Table Of Contents
Malicious Call Identification
Introducing Malicious Call Identification
Using the Malicious Call ID Feature with Cisco CallManager
System Requirements for Malicious Call ID
Interactions and Restrictions
Interactions
Conference Calls
Extension Mobility
Call Detail Records
Alarms
Restrictions
Installing Malicious Call ID
Configuring Malicious Call ID
Malicious Call ID Configuration Checklist
Setting the Service Parameter for Malicious Call ID
Configuring Alarms for Malicious Call ID
Adding a Softkey Template for Malicious Call ID
Giving the Malicious Call Identification Feature to Users
Removing the Malicious Call Identification Feature from a User
Troubleshooting Malicious Call ID
Where to Find More Information
Malicious Call Identification
The Malicious Call Identification (MCID) supplementary service allows you to report a call of a malicious nature by requesting that Cisco CallManager identify and register the source of an incoming call in the network.
This chapter provides the following information about the Malicious Call Identification feature:
•Introducing Malicious Call Identification
•System Requirements for Malicious Call ID
•Interactions and Restrictions
•Installing Malicious Call ID
•Configuring Malicious Call ID
•Troubleshooting Malicious Call ID
•Where to Find More Information
Introducing Malicious Call Identification
Malicious Call Identification (MCID), an internetwork service, allows users to initiate a sequence of events when they receive calls with a malicious intent. The user who receives a disturbing call can invoke the MCID feature by using a softkey or feature code while connected to the call. The MCID service immediately flags the call as a malicious call with an alarm notification to the Cisco CallManager administrator. The MCID service flags the call detail record (CDR) with the MCID notice and sends a notification to the off-net PSTN that a malicious call is in progress.
The system supports the MCID service, which is an ISDN PRI service, when using PRI connections to the PSTN. The MCID service includes two components:
•MCID-O—An originating component that invokes the feature upon the user's request and sends the invocation request to the connected network.
•MCID-T—A terminating component that receives the invocation request from the connected network and responds with a success or failure message that indicates whether the service can be performed.
Note Cisco CallManager supports only the originating component at this time.
Using the Malicious Call ID Feature with Cisco CallManager
The MCID feature provides a useful method for tracking troublesome or threatening calls. When a user receives this type of call, the Cisco CallManager system administrator can assign a new softkey template that adds the Malicious Call softkey to the user's phone. For POTS phones that are connected to a SCCP gateway, users can use a hookflash and enter a feature code of *39 to invoke the MCID feature.
When the MCID feature is used, the following actions take place:
1. The user receives a threatening call and presses the Malicious Call softkey (or enters the feature code *39).
2. Cisco CallManager sends the user a confirmation tone if the device can play a tone—and a text message on a phone that has a display—to acknowledge receiving the MCID notification.
3. Cisco CallManager updates the CDR for the call with an indication that the call is registered as a malicious call.
4. Cisco CallManager generates the alarm and event log entry that has the event information.
5. Cisco CallManager sends a MCID invocation through the facility message to the connected network. The facility information element (IE) encodes the MCID invocation.
6. After receiving this notification, the PSTN or other connected network can take actions, such as providing legal authorities with the call information.
System Requirements for Malicious Call ID
Malicious Call ID service requires Cisco CallManager 4.0 or later to operate.
The following gateways and connections support MCID service:
•PRI gateways that use the MGCP PRI backhaul interface for T1 (NI2) and E1 (ETSI) connections
•H.323 trunks and gateways
The Cisco IP Phones (Models 7920, 7940, 7960) support MCID by using the Malicious Call Trace softkey in the Standard User softkey template.
The Cisco ATA 186 and Cisco ATA 188 analog phone ports support MCID by using the feature code (*39).
Interactions and Restrictions
The following sections describe the interactions and restrictions for Malicious Call Identification.
•Interactions
•Restrictions
Interactions
The following sections describe how Malicious Call Identification interacts with Cisco CallManager applications and call processing.
•Conference Calls
•Extension Mobility
•Call Detail Records
•Alarms
Conference Calls
When a user is connected to a conference, the user can use the MCID feature to flag the call as a malicious call. Cisco CallManager sends the MCID indication to the user, generates the alarm, and updates the CDR. However, Cisco CallManager does not send an MCID invoke message to the connected network that might be involved in the conference.
