Home » Cisco Manuals » Telephony » Cisco 7971G-GE » Manual Viewer

Cisco 7971G-GE Administration Guide - Page 64

Configuring Security on the Cisco Unified IP Phone

UPC - 746320966588

Add to My Manuals
Save this manual to your list of manuals

Page 64 highlights

Configuring Security on the Cisco Unified IP Phone Chapter 3 Setting Up the Cisco Unified IP Phone • DNS server IP address Collect this information and see the instructions in Chapter 4, "Configuring Settings on the Cisco Unified IP Phone." Configuring Security on the Cisco Unified IP Phone The security features protect against several threats, including threats to the identity of the phone and to data. These features establish and maintain authenticated communication streams between the phone and the Cisco Unified Communications Manager server, and digitally sign files before they are delivered. For more information about the security features, see the "Understanding Security Features for Cisco Unified IP Phones" section on page 1-8. Also, refer to Cisco Unified Communications Manager Security Guide. A Locally Significant Certificate (LSC) installs on phones after you perform the necessary tasks that are associated with the Certificate Authority Proxy Function (CAPF). You can use Cisco Unified Communications Manager Administration to configure an LSC, as described in Cisco Unified Communications Manager Security Guide. Alternatively, you can initiate the installation of an LSC from the Security Configuration menu on the phone. This menu also lets you update or remove an LSC. Before you begin, make sure that the appropriate Cisco Unified Communications Manager and the CAPF security configurations are complete: • The CTL file should have a CAPF certificate. • The CAPF certificate must exist in the /usr/local/cm/.security/certs folder in every server in the cluster. • The CAPF is running and configured. Refer to Cisco Unified Communications Manager Security Guide for more information. To configure an LSC on the phone, perform the following procedure. Depending on how you have configured the CAPF, this procedure installs an LSC, updates an existing LSC, or removes an existing LSC. Procedure Step 1 Obtain the CAPF authentication code that was set when the CAPF was configured. Step 2 From the phone, press the Settings > Security Configuration. Note You can control access to the Settings Menu by using the Settings Access field in the Cisco Unified Communications Manager Administration Phone Configuration window. For more information, see Cisco Unified Communications Manager Administration Guide. Step 3 Press **# to unlock settings on the Security Configuration menu. (See the "Unlocking and Locking Options" section on page 4-3 for information about using locking and unlocking options.) Note If a Settings Menu password has been provisioned, SIP phones present an "Enter password" prompt after you enter **#. 3-12 Cisco Unified IP Phone 7970G/7971G-GE Administration Guide for Cisco Unified Communications Manager 7.0 OL-15299-01

