Home » Cisco Manuals » Telephony » Cisco 7970G » Manual Viewer

Cisco 7970G Administration Guide - Page 34

Feature, Description, Each Cisco Unified IP Phone contains a unique manufacturing - download firmware

UPC - 746320926292

Add to My Manuals
Save this manual to your list of manuals

Page 34 highlights

Understanding Security Features for Cisco Unified IP Phones Chapter 1 An Overview of the Cisco Unified IP Phone Table 1-3 Overview of Security Features Feature Image authentication Customer-site certificate installation Device authentication File authentication Signaling Authentication Manufacturing installed certificate Description Signed binary files (with the extension .sbn) prevent tampering with the firmware image before it is loaded on a phone. Tampering with the image causes a phone to fail the authentication process and reject the new image. Each Cisco Unified IP Phone requires a unique certificate for device authentication. Phones include a manufacturing installed certificate (MIC), but for additional security, you can specify in Cisco Unified Communications Manager Administration that a certificate be installed by using the CAPF (Certificate Authority Proxy Function). Alternatively, you can install an LSC from the Security Configuration menu on the phone. See the "Configuring Security on the Cisco Unified IP Phone" section on page 3-17 for more information. Occurs between the Cisco Unified Communications Manager server and the phone when each entity accepts the certificate of the other entity. Determines whether a secure connection between the phone and a Cisco Unified Communications Manager should occur, and, if necessary, creates a secure signaling path between the entities using TLS protocol. Cisco Unified Communications Manager does not register phones unless they can be authenticated by the Cisco Unified Communications Manager. Validates digitally signed files that the phone downloads. The phone validates the signature to make sure that file tampering did not occur after the file creation. Files that fail authentication are not written to Flash memory on the phone. The phone rejects such files without further processing. Uses the TLS protocol to validate that no tampering has occurred to signaling packets during transmission. Each Cisco Unified IP Phone contains a unique manufacturing installed certificate (MIC), which is used for device authentication. The MIC is a permanent unique proof of identity for the phone, and allows Cisco Unified Communications Manager to authenticate the phone. 1-16 Cisco Unified IP Phone 7970G/7971G-GE Administration Guide for Cisco Unified Communications Manager 6.1 OL-14626-01