Extension Mobility
Extension mobility users can have the MCID softkey as part of their user device profile and can use this feature when they are logged on to a phone.
Call Detail Records
To track malicious calls by using CDR, you must set the CDR Enabled Flag to True in the Cisco CallManager service parameter under the System category. When the MCID feature is used during a call, the CDR for the call contains "CallFlag=MALICIOUS" in the Comment field.
Alarms
To record alarms for the MCID feature in the Event Viewer, you must configure alarms in Cisco CallManager Serviceability. Under Event Viewer, enable alarms for the "Informational" alarm event level.
When the MCID featured is used during a call, an SDL trace and a Cisco CallManager trace are logged in alarms. You can view the Alarm Event Log by using Cisco CallManager Serviceability. The traces provide the following information:
•Date and time
•Type of event: Information
•Information: Malicious Call Identification feature is invoked in Cisco CallManager
•Called Party Number
•Called Device Name
•Called Display Name
•Calling Party Number
•Calling Device Name
•Calling Display Name
•Application ID
•Cluster ID
•Node ID
Refer to the Cisco CallManager Serviceability Administration Guide for more information about alarms and traces.
Restrictions
The following restrictions apply to Malicious Call Identification:
•Cisco CallManager supports only the malicious call identification originating function (MCID-O) only. Cisco CallManager does not support the malicious call identification terminating function (MCID-T). If Cisco CallManager receives a notification from the network of a malicious call identification, Cisco CallManager ignores the notification.
•MCID does not work across intercluster trunks because Cisco CallManager does not support the MCID-T function.
•Cisco MGCP FXS gateways do not support MCID. No mechanism exists for accepting the hookflash and collecting the feature code in MGCP.
•MCID does not work over QSIG trunks because MCID is not a QSIG standard.
•The Cisco VG248 Analog Phone Gateway does not support MCID.
•Skinny Client Control Protocol (SCCP) IP phones use a softkey to invoke the MCID feature.
See the "Configuring Malicious Call ID" section for configuration details.
Installing Malicious Call ID
Malicious Call Identification, which is a system feature, comes standard with Cisco CallManager software. MCID does not require special installation or activation.
Configuring Malicious Call ID
This section contains the following information:
•Malicious Call ID Configuration Checklist
•Setting the Service Parameter for Malicious Call ID
•Configuring Alarms for Malicious Call ID
•Adding a Softkey Template for Malicious Call ID
•Giving the Malicious Call Identification Feature to Users
•Removing the Malicious Call Identification Feature from a User
Malicious Call ID Configuration Checklist
Table 11-1 provides a checklist for configuring Malicious Call Identification. You must configure the softkey template and assign the template to an IP phone (steps 3 and 4) to make the feature available to IP phones.
Setting the Service Parameter for Malicious Call ID
To enable Cisco CallManager to flag a CDR with the MCID indicator, you must enable the CDR flag. Use the following procedure in Cisco CallManager Administration to enable CDR.
Procedure
Step 1 From the drop-down list, choose Service > Service Parameters.
Step 2 Choose the Cisco CallManager server name.
Step 3 In the Service field, choose Cisco CallManager. The Service Parameters Configuration window appears.
Step 4 In the System area, set the CDR Flag Enabled field to True if it is not already enabled.
Step 5 If you need to make the change, click Update.
Configuring Alarms for Malicious Call ID
To provide for the MCID alarm information to appear in the Event Viewer, you need to enable the alarm event level. Use Cisco CallManager Serviceability and the following procedure to activate alarms for MCID.
Procedure
Step 1 Choose Application > Serviceability. The Cisco CallManager Serviceability application opens.
Step 2 Choose Alarm > Configuration. The Alarm Configuration window displays.
Step 3 From the list, choose the Cisco CallManager server.
Step 4 In the Configured Services list box, choose Cisco CallManager. The Alarm Configuration window updates with configuration fields.
Step 5 Under Event Viewer, in the Alarm Event Level drop-down list, choose Informational.
Step 6 Under Event Viewer, check the Enable Alarm check box.
Step 7 If you want to enable the alarm for all nodes in the cluster, check the Apply to All Nodes check box.
