Home » Cisco Manuals » Telephony » Cisco 7941G » Manual Viewer

Cisco 7941G Administration Guide - Page 42

Overview, Required Network Components

UPC - 746320949420

Add to My Manuals
Save this manual to your list of manuals

Page 42 highlights

Understanding Security Features for Cisco Unified IP Phones Chapter 1 An Overview of the Cisco Unified IP Phone Overview Cisco Unified IP phones and Cisco Catalyst switches have traditionally used Cisco Discovery Protocol (CDP) to identify each other and determine parameters such as VLAN allocation and inline power requirements. However, CDP is not used to identify any locally attached PCs; therefore, Cisco Unified IP Phones provide an EAPOL pass-through mechanism, whereby a PC locally attached to the IP phone, may pass through EAPOL messages to the 802.1X authenticator in the LAN switch. This prevents the IP phone from having to act as the authenticator, yet allows the LAN switch to authenticate a data end point prior to accessing the network. In conjunction with the EAPOL pass-through mechanism, Cisco Unified IP Phones provide a proxy EAPOL-Logoff mechanism. In the event that the locally attached PC is disconnected from the IP phone, the LAN switch would not see the physical link fail, because the link between the LAN switch and the IP phone is maintained. To avoid compromising network integrity, the IP phone sends an EAPOL-Logoff message to the switch, on behalf of the downstream PC, which triggers the LAN switch to clear the authentication entry for the downstream PC. The Cisco Unified IP phones also contain an 802.1X supplicant, in addition to the EAPOL pass-through mechanism. This supplicant allows network administrators to control the connectivity of IP phones to the LAN switch ports. The IP phone 802.1X supplicant implements the EAP-MD5 option for 802.1X authentication. Required Network Components Support for 802.1X authentication on Cisco Unified IP Phones requires several components, including: • Cisco Unified IP Phone-The phone acts as the 802.1X supplicant, which initiates the request to access the network. • Cisco Secure Access Control Server (ACS) (or other third-party authentication server)-The authentication server and the phone must both be configured with a shared secret that is used to authenticate the phone. • Cisco Catalyst Switch (or other third-party switch)-The switch must support 802.1X to act as the authenticator and pass the messages between the phone and the authentication server. When the exchange is completed, the switch then grants or denies the phone access to the network. 1-24 Cisco Unified IP Phone 7961G/7961G-GE and 7941G/7941G-GE for Cisco Unified Communications Manager 6.1 OL-14620-01

