Professional Documents
Culture Documents
Version V2.0.1.06.1
ZTE CORPORATION
ZTE Plaza, Keji Road South,
Hi-Tech Industrial Park,
Nanshan District, Shenzhen,
P. R. China
518057
Tel: (86) 755 26771900
Fax: (86) 755 26770801
URL: http://ensupport.zte.com.cn
E-mail: support@zte.com.cn
LEGAL INFORMATION
The contents of this document are protected by copyright laws and international treaties. Any reproduction or distribution of
this document or any portion of this document, in any form by any means, without the prior written consent of ZTE CORPO-
RATION is prohibited. Additionally, the contents of this document are protected by contractual confidentiality obligations.
All company, brand and product names are trade or service marks, or registered trade or service marks, of ZTE CORPORATION
or of their respective owners.
This document is provided “as is”, and all express, implied, or statutory warranties, representations or conditions are dis-
claimed, including without limitation any implied warranty of merchantability, fitness for a particular purpose, title or non-in-
fringement. ZTE CORPORATION and its licensors shall not be liable for damages resulting from the use of or reliance on the
information contained herein.
ZTE CORPORATION or its licensors may have current or pending intellectual property rights or applications covering the subject
matter of this document. Except as expressly provided in any written license between ZTE CORPORATION and its licensee,
the user of this document shall not acquire any license to the subject matter herein.
ZTE CORPORATION reserves the right to upgrade or make technical change to this product without further notice.
Users may visit ZTE technical support website http://ensupport.zte.com.cn to inquire related information.
Revision History
Purpose This manual provides procedures and guidelines that support the
operation activities regarding authentication and call restriction
service on ZXSS10 SS1b SoftSwitch Control Equipment.
Intended This document is intended for engineers and technicians who
Audience perform operation activities on ZXSS10 SS1b SoftSwitch Control
Equipment.
Prerequisite Skill To use this document effectively, users must have a general un-
and Knowledge derstanding of SoftSwitch technologies. Familiarity with following
aspects is helpful.
¡ ZXSS10 SS1b SoftSwitch system and its various components
¡ Local operating procedures
¡ Equipment Environment
¡ User interface of ZXSS10 SS1b SoftSwitch
¡ Operation and functionality of ZXSS10 SS1b SoftSwitch
What Is in This This manual contains the following chapters:
Manual
TABLE 1 CHAPTER SUMMARY
Chapter Summary
Service Description
Table of Contents
Introduction....................................................................... 1
Service Characteristics ........................................................ 2
Service Functions ............................................................... 2
Service Advantages ............................................................ 3
Introduction
Overview SS authentication modes fall into two following types.
1. Call attribute authentication (call authentication and compound
authentication)
� Call source (local domain, incoming domain or incoming
trunk)
� Call category (local, toll or special service)
� Call period and call number
� User attributes (type, CPC, owing-user or non-owing user)
� Number attributes (length, type, address)
2. Destination code authentication (white/black list, destination
code restriction)
Office code, area code, country code, and special service num-
bers, etc
SS uses one of the above ways to authenticate calls. If a
call cannot pass the authentication, a failure code is returned.
Then, the service follows the action specified by the failure
code in the next process.
Definition With the use of the authentication or call limit function, the ex-
change, according to caller numbers or incoming trunk numbers,
forbids/allows some callers (or incoming trunk calls) to be con-
nected to some destination codes.
Applicable Objects H.248/MGCP/SIP/H.323/end office users
Service Characteristics
Authentication ZXSS10, as a tandem exchange, improves and perfects the au-
Functions thentication function on the basis of original function, which mainly
involves following two parts.
¡ Basic authentication: Before digit analysis starts, mainly used
to check validity as well as handle failures with regard to in-
coming trunk (incoming domain) calling numbers. Still, Checks
if calling/called numbers in trunks or IP network are too long
(means exceeding the preset range). If so, calls are restricted.
¡ Compound authentication: After digit analysis, performs
authentication on outgoing trunk calls or out-domain calls.
Uses optional combinations (calling/called number, outgoing
trunk/domain ID, destination code, call attribute, call period,
caller type) to determine if calls should be connected.
Black/White List ¡ Relations between white lists and black lists at the call-
ing/called side
Calling numbers or incoming trunk numbers, defined in the
calling-side white lists, are only allowed to call destination
codes in the called-side white lists. Calling numbers or in-
coming trunk numbers, defined in the calling-side white lists,
are not restricted by the called-side black lists. Table 2lists
detailed relations.
