Home » Cisco Manuals » Telephony » Cisco 6941 » Manual Viewer

Cisco 6941 Administration Guide - Page 28

Overview of Supported Security Features, Topic, Reference, Feature, Description - firmware

UPC - 882658277801

Add to My Manuals
Save this manual to your list of manuals

Page 28 highlights

Understanding Security Features for Cisco Unified IP Phones Chapter Table 1-5 Cisco Unified IP Phone and Cisco Unified CM Security Topics (continued) Topic Resetting or restoring the phone 802.1X Authentication for Cisco Unified IP Phones Reference See the "Resetting or Restoring the Cisco Unified IP Phone" section on page 9-12 See these sections: • "Supporting 802.1X Authentication on Cisco Unified IP Phones" section on page 1-21 • "Security Configuration Menu" section on page 4-9 • "Status Menu" section on page 7-2 • "Troubleshooting Cisco Unified IP Phone Security" section on page 9-8 All Cisco Unified IP Phones that support Cisco Unified CM use a security profile, which defines whether the phone is nonsecure or secure. For information about configuring the security profile and applying the profile to the phone, refer to Cisco Unified Communications Manager Security Guide. Overview of Supported Security Features Table 1-6 provides an overview of the security features that the Cisco Unified IP Phone 6921, 6941, and 6961 support. For more information about these features and about Cisco Unified CM and Cisco Unified IP Phone security, refer to Cisco Unified Communications Manager Security Guide. For information about current security settings on a phone, choose Applications > Admin Settings > Security Setup. For more information, see the "Security Configuration Menu" section on page 4-9. Note Most security features are available only if a certificate trust list (CTL) is installed on the phone. For more information about the CTL, refer to "Configuring the Cisco CTL Client" chapter in Cisco Unified Communications Manager Security Guide. Table 1-6 Overview of Security Features Feature Image authentication Customer-site certificate installation Description Signed binary files (with the extension .sgn) prevent tampering with the firmware image before it is loaded on a phone. Tampering with the image causes a phone to fail the authentication process and reject the new image. Each Cisco Unified IP Phone requires a unique certificate for device authentication. Phones include a manufacturing installed certificate (MIC), but for additional security, you can specify in Cisco Unified CM Administration that a certificate be installed by using the Certificate Authority Proxy Function (CAPF). Alternatively, you can install a Locally Significant Certificate (LSC) from the Security Configuration menu on the phone. See the "Configuring Security on the Cisco Unified IP Phone" section on page 3-16 for more information. 1-16 Cisco Unified IP Phone 6921, 6941, 6945, and 6961 Administration Guide for Cisco Unified Communications Manager 8.5 (SCCP and SIP) OL-23769-01

