. Set a destination code in the Digit Number field, which can

be a user number, digit analysis, toll code or special service
number.
7. Select a call limit type from the Type drop-down list box, which
will be displayed in the type column of the Call Limit Group
interface.

Note:
TP LIMIT: Restricts dialing the number that has the same pre-
fix as the call limit group, similar to the called black list.
TP RELIMIT: Only allows dialing the number that has the
same prefix as the call limit group, similar to the called white
list.
8. Set the attributes of the destination code in the Destination

Number Address Attribute field.
END OF STEPS
Result The operator successfully configures a call limit group.


Chapter 3
Authentication
Configuration
Table of Contents
Overview..........................................................................27
Enabling Authentication of Black and White List Function .........28
Configuring failure Disposal Index........................................31
Configuring a Compound Authentication Template..................35
Configuring an Authentication Right Template........................36
Applying an Authentication Right Template to a Trunk
Group ..............................................................................39
Applying an Authentication Template to a User ......................41
Overview
Introduction This chapter introduces IP Centrex services.
Basic Knowledge The validity configuration for authentication regarding incoming
calls is used to make all incoming calls undergo unconditional
check. After that, calls may be intercepted or still continue.
Figure 19shows the whole flow for validity check.
FIGURE 19 WHOLE FLOW FOR VALIDITY CHECK

Enabling Authentication
of Black and White List
Function
Context This topic describes the procedure to enable the authentication
and black/white list functions.
Steps 1. Select Global > System > Global Service Data from the
menu bar.
The Global Service Data dialog box appears as shown in Fig-
ure 1.
FIGURE 20 GLOBAL SERVICE DATA
2. Use one of the following ways to select the authentication and

black/white list functions.
� Double-click the Service directory node in the left pane.
Select 90009-Authorization Black White list Limit
switch .
� Enter the condition in the text box beside the Query but-
ton, and click the Query button.
The 90009-Authorization Black White list Limit switch in-
terface appears as shown in Figure 2.

Chapter 3 Authentication Configuration
FIGURE 21 90009-AUTHORIZATION BLACK WHITE LIST LIMIT SWITCH
3. Click the Modify button.

The Modify Authentication Black and White List Control
FIGURE 22 MODIFY AUTHENTICATION BLACK AND WHITE LIST CONTROL

Combined Authentication Enables the combined

Control authentication function
Black and White List Control Enables the black/white list

function
Enable IP address Black and Enables the black/white list

White List function associated with the IP
address segment.
Enable Limits Black and White Enables the black/white list

thresholds
Enable Percent Black and White Enables the black/white list

percentages
Enable Period of Time Black and Enables the black/white list

White List function associated with periods
Original Called No. Validity Checks validity of original called

numbers
Number Validity Redirect Checks validity of redirection

numbers
Original Called No. Authenticates original called

Authentication numbers
Number Authentication Redirect Authenticates redirection

numbers
Original Called No. Black and Enables the black/white list

White List function for the original called
numbers
Number Black and White List Enables the black/white list

Redirect function for the redirection
numbers
LS Black and White List Control Enables the black/white list

function for LS users
CF CID Auth. Switch Authenticates callers when call

Compound Authorization No. Performs compound

authentication when call
Authorization Assignment Connect calls regardless of the

authentication results
4. Set or select parameters according to actual requirements, and

click the OK button.
END OF STEPS

Result The authentication and black/white list functions are successfully

configured as required.
Configuring failure Disposal

Index
Prerequisites The Data Configure Window is open.
Context When calling numbers or redirection numbers are found incom-
plete during validity check, system uses one of the following ways.
¡ Further handles failures if related failure handling index is set.
¡ Intercepts calls if related failure handling index is not set.
Limit Configuration > Compound Authorization Configu-
ration from the menu bar.
The Compound Authorization Configuration dialog box ap-
pears.
2. Click the Fail Index field.
The BrowseFailure Reason analysis configuration dialog
box appears.
The Add Failure Reason analysis configuration dialog box
FIGURE 23 ADD FAILURE REASON ANALYSIS CONFIGURATION