Call-
ing/Called White List Black List Undefined
side
¡ Capacity Requirements
The number of black lists is at least 20000 and the number of
white lists is at least 2000.
At present, SS can hold up to 500,000 white lists and black
lists.
Service Functions
Basic Functions ¡ Basic authentication
¡ Call authentication
¡ Call limit group
¡ Designated destination code connection/restriction
¡ Compound authentication
¡ White list/black list
Function
Comparison Authen- Used Con-
Applied
Function tication figuration Priority
Object
Condition Template
Service Advantages
Overview For restricted destination codes, used types can be a prefix, coun-
try code, toll zone code, office code, special service number or
user number. The maximum length is 20 digits.
As an exchange’s system functions, authentication and call limit
can be applied to all types of terminal users.
Table of Contents
Overview........................................................................... 5
Enabling Authentication of Black and White List Function ......... 6
Restriction Conditions Configuration ...................................... 9
Basic Black and White Lists Configuration .............................15
Overview
Introduction This chapter introduces IP Centrex services.
Generalization Frequently used in PSTN network, black/white lists are mainly ap-
plied to the call limit function among different user groups. In
general, the calling users (or called users) fall into three types.
¡ Black list users
¡ White list users
¡ Common users
In SS, as a kind of groups, white/black lists have no actual asso-
ciation with the traditional default call limit function. Controlled
objects in SS1b may be
¡ Global users
¡ Trunk groups
¡ SS domain node
¡ IP address
Maintenance personnel can flexibly select controlled objects ac-
cording to requirements.
Enabling Authentication
of Black and White List
Function
Prerequisites The Data Configure window is open.
Context This topic describes the procedure to enable the authentication
and black/white list functions.
Steps 1. Select Global > System > Global Service Data from the
menu bar.
The Global Service Data dialog box appears as shown in Fig-
ure 1.
Parameter Description
Restriction Conditions
Configuration
Overview As an application index, limit conditions for black/white lists can be
used in many occasions, e.g., global code black/white lists, trunk
black/white lists, SS-domain black/white lists, IP black/white lists,
large-area black/white lists, call limit group black/white lists.
Contents Black/white lists can be controlled according to the following limit
conditions.
¡ Configuring a Gate Value
¡ Configuring an IP Address Model
¡ Configuring a Ratio
¡ Configuring Call Period
END OF STEPS
Result The operator successfully enters the black/white list limit condition
interface.
Note:
For example, the gate value is set to 5. Then, when the 6th
call starts, the black/white list begins to function.
Note:
An IP address model number can have several indexes.
Note:
The black/white list is effective only for those gateway ad-
dresses in such IP address segment.
Note:
In such case, for 100 calls in total, 30 calls are restricted by
the black/white list.
Note:
If the date is not configured or set to 0, the sub-period settings
cannot take effect. Then, calls in all periods are restricted.
Therefore, to validate sub-period settings, it is necessary to
set a start date as well as the number of days (like 1000).
Days=0 means calls during the day (set in the Start Date
field) are restricted.
5. Set required periods in the Start Time and End Time fields,
as shown in Figure 8.
Note:
These periods must not be overlapped.
END OF STEPS
Result The operator successfully enters the Black White List Configu-
ration interface.
Global code black list: Defines destination codes black list users
cannot dial.
Steps 1. Click the Global Code Black and White List tab. Click the
Add button.
The Add Global Black and White List dialog box appears as
shown in Figure 10.
2. Select a network type from the Net Type drop-down list box.
3. Select a type from the Black and White List Type drop-down
list box.
4. Set a user number, digit analysis, toll code or special service
number in the Dest Code field.
5. Double-click the Limit Condition Index field. For more con-
figuration information, see Limit Conditions Configuration.
6. Select one or more attributes concerning destination numbers
in the Destination Number Address Attribute field.
Note:
As the address attributes are used to distinguish identical num-
bers, dialing any one of the numbers can still be restricted.
This method is used during international gateway configura-
tion. By default, identical destination codes are not further
distinguished.
Note:
For Black and White List Type=INCOMING CALLED
BLACK LIST, Trunk No.=1, Dest code=original called num-
ber or number segment, incoming trunk calls are restricted if
original called numbers which the no.1 incoming trunk group
dials match the destination code.