Section	Page
Cisco Unified IP Phone 6921, 6941, 6945, and 6961 Administration Guide for Cisco Unified Communications Manager 8.5 (SCCP and SIP)	1
Contents	3
Preface	9
An Overview of the Cisco Unified IP Phone	13
Understanding the Cisco Unified IP Phones 6921, 6941, 6945, and 6961	14
What Networking Protocols are Used?	21
What Features are Supported on the Cisco Unified IP Phone 6921, 6941, and 6961?	24
Feature Overview	25
Configuring Telephony Features	25
Configuring Network Parameters Using the Cisco Unified IP Phone	26
Providing Users with Feature Information	26
Understanding Security Features for Cisco Unified IP Phones	26
Overview of Supported Security Features	28
Understanding Security Profiles	30
Identifying Encrypted Phone Calls	30
Establishing and Identifying Secure Conference Calls	31
Establishing and Identifying Protected Calls	31
Call Security Interactions and Restrictions	32
Supporting 802.1X Authentication on Cisco Unified IP Phones	33
Overview	33
Required Network Components	33
Best Practices-Requirements and Recommendations	33
Security Restrictions	34
Overview of Configuring and Installing Cisco Unified IP Phones	34
Configuring Cisco Unified IP Phones in Cisco Unified CM	35
Checklist for Configuring the Cisco Unified IP Phones 6921, 6941, 6945, and 6961 in Cisco Unified CM	36
Installing Cisco Unified IP Phones	39
Checklist for Installing the Cisco Unified IP Phone 6921, 6941, and 6961	39
Terminology Differences	41
Preparing to Install the Cisco Unified IP Phone on Your Network	43
Understanding Interactions with Other Cisco Unified IP Telephony Products	43
Understanding How the Cisco Unified IP Phone Interacts with Cisco Unified CM	44
Understanding How the Cisco Unified IP Phone Interacts with the VLAN	44
Providing Power to the Cisco Unified IP Phone	45
Power Guidelines	46
Power Outage	46
Obtaining Additional Information about Power	47
Understanding Phone Configuration Files	47
Understanding the Phone Startup Process	49
Adding Phones to the Cisco Unified CM Database	50
Adding Phones with Auto-Registration	51
Adding Phones with Auto-Registration and TAPS	52
Adding Phones with Cisco Unified CM Administration	52
Adding Phones with BAT	53
Using Cisco Unified IP Phones with Different Protocols	53
Converting a New Phone from SCCP to SIP	53
Converting an In-Use Phone from One Protocol to the Other Protocol	54
Deploying a Phone in an SCCP and SIP Environment	54
Determining the MAC Address for a Cisco Unified IP Phone	55
Setting Up the Cisco Unified IP Phone	57
Before You Begin	57
Network Requirements	57
Cisco Unified Communications Manager Configuration	58
Understanding the Cisco Unified IP Phones 6921, 6941, 6945, and 6961 Components	58
Network and Access Ports	58
Handset	59
Speakerphone	59
Headset	59
Audio Quality Subjective to the User	60
Connecting a Headset	60
Disabling a Headset	60
Using External Devices	60
Installing the Cisco Unified IP Phone	61
Reducing Power Consumption on the Phone	66
Footstand	66
Higher Viewing Angle	70
Lower Viewing Angle	71
Mounting the Phone to the Wall	71
Verifying the Phone Startup Process	71
Configuring Startup Network Settings	72
Configuring Security on the Cisco Unified IP Phone	72
Configuring Settings on the Cisco Unified IP Phone	75
Configuration Menus on the Cisco Unified IP Phone	75
Displaying a Configuration Menu	76
Unlocking and Locking Options	77
Editing Values	77
Network Setup Menu	78
IPv4 Setup Menu Options	80
Security Configuration Menu	83
Trust List Menu	83
802.1X Authentication and Status	83
Configuring Features, Templates, Services, and Users	85
Telephony Features Available for the Cisco Unified IP Phone	85
Join and Direct Transfer Policy	99
Configuring Corporate and Personal Directories	100
Configuring Corporate Directories	100
Configuring Personal Directory	100
Modifying Phone Button Templates	101
Modifying a Phone Button Template for Personal Address Book or Speed Dials	102
Configuring Softkey Templates	103
Setting Up Services	105
Adding Users to Cisco Unified Communications Manager	106
Managing the User Options Web Pages	106
Giving Users Access to the User Options Web Pages	106
Specifying Options that Appear on the User Options Web Pages	108
Configuring the Phone to Support Call Waiting	109
Customizing the Cisco Unified IP Phone	111
Customizing and Modifying Configuration Files	111
Creating Custom Phone Rings	112
DistinctiveRingList File Format Requirements	112
PCM File Requirements for Custom Ring Types	113
Configuring a Custom Phone Ring	113
Configuring the Idle Display	114
Automatically Disabling the Cisco Unified IP Phone Backlight	114
Viewing Model Information, Status, and Statistics on the Cisco Unified IP Phone	117
Model Information Screen	117
Status Menu	118
Status Messages Screen	118
Network Statistics Screen	122
Call Statistics Screen	124
Security Configuration	126
Monitoring the Cisco Unified IP Phone Remotely	129
Accessing the Web Page for a Phone	130
Disabling and Enabling Web Page Access	131
Device Information	131
Network Setup	132
Network Statistics	135
Device Logs	137
Streaming Statistics	137
Troubleshooting and Maintenance	141
Resolving Startup Problems	141
Symptom: The Cisco Unified IP Phone Does Not Go Through its Normal Startup Process	142
Symptom: The Cisco Unified IP Phone Does Not Register with Cisco Unified Communications Manager	142
Identifying Error Messages	143
Checking Network Connectivity	143
Verifying TFTP Server Settings	143
Verifying IP Addressing and Routing	143
Verifying DNS Settings	144
Cisco CallManager and TFTP Services Are Not Running	144
Creating a New Configuration File	144
Registering the Phone with Cisco Unified Communications Manager	145
Symptom: Cisco Unified IP Phone Unable to Obtain IP Address	145
Cisco Unified IP Phone Resets Unexpectedly	146
Verifying the Physical Connection	146
Identifying Intermittent Network Outages	146
Verifying DHCP Settings	146
Checking Static IP Address Settings	147
Verifying the Voice VLAN Configuration	147
Verifying that the Phones Have Not Been Intentionally Reset	147
Eliminating DNS or Other Connectivity Errors	147
Checking Power Connection	148
Troubleshooting Cisco Unified IP Phone Security	148
General Troubleshooting Tips	149
Resetting or Restoring the Cisco Unified IP Phone	152
Performing a Basic Reset	152
Performing a Factory Reset	152
Monitoring the Voice Quality of Calls	153
Troubleshooting Tips	154
Using Voice-Quality Metrics	154
Where to Go for More Troubleshooting Information	155
Cleaning the Cisco Unified IP Phone	155
Providing Information to Users Via a Website	157
How Users Obtain Support for the Cisco Unified IP Phone	157
Giving Users Access to the User Options Web Pages	157
How Users Subscribe to Services and Configure Phone Features	158
How Users Access a Voice Messaging System	158
How Users Configure Personal Directory Entries	159
Installing and Configuring the Cisco Unified IP Phone Address Book Synchronizer	159
Supporting International Users	161
Installing the Cisco Unified CM Locale Installer	161
Support for International Call Logging	161
Technical Specifications	163
Physical and Operating Environment Specifications	163
Cable Specifications	164
Network and Access Port Pinouts	164
Basic Phone Administration Steps	167
Example User Information for these Procedures	167
Adding a User to Cisco Unified CM	168
Adding a User From an External LDAP Directory	168
Adding a User Directly to Cisco Unified Communications Manager	168
Configuring the Phone	169
Performing Final End User Configuration Steps	172
Installing the Wall Mount Kit for the Cisco Unified IP Phones 6921, 6941, 6945, and 6961	173
Before You Begin	174
Installing the Bracket	174
Feature Support by Protocol for the Cisco Unified IP Phone 6921, 6941, 6945, and 6961	181