Section	Page
Cisco Unified IP Phone 7970G/7971G-GE Administration Guide for Cisco Unified Communications Manager 6.1 (SCCP and SIP)	1
Contents	5
Preface	13
An Overview of the Cisco Unified IP Phone	19
Understanding the Cisco Unified IP Phone 7970 Series	20
What Networking Protocols Are Used?	22
What Features are Supported on the Cisco Unified IP Phone 7970 Series?	27
Feature Overview	28
Configuring Telephony Features	29
Configuring Network Parameters Using the Cisco Unified IP Phone	29
Providing Users with Feature Information	30
Understanding Security Features for Cisco Unified IP Phones	30
Overview of Supported Security Features	33
Understanding Security Profiles	37
Identifying Encrypted and Authenticated Phone Calls	37
Establishing and Identifying Secure Conference Calls	38
Call Security Interactions and Restrictions	39
Supporting 802.1X Authentication on Cisco Unified IP Phones	40
Overview	41
Required Network Components	41
Best Practices-Requirements and Recommendations	42
Security Restrictions	43
Overview of Configuring and Installing Cisco Unified IP Phones	44
Configuring Cisco Unified IP Phones in Cisco Unified Communications Manager	44
Checklist for Configuring the Cisco Unified IP Phone 7970 Series in Cisco Unified Communications Manager	45
Installing Cisco Unified IP Phones	49
Checklist for Installing the Cisco Unified IP Phone 7970 Series	50
Preparing to Install the Cisco Unified IP Phone on Your Network	53
Understanding Interactions with Other Cisco Unified IP Communications Products	54
Understanding How the Cisco Unified IP Phone Interacts with Cisco Unified Communications Manager	54
Understanding How the Cisco Unified IP Phone Interacts with the VLAN	55
Providing Power to the Phone	56
Power Guidelines	57
Phone Power Consumption and Display Brightness	58
Power Outage	59
Obtaining Additional Information about Power	59
Understanding Phone Configuration Files	60
Understanding the Phone Startup Process	62
Adding Phones to the Cisco Unified Communications Manager Database	65
Adding Phones with Auto-Registration	66
Adding Phones with Auto-Registration and TAPS	67
Adding Phones with Cisco Unified Communications Manager Administration	68
Adding Phones with BAT	69
Using Cisco Unified IP Phones with Different Protocols	70
Converting a New Phone from SCCP to SIP	70
Converting an In-Use Phone from SCCP to SIP	71
Converting an In-Use Phone from SIP to SCCP	71
Deploying a Phone in an SCCP and SIP Environment	72
Determining the MAC Address of a Cisco Unified IP Phone	72
Setting Up the Cisco Unified IP Phone	73
Before You Begin	74
Network Requirements	74
Cisco Unified Communications Manager Configuration	74
Understanding the Cisco Unified IP Phone 7970 Series Components	75
Network and Access Ports	75
Handset	76
Speakerphone	76
Headset	77
Audio Quality Subjective to the User	77
Connecting a Headset	78
Disabling a Headset	78
Using External Devices with Your Cisco Unified IP Phone	78
Installing the Cisco Unified IP Phone	79
Attaching the Cisco Unified IP Phone Expansion Module 7914 (SCCP Phones Only)	82
Adjusting the Placement of the Cisco Unified IP Phone	84
Adjusting Cisco Unified IP Phone Footstand and Phone Height	84
Securing the Phone with a Cable Lock	84
Mounting the Phone to the Wall	86
Verifying the Phone Startup Process	87
Configuring Startup Network Settings	89
Configuring Security on the Cisco Unified IP Phone	89
Configuring Settings on the Cisco Unified IP Phone	93
Configuration Menus on the Cisco Unified IP Phone 7970 Series	93
Displaying a Configuration Menu	95
Unlocking and Locking Options	96
Editing Values	97
Overview of Options Configurable from a Phone	98
Network Configuration Menu	99
Device Configuration Menu	108
CallManager Configuration Menu	108
SIP Configuration Menu (SIP Phones Only)	111
SIP General Configuration Menu	111
Line Settings Menu	113
Call Preferences Menu	114
HTTP Configuration Menu	116
Locale Configuration Menu	117
NTP Configuration Menu (SIP Phones Only)	118
UI Configuration Menu	119
Media Configuration Menu	122
Power Save Configuration Menu	128
Ethernet Configuration Menu	129
Security Configuration Menu	130
QoS Configuration Menu	132
Network Configuration	133
Security Configuration Menu	138
CTL File Menu	140
Trust List Menu	142
802.1X Authentication and Status	143
Configuring Features, Templates, Services, and Users	147
Telephony Features Available for the Phone	148
Configuring Corporate and Personal Directories	170
Configuring Corporate Directories	170
Configuring Personal Directory	170
Modifying Phone Button Templates	171
Configuring Softkey Templates	172
Setting Up Services	173
Adding Users to Cisco Unified Communications Manager	173
Managing the User Options Web Pages	174
Giving Users Access to the User Options Web Pages	174
Specifying Options that Appear on the User Options Web Pages	175
Customizing the Cisco Unified IP Phone	177
Customizing and Modifying Configuration Files	177
Creating Custom Phone Rings	178
Ringlist.xml File Format Requirements	179
PCM File Requirements for Custom Ring Types	180
Configuring a Custom Phone Ring	180
Creating Custom Background Images	181
List.xml File Format Requirements	181
PNG File Requirements for Custom Background Images	182
Configuring a Custom Background Image	183
Configuring Wideband Codec	185
Configuring the Idle Display	185
Automatically Disabling the Cisco Unified IP Phone Touchscreen	187
Viewing Model Information, Status, and Statistics on the Cisco Unified IP Phone	191
Model Information Screen	192
Status Menu	193
Status Messages Screen	194
Network Statistics Screen	204
Firmware Versions Screen	206
Expansion Module(s) Screen (SCCP Phones Only)	207
Call Statistics Screen	208
Monitoring the Cisco Unified IP Phone Remotely	213
Accessing the Web Page for a Phone	214
Disabling and Enabling Web Page Access	215
Device Information	216
Network Configuration	218
Network Statistics	223
Device Logs	227
Streaming Statistics	227
Troubleshooting and Maintenance	235
Resolving Startup Problems	236
Symptom: The Cisco Unified IP Phone Does Not Go Through its Normal Startup Process	236
Symptom: The Cisco Unified IP Phone Does Not Register with Cisco Unified Communications Manager	237
Identifying Error Messages	238
Checking Network Connectivity	238
Verifying TFTP Server Settings	238
Verifying IP Addressing and Routing	239
Verifying DNS Settings	239
Verifying Cisco Unified Communications Manager Settings	239
Cisco Unified Communications Manager and TFTP Services Are Not Running	240
Creating a New Configuration File	241
Registering the Phone with Cisco Unified Communications Manager	242
Symptom: Cisco Unified IP Phone Unable to Obtain IP Address	242
Cisco Unified IP Phone Resets Unexpectedly	242
Verifying Physical Connection	243
Identifying Intermittent Network Outages	243
Verifying DHCP Settings	243
Checking Static IP Address Settings	244
Verifying Voice VLAN Configuration	244
Verifying that the Phones Have Not Been Intentionally Reset	244
Eliminating DNS or Other Connectivity Errors	245
Checking Power Connection	246
Troubleshooting Cisco Unified IP Phone Security	246
General Troubleshooting Tips	249
General Troubleshooting Tips for the Cisco Unified IP Phone Expansion Module 7914 (SCCP Phones Only)	253
Resetting or Restoring the Cisco Unified IP Phone	253
Performing a Basic Reset	254
Performing a Factory Reset	255
Using the Quality Report Tool	256
Monitoring the Voice Quality of Calls	256
Using Voice Quality Metrics	257
Troubleshooting Tips	258
Where to Go for More Troubleshooting Information	260
Cleaning the Cisco Unified IP Phone	260
Providing Information to Users Via a Website	261
How Users Obtain Support for the Cisco Unified IP Phone	262
Giving Users Access to the User Options Web Pages	262
How Users Access the Online Help System on the Phone	262
How Users Get Copies of Cisco Unified IP Phone Manuals	263
Accessing Cisco 7900 Series Unified IP Phone eLearning Tutorials (SCCP Phones Only)	264
How Users Subscribe to Services and Configure Phone Features	264
How Users Access a Voice-Messaging System	265
How Users Configure Personal Directory Entries	266
Installing and Configuring the Cisco Unified IP Phone Address Book Synchronizer	266
Feature Support by Protocol for the Cisco Unified IP Phones 7970 Series	269
Supporting International Users	277
Adding Language Overlays to Phone Buttons	277
Installing the Cisco Unified Communications Manager Locale Installer	278
Technical Specifications	279
Physical and Operating Environment Specifications	279
Cable Specifications	280
Network and Access Port Pinouts	281

