Home » Cisco Manuals » Telephony » Cisco 7921G » Manual Viewer

Cisco 7921G Administration Guide - Page 93

Installing the Authentication Server Root Certificate, Configuring the ACS Server Setup - cp ac

UPC - 882658123108

Add to My Manuals
Save this manual to your list of manuals

Page 93 highlights

Chapter 4 Using the Cisco Unified Wireless IP Phone 7921G Web Pages Configuring Network Profiles Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 From the Microsoft Certificate Services Request a Certificate page, select Advanced certificate request to initiate the signing request. At the Advanced Certificate Request page, select Submit a certificate request by using a base-64-encoded PKCS CMC. Copy the certificate data from the Cisco Unified Wireless IP Phone 7921G and paste it in the Saved Request text box, then click Submit. Once the CSR is approved, the certificate must be exported in a DER encoded format and sent to the original requestor. Return to the phone web page and choose Certificates to import the signed certificate. On the Certificates page, locate the User Installed certificate line, and click Import. Browse to the certificate on your PC to import to the phone. Installing the Authentication Server Root Certificate The Authentication Server Root Certificate must be installed on the Cisco Unified Wireless IP Phone 7921G. To install the certificate, follow these steps: Step 1 Step 2 Step 3 Step 4 Export the Authentication Server Root Certificate from the ACS. See Exporting Certificates from the ACS, page 4-21. Go to the phone web page and choose Certificates. Click Import next to the Authentication Server Root certificate. Restart the phone. Configuring the ACS Server Setup To set up the user account name and install the MIC root certificate for the phone on the ACS, follow these steps: Note For more information about using the ACS configuration tool, see the ACS online help or the User Guide for Cisco Secure ACS for Windows. Procedure Step 1 From the ACS configuration tool User Setup page, create a phone user account name if it is not already set up. Typically, the user name includes the phone MAC address at the end , for example, CP-7921G-SEP. No password is necessary for EAP-TLS. Note Make sure the user name matches the Common Name field in the User Certificate Installation page. See "Requesting and Importing the User Installed Certificate" section on page 4-22. Step 2 On the System Configuration page, in the EAP-TLS section, enable these fields: • Allow EAP-TLS • Certificate CN comparison. OL-15985-01 Cisco Unified Wireless IP Phone 7921G Administration Guide for Cisco Unified Communications Manager Release 7.0 4-23

