Home » Cisco Manuals » Telephony » Cisco 7965G » Manual Viewer

Cisco 7965G Administration Guide - Page 25

Overview of Supported Security Features, Feature, Description - firmware loads

UPC - 882658140464

Add to My Manuals
Save this manual to your list of manuals

Page 25 highlights

Chapter 1 An Overview of the Cisco Unified IP Phone Understanding Security Features for Cisco Unified IP Phones Overview of Supported Security Features Table 1-3 provides an overview of the security features that the Cisco Unified IP Phone 7965G and 7945G supports. For more information about these features and about Cisco Unified Communications Manager and Cisco Unified IP Phone security, refer to Cisco Unified Communications Manager Security Guide. For information about current security settings on a phone, look at the Security Configuration menus on the phone (choose Settings > Security Configuration and choose Settings > Device Configuration > Security Configuration). For more information, see Chapter 4, "Configuring Settings on the Cisco Unified IP Phone." Note Most security features are available only if a certificate trust list (CTL) is installed on the phone. For more information about the CTL, refer to "Configuring the Cisco CTL Client" chapter in the Cisco Unified Communications Manager Security Guide. Table 1-3 Overview of Security Features Feature Image authentication Customer-site certificate installation Device authentication File authentication Signaling Authentication Manufacturing installed certificate Description Signed binary files (with the extension .sgn) prevent tampering with the firmware image before it is loaded on a phone. Tampering with the image causes a phone to fail the authentication process and reject the new image. Each Cisco Unified IP Phone requires a unique certificate for device authentication. Phones include a manufacturing installed certificate (MIC), but for additional security, you can specify in Cisco Unified Communications Manager Administration that a certificate be installed by using the CAPF (Certificate Authority Proxy Function). Alternatively, you can install an Locally Significant Certificate (LSC) from the Security Configuration menu on the phone. See the "Configuring Security on the Cisco Unified IP Phone" section on page 3-13 for more information. Occurs between the Cisco Unified Communications Manager server and the phone when each entity accepts the certificate of the other entity. Determines whether a secure connection between the phone and a Cisco Unified Communications Manager should occur, and, if necessary, creates a secure signaling path between the entities using Transport Layer Security (TLS) protocol. Cisco Unified Communications Manager does not register phones unless they can be authenticated by the Cisco Unified Communications Manager. Validates digitally signed files that the phone downloads. The phone validates the signature to make sure that file tampering did not occur after the file creation. Files that fail authentication are not written to Flash memory on the phone. The phone rejects such files without further processing. Uses the TLS protocol to validate that no tampering has occurred to signaling packets during transmission. Each Cisco Unified IP Phone contains a unique manufacturing installed certificate (MIC), which is used for device authentication. The MIC is a permanent unique proof of identity for the phone, and allows Cisco Unified Communications Manager to authenticate the phone. OL-14641-01 Cisco Unified IP Phone 7965G and 7945G Administration Guide for Cisco Unified Communications Manager 6.1 1-11