Match case Limit results 1 per page

1-16

Cisco Unified IP Phone 6921, 6941, 6945, and 6961 Administration Guide for Cisco Unified Communications Manager 8.5 (SCCP and SIP)

OL-23769-01

Chapter

Understanding Security Features for Cisco Unified IP Phones

All Cisco Unified IP Phones that support Cisco Unified CM use a security profile, which defines whether

the phone is nonsecure or secure.

For information about configuring the security profile and applying the profile to the phone, refer to

Cisco Unified Communications Manager Security Guide

Overview of Supported Security Features

Table 1-6

provides an overview of the security features that the Cisco Unified IP Phone 6921, 6941, and

6961 support. For more information about these features and about Cisco Unified CM and

Cisco Unified IP Phone security, refer to

Cisco Unified Communications Manager Security Guide

For information about current security settings on a phone, choose

Applications > Admin Settings >

Security Setup

. For more information, see the

“Security Configuration Menu” section on page 4-9

Note

Most security features are available only if a certificate trust list (CTL) is installed on the phone. For

more information about the CTL, refer to “Configuring the Cisco CTL Client” chapter in

Cisco Unified

Communications Manager Security Guide

Resetting or restoring the phone

See the

“Resetting or Restoring the Cisco Unified IP Phone” section on

page 9-12

802.1X Authentication for Cisco Unified IP

Phones

See these sections:

•

“Supporting 802.1X Authentication on Cisco Unified IP Phones”

section on page 1-21

•

“Security Configuration Menu” section on page 4-9

•

“Status Menu” section on page 7-2

•

“Troubleshooting Cisco Unified IP Phone Security” section on

page 9-8

Table 1-5

Cisco Unified IP Phone and Cisco Unified CM Security Topics (continued)

Topic

Reference

Table 1-6

Overview of Security Features

Feature

Description

Image authentication

Signed binary files (with the extension .sgn) prevent tampering with the

firmware image before it is loaded on a phone. Tampering with the image causes

a phone to fail the authentication process and reject the new image.

Customer-site certificate installation

Each Cisco Unified IP Phone requires a unique certificate for device

authentication. Phones include a manufacturing installed certificate (MIC), but

for additional security, you can specify in Cisco Unified CM Administration that

a certificate be installed by using the Certificate Authority Proxy Function

(CAPF). Alternatively, you can install a Locally Significant Certificate (LSC)

from the Security Configuration menu on the phone. See the

“Configuring

Security on the Cisco Unified IP Phone” section on page 3-16

for more

information.