Section	Page
Cisco Unified IP Phone 7970G/7971G-GE Administration Guide for Cisco Unified Communications Manager 7.0 (SCCP and SIP)	1
Contents	3
Preface	11
An Overview of the Cisco Unified IP Phone	15
Understanding the Cisco Unified IP Phone 7970 Series	15
What Networking Protocols Are Used?	17
What Features are Supported on the Cisco Unified IP Phone 7970 Series?	21
Feature Overview	21
Configuring Telephony Features	22
Configuring Network Parameters Using the Cisco Unified IP Phone	22
Providing Users with Feature Information	22
Understanding Security Features for Cisco Unified IP Phones	22
Overview of Supported Security Features	24
Understanding Security Profiles	26
Identifying Authenticated, Encrypted, and Protected Phone Calls	27
Establishing and Identifying Secure Conference Calls	28
Establishing and Identifying Protected Calls	28
Call Security Interactions and Restrictions	29
Supporting 802.1X Authentication on Cisco Unified IP Phones	30
Overview	30
Required Network Components	30
Best Practices-Requirements and Recommendations	31
Security Restrictions	31
Overview of Configuring and Installing Cisco Unified IP Phones	32
Configuring Cisco Unified IP Phones in Cisco Unified Communications Manager	32
Checklist for Configuring the Cisco Unified IP Phone 7970 Series in Cisco Unified Communications Manager	33
Installing Cisco Unified IP Phones	35
Checklist for Installing the Cisco Unified IP Phone 7970 Series	35
Preparing to Install the Cisco Unified IP Phone on Your Network	39
Understanding Interactions with Other Cisco Unified IP Communications Products	40
Understanding How the Cisco Unified IP Phone Interacts with Cisco Unified Communications Manager	40
Understanding How the Cisco Unified IP Phone Interacts with the VLAN	41
Providing Power to the Phone	41
Power Guidelines	42
Phone Power Consumption and Display Brightness	43
Power Outage	43
Obtaining Additional Information about Power	44
Understanding Phone Configuration Files	44
Understanding the Phone Startup Process	45
Adding Phones to the Cisco Unified Communications Manager Database	47
Adding Phones with Auto-Registration	48
Adding Phones with Auto-Registration and TAPS	49
Adding Phones with Cisco Unified Communications Manager Administration	50
Adding Phones with BAT	50
Using Cisco Unified IP Phones with Different Protocols	50
Converting a New Phone from SCCP to SIP	51
Converting an In-Use Phone from SCCP to SIP	51
Converting an In-Use Phone from SIP to SCCP	51
Deploying a Phone in an SCCP and SIP Environment	52
Determining the MAC Address of a Cisco Unified IP Phone	52
Setting Up the Cisco Unified IP Phone	53
Before You Begin	53
Network Requirements	53
Cisco Unified Communications Manager Configuration	54
Understanding the Cisco Unified IP Phone 7970 Series Components	54
Network and Access Ports	54
Handset	55
Speakerphone	55
Headset	55
Audio Quality Subjective to the User	56
Connecting a Headset	56
Disabling a Headset	56
Using External Devices	56
Installing the Cisco Unified IP Phone	57
Attaching the Cisco Unified IP Phone Expansion Module 7914	59
Adjusting the Placement of the Cisco Unified IP Phone	60
Adjusting Cisco Unified IP Phone Footstand and Phone Height	60
Securing the Phone with a Cable Lock	60
Mounting the Phone to the Wall	61
Verifying the Phone Startup Process	62
Configuring Startup Network Settings	63
Configuring Security on the Cisco Unified IP Phone	64
Configuring Settings on the Cisco Unified IP Phone	67
Configuration Menus on the Cisco Unified IP Phone 7970 Series	67
Displaying a Configuration Menu	68
Unlocking and Locking Options	69
Editing Values	69
Overview of Options Configurable from a Phone	70
Network Configuration Menu	71
Device Configuration Menu	76
Unified CM Configuration	77
SIP Configuration Menu (SIP Phones Only)	78
SIP General Configuration Menu	79
Line Settings Menu (SIP Phones Only)	80
Call Preferences Menu (SIP Phones Only)	80
HTTP Configuration Menu	81
Locale Configuration Menu	82
NTP Configuration Menu (SIP Phones Only)	83
UI Configuration Menu	83
Media Configuration Menu	85
Power Save Configuration Menu	88
Ethernet Configuration Menu	89
Security Configuration Menu	89
QoS Configuration Menu	91
Network Configuration	91
Security Configuration Menu	95
CTL File Menu	96
Trust List Menu	97
802.1X Authentication and Status	97
Configuring Features, Templates, Services, and Users	101
Telephony Features Available for the Phone	101
Configuring Corporate and Personal Directories	116
Configuring Corporate Directories	117
Configuring Personal Directory	117
Modifying Phone Button Templates	117
Modifying a Phone Button Template for Personal Address Book or Fast Dials	118
Configuring Softkey Templates	119
Setting Up Services	120
Adding Users to Cisco Unified Communications Manager	120
Managing the User Options Web Pages	121
Giving Users Access to the User Options Web Pages	121
Specifying Options that Appear on the User Options Web Pages	121
Customizing the Cisco Unified IP Phone	123
Customizing and Modifying Configuration Files	123
Creating Custom Phone Rings	124
Ringlist.xml File Format Requirements	124
PCM File Requirements for Custom Ring Types	125
Configuring a Custom Phone Ring	125
Creating Custom Background Images	125
List.xml File Format Requirements	126
PNG File Requirements for Custom Background Images	127
Configuring a Custom Background Image	127
Configuring Wideband Codec	128
Configuring the Idle Display	129
Automatically Disabling the Cisco Unified IP Phone Touchscreen	129
Viewing Model Information, Status, and Statistics on the Cisco Unified IP Phone	133
Model Information Screen	134
Status Menu	135
Status Messages Screen	135
Network Statistics Screen	141
Firmware Versions Screen	143
Expansion Module(s) Screen	144
Call Statistics Screen	145
Monitoring the Cisco Unified IP Phone Remotely	149
Accessing the Web Page for a Phone	149
Disabling and Enabling Web Page Access	151
Device Information	151
Network Configuration	152
Network Statistics	156
Device Logs	158
Streaming Statistics	158
Troubleshooting and Maintenance	163
Resolving Startup Problems	163
Symptom: The Cisco Unified IP Phone Does Not Go Through its Normal Startup Process	164
Symptom: The Cisco Unified IP Phone Does Not Register with Cisco Unified Communications Manager	164
Identifying Error Messages	165
Checking Network Connectivity	165
Verifying TFTP Server Settings	165
Verifying IP Addressing and Routing	165
Verifying DNS Settings	166
Verifying Cisco Unified Communications Manager Settings	166
Cisco CallManager and TFTP Services Are Not Running	166
Creating a New Configuration File	167
Registering the Phone with Cisco Unified Communications Manager	167
Symptom: Cisco Unified IP Phone Unable to Obtain IP Address	168
Cisco Unified IP Phone Resets Unexpectedly	168
Verifying Physical Connection	168
Identifying Intermittent Network Outages	168
Verifying DHCP Settings	169
Checking Static IP Address Settings	169
Verifying Voice VLAN Configuration	169
Verifying that the Phones Have Not Been Intentionally Reset	169
Eliminating DNS or Other Connectivity Errors	169
Checking Power Connection	170
Troubleshooting Cisco Unified IP Phone Security	170
General Troubleshooting Tips	172
General Troubleshooting Tips for the Cisco Unified IP Phone Expansion Module 7914	174
Resetting or Restoring the Cisco Unified IP Phone	175
Performing a Basic Reset	175
Performing a Factory Reset	176
Using the Quality Report Tool	176
Monitoring the Voice Quality of Calls	177
Using Voice Quality Metrics	177
Troubleshooting Tips	178
Where to Go for More Troubleshooting Information	179
Cleaning the Cisco Unified IP Phone	179
Providing Information to Users Via a Website	181
How Users Obtain Support for the Cisco Unified IP Phone	181
Giving Users Access to the User Options Web Pages	181
How Users Access the Online Help System on the Phone	182
How Users Get Copies of Cisco Unified IP Phone Manuals	182
Accessing Cisco 7900 Series Unified IP Phone eLearning Tutorials (SCCP Phones Only)	182
How Users Subscribe to Services and Configure Phone Features	183
How Users Access a Voice-Messaging System	183
How Users Configure Personal Directory Entries	184
Installing and Configuring the Cisco Unified IP Phone Address Book Synchronizer	184
Feature Support by Protocol for the Cisco Unified IP Phones 7970 Series	187
Supporting International Users	193
Adding Language Overlays to Phone Buttons	193
Installing the Cisco Unified Communications Manager Locale Installer	193
Support for International Call Logging	194
Technical Specifications	195
Physical and Operating Environment Specifications	195
Cable Specifications	196
Network and Access Port Pinouts	196
Basic Phone Administration Steps	199
Example User Information for these Procedures	199
Adding a User to Cisco Unified Communications Manager	200
Adding a User From an External LDAP Directory	200
Adding a User Directly to Cisco Unified Communications Manager	200
Configuring the Phone	201
Performing Final End User Configuration Steps	205