Section	Page
Cisco Unified IP Phone 7961G/7961G-GE and 7941G/7941G-GE Administration Guide for Cisco Unified Communications Manager 6.1	1
Contents	5
Preface	13
An Overview of the Cisco Unified IP Phone	19
Understanding the Cisco Unified IP Phone 7961G/7961G-GE and 7941G/7941G-GE	20
What Networking Protocols are Used?	23
What Features are Supported on the Cisco Unified IP Phone 7961G/7961G-GE and 7941G/7941G-GE?	28
Feature Overview	29
Configuring Telephony Features	30
Configuring Network Parameters Using the Cisco Unified IP Phone	30
Providing Users with Feature Information	31
Understanding Security Features for Cisco Unified IP Phones	31
Overview of Supported Security Features	34
Understanding Security Profiles	38
Identifying Encrypted and Authenticated Phone Calls	38
Establishing and Identifying Secure Conference Calls	39
Call Security Interactions and Restrictions	39
Supporting 802.1X Authentication on Cisco Unified IP Phones	41
Overview	42
Required Network Components	42
Best Practices-Requirements and Recommendations	43
Security Restrictions	44
Overview of Configuring and Installing Cisco Unified IP Phones	44
Configuring Cisco Unified IP Phones in Cisco Unified Communications Manager	45
Checklist for Configuring the Cisco Unified IP Phone 7961G/7961G-GE and 7941G/7941G-GE in Cisco Unified Communications Manager	45
Installing Cisco Unified IP Phones	50
Checklist for Installing the Cisco Unified IP Phone 7961G/7961G-GE and 7941G/7941G-GE	51
Preparing to Install the Cisco Unified IP Phone on Your Network	55
Understanding Interactions with Other Cisco Unified IP Telephony Products	56
Understanding How the Cisco Unified IP Phone Interacts with Cisco Unified Communications Manager	56
Understanding How the Cisco Unified IP Phone Interacts with the VLAN	57
Providing Power to the Cisco Unified IP Phone	58
Power Guidelines	59
Power Outage	61
Obtaining Additional Information about Power	61
Understanding Phone Configuration Files	62
Understanding the Phone Startup Process	64
Adding Phones to the Cisco Unified Communications Manager Database	68
Adding Phones with Auto-Registration	69
Adding Phones with Auto-Registration and TAPS	70
Adding Phones with Cisco Unified Communications Manager Administration	71
Adding Phones with BAT	72
Using Cisco Unified IP Phones with Different Protocols	73
Converting a New Phone from SCCP to SIP	73
Converting an In-Use Phone from SCCP to SIP	74
Converting an In-Use Phone from SIP to SCCP	74
Deploying a Phone in an SCCP and SIP Environment	75
Determining the MAC Address for a Cisco Unified IP Phone	75
Setting Up the Cisco Unified IP Phone	77
Before You Begin	78
Network Requirements	78
Cisco Unified Communications Manager Configuration	78
Understanding the Cisco Unified IP Phone 7961G/7961G-GE and 7941G/7941G-GE Components	79
Network and Access Ports	79
Handset	80
Speakerphone	81
Headset	81
Audio Quality Subjective to the User	82
Connecting a Headset	82
Disabling a Headset	82
Using External Devices with Your Cisco Unified IP Phone	82
Installing the Cisco Unified IP Phone	83
Attaching the Cisco Unified IP Phone Expansion Module 7914 (SCCP Phones Only)	87
Adjusting the Placement of the Cisco Unified IP Phone	89
Adjusting Cisco Unified IP Phone Placement on the Desktop	89
Securing the Phone with a Cable Lock	89
Mounting the Phone to the Wall	90
Verifying the Phone Startup Process	92
Configuring Startup Network Settings	94
Configuring Security on the Cisco Unified IP Phone	94
Configuring Settings on the Cisco Unified IP Phone	97
Configuration Menus on the Cisco Unified IP Phone	97
Displaying a Configuration Menu	98
Unlocking and Locking Options	99
Editing Values	100
Overview of Options Configurable from a Phone	101
Network Configuration Menu	103
Device Configuration Menu	112
CallManager Configuration Menu	112
SIP Configuration Menu (SIP Phones Only)	113
SIP General Configuration Menu	114
Line Settings Menu	116
Call Preferences Menu	117
HTTP Configuration Menu	119
Locale Configuration Menu	121
NTP Configuration Menu	122
UI Configuration Menu	123
Media Configuration Menu	126
Ethernet Configuration Menu	132
Security Configuration Menu	133
QoS Configuration Menu	135
Network Configuration Menu	136
Security Configuration Menu	141
CTL File Menu	143
Trust List Menu	145
802.1X Authentication and Status	146
Configuring Features, Templates, Services, and Users	149
Telephony Features Available for the Cisco Unified IP Phone	150
Configuring Corporate and Personal Directories	173
Configuring Corporate Directories	174
Configuring Personal Directory	174
Modifying Phone Button Templates	175
Configuring Softkey Templates	176
Setting Up Services	177
Adding Users to Cisco Unified Communications Manager	178
Managing the User Options Web Pages	178
Giving Users Access to the User Options Web Pages	179
Specifying Options that Appear on the User Options Web Pages	179
Customizing the Cisco Unified IP Phone	181
Customizing and Modifying Configuration Files	181
Creating Custom Phone Rings	182
Ringlist.xml File Format Requirements	183
PCM File Requirements for Custom Ring Types	184
Configuring a Custom Phone Ring	184
Creating Custom Background Images	185
List.xml File Format Requirements	185
PNG File Requirements for Custom Background Images	186
Configuring a Custom Background Image	187
Configuring Wideband Codec	188
Viewing Model Information, Status, and Statistics on the Cisco Unified IP Phone	191
Model Information Screen	192
Status Menu	193
Status Messages Screen	194
Network Statistics Screen	202
Firmware Versions Screen	204
Expansion Module Status Screen (SCCP Phones Only)	205
Call Statistics Screen	206
Monitoring the Cisco Unified IP Phone Remotely	211
Accessing the Web Page for a Phone	212
Disabling and Enabling Web Page Access	213
Device Information	214
Network Configuration	216
Network Statistics	221
Device Logs	224
Streaming Statistics	224
Troubleshooting and Maintenance	229
Resolving Startup Problems	230
Symptom: The Cisco Unified IP Phone Does Not Go Through its Normal Startup Process	230
Symptom: The Cisco Unified IP Phone Does Not Register with Cisco Unified Communications Manager	231
Identifying Error Messages	232
Checking Network Connectivity	232
Verifying TFTP Server Settings	232
Verifying IP Addressing and Routing	233
Verifying DNS Settings	233
Verifying Cisco Unified Communications Manager Settings	233
Cisco Unified Communications Manager and TFTP Services Are Not Running	234
Creating a New Configuration File	235
Registering the Phone with Cisco Unified Communications Manager	236
Symptom: Cisco Unified IP Phone Unable to Obtain IP Address	236
Cisco Unified IP Phone Resets Unexpectedly	236
Verifying the Physical Connection	237
Identifying Intermittent Network Outages	237
Verifying DHCP Settings	237
Checking Static IP Address Settings	238
Verifying the Voice VLAN Configuration	238
Verifying that the Phones Have Not Been Intentionally Reset	238
Eliminating DNS or Other Connectivity Errors	239
Checking Power Connection	240
Troubleshooting Cisco Unified IP Phone Security	240
General Troubleshooting Tips	242
General Troubleshooting Tips for the Cisco Unified IP Phone Expansion Module 7914 (SCCP Phones Only)	245
Resetting or Restoring the Cisco Unified IP Phone	246
Performing a Basic Reset	246
Performing a Factory Reset	247
Using the Quality Report Tool	249
Monitoring the Voice Quality of Calls	249
Using Voice Quality Metrics	250
Troubleshooting Tips	251
Where to Go for More Troubleshooting Information	252
Cleaning the Cisco Unified IP Phone	253
Providing Information to Users Via a Website	255
How Users Obtain Support for the Cisco Unified IP Phone	256
Giving Users Access to the User Options Web Pages	256
How Users Access the Online Help System on the Cisco Unified IP Phone	256
How Users Get Copies of Cisco Unified IP Phone Manuals	257
How Users Subscribe to Services and Configure Phone Features	258
How Users Access a Voice Messaging System	258
How Users Configure Personal Directory Entries	259
Installing and Configuring the Cisco Unified IP Phone Address Book Synchronizer	259
Feature Support by Protocol for Cisco Unified IP Phone 7961G/7961G-GE and 7941G/7941G-GE	263
Supporting International Users	273
Adding Language Overlays to Phone Buttons	273
Installing the Cisco Unified Communications Manager Locale Installer	274
Technical Specifications	275
Physical and Operating Environment Specifications	275
Cable Specifications	276