Step 8 Click Update to turn on the informational alarm.
Related Topics
•Setting the Service Parameter for Malicious Call ID
•Malicious Call ID Configuration Checklist
•Adding a Softkey Template for Malicious Call ID
Adding a Softkey Template for Malicious Call ID
Use this procedure in Cisco CallManager Administration to add the Malicious Call softkey to a template.
Procedure
Step 1 Choose Device > Device Settings > Softkey Template. The Find and List Softkey Templates window displays.
Step 2 In the upper, right corner of the window, click the Add a New Softkey Template link. The Softkey Template Configuration window displays.
Step 3 In the Creating a softkey template based on field, choose Standard User.
Step 4 Click Copy. The Softkey Template Configuration window refreshes with new fields.
Step 5 In the Softkey Template Name field, enter a name that indicates that this is a MCID softkey template.
Step 6 In the Description field, enter a description that indicates that this is a MCID softkey template.
Step 7 Click Insert. The Softkey Template Configuration window refreshes with configuration fields.
Step 8 In the upper, right corner of the window, click the Configure Softkey Layout link. The Softkey Layout Configuration window displays.
Step 9 In the Call States area on the left, choose Connected. The list of Unselected Softkeys changes to display the available softkeys for this call state.
Step 10 In the Unselected Softkeys list, choose Toggle Malicious Call Trace.
Step 11 To move the softkey to the Selected keys list, click the arrow.
Step 12 Click Update to ensure that the softkey template is configured.
Related Topics
•Malicious Call ID Configuration Checklist
•Setting the Service Parameter for Malicious Call ID
•Configuring Alarms for Malicious Call ID
•Giving the Malicious Call Identification Feature to Users
•Removing the Malicious Call Identification Feature from a User
Giving the Malicious Call Identification Feature to Users
To provide the Malicious Call Identification feature for users, you assign the MCID softkey template to their IP phone.
Note For users who do not have phones that can use a softkey, give them the feature code information and instructions on how to invoke the feature.
Procedure
Step 1 Choose Device > Phones. The Find and List Phones window displays.
Step 2 To locate the user's phone configuration, enter appropriate phone information; then click Find.
Step 3 Choose the phone that you want to update.
Step 4 Locate the Softkey Template Information area, and choose the MCID softkey template from the drop-down list.
Step 5 To save the changes in the database, click Update.
Step 6 To activate the changes on the phone, click Reset Phone.
Step 7 Notify the user that the Malicious Call Identification feature is available.
Related Topics
•Malicious Call ID Configuration Checklist
•Setting the Service Parameter for Malicious Call ID
•Configuring Alarms for Malicious Call ID
•Adding a Softkey Template for Malicious Call ID
•Removing the Malicious Call Identification Feature from a User
Removing the Malicious Call Identification Feature from a User
To remove the Malicious Call Identification feature from users, you assign another softkey template to their IP phone.
Procedure
Step 1 Choose Device > Phones. The Find and List Phones window displays.
Step 2 To locate the user's phone configuration, enter appropriate phone information and click Find.
Step 3 Choose the phone that you want to update.
Step 4 Locate the Softkey Template Information area and choose a softkey template without MCID from the drop-down list.
Step 5 To save the changes in the database, click Update.
Step 6 To activate the changes on the phone, click Reset Phone.
Step 7 Notify the user that the Malicious Call Identification feature is no longer available.
Related Topics
•Malicious Call ID Configuration Checklist
•Setting the Service Parameter for Malicious Call ID
•Configuring Alarms for Malicious Call ID
•Giving the Malicious Call Identification Feature to Users
Troubleshooting Malicious Call ID
To assist with tracking and troubleshooting the Malicious Call ID feature, Cisco CallManager traces and SDL traces and alarms are available.
For information about using these traces and alarms, refer to the Cisco CallManager Serviceability Administration Guide.
Where to Find More Information
Related Topics
•Cisco IP Phone Configuration, Cisco CallManager Administration Guide
•Softkey Template Configuration, Cisco CallManager Administration Guide
Additional Cisco Documentation
•Cisco CallManager Serviceability Administration Guide
•Cisco IP Phone Administration Guide for Cisco CallManager
•Cisco IP Phone user documentation and release notes (all models)