Section	Page
Cisco Unified IP Phone 7965G and 7945G Administration Guide for Cisco Unified Communications Manager 6.1	1
Contents	5
Preface	11
An Overview of the Cisco Unified IP Phone	15
Understanding the Cisco Unified IP Phone 7965G and 7945G	16
What Networking Protocols Are Used?	18
What Features are Supported on the Cisco Unified IP Phone 7965G and 7945G?	21
Feature Overview	21
Configuring Telephony Features	22
Configuring Network Parameters Using the Cisco Unified IP Phone	22
Providing Users with Feature Information	23
Understanding Security Features for Cisco Unified IP Phones	23
Overview of Supported Security Features	25
Understanding Security Profiles	27
Identifying Encrypted and Authenticated Phone Calls	27
Establishing and Identifying Secure Conference Calls	28
Call Security Interactions and Restrictions	28
Supporting 802.1X Authentication on Cisco Unified IP Phones	29
Overview	29
Required Network Components	30
Best Practices-Requirements and Recommendations	30
Security Restrictions	31
Overview of Configuring and Installing Cisco Unified IP Phones	31
Configuring Cisco Unified IP Phones in Cisco Unified Communications Manager	32
Checklist for Configuring the Cisco Unified IP Phone 7965G and 7945G in Cisco Unified Communications Manager	33
Installing Cisco Unified IP Phones	35
Checklist for Installing the Cisco Unified IP Phone 7965G and 7945G	36
Preparing to Install the Cisco Unified IP Phone on Your Network	39
Understanding Interactions with Other Cisco Unified IP Communications Products	39
Understanding How the Cisco Unified IP Phone Interacts with Cisco Unified Communications Manager	40
Understanding How the Cisco Unified IP Phone Interacts with the VLAN	40
Providing Power to the Phone	41
Power Guidelines	42
Phone Power Consumption and Display Brightness	42
Power Outage	43
Obtaining Additional Information about Power	43
Understanding Phone Configuration Files	43
Understanding the Phone Startup Process	45
Adding Phones to the Cisco Unified Communications Manager Database	46
Adding Phones with Auto-Registration	47
Adding Phones with Auto-Registration and TAPS	48
Adding Phones with Cisco Unified Communications Manager Administration	49
Adding Phones with BAT	49
Using Cisco Unified IP Phones with Different Protocols	49
Converting a New Phone from SCCP to SIP	50
Converting an In-Use Phone from SCCP to SIP	50
Converting an In-Use Phone from SIP to SCCP	50
Deploying a Phone in an SCCP and SIP Environment	51
Determining the MAC Address of a Cisco Unified IP Phone	51
Setting Up the Cisco Unified IP Phone	53
Before You Begin	53
Network Requirements	54
Cisco Unified Communications Manager Configuration	54
Safety	54
Understanding the Cisco Unified IP Phone 7965G and 7945G Components	55
Network and Access Ports	56
Handset	56
Speakerphone	56
Headset	56
Audio Quality Subjective to the User	57
Connecting a Headset	57
Disabling a Headset	57
Using External Devices with Your Cisco Unified IP Phone	58
Installing the Cisco Unified IP Phone	58
Attaching the Cisco Unified IP Phone Expansion Module 7914 (SCCP Phones Only)	60
Adjusting the Placement of the Cisco Unified IP Phone	61
Adjusting Cisco Unified IP Phone Footstand and Phone Height	61
Securing the Phone with a Cable Lock	62
Mounting the Phone to the Wall	62
Verifying the Phone Startup Process	64
Configuring Startup Network Settings	65
Configuring Security on the Cisco Unified IP Phone	65
Configuring Settings on the Cisco Unified IP Phone	67
Configuration Menus on the Cisco Unified IP Phone 7965G and 7945G	67
Displaying a Configuration Menu	68
Unlocking and Locking Options	69
Editing Values	69
Overview of Options Configurable from a Phone	70
Network Configuration Menu	71
Device Configuration Menu	77
CallManager Configuration menu	77
SIP Configuration Menu (SIP Phones Only)	79
SIP General Configuration Menu	79
Line Settings Menu	81
Call Preferences Menu	81
HTTP Configuration Menu	82
Locale Configuration Menu	83
NTP Configuration Menu (SIP Phones Only)	84
UI Configuration Menu	84
Media Configuration Menu	86
Power Save Configuration Menu	89
Ethernet Configuration Menu	90
Security Configuration Menu	91
QoS Configuration Menu	92
Network Configuration	93
Security Configuration Menu	97
CTL File Menu	98
Trust List Menu	99
802.1X Authentication and Status	100
Configuring Features, Templates, Services, and Users	103
Telephony Features Available for the Phone	104
Configuring Corporate and Personal Directories	116
Configuring Corporate Directories	116
Configuring Personal Directory	116
Modifying Phone Button Templates	117
Configuring Softkey Templates	117
Setting Up Services	118
Adding Users to Cisco Unified Communications Manager	118
Managing the User Options Web Pages	119
Giving Users Access to the User Options Web Pages	119
Specifying Options that Appear on the User Options Web Pages	119
Customizing the Cisco Unified IP Phone	121
Customizing and Modifying Configuration Files	121
Creating Custom Phone Rings	122
Ringlist.xml File Format Requirements	122
PCM File Requirements for Custom Ring Types	123
Configuring a Custom Phone Ring	123
Creating Custom Background Images	124
List.xml File Format Requirements	124
PNG File Requirements for Custom Background Images	125
Configuring a Custom Background Image	125
Configuring Wideband Codec	126
Configuring the Idle Display	127
Automatically Disabling the Cisco Unified IP Phone Screen	128
Viewing Model Information, Status, and Statistics on the Cisco Unified IP Phone	131
Model Information Screen	132
Status Menu	132
Status Messages Screen	133
Network Statistics Screen	139
Firmware Versions Screen	140
Expansion Module(s) Screen (SCCP Phones Only)	140
Call Statistics Screen	141
Monitoring the Cisco Unified IP Phone Remotely	145
Accessing the Web Page for a Phone	146
Disabling and Enabling Web Page Access	147
Device Information	147
Network Configuration	148
Network Statistics	152
Device Logs	155
Streaming Statistics	155
Troubleshooting and Maintenance	159
Resolving Startup Problems	160
Symptom: The Cisco Unified IP Phone Does Not Go Through its Normal Startup Process	160
Symptom: The Cisco Unified IP Phone Does Not Register with Cisco Unified Communications Manager	161
Identifying Error Messages	161
Checking Network Connectivity	161
Verifying TFTP Server Settings	161
Verifying IP Addressing and Routing	162
Verifying DNS Settings	162
Verifying Cisco Unified Communications Manager Settings	162
Cisco Unified Communications Manager and TFTP Services Are Not Running	162
Creating a New Configuration File	163
Registering the Phone with Cisco Unified Communications Manager	164
Symptom: Cisco Unified IP Phone Unable to Obtain IP Address	164
Cisco Unified IP Phone Resets Unexpectedly	164
Verifying the Physical Connection	165
Identifying Intermittent Network Outages	165
Verifying DHCP Settings	165
Checking Static IP Address Settings	165
Verifying Voice VLAN Configuration	165
Verifying that the Phones Have Not Been Intentionally Reset	166
Eliminating DNS or Other Connectivity Errors	166
Checking Power Connection	166
Troubleshooting Cisco Unified IP Phone Security	167
General Troubleshooting Tips	168
General Troubleshooting Tips for the Cisco Unified IP Phone Expansion Module 7914 (SCCP Phones Only)	172
Resetting or Restoring the Cisco Unified IP Phone	172
Performing a Basic Reset	172
Performing a Factory Reset	173
Using the Quality Report Tool	174
Monitoring the Voice Quality of Calls	174
Using Voice Quality Metrics	175
Troubleshooting Tips	176
Where to Go for More Troubleshooting Information	176
Cleaning the Cisco Unified IP Phone	177
Providing Information to Users Via a Website	179
How Users Obtain Support for the Cisco Unified IP Phone	179
How Users Access the Online Help System on the Phone	179
How Users Get Copies of Cisco Unified IP Phone Manuals	180
Accessing Cisco 7900 Series Unified IP Phone eLearning Tutorials (SCCP Phones Only)	180
How Users Subscribe to Services and Configure Phone Features	181
How Users Access a Voice Messaging System	181
How Users Configure Personal Directory Entries	182
Installing and Configuring the Cisco Unified IP Phone Address Book Synchronizer	182
Feature Support by Protocol for the Cisco Unified IP Phone 7965G and 7945G	185
Supporting International Users	189
Adding Language Overlays to Phone Buttons	189
Installing the Cisco Unified Communications Manager Locale Installer	189
Technical Specifications	191
Physical and Operating Environment Specifications	191
Cable Specifications	192
Network and Access Port Pinouts	192