Match case Limit results 1 per page

Chapter 1

An Overview of the Cisco Unified IP Phone

Understanding Security Features for Cisco Unified IP Phones

1-24

Cisco Unified IP Phone 7961G/7961G-GE and 7941G/7941G-GE for Cisco Unified Communications Manager 6.1

OL-14620-01

Overview

Cisco Unified IP phones and Cisco Catalyst switches have traditionally used

Cisco Discovery Protocol (CDP) to identify each other and determine parameters

such as VLAN allocation and inline power requirements. However, CDP is not

used to identify any locally attached PCs; therefore, Cisco Unified IP Phones

provide an EAPOL pass-through mechanism, whereby a PC locally attached to

the IP phone, may pass through EAPOL messages to the 802.1X authenticator in

the LAN switch. This prevents the IP phone from having to act as the

authenticator, yet allows the LAN switch to authenticate a data end point prior to

accessing the network.

In conjunction with the EAPOL pass-through mechanism, Cisco Unified IP

Phones provide a proxy EAPOL-Logoff mechanism. In the event that the locally

attached PC is disconnected from the IP phone, the LAN switch would not see the

physical link fail, because the link between the LAN switch and the IP phone is

maintained. To avoid compromising network integrity, the IP phone sends an

EAPOL-Logoff message to the switch, on behalf of the downstream PC, which

triggers the LAN switch to clear the authentication entry for the downstream PC.

The Cisco Unified IP phones also contain an 802.1X supplicant, in addition to the

EAPOL pass-through mechanism. This supplicant allows network administrators

to control the connectivity of IP phones to the LAN switch ports. The IP phone

802.1X supplicant implements the EAP-MD5 option for 802.1X authentication.

Required Network Components

Support for 802.1X authentication on Cisco Unified IP Phones requires several

components, including:

•

Cisco Unified IP Phone—The phone acts as the 802.1X

supplicant

, which

initiates the request to access the network.

•

Cisco Secure Access Control Server (ACS) (or other third-party

authentication server)—The authentication server and the phone must both be

configured with a shared secret that is used to authenticate the phone.

•

Cisco Catalyst Switch (or other third-party switch)—The switch must support

802.1X to act as the

authenticator

and pass the messages between the phone

and the authentication server. When the exchange is completed, the switch

then grants or denies the phone access to the network.