Cisco CP-7911G-CH1 Administration Guide - Page 183
Process, Description or Detail, In case of WAN failure
View all Cisco CP-7911G-CH1 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 183 highlights
Configuring Secure SRST for SCCP and SIP Information About Configuring Secure SRST Figure 1 Interworking of Credentials Server on SRST Router, Cisco Unified Communications Manager, and Cisco Unified IP Phone Cisco Unified Communications Manager/client 1. Cisco Unified Communications Manager requests the Cisco Unified SRST certificate from the credentials server. WAN Credentials server running on secure Cisco Unified SRST router 155100 2. The credentials server responds with the certificate. 3. Cisco Unified Communications Manager inserts the certificate in the phone configuration file. IP Cisco IP phone Table 2 Establishing Secure SRST Mode Process Description or Detail Regular Mode The Cisco Unified IP Phone configures DHCP and - gets the TFTP server address. The Cisco Unified IP Phone retrieves a CTL file The CTL file contains the certificates that the phone from the TFTP server. should trust. The Cisco IP Phone opens a Transport Layer Security (TLS) protocol channel and registers to Cisco Unified Communications Manager. Cisco Unified Communications Manager exports secure Cisco Unified SRST router information