Match case Limit results 1 per page

1-11

Cisco Unified IP Phone 7965G and 7945G Administration Guide for Cisco Unified Communications Manager 6.1

OL-14641-01

Chapter 1

An Overview of the Cisco Unified IP Phone

Understanding Security Features for Cisco Unified IP Phones

Overview of Supported Security Features

Table 1-3

provides an overview of the security features that the Cisco Unified IP Phone 7965G and

7945G supports. For more information about these features and about Cisco Unified Communications

Manager and Cisco Unified IP Phone security, refer to

Cisco Unified Communications Manager

Security Guide

For information about current security settings on a phone, look at the Security Configuration menus on

the phone (choose

Settings > Security Configuration

and choose

Settings > Device Configuration >

Security Configuration

). For more information, see

Chapter 4, “Configuring Settings on the Cisco

Unified IP Phone.”

Note

Most security features are available only if a certificate trust list (CTL) is installed on the phone. For

more information about the CTL, refer to “Configuring the Cisco CTL Client” chapter in the

Cisco

Unified Communications Manager Security Guide

Table 1-3

Overview of Security Features

Feature

Description

Image authentication

Signed binary files (with the extension .sgn) prevent tampering with the firmware image

before it is loaded on a phone. Tampering with the image causes a phone to fail the

authentication process and reject the new image.

Customer-site certificate

installation

Each Cisco Unified IP Phone requires a unique certificate for device authentication.

Phones include a manufacturing installed certificate (MIC), but for additional security,

you can specify in Cisco Unified Communications Manager Administration that a

certificate be installed by using the CAPF (Certificate Authority Proxy Function).

Alternatively, you can install an Locally Significant Certificate (LSC) from the Security

Configuration menu on the phone. See the

“Configuring Security on the Cisco Unified IP

Phone” section on page 3-13

for more information.

Device authentication

Occurs between the Cisco Unified Communications Manager server and the phone when

each entity accepts the certificate of the other entity. Determines whether a secure

connection between the phone and a Cisco Unified Communications Manager should

occur, and, if necessary, creates a secure signaling path between the entities using

Transport Layer Security (TLS) protocol. Cisco Unified Communications Manager does

not register phones unless they can be authenticated by the

Cisco Unified Communications Manager.

File authentication

Validates digitally signed files that the phone downloads. The phone validates the

signature to make sure that file tampering did not occur after the file creation. Files that

fail authentication are not written to Flash memory on the phone. The phone rejects such

files without further processing.

Signaling Authentication

Uses the TLS protocol to validate that no tampering has occurred to signaling packets

during transmission.

Manufacturing installed

certificate

Each Cisco Unified IP Phone contains a unique manufacturing installed certificate (MIC),

which is used for device authentication. The MIC is a permanent unique proof of identity

for the phone, and allows Cisco Unified Communications Manager to authenticate the

phone.