END OF STEPS
3. Select a type from the Black and White List Type drop-down
list box.
4. Set a user number, digit analysis, toll code or office code in the
Dest Code field.
5. Double-click the Limit Condition Index field. For more con-
figuration information, see Limit Conditions Configuration.
6. Select one or more attributes concerning destination numbers
in the Destination Number Address Attribute field.
7. Click the OK button.
END OF STEPS
2. Select a type from the Black and White List Type drop-down
list box.
2. Select a network type from the Net Type drop-down list box.
3. Set a number (the large-area no.) in the Calling Lata field.
For more configuration information, see Configuring an Area
Code for a Large AreaConfiguring an Area Code for a Large
Area.
4. Select a type from the Black and White List Type drop-down
list box.
5. Set a user number, digit analysis, toll code or office code in the
Dest Code field.
6. Double-click the Limit Condition Index field. For more con-
figuration information, see Limit Conditions Configuration.
7. Select one or more attributes concerning destination numbers
in the destination Number Address Attribute field.
8. Click the OK button.
END OF STEPS
Note:
Open Local Black White List: Enables the black/white list
function for local network.
Close Global Black White List: Disables the black/white list
function for global numbers.
Result The operator successfully configures the area code for the large
area.
2. Set a number in the Call Limit Group field, and set a group
name in the Remark field.
3. Click the OK button.
The newly-added call limit group is listed, as shown in Figure
17. At present, the type uses the default value 0.
4. Select the record, and click the Limited Call Num. Conf but-
ton.
The Limited Call Number Configuration dialog box appears.
5. Click the Add button.
The Add Limited Call Number Configuration dialog box ap-
pears as shown in Figure 18.
Note:
TP LIMIT: Restricts dialing the number that has the same pre-
fix as the call limit group, similar to the called black list.
TP RELIMIT: Only allows dialing the number that has the
same prefix as the call limit group, similar to the called white
list.
Authentication
Configuration
Table of Contents
Overview..........................................................................27
Enabling Authentication of Black and White List Function .........28
Configuring failure Disposal Index........................................31
Configuring a Compound Authentication Template..................35
Configuring an Authentication Right Template........................36
Applying an Authentication Right Template to a Trunk
Group ..............................................................................39
Applying an Authentication Template to a User ......................41
Overview
Introduction This chapter introduces IP Centrex services.
Basic Knowledge The validity configuration for authentication regarding incoming
calls is used to make all incoming calls undergo unconditional
check. After that, calls may be intercepted or still continue.
Figure 19shows the whole flow for validity check.
Enabling Authentication
of Black and White List
Function
Prerequisites The Data Configure window is open.
Context This topic describes the procedure to enable the authentication
and black/white list functions.
Steps 1. Select Global > System > Global Service Data from the
menu bar.
The Global Service Data dialog box appears as shown in Fig-
ure 1.
Parameter Description
Purpose Operation
Note:
� Tone ID: The information tone ID
� TRKFV: Announcement is only effective
for trunks.
� SSFV: Announcement is only effective
for SIP incoming calls.
Note:
� Calling DDI: During failure handling,
used for rerouting.
� Called DDI: During failure handling,
used for rerouting.
� Original Called DDI: During failure
handling, used for rerouting.
� Send CALL-Statistics Information
While Reselect Route: Used to reroute
channels when calls fail. Rerouted chan-
nels are calculated within no.1 channel
traffic statistics.
Note:
� Calling DDI: Used to convert calling
numbers.
� Called DDI: Used to convert called num-
bers.
� Original Called DDI: Used to convert
original called numbers.
Purpose Operation
Note:
� Calling DDI: Used to convert calling
numbers.
� Called DDI: Used to convert called num-
bers.
� Original Called DDI: Used to convert
original called numbers .
� New DAS: Used to activate APP calls.
� Service Code: The APP service code
� APP Node: APP node
� DP Point: DP activation type
Note:
� Calling DDI: Used to convert calling
numbers.
� Called DDI: Used to convert called num-
bers.
� Original Called DDI: Used to convert
original called numbers.
� New DAS: Used to activate HLR calls.
Purpose Operation
Note:
� Calling DDI: Used to convert calling
numbers.
� Called DDI: Used to convert called num-
bers.