Section	Page
Cisco Unified Wireless IP Phone 7921G Administration Guide for Cisco Unified Communications Manager 7.0	1
Contents	3
Preface	11
Overview	11
Audience	11
Organization	11
Related Documentaton	12
Obtaining Documentation and Submitting a Service Request	13
Cisco Product Security Overview	13
Document Conventions	14
Overview of the Cisco Unified Wireless IP Phone 7921G	15
Understanding the Cisco Unified Wireless IP Phone 7921G	15
Features Supported on the Cisco Unified Wireless IP Phone 7921G	18
Feature Overview	19
Configuring Telephony Features	19
Configuring Network Access for the Phone	19
Providing Users with Feature Information	20
Understanding Security Features for Cisco Unified IP Phones	21
Overview of Supported Security Features	22
Understanding Security Profiles	24
Identifying Encrypted and Authenticated Phone Calls	25
Security Restrictions	25
Overview of Configuring and Installing the Cisco Unified Wireless IP Phone 7921G	25
Configuring the Cisco Unified Wireless IP Phone 7921G in Cisco Unified Communications Manager	26
Installing the Cisco Unified Wireless IP Phone 7921G	26
Overview of the VoIP Wireless Network	29
Understanding the Wireless LAN	29
Understanding WLAN Standards and Technologies	31
802.11 Standards for WLAN Communications	31
Radio Frequency Ranges	31
Wireless Modulation Technologies	32
AP, Channel, and Domain Relationships	32
WLANs and Roaming	34
Components of the VoIP Wireless Network	35
Networking Protocols Used with Cisco Unified Wireless IP Phones	35
Interacting with Cisco Unified Wireless APs	37
Associating to an AP	38
Voice QoS in a Wireless Network	38
Interacting with Cisco Unified Communications Manager	40
Phone Configuration Files and Profile Files	40
Interacting with the DHCP Server	41
Security for Voice Communications in WLANs	42
Authentication Methods	42
Authenticated Key Management	44
Encryption Methods	44
AP Authentication and Encryption Methods	44
VoIP WLAN Configuration	46
Wireless Network Requirements for VoIP	47
Configuring APs for Voice	47
Configuration Tip for Cisco Aironet APs	48
Site Survey Verification	48
Site Survey Verification Tasks	48
Neighbor List Utility	49
Site Survey Utility	50
Setting Up the Cisco Unified Wireless IP Phone 7921G	51
Before You Begin	51
Network Requirements	51
Methods for Adding Phones to Cisco Unified Communications Manager	52
Adding Phones with Auto-Registration	53
Adding Phones with Auto-Registration and TAPS	53
Adding Phones with BAT	54
Adding Phones with Cisco Unified Communications Manager Administration	54
Safety Information	55
Battery Safety Notices	56
Installing the Cisco Unified Wireless IP Phone 7921G	57
Providing Power to the Phone	57
Installing or Removing the Phone Battery	58
Using the Power Supply to Charge the Phone	59
Using the USB Cable to Charge the Phone	61
Installing and Using the Desktop Charger	63
Using the Desktop Charger to Charge the Phone	64
Battery Charging Times Using the Desktop Charger	64
Configuring Wireless LAN Settings	65
Cisco Unified Wireless IP Phone 7921G Web Pages	65
Network Profile Menu on the Cisco Unified Wireless IP Phone 7921G	65
Using a Headset	65
Audio Quality Subjective to the User	65
Connecting Headsets	66
Using External Devices with Cisco Unified IP Phones	66
Powering On the Cisco Unified Wireless IP Phone 7921G	66
Active and Standby Phone Modes	67
Active Mode	67
Standby Mode	68
Understanding the Phone Startup Process	68
Using the Cisco Unified Wireless IP Phone 7921G Web Pages	71
Setting Up Your PC to Configure the Phones	71
Installing the USB Drivers	72
Configuring the USB LAN on the PC	72
Accessing the Phone Web Page	73
Using the USB Cable to Configure Phones	74
Updating Phones Remotely	74
Setting Configuration Privileges for the Phone Web Page	74
Accessing the Configuration Web Page for a Phone	75
HOME: Summary Web Page	77
Configuring Network Profiles	78
Network Profile Settings	78
Configuring Wireless Settings in a Network Profile	83
Configuring Wireless LAN Security	84
Configuring the Authentication Mode	85
Setting the Wireless Security Credentials	85
Configuring the Username and Password	86
Configuring the Pre-shared Key	86
Setting Wireless Encryption	88
Installing Authentication Certificates for EAP-TLS Authentication	89
Configuring PEAP	94
Configuring IP Network Settings	95
Enabling DHCP	95
Disabling DHCP	96
Configuring the Alternate TFTP Server	96
Configuring Advanced Network Profile Settings	97
Configuring USB Settings	98
Configuring Trace Settings	99
Configuring Wavelink Avalanche Server Settings	101
Configuring the Phone Book	101
Importing and Exporting Contacts	102
Importing and Exporting CSV Phone Contact Records	102
Searching the Phone Book Information	104
Updating Phone Book Information	104
Adding a Contact	104
Deleting Contacts	105
Editing Contact Information	105
Assigning A Speed-Dial Hot Key to a Contact Number	105
Using System Settings	106
Viewing Trace Logs	106
Backup Settings for Phone Configuration	107
Using Network Profile Templates	107
Creating a Configuration Template	108
Importing a Configuration Template	109
Upgrading Phone Firmware	110
Changing the Admin Password	110
Viewing the Site Survey Report on the Web	111
Configuring Settings on the Cisco Unified Wireless IP Phone	115
Accessing Network and Phone Settings	115
Configuring Network Profile Settings	116
Accessing a Network Profile	117
Changing the Profile Name	117
Guidelines for Editing Settings in the Network Profile	118
Changing Network Configuration Settings	118