Match case Limit results 1 per page

Chapter 1

An Overview of the Cisco Unified IP Phone

Understanding Security Features for Cisco Unified IP Phones

1-16

Cisco Unified IP Phone 7970G/7971G-GE Administration Guide for Cisco Unified Communications Manager 6.1

OL-14626-01

Table 1-3

Overview of Security Features

Feature

Description

Image authentication

Signed binary files (with the extension .sbn) prevent tampering with

the firmware image before it is loaded on a phone. Tampering with

the image causes a phone to fail the authentication process and

reject the new image.

Customer-site certificate

installation

Each Cisco Unified IP Phone requires a unique certificate for device

authentication. Phones include a manufacturing installed certificate

(MIC), but for additional security, you can specify in Cisco

Unified Communications Manager Administration that a certificate

be installed by using the CAPF (Certificate Authority Proxy

Function). Alternatively, you can install an LSC from the Security

Configuration menu on the phone. See the

“Configuring Security on

the Cisco Unified IP Phone” section on page 3-17

for more

information.

Device authentication

Occurs between the Cisco Unified Communications Manager server

and the phone when each entity accepts the certificate of the other

entity. Determines whether a secure connection between the phone

and a Cisco Unified Communications Manager should occur, and, if

necessary, creates a secure signaling path between the entities using

TLS protocol. Cisco Unified Communications Manager does not

Cisco Unified Communications Manager.

File authentication

Validates digitally signed files that the phone downloads. The

phone validates the signature to make sure that file tampering did

not occur after the file creation. Files that fail authentication are not

written to Flash memory on the phone. The phone rejects such files

without further processing.

Signaling Authentication

Uses the TLS protocol to validate that no tampering has occurred to

signaling packets during transmission.

Manufacturing installed

certificate

Each Cisco Unified IP Phone contains a unique manufacturing

installed certificate (MIC), which is used for device authentication.

The MIC is a permanent unique proof of identity for the phone, and

allows Cisco Unified Communications Manager to authenticate the

phone.