Home » Cisco Manuals » Telephony » Cisco 7921G » Manual Viewer

Cisco 7921G Administration Guide - Page 89

Installing Authentication Certificates for EAP-TLS Authentication, Manufacturing Installed Certificate

UPC - 882658123108

Add to My Manuals
Save this manual to your list of manuals

Page 89 highlights

Chapter 4 Using the Cisco Unified Wireless IP Phone 7921G Web Pages Configuring Network Profiles Related Topics • Configuring IP Network Settings, page 4-25 • Configuring the Alternate TFTP Server, page 4-26 • Configuring Advanced Network Profile Settings, page 4-27 Installing Authentication Certificates for EAP-TLS Authentication EAP-TLS is a certificate based authentication that requires a trust relationship between two or more entities. Each entity has a certificate proving its identity and is signed by a trusted authority. These certificates are exchanged and verified during EAP-TLS authentication. Note The EAP-TLS certificate based authentication requires that the internal clock on the Cisco Unified Wireless IP Phone 7921G be set correctly. Use the phone web page to set the clock on the phone before using EAP-TLS authentication. To use EAP-TLS, both the Cisco Unified Wireless IP Phone 7921G and the Cisco Secure Access Control Server (ACS) must have certificates installed and configured properly. If your wireless network uses EAP-TLS for authentication, you can use the Manufacturing Installed Certificate (MIC) or a user installed certificate for authentication on the phone. Manufacturing Installed Certificate Cisco has included a Manufacturing Installed Certificate (MIC) in the phone at the factory. During EAP-TLS authentication the ACS server needs to verify the trust of the phone and the phone needs to verify the trust of the ACS server. To verify the MIC, the Manufacturing Root Certificate and Manufacturing Certificate Authority (CA) Certificate must be exported from a Cisco Unified Wireless IP Phone 7921G and installed on the Cisco ACS server. These two certificates are part of the trusted certificate chain used to verify the MIC by the Cisco ACS server. To verify the Cisco ACS certificate, a trusted subordinate certificate (if any) and root certificate (created from a CA) on the Cisco ACS server must be exported and installed on the phone. These certificate(s) are part of the trusted certificate chain used to verify the trust of the certificate from the ACS server. User Installed Certificate To use a user installed certificate, a Certificate Signing Request (CSR) must be generated on the phone, sent to the CA for approval, and the approved certificate installed on the Cisco Unified Wireless IP Phone 7921G. During EAP-TLS authentication, the ACS server needs to verify the trust of the phone and the phone needs to verify the trust of the ACS server. To verify the authenticity of the user installed certificate, a trusted subordinate certificate (if any) and root certificate from the CA that approved the user certificate must be installed on the Cisco ACS server. These certificate(s) are part of the trusted certificate chain used to verify the trust of the user installed certificate. To verify the Cisco ACS certificate, a trusted subordinate certificate (if any) and root certificate (created from a CA) on the Cisco ACS server must be exported and installed on the phone. These certificate(s) are part of the trusted certificate chain used to verify the trust of the certificate from the ACS server. OL-15985-01 Cisco Unified Wireless IP Phone 7921G Administration Guide for Cisco Unified Communications Manager Release 7.0 4-19