Configuring DHCP Settings	120
Disabling DHCP	120
Configuring an Alternate TFTP Server	121
Changing the Cisco Discovery Protocol Settings	121
Erasing the Configuration	122
Configuring Wireless Settings for the Network Profile	122
Accessing the WLAN Configuration Menu	122
Changing WLAN Configuration Settings	123
Changing Phone Settings	124
Configuring the Security Certificate on the Phone	126
Changing the USB Configuration	127
Configuring the Phone Using the Wavelink Avalanche Server	129
Before You Begin	129
Best Practices	130
Assigning the Wavelink Avalanche Server	130
Assigning the Wavelink Avalanche Server from the Phone	130
Assigning the Wavelink Avalanche Server using the Phone Web Page	131
Setting Up and Using the Phone Configuration Utility	131
Assigning Attributes for the Phone	131
Defining Custom Names and Custom Values on the Phone	132
Defining Custom Parameters from the Phone Web Page	132
Installing the Cisco Unified Wireless IP Phone 7921G Configuration Utility	133
Updating Configuration Files	133
Configuring Profile Settings	134
Configuring USB Settings	137
Configuring Trace Settings	137
Configuring Wavelink Avalanche Server Settings	138
Updating the Phone	139
Configuring Features, Templates, Services, and Users	141
Configuring Cisco Unified Wireless IP Phones	141
Telephony Features Available for the Phone	142
Product-Specific Configuration Options for the Cisco Unified Wireless IP Phone 7921G	153
Configuring Softkey Templates	156
Softkey Templates for the Cisco Unified Wireless IP Phone 7921G	156
Changing Softkeys in a Template	156
Modifying Phone Button Templates	157
Setting Up Services	157
Configuring Corporate and Personal Directories	158
Configuring Corporate Directories	159
Configuring Personal Directory	159
Adding Users to Cisco Unified Communications Manager Administration	159
Managing the User Options Web Pages	160
Giving Users Access to the User Options Web Pages	160
Specifying Options that Appear on the User Options Web Pages	161
Creating Custom Phone Rings	162
Viewing Security, Device, Model, Status, and Call Statistics Information on the Phone	163
Viewing Security Information	163
Accessing the CTL File Screen	165
Trust List Screen	166
Viewing Device Information	166
Viewing Model Information	169
Viewing the Status Menu	170
Viewing the Status Messages	171
Viewing the Current Configuration	174
Viewing Network Statistics	174
Viewing Call Statistics	176
Viewing Firmware Versions	178
Monitoring the Cisco Unified Wireless IP Phone Remotely	181
Accessing the Web Page for a Phone	181
Wireless LAN Statistics	182
Network Statistics	183
Stream Statistics	185
Troubleshooting the Cisco Unified Wireless IP Phone 7921G	187
Resolving Startup and Connectivity Problems	187
Symptom: Incomplete Startup Process	187
Symptom: No Association to Cisco Aironet Access Points	188
Verifying Access Point Settings	188
Symptom: No Registration with Cisco Unified Communications Manager	189
Registering the Phone with Cisco Unified Communications Manager	190
Checking Network Connectivity	190
Verifying TFTP Server Settings	190
Verifying IP Addresses	191
Verifying DNS Settings	191
Verifying Cisco Unified Communications Manager Settings	191
Cisco Communications Manager and TFTP Services are not Running	192
Creating a New Configuration File	193
Resolving Voice Quality and Roaming Problems	193
Symptom: Cisco Unified Wireless IP Phone Resets Unexpectedly	194
Verifying Access Point Settings	194
Identifying Intermittent Network Outages	194
Verifying DHCP Settings	194
Verifying Voice VLAN Configuration	195
Verifying that the Phones Have Not Been Intentionally Reset	195
Eliminating DNS or Other Connectivity Errors	195
Symptom: Audio Problems	196
No Audio During a Connected Call	196
One-Way Audio During a Connected Call	196
Symptom: Improper Roaming and Voice Quality or Lost Connection	197
Voice Quality Deteriorates While Roaming	197
Delays in Voice Conversation While Roaming	197
Phone Loses Connection with Cisco Unified Communications Manager While Roaming	197
Phone Does Not Roam Back to Preferred Band	198
Monitoring the Voice Quality of Calls	198
Using Voice Quality Metrics	199
Troubleshooting Tips	199
General Troubleshooting Information	200
Common Phone Status Messages	200
Troubleshooting Tips for the Cisco Unified Wireless IP Phone 7921G	201
Logging Information for Troubleshooting	203
Using a System Log Server	203
Using the Trace Logs on the Unified IP Phone	203
Erasing the Local Configuration	204
Providing Information to Users By Using a Website	207
How the Cisco Unified Wireless IP Phone Operates	207
How to Care for and Clean the Phone	208
How Users Access the Help System on the Phone	209
How Users Get Copies of Cisco Unified IP Phone Manuals	209
How Users Configure Phone Features and Services	210
How Users Access Voice Messages	210
Supporting International Users	213
Installing the Cisco Unified Communications Manager Locale Installer	213
Support for International Call Logging	214
Physical and Operating Environment Specifications	215
Checklist for Deploying the Cisco Unified Wireless IP Phone 7921G	217
Configuring the Wireless Network	217
Configuration Tip for Cisco Aironet Access Points	218
Configuring QoS Policies	219
Access Point Configuration Settings	219
Controller Settings	219
Switch Configuration	220
Configuring the Cisco Unified Wireless IP Phone 7921G in Cisco Unified Communications Manager	220
Installing the Cisco Unified Wireless IP Phone 7921G	223

