Home » Cisco Manuals » Telephony » Cisco 7965G » Manual Viewer

Cisco 7965G Administration Guide - Page 167

Troubleshooting Cisco Unified IP Phone Security

UPC - 882658140464

Add to My Manuals
Save this manual to your list of manuals

Page 167 highlights

Chapter 9 Troubleshooting and Maintenance Troubleshooting Cisco Unified IP Phone Security Troubleshooting Cisco Unified IP Phone Security Table 9-1 provides troubleshooting information for the security features on the Cisco Unified IP Phone. For information relating to the solutions for any of these issues, and for additional troubleshooting information about security, refer to Cisco Unified Communications Manager Security Guide. Table 9-1 Cisco Unified IP Phone Security Troubleshooting Problem Possible Cause CTL File Problems Device authentication error. CTL file does not have a Cisco Unified Communications Manager certificate or has an incorrect certificate. Phone cannot authenticate CTL file. The security token that signed the updated CTL file does not exist in the CTL file on the phone. Phone cannot authenticate any of the There is a bad TFTP record. configuration files other than the CTL file. Phone reports TFTP authorization failure. • The TFTP address for the phone does not exist in the CTL file. • If you created a new CTL file with a new TFTP record, the existing CTL file on the phone may not contain a record for the new TFTP server. Phone does not register with The CTL file does not contain the correct information for Cisco Unified Communications Manager. the Cisco Unified Communications Manager server. Phone does not request signed configuration files. The CTL file does not contain any TFTP entries with certificates. 802.1X Enabled on Phone but Not Authenticating Phone cannot obtain a DHCP-assigned IP address. Phone does not register with Cisco Unified Communications Manager. Phone status display as "Configuring IP" or "Registering". 802.1X Authentication Status displays as "Held" (see the "802.1X Authentication and Status" section on page 4-34 for more details). Status menu displays 802.1X status as "Failed" (see the "Status Menu" section on page 7-2 for more details). These errors typically indicate that 802.1X authentication is enabled on the phone, but the phone is unable to authenticate. 1. Verify that you have properly configured the required components (see the "Supporting 802.1X Authentication on Cisco Unified IP Phones" section on page 1-15 for more information). 2. Confirm that the shared secret is configured on the phone (see the"802.1X Authentication and Status" section on page 4-34 for more information). - If the shared secret is configured, verify that you have the same shared secret entered on the authentication server. - If the shared secret is not configured, enter it, and ensure that it matches the one on the authentication server. OL-14641-01 Cisco Unified IP Phone 7965G and 7945G Administration Guide for Cisco Unified Communications Manager 6.1 9-9