Section	Page
Cisco Unified Wireless IP Phone 7921G Administration Guide for Cisco Unified Communications Manager 7.0	1
Contents	3
Preface	11
Overview	11
Audience	11
Organization	11
Related Documentaton	12
Obtaining Documentation and Submitting a Service Request	13
Cisco Product Security Overview	13
Document Conventions	14
Overview of the Cisco Unified Wireless IP Phone 7921G	15
Understanding the Cisco Unified Wireless IP Phone 7921G	15
Features Supported on the Cisco Unified Wireless IP Phone 7921G	18
Feature Overview	19
Configuring Telephony Features	19
Configuring Network Access for the Phone	19
Providing Users with Feature Information	20
Understanding Security Features for Cisco Unified IP Phones	21
Overview of Supported Security Features	22
Understanding Security Profiles	24
Identifying Encrypted and Authenticated Phone Calls	25
Security Restrictions	25
Overview of Configuring and Installing the Cisco Unified Wireless IP Phone 7921G	25
Configuring the Cisco Unified Wireless IP Phone 7921G in Cisco Unified Communications Manager	26
Installing the Cisco Unified Wireless IP Phone 7921G	26
Overview of the VoIP Wireless Network	29
Understanding the Wireless LAN	29
Understanding WLAN Standards and Technologies	31
802.11 Standards for WLAN Communications	31
Radio Frequency Ranges	31
Wireless Modulation Technologies	32
AP, Channel, and Domain Relationships	32
WLANs and Roaming	34
Components of the VoIP Wireless Network	35
Networking Protocols Used with Cisco Unified Wireless IP Phones	35
Interacting with Cisco Unified Wireless APs	37
Associating to an AP	38
Voice QoS in a Wireless Network	38
Interacting with Cisco Unified Communications Manager	40
Phone Configuration Files and Profile Files	40
Interacting with the DHCP Server	41
Security for Voice Communications in WLANs	42
Authentication Methods	42
Authenticated Key Management	44
Encryption Methods	44
AP Authentication and Encryption Methods	44
VoIP WLAN Configuration	46
Wireless Network Requirements for VoIP	47
Configuring APs for Voice	47
Configuration Tip for Cisco Aironet APs	48
Site Survey Verification	48
Site Survey Verification Tasks	48
Neighbor List Utility	49
Site Survey Utility	50
Setting Up the Cisco Unified Wireless IP Phone 7921G	51
Before You Begin	51
Network Requirements	51
Methods for Adding Phones to Cisco Unified Communications Manager	52
Adding Phones with Auto-Registration	53
Adding Phones with Auto-Registration and TAPS	53
Adding Phones with BAT	54
Adding Phones with Cisco Unified Communications Manager Administration	54
Safety Information	55
Battery Safety Notices	56
Installing the Cisco Unified Wireless IP Phone 7921G	57
Providing Power to the Phone	57
Installing or Removing the Phone Battery	58
Using the Power Supply to Charge the Phone	59
Using the USB Cable to Charge the Phone	61
Installing and Using the Desktop Charger	63
Using the Desktop Charger to Charge the Phone	64
Battery Charging Times Using the Desktop Charger	64
Configuring Wireless LAN Settings	65
Cisco Unified Wireless IP Phone 7921G Web Pages	65
Network Profile Menu on the Cisco Unified Wireless IP Phone 7921G	65
Using a Headset	65
Audio Quality Subjective to the User	65
Connecting Headsets	66
Using External Devices with Cisco Unified IP Phones	66
Powering On the Cisco Unified Wireless IP Phone 7921G	66
Active and Standby Phone Modes	67
Active Mode	67
Standby Mode	68
Understanding the Phone Startup Process	68
Using the Cisco Unified Wireless IP Phone 7921G Web Pages	71
Setting Up Your PC to Configure the Phones	71
Installing the USB Drivers	72
Configuring the USB LAN on the PC	72
Accessing the Phone Web Page	73
Using the USB Cable to Configure Phones	74
Updating Phones Remotely	74
Setting Configuration Privileges for the Phone Web Page	74
Accessing the Configuration Web Page for a Phone	75
HOME: Summary Web Page	77
Configuring Network Profiles	78
Network Profile Settings	78
Configuring Wireless Settings in a Network Profile	83
Configuring Wireless LAN Security	84
Configuring the Authentication Mode	85
Setting the Wireless Security Credentials	85
Configuring the Username and Password	86
Configuring the Pre-shared Key	86
Setting Wireless Encryption	88
Installing Authentication Certificates for EAP-TLS Authentication	89
Configuring PEAP	94
Configuring IP Network Settings	95
Enabling DHCP	95
Disabling DHCP	96
Configuring the Alternate TFTP Server	96
Configuring Advanced Network Profile Settings	97
Configuring USB Settings	98
Configuring Trace Settings	99
Configuring Wavelink Avalanche Server Settings	101
Configuring the Phone Book	101
Importing and Exporting Contacts	102
Importing and Exporting CSV Phone Contact Records	102
Searching the Phone Book Information	104
Updating Phone Book Information	104
Adding a Contact	104
Deleting Contacts	105
Editing Contact Information	105
Assigning A Speed-Dial Hot Key to a Contact Number	105
Using System Settings	106
Viewing Trace Logs	106
Backup Settings for Phone Configuration	107
Using Network Profile Templates	107
Creating a Configuration Template	108
Importing a Configuration Template	109
Upgrading Phone Firmware	110
Changing the Admin Password	110
Viewing the Site Survey Report on the Web	111
Configuring Settings on the Cisco Unified Wireless IP Phone	115
Accessing Network and Phone Settings	115
Configuring Network Profile Settings	116
Accessing a Network Profile	117
Changing the Profile Name	117
Guidelines for Editing Settings in the Network Profile	118
Changing Network Configuration Settings	118