Match case Limit results 1 per page

4-23

Cisco Unified Wireless IP Phone 7921G Administration Guide for Cisco Unified Communications Manager Release 7.0

OL-15985-01

Chapter 4

Using the Cisco Unified Wireless IP Phone 7921G Web Pages

Configuring Network Profiles

Step 4

From the Microsoft Certificate Services Request a Certificate page, select

Advanced certificate request

to initiate the signing request.

Step 5

At the Advanced Certificate Request page, select

Submit a certificate request by using a

base-64-encoded PKCS CMC

Step 6

Copy the certificate data from the Cisco Unified Wireless IP Phone 7921G and paste it in the Saved

Request text box, then click

Submit

Step 7

Once the CSR is approved, the certificate must be exported in a DER encoded format and sent to the

original requestor.

Step 8

Return to the phone web page and choose

Certificates

to import the signed certificate.

Step 9

On the Certificates page, locate the User Installed certificate line, and click

Import

. Browse to the

certificate on your PC to import to the phone.

Installing the Authentication Server Root Certificate

The Authentication Server Root Certificate must be installed on the Cisco Unified Wireless IP Phone

7921G.

To install the certificate, follow these steps:

Step 1

Export the Authentication Server Root Certificate from the ACS. See

Exporting Certificates from the

ACS, page 4-21

Step 2

Go to the phone web page and choose

Certificates

Step 3

Click

Import

next to the Authentication Server Root certificate.

Step 4

Restart the phone.

Configuring the ACS Server Setup

To set up the user account name and install the MIC root certificate for the phone on the ACS, follow

these steps:

Note

For more information about using the ACS configuration tool, see the ACS online help or the

User Guide

for Cisco Secure ACS for Windows

Procedure

Step 1

From the ACS configuration tool User Setup page, create a phone user account name if it is not already

set up. Typically, the user name includes the phone MAC address at the end , for example,

CP-7921G-SEP<

xxxxxxxxxxxx

>. No password is necessary for EAP-TLS.

Note

Make sure the user name matches the Common Name field in the User Certificate Installation

page. See

“Requesting and Importing the User Installed Certificate” section on page 4-22

Step 2

On the System Configuration page, in the EAP-TLS section, enable these fields:

•

Allow EAP-TLS

•

Certificate CN comparison.