Match case Limit results 1 per page

3-12

Cisco Unified IP Phone 7970G/7971G-GE Administration Guide for Cisco Unified Communications Manager 7.0

OL-15299-01

Chapter 3

Setting Up the Cisco Unified IP Phone

Configuring Security on the Cisco Unified IP Phone

•

DNS server IP address

Collect this information and see the instructions in

Chapter 4, “Configuring Settings on the Cisco

Unified IP Phone.”

Configuring Security on the Cisco Unified IP Phone

The security features protect against several threats, including threats to the identity of the phone and to

data. These features establish and maintain authenticated communication streams between the phone and

the Cisco Unified Communications Manager server, and digitally sign files before they are delivered.

For more information about the security features, see the

“Understanding Security Features for Cisco

Unified IP Phones” section on page 1-8

. Also, refer to

Cisco Unified Communications Manager Security

Guide

A Locally Significant Certificate (LSC) installs on phones after you perform the necessary tasks that are

associated with the Certificate Authority Proxy Function (CAPF). You can use

Cisco Unified Communications Manager Administration to configure an LSC, as described in

Cisco Unified Communications Manager Security Guide

Alternatively, you can initiate the installation of an LSC from the Security Configuration menu on the

phone. This menu also lets you update or remove an LSC.

Before you begin, make sure that the appropriate Cisco Unified Communications Manager and the

CAPF security configurations are complete:

•

The CTL file should have a CAPF certificate.

•

The CAPF certificate must exist in the /usr/local/cm/.security/certs folder in every server in the

cluster.

•

The CAPF is running and configured.

Refer to

Cisco Unified Communications Manager Security Guide

for more information.

To configure an LSC on the phone, perform the following procedure. Depending on how you have

configured the CAPF, this procedure installs an LSC, updates an existing LSC, or removes an existing

LSC.

Procedure

Step 1

Obtain the CAPF authentication code that was set when the CAPF was configured.

Step 2

From the phone, press the

Settings > Security Configuration

Note

You can control access to the Settings Menu by using the Settings Access field in the

Cisco Unified Communications Manager Administration Phone Configuration window. For

more information, see

Cisco Unified Communications Manager Administration Guide

Step 3

Press

**#

to unlock settings on the Security Configuration menu. (See the

“Unlocking and Locking

Options” section on page 4-3

for information about using locking and unlocking options.)

Note

If a Settings Menu password has been provisioned, SIP phones present an “Enter password”

prompt after you enter **#.