Section	Page
Cisco Unified IP Phone 7965G and 7945G Administration Guide for Cisco Unified Communications Manager 6.1	1
Contents	5
Preface	11
An Overview of the Cisco Unified IP Phone	15
Understanding the Cisco Unified IP Phone 7965G and 7945G	16
What Networking Protocols Are Used?	18
What Features are Supported on the Cisco Unified IP Phone 7965G and 7945G?	21
Feature Overview	21
Configuring Telephony Features	22
Configuring Network Parameters Using the Cisco Unified IP Phone	22
Providing Users with Feature Information	23
Understanding Security Features for Cisco Unified IP Phones	23
Overview of Supported Security Features	25
Understanding Security Profiles	27
Identifying Encrypted and Authenticated Phone Calls	27
Establishing and Identifying Secure Conference Calls	28
Call Security Interactions and Restrictions	28
Supporting 802.1X Authentication on Cisco Unified IP Phones	29
Overview	29
Required Network Components	30
Best Practices-Requirements and Recommendations	30
Security Restrictions	31
Overview of Configuring and Installing Cisco Unified IP Phones	31
Configuring Cisco Unified IP Phones in Cisco Unified Communications Manager	32
Checklist for Configuring the Cisco Unified IP Phone 7965G and 7945G in Cisco Unified Communications Manager	33
Installing Cisco Unified IP Phones	35
Checklist for Installing the Cisco Unified IP Phone 7965G and 7945G	36
Preparing to Install the Cisco Unified IP Phone on Your Network	39
Understanding Interactions with Other Cisco Unified IP Communications Products	39
Understanding How the Cisco Unified IP Phone Interacts with Cisco Unified Communications Manager	40
Understanding How the Cisco Unified IP Phone Interacts with the VLAN	40
Providing Power to the Phone	41
Power Guidelines	42
Phone Power Consumption and Display Brightness	42
Power Outage	43
Obtaining Additional Information about Power	43
Understanding Phone Configuration Files	43
Understanding the Phone Startup Process	45
Adding Phones to the Cisco Unified Communications Manager Database	46
Adding Phones with Auto-Registration	47
Adding Phones with Auto-Registration and TAPS	48
Adding Phones with Cisco Unified Communications Manager Administration	49
Adding Phones with BAT	49
Using Cisco Unified IP Phones with Different Protocols	49
Converting a New Phone from SCCP to SIP	50
Converting an In-Use Phone from SCCP to SIP	50
Converting an In-Use Phone from SIP to SCCP	50
Deploying a Phone in an SCCP and SIP Environment	51
Determining the MAC Address of a Cisco Unified IP Phone	51
Setting Up the Cisco Unified IP Phone	53
Before You Begin	53
Network Requirements	54
Cisco Unified Communications Manager Configuration	54
Safety	54
Understanding the Cisco Unified IP Phone 7965G and 7945G Components	55
Network and Access Ports	56
Handset	56
Speakerphone	56
Headset	56
Audio Quality Subjective to the User	57
Connecting a Headset	57
Disabling a Headset	57
Using External Devices with Your Cisco Unified IP Phone	58
Installing the Cisco Unified IP Phone	58
Attaching the Cisco Unified IP Phone Expansion Module 7914 (SCCP Phones Only)	60
Adjusting the Placement of the Cisco Unified IP Phone	61
Adjusting Cisco Unified IP Phone Footstand and Phone Height	61
Securing the Phone with a Cable Lock	62
Mounting the Phone to the Wall	62
Verifying the Phone Startup Process	64
Configuring Startup Network Settings	65
Configuring Security on the Cisco Unified IP Phone	65
Configuring Settings on the Cisco Unified IP Phone	67
Configuration Menus on the Cisco Unified IP Phone 7965G and 7945G	67
Displaying a Configuration Menu	68
Unlocking and Locking Options	69
Editing Values	69
Overview of Options Configurable from a Phone	70
Network Configuration Menu	71
Device Configuration Menu	77
CallManager Configuration menu	77
SIP Configuration Menu (SIP Phones Only)	79
SIP General Configuration Menu	79
Line Settings Menu	81
Call Preferences Menu	81
HTTP Configuration Menu	82
Locale Configuration Menu	83
NTP Configuration Menu (SIP Phones Only)	84
UI Configuration Menu	84
Media Configuration Menu	86
Power Save Configuration Menu	89
Ethernet Configuration Menu	90
Security Configuration Menu	91
QoS Configuration Menu	92
Network Configuration	93
Security Configuration Menu	97
CTL File Menu	98
Trust List Menu	99
802.1X Authentication and Status	100
Configuring Features, Templates, Services, and Users	103
Telephony Features Available for the Phone	104
Configuring Corporate and Personal Directories	116
Configuring Corporate Directories	116
Configuring Personal Directory	116
Modifying Phone Button Templates	117
Configuring Softkey Templates	117
Setting Up Services	118
Adding Users to Cisco Unified Communications Manager	118
Managing the User Options Web Pages	119
Giving Users Access to the User Options Web Pages	119
Specifying Options that Appear on the User Options Web Pages	119
Customizing the Cisco Unified IP Phone	121
Customizing and Modifying Configuration Files	121
Creating Custom Phone Rings	122
Ringlist.xml File Format Requirements	122
PCM File Requirements for Custom Ring Types	123
Configuring a Custom Phone Ring	123
Creating Custom Background Images	124
List.xml File Format Requirements	124
PNG File Requirements for Custom Background Images	125
Configuring a Custom Background Image	125
Configuring Wideband Codec	126
Configuring the Idle Display	127
Automatically Disabling the Cisco Unified IP Phone Screen	128
Viewing Model Information, Status, and Statistics on the Cisco Unified IP Phone	131
Model Information Screen	132
Status Menu	132
Status Messages Screen	133
Network Statistics Screen	139
Firmware Versions Screen	140
Expansion Module(s) Screen (SCCP Phones Only)	140
Call Statistics Screen	141
Monitoring the Cisco Unified IP Phone Remotely	145
Accessing the Web Page for a Phone	146
Disabling and Enabling Web Page Access	147
Device Information	147
Network Configuration	148
Network Statistics	152
Device Logs	155
Streaming Statistics	155
Troubleshooting and Maintenance	159
Resolving Startup Problems	160
Symptom: The Cisco Unified IP Phone Does Not Go Through its Normal Startup Process	160
Symptom: The Cisco Unified IP Phone Does Not Register with Cisco Unified Communications Manager	161
Identifying Error Messages	161
Checking Network Connectivity	161
Verifying TFTP Server Settings	161
Verifying IP Addressing and Routing	162
Verifying DNS Settings	162
Verifying Cisco Unified Communications Manager Settings	162
Cisco Unified Communications Manager and TFTP Services Are Not Running	162
Creating a New Configuration File	163
Registering the Phone with Cisco Unified Communications Manager	164
Symptom: Cisco Unified IP Phone Unable to Obtain IP Address	164
Cisco Unified IP Phone Resets Unexpectedly	164
Verifying the Physical Connection	165
Identifying Intermittent Network Outages	165
Verifying DHCP Settings	165
Checking Static IP Address Settings	165
Verifying Voice VLAN Configuration	165
Verifying that the Phones Have Not Been Intentionally Reset	166
Eliminating DNS or Other Connectivity Errors	166
Checking Power Connection	166
Troubleshooting Cisco Unified IP Phone Security	167
General Troubleshooting Tips	168
General Troubleshooting Tips for the Cisco Unified IP Phone Expansion Module 7914 (SCCP Phones Only)	172
Resetting or Restoring the Cisco Unified IP Phone	172
Performing a Basic Reset	172
Performing a Factory Reset	173
Using the Quality Report Tool	174
Monitoring the Voice Quality of Calls	174
Using Voice Quality Metrics	175
Troubleshooting Tips	176
Where to Go for More Troubleshooting Information	176
Cleaning the Cisco Unified IP Phone	177
Providing Information to Users Via a Website	179
How Users Obtain Support for the Cisco Unified IP Phone	179
How Users Access the Online Help System on the Phone	179
How Users Get Copies of Cisco Unified IP Phone Manuals	180
Accessing Cisco 7900 Series Unified IP Phone eLearning Tutorials (SCCP Phones Only)	180
How Users Subscribe to Services and Configure Phone Features	181
How Users Access a Voice Messaging System	181
How Users Configure Personal Directory Entries	182
Installing and Configuring the Cisco Unified IP Phone Address Book Synchronizer	182
Feature Support by Protocol for the Cisco Unified IP Phone 7965G and 7945G	185
Supporting International Users	189
Adding Language Overlays to Phone Buttons	189
Installing the Cisco Unified Communications Manager Locale Installer	189
Technical Specifications	191
Physical and Operating Environment Specifications	191
Cable Specifications	192
Network and Access Port Pinouts	192