� Original Called DDI: Used to convert
original called numbers.
� New DAS: Used to reanalyze services.
Note:
� Calling DDI: Used to convert calling
numbers.
� Called DDI: Used to convert called num-
bers.
� Original Called DDI: Used to convert
original called numbers.
� New DAS: Used to connect calls.
� Tone ID: Information tone ID
� TRKFV: Announcement is only effective
for trunks.
� SSFV: Announcement is only effective
for SIP incoming calls.
Configuring a Compound
Authentication Template
Prerequisites ¡ Related authentication functions are enabled. For more infor-
mation, see Enabling Authentication of Black and White List
FunctionEnabling Authentication of Black and White List Func-
tion.
¡ Related failure handling indexes are set.
Context This topic describes the procedure to configure a compound au-
thentication template.
The compound authentication uses the following combinations to
perform validity check on involved numbers. A compound authen-
tication template begins to function only when used in an authen-
tication right template.
¡ IP address
¡ Time
¡ Type of the number (calling number/original called number/
redirection number)
¡ Type of the caller
¡ Type of the call
¡ Outgoing trunk group
¡ Out-domain node number
Steps 1. Select Service Manage > Authorization Black White List
Limit Configuration > Compound Authorization Configu-
ration from the menu bar.
The Compound Authorization Configuration dialog box ap-
pears.
2. Click the Add button.
The Add Compound Authorization Configuration dialog
box appears as shown in Figure 24.
Parameter Description
Configuring an
Authentication Right
Template
Prerequisites Related failure handling indexes are set.
Context This topic describes the procedure to configure an authentication
right template.
The authentication right template is used to perform validity check
on incoming calls, which involves
¡ If the calling numbers exist
¡ If the original called numbers exist
¡ If the redirection numbers exist
¡ If the IAM messages indicate the calling numbers are incom-
plete
Such template intercepts matched calls, and allows the rest calls
still continuing as long as the length is within the specified range.
A template can check one or more cases and handles related fail-
ures. For example, the no.1 authentication right template allows
simultaneously handling one case that calling numbers are miss-
ing and another case that redirection numbers are missing.
Steps 1. Select Service Manage > Authorization Black White List
Limit Configuration > Authorization Privilege Model from
the menu bar.
Note:
Usually, the right model is numbered from 1.
Purpose Operation
Purpose Operation
Applying an Authentication
Right Template to a Trunk
Group
Prerequisites Related failure handling indexes are set.
Context The authentication right template is mainly applied to incoming
trunk groups, in order to authenticate the incoming calling num-
bers.
Steps 1. Select Service Manage > Trunk Configuration > Tradi-
tional Trunk Group Management from the menu bar.
The Traditional Trunk Group Management dialog box ap-
pears as shown in Figure 26.
Applying an Authentication
Template to a User
Prerequisites Related failure handling indexes are set.
Context Applying an authentication template to a user is used to control
the call rights regarding the calling/called users. For users whose
services are stored in SHLR, such configuration can be configured
in SHLR.
To realize the basic call authentication functions, following tem-
plates can be used.
¡ Basic call right template
¡ CTX users’ call right template
¡ Roaming right template
¡ Dynamic right template
The basic call authentication functions can be applied to following
configurations.
¡ Local-office user right configuration
¡ Other-office user right configuration
¡ Trunk user right configuration
¡ Other-domain user right configuration
¡ HLR management user right configuration
¡ CTX user right configuration
¡ VIC right configuration
¡ User roaming right configuration
Steps 1. Select Service Manage > Authorization Black White List
Limit Configuration > CASDN Limit Configuration from
the menu bar.
The CASDN Limit Configuration dialog box appears.
2. Click the Add button.
The Add CASDN Limit Configuration dialog box appears as
shown in Figure 28.
H.248
- ITU-T Rec. H.248 Gateway Control Protocol
- ITU-T H.248
H.323
- ITU-T Rec. Packet-based Multimedia Communications Systems
- ITU-T
HLR
- Home Location Register
-
IAD
- Integrated Access Device
-
IAM
- IP Access Module
- IP
IP
- Internet Protocol
- Ineternet
MGCP
- Media Gateway Control Protocol
-
PSTN
- Public Switch Telephone Network
-
SIP
- Session Initiated Protocol
-
SS
- SoftSwitch
-
TG
- Trunk Gateway
-