Configuring DHCP Settings	120
Disabling DHCP	120
Configuring an Alternate TFTP Server	121
Changing the Cisco Discovery Protocol Settings	121
Erasing the Configuration	122
Configuring Wireless Settings for the Network Profile	122
Accessing the WLAN Configuration Menu	122
Changing WLAN Configuration Settings	123
Changing Phone Settings	124
Configuring the Security Certificate on the Phone	126
Changing the USB Configuration	127
Configuring the Phone Using the Wavelink Avalanche Server	129
Before You Begin	129
Best Practices	130
Assigning the Wavelink Avalanche Server	130
Assigning the Wavelink Avalanche Server from the Phone	130
Assigning the Wavelink Avalanche Server using the Phone Web Page	131
Setting Up and Using the Phone Configuration Utility	131
Assigning Attributes for the Phone	131
Defining Custom Names and Custom Values on the Phone	132
Defining Custom Parameters from the Phone Web Page	132
Installing the Cisco Unified Wireless IP Phone 7921G Configuration Utility	133
Updating Configuration Files	133
Configuring Profile Settings	134
Configuring USB Settings	137
Configuring Trace Settings	137
Configuring Wavelink Avalanche Server Settings	138
Updating the Phone	139
Configuring Features, Templates, Services, and Users	141
Configuring Cisco Unified Wireless IP Phones	141
Telephony Features Available for the Phone	142
Product-Specific Configuration Options for the Cisco Unified Wireless IP Phone 7921G	153
Configuring Softkey Templates	156
Softkey Templates for the Cisco Unified Wireless IP Phone 7921G	156
Changing Softkeys in a Template	156
Modifying Phone Button Templates	157
Setting Up Services	157
Configuring Corporate and Personal Directories	158
Configuring Corporate Directories	159
Configuring Personal Directory	159
Adding Users to Cisco Unified Communications Manager Administration	159
Managing the User Options Web Pages	160
Giving Users Access to the User Options Web Pages	160
Specifying Options that Appear on the User Options Web Pages	161
Creating Custom Phone Rings	162
Viewing Security, Device, Model, Status, and Call Statistics Information on the Phone	163
Viewing Security Information	163
Accessing the CTL File Screen	165
Trust List Screen	166
Viewing Device Information	166
Viewing Model Information	169
Viewing the Status Menu	170
Viewing the Status Messages	171
Viewing the Current Configuration	174
Viewing Network Statistics	174
Viewing Call Statistics	176
Viewing Firmware Versions	178
Monitoring the Cisco Unified Wireless IP Phone Remotely	181
Accessing the Web Page for a Phone	181
Wireless LAN Statistics	182
Network Statistics	183
Stream Statistics	185
Troubleshooting the Cisco Unified Wireless IP Phone 7921G	187
Resolving Startup and Connectivity Problems	187
Symptom: Incomplete Startup Process	187
Symptom: No Association to Cisco Aironet Access Points	188
Verifying Access Point Settings	188
Symptom: No Registration with Cisco Unified Communications Manager	189
Registering the Phone with Cisco Unified Communications Manager	190
Checking Network Connectivity	190
Verifying TFTP Server Settings	190
Verifying IP Addresses	191
Verifying DNS Settings	191
Verifying Cisco Unified Communications Manager Settings	191
Cisco Communications Manager and TFTP Services are not Running	192
Creating a New Configuration File	193
Resolving Voice Quality and Roaming Problems	193
Symptom: Cisco Unified Wireless IP Phone Resets Unexpectedly	194
Verifying Access Point Settings	194
Identifying Intermittent Network Outages	194
Verifying DHCP Settings	194
Verifying Voice VLAN Configuration	195
Verifying that the Phones Have Not Been Intentionally Reset	195
Eliminating DNS or Other Connectivity Errors	195
Symptom: Audio Problems	196
No Audio During a Connected Call	196
One-Way Audio During a Connected Call	196
Symptom: Improper Roaming and Voice Quality or Lost Connection	197
Voice Quality Deteriorates While Roaming	197
Delays in Voice Conversation While Roaming	197
Phone Loses Connection with Cisco Unified Communications Manager While Roaming	197
Phone Does Not Roam Back to Preferred Band	198
Monitoring the Voice Quality of Calls	198
Using Voice Quality Metrics	199
Troubleshooting Tips	199
General Troubleshooting Information	200
Common Phone Status Messages	200
Troubleshooting Tips for the Cisco Unified Wireless IP Phone 7921G	201
Logging Information for Troubleshooting	203
Using a System Log Server	203
Using the Trace Logs on the Unified IP Phone	203
Erasing the Local Configuration	204
Providing Information to Users By Using a Website	207
How the Cisco Unified Wireless IP Phone Operates	207
How to Care for and Clean the Phone	208
How Users Access the Help System on the Phone	209
How Users Get Copies of Cisco Unified IP Phone Manuals	209
How Users Configure Phone Features and Services	210
How Users Access Voice Messages	210
Supporting International Users	213
Installing the Cisco Unified Communications Manager Locale Installer	213
Support for International Call Logging	214
Physical and Operating Environment Specifications	215
Checklist for Deploying the Cisco Unified Wireless IP Phone 7921G	217
Configuring the Wireless Network	217
Configuration Tip for Cisco Aironet Access Points	218
Configuring QoS Policies	219
Access Point Configuration Settings	219
Controller Settings	219
Switch Configuration	220
Configuring the Cisco Unified Wireless IP Phone 7921G in Cisco Unified Communications Manager	220
Installing the Cisco Unified Wireless IP Phone 7921G	223