Match case Limit results 1 per page

9-9

Cisco Unified IP Phone 7965G and 7945G Administration Guide for Cisco Unified Communications Manager 6.1

OL-14641-01

Chapter 9

Troubleshooting and Maintenance

Troubleshooting Cisco Unified IP Phone Security

Table 9-1

provides troubleshooting information for the security features on the Cisco Unified IP Phone.

For information relating to the solutions for any of these issues, and for additional troubleshooting

information about security, refer to

Cisco Unified Communications Manager Security Guide

Table 9-1

Cisco Unified IP Phone Security Troubleshooting

Problem

Possible Cause

CTL File Problems

Device authentication error.

CTL file does not have a Cisco Unified Communications

Manager certificate or has an incorrect certificate.

Phone cannot authenticate CTL file.

The security token that signed the updated CTL file does

not exist in the CTL file on the phone.

Phone cannot authenticate any of the

configuration files other than the CTL file.

There is a bad TFTP record.

Phone reports TFTP authorization failure.

•

The TFTP address for the phone does not exist in the

CTL file.

•

If you created a new CTL file with a new TFTP

record, the existing CTL file on the phone may not

contain a record for the new TFTP server.

Phone does not register with

Cisco Unified Communications Manager.

The CTL file does not contain the correct information for

the Cisco Unified Communications Manager server.

Phone does not request signed

configuration files.

The CTL file does not contain any TFTP entries with

certificates.

802.1X Enabled on Phone but Not Authenticating

Phone cannot obtain a DHCP-assigned IP

address.

These errors typically indicate that 802.1X

authentication is enabled on the phone, but the phone is

unable to authenticate.

Verify that you have properly configured the

required components (see the

“Supporting 802.1X

Authentication on Cisco Unified IP Phones” section

on page 1-15 for more information

Confirm that the shared secret is configured on the

phone (see the

“802.1X Authentication and Status”

section on page 4-34

for more information).

–

If the shared secret is configured, verify that you

have the same shared secret entered on the

authentication server.

–

If the shared secret is not configured, enter it,

and ensure that it matches the one on the

authentication server.

Phone does not register with

Cisco Unified Communications Manager.

Phone status display as “Configuring IP” or

“Registering”.

802.1X Authentication Status displays as

“Held” (see the

“802.1X Authentication

and Status” section on page 4-34

for more

details).

Status menu displays 802.1X status as

“Failed” (see the

“Status Menu” section on

page 7-2

for more details).