4. Perform one of following operations according to requirements.
Purpose Operation
Play announcement i. Enter a solo number in the Fail Type

once failures occur Index field.
ii. Select 1-SEND FAIL VOICE from the
Fail Service Type drop-down list box.
Note:
� Tone ID: The information tone ID
� TRKFV: Announcement is only effective
for trunks.
� SSFV: Announcement is only effective
for SIP incoming calls.
Configure rerouting i. Enter a solo number in the Fail Type

services Index field.
ii. Select 2-REDIRECT ROUTE from the
Note:
� Calling DDI: During failure handling,
used for rerouting.
� Called DDI: During failure handling,
used for rerouting.
� Original Called DDI: During failure
handling, used for rerouting.
� Send CALL-Statistics Information
While Reselect Route: Used to reroute
channels when calls fail. Rerouted chan-
nels are calculated within no.1 channel
traffic statistics.
Make failures i. Enter a solo number in the Fail Type

activate IN calls Index field.
ii. Select 3-FAIL TRIGGER SCP from the
Note:
� Calling DDI: Used to convert calling
numbers.
� Called DDI: Used to convert called num-
bers.
� Original Called DDI: Used to convert
original called numbers.

Purpose Operation
� New DAS: Used to activate IN calls.

� Service Code: IN service code
� Tone ID: The information tone ID (for IN
calls)

activate APP calls Index field.
ii. Select 4-FAIL TRIGGER APP from the
Note:
numbers.
bers.
original called numbers .
� New DAS: Used to activate APP calls.
� Service Code: The APP service code
� APP Node: APP node
� DP Point: DP activation type

activate HLR calls Index field.
ii. Select 5-FAIL TRIGGER HLR from the
Note:
numbers.
bers.
� New DAS: Used to activate HLR calls.
Release calls i. Enter a solo number in the Fail Type

normally Index field.
ii. Select 6-NORMAL RELEASE from the

Purpose Operation
Reanalyze digits i. Enter a solo number in the Fail Type

Index field.
ii. Select 7-REANALYSIS from the Fail
Service Type drop-down list box.
Note:
numbers.
bers.
� New DAS: Used to reanalyze services.
Play announcement i. Enter a solo number in the Fail Type

for failures and Index field.
connect calls
ii. Select 8-FAIL SENDTONE REANALY-
SIS from the Fail Service Type drop-
down list box.
Note:
numbers.
bers.
� New DAS: Used to connect calls.
� Tone ID: Information tone ID
� TRKFV: Announcement is only effective
for trunks.
� SSFV: Announcement is only effective
for SIP incoming calls.

END OF STEPS
Result The operator successfully configures a failure handling index as

required.

Configuring a Compound
Authentication Template
Prerequisites ¡ Related authentication functions are enabled. For more infor-
mation, see Enabling Authentication of Black and White List
FunctionEnabling Authentication of Black and White List Func-
tion.
¡ Related failure handling indexes are set.
Context This topic describes the procedure to configure a compound au-
thentication template.
The compound authentication uses the following combinations to
perform validity check on involved numbers. A compound authen-
tication template begins to function only when used in an authen-
tication right template.
¡ IP address
¡ Time
¡ Type of the number (calling number/original called number/
redirection number)
¡ Type of the caller
¡ Type of the call
¡ Outgoing trunk group
¡ Out-domain node number
Limit Configuration > Compound Authorization Configu-
ration from the menu bar.
The Compound Authorization Configuration dialog box ap-
pears.
The Add Compound Authorization Configuration dialog
box appears as shown in Figure 24.
FIGURE 24 ADD COMPOUND AUTHORIZATION CONFIGURATION

No. Type Only effective for the calling party, involves

ALL DN, CALLER DN, ORIGINAL CALLED DN,
REDIRECTION DN.
Calling Kind Only effective for the called party, acquired by

analyzing called numbers.
Calling Number The calling destination code to be limited
Called Number The called destination code to be limited
3. Set parameters according to requirements.

END OF STEPS
Result The operator successfully configures a compound authentication

template.
Configuring an
Authentication Right
Template
Prerequisites Related failure handling indexes are set.
Context This topic describes the procedure to configure an authentication
right template.
The authentication right template is used to perform validity check
on incoming calls, which involves
¡ If the calling numbers exist
¡ If the original called numbers exist
¡ If the redirection numbers exist
¡ If the IAM messages indicate the calling numbers are incom-
plete
Such template intercepts matched calls, and allows the rest calls
still continuing as long as the length is within the specified range.
A template can check one or more cases and handles related fail-
ures. For example, the no.1 authentication right template allows
simultaneously handling one case that calling numbers are miss-
ing and another case that redirection numbers are missing.
Limit Configuration > Authorization Privilege Model from
the menu bar.

The Authorization Privilege Model dialog box appears.

The Add Authorization Privilege Model dialog box appears
FIGURE 25 ADD AUTHORIZATION PRIVILEGE MODEL
3. Enter a number in the Right Model No. field.
Note:
Usually, the right model is numbered from 1.
4. Set a model name in the Remark field.

5. If a compound authentication template is required, click the CA
Composite Group field. For more information, see Configur-
ing a Compound Authentication TemplateConfiguring a Com-
pound Authentication Template.
6. Perform one of the following operations according to require-
ments.

Purpose Operation
Authenticate the i. Set the minimum length in the Min OP

length of the Length field, and set the maximum length
calling number in the Max OP Length field.
ii. In the Fail Conversion Index field, click
the Calling Number Length Illegal
field, and select a fail type index from the
pop-up BrowseFailure Reason analysis
configuration dialog box. For more
configuration information, see Configuring
failure Disposal IndexConfiguring a Failure
Handling Index.
Result: Those calling numbers with illegal
length will be handled according to the fail
handling index.
Authenticate the i. Set the minimum length in the Min Origi-

length of the nal Called No. field, and set the maximum
original called length in the Max Original Called No. field.
numbers
the Original Called Number Length field,
and select a fail type index from the pop-up
BrowseFailure Reason analysis config-
uration dialog box.
Result: For those original called numbers with
illegal range, system handles them according
to related failure handing indexes.
Authenticate i. Set the minimum length in the Min Redirect

the length of No. field, and set the maximum length in
the redirection the Max Redirect No. field.
numbers
the Re-direct Number Length Illegal
field, and select a fail type index from the
configuration dialog box.
Result: For those redirection numbers with
illegal ranges, system handles them according
to related failure handing indexes.
Authenticate the i. Select the Not Calling No. check box.

case that calling
numbers are ii. In the Fail Conversion Index field,
missing click the NO Calling Number field,
and select a fail type index from the
configuration dialog box.
Authenticate i. Select the Not Original Called No. check

the case that box.
original called
numbers are ii. In the Fail Conversion Index field, click
missing the No Original Called Number field, and
select a fail type index from the pop-up
uration dialog box.

Purpose Operation
Authenticate i. Select the Not Redirect No. check box.

the case that
redirection ii. In the Fail Conversion Index field, click
numbers are the No Re-direct Number field, and select
missing a fail type index from the pop-up Brows-
eFailure Reason analysis configuration
dialog box.
Authenticate the i. Select the Calling No Incomplete check

case that calling box.
numbers are not
complete ii. In the Fail Conversion Index field, click
the Calling Number Incomplete field,
uration dialog box.
Connect i. Select the CA Opened Blocked check box.

calls after
authentication ii. In the Fail Conversion Index field, click
the CA Opened Blocked Fail Index field,
uration dialog box.

END OF STEPS
Result The operator successfully configures an authentication right tem-

plate.
Applying an Authentication
Right Template to a Trunk
Group
Context The authentication right template is mainly applied to incoming
trunk groups, in order to authenticate the incoming calling num-
bers.
Steps 1. Select Service Manage > Trunk Configuration > Tradi-
tional Trunk Group Management from the menu bar.
The Traditional Trunk Group Management dialog box ap-
pears as shown in Figure 26.

FIGURE 26 TRADITIONAL TRUNK GROUP MANAGEMENT
2. Set the query conditions, and click the Query button.

All qualified records are listed.
3. Select a record, and click the Modify button. Then select Mod-
ify Trunk Group from the pop-up menu.
The Modify Trunk Group Configuration dialog box appears
FIGURE 27 MODIFY TRUNK GROUP CONFIGURATION
4. Click the Basic Property 2 tab.

5. Click the Incoming Trunk Authentication Template field,
and select an authentication right template from the pop-up
box.
END OF STEPS

Result The operator successfully applies an authentication template to

incoming calling numbers.
Applying an Authentication
Template to a User
Context Applying an authentication template to a user is used to control
the call rights regarding the calling/called users. For users whose
services are stored in SHLR, such configuration can be configured
in SHLR.
To realize the basic call authentication functions, following tem-
plates can be used.
¡ Basic call right template
¡ CTX users’ call right template
¡ Roaming right template
¡ Dynamic right template
The basic call authentication functions can be applied to following
configurations.
¡ Local-office user right configuration
¡ Other-office user right configuration
¡ Trunk user right configuration
¡ Other-domain user right configuration
¡ HLR management user right configuration
¡ CTX user right configuration
¡ VIC right configuration
¡ User roaming right configuration
Limit Configuration > CASDN Limit Configuration from
the menu bar.
The CASDN Limit Configuration dialog box appears.
The Add CASDN Limit Configuration dialog box appears as
shown in Figure 28.

FIGURE 28 ADD CASDN LIMIT CONFIGURATION
3. Set a phone number in the User No. field.

4. Click the Call Right Template No. field, and select a template
from the pop-up dialog box.
END OF STEPS
Result The operator successfully applies an authentication template to a

user.

Figures
Figure 1 Global Service Data ............................................... 6

Figure 2 90009-Authorization Black White list Limit switch ....... 7
Figure 3 Modify Authentication Black and White List Control ..... 7
Figure 4 The Limit Condition of Black and White List...............10
Figure 5 Add The Limit Condition of Black and White List ........10
Figure 6 Add IP Address Authentication Model Configuration....12
Figure 9 Black White List Configuration.................................16
Figure 10 Add Global Black and White List ............................17
Figure 11 Add Black and White List of Trunk ..........................18
Figure 12 Add Black and White List of SS Domain ..................19
Figure 13 Add Black and White List of IP...............................20
Figure 14 Add Lata Black White List .....................................21
Figure 15 Add LATA Configuration ........................................22
Figure 16 Add Call Limit Group ............................................23
Figure 17 Newly-added Call Limit Group ...............................24
Figure 18 Add Limited Call Number Configuration ..................24
Figure 19 Whole Flow For Validity Check ...............................27
Figure 20 Global Service Data ............................................28
Figure 21 90009-Authorization Black White list Limit switch.....29
Figure 22 Modify Authentication Black and White List Control...29
Figure 23 Add Failure Reason analysis configuration ...............31
Figure 24 Add Compound Authorization Configuration.............35
Figure 25 Add Authorization Privilege Model ..........................37
Figure 26 Traditional Trunk Group Management .....................40
Figure 27 Modify Trunk Group Configuration ..........................40
Figure 28 Add CASDN Limit Configuration .............................42


Tables
Table 1 Chapter Summary .................................................... i

Table 2 RELATIONS BETWEEN BLACK AND WHITE LIST AT
CALLING/CALLED SIDES ..................................... 2
Table 4 Parameter Description .............................................. 8
Table 5 Parameter Description .............................................30
Table 7 Parameter Description .............................................36


List of Glossary
H.248
- ITU-T Rec. H.248 Gateway Control Protocol
- ITU-T H.248
H.323
- ITU-T Rec. Packet-based Multimedia Communications Systems
- ITU-T
HLR
- Home Location Register
-
IAD
- Integrated Access Device
-
IAM
- IP Access Module
- IP
IP
- Internet Protocol
- Ineternet
MGCP
- Media Gateway Control Protocol
-
PSTN
- Public Switch Telephone Network
-
SIP
- Session Initiated Protocol
-
SS
- SoftSwitch
-
TG
- Trunk Gateway
-

ZXSS10 SS1b: Authentication and Call Restriction Service Provisioning Manual

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ZXSS10 SS1b: Authentication and Call Restriction Service Provisioning Manual

Uploaded by

Copyright:

Available Formats

ZXSS10 SS1b

SoftSwitch Control Equipment

Copyright © 2006 ZTE CORPORATION.

The ultimate right to interpret this product resides in ZTE CORPORATION.

Revision No. Revision Date Revision Reason

Serial Number: sjzl20092704

About This Manual.............................................. i

Chapter 1, Service This chapter describes supplementary service

Chapter 2, Black This chapter describes restriction conditions

Chapter 3, This chapter describes authentication

Related The following documentation is related to this manual:

Confidential and Proprietary Information of ZTE CORPORATION i

This page is intentionally blank.

ii Confidential and Proprietary Information of ZTE CORPORATION

Confidential and Proprietary Information of ZTE CORPORATION 1

TABLE 2 RELATIONS BETWEEN BLACK AND WHITE LIST AT

White List Allowed Allowed Allowed

Black List Allowed Restricted Restricted

Undefined Allowed Restricted Allowed

2 Confidential and Proprietary Information of ZTE CORPORATION

Basic au- By number Incoming Basic au- 1

Call authen- By call Global users Call right 2

Call limit By Local office Call limit 3

Designated By Local office 4

Compound By call Incoming Compound 5

Black/white By Global users Black/white 6

Confidential and Proprietary Information of ZTE CORPORATION 3

This page is intentionally blank.

4 Confidential and Proprietary Information of ZTE CORPORATION

Black and White List

Confidential and Proprietary Information of ZTE CORPORATION 5

FIGURE 1 GLOBAL SERVICE DATA

2. Use one of the following ways to select the authentication and

6 Confidential and Proprietary Information of ZTE CORPORATION

FIGURE 2 90009-AUTHORIZATION BLACK WHITE LIST LIMIT SWITCH

3. Click the Modify button.

FIGURE 3 MODIFY AUTHENTICATION BLACK AND WHITE LIST CONTROL

Confidential and Proprietary Information of ZTE CORPORATION 7

TABLE 4 PARAMETER DESCRIPTION

Combined Authentication Enables the combined

Black and White List Control Enables the black/white list

Enable IP address Black and Enables the black/white list

Enable Limits Black and White Enables the black/white list

Enable Percent Black and White Enables the black/white list

Enable Period of Time Black and Enables the black/white list

Original Called No. Validity Checks validity of original called

Number Validity Redirect Checks validity of redirection

Original Called No. Authenticates original called

Number Authentication Redirect Authenticates redirection

Original Called No. Black and Enables the black/white list

Number Black and White List Enables the black/white list

LS Black and White List Control Enables the black/white list

CF CID Auth. Switch Authenticates callers when call

Compound Authorization No. Performs compound

Authorization Assignment Connect calls regardless of the

4. Set or select parameters according to actual requirements, and

8 Confidential and Proprietary Information of ZTE CORPORATION

Result The authentication and black/white list functions are successfully

Entering Configuration Interface of

Confidential and Proprietary Information of ZTE CORPORATION 9

FIGURE 4 THE LIMIT CONDITION OF BLACK AND WHITE LIST

2. Click the Add button.

FIGURE 5 ADD THE LIMIT CONDITION OF BLACK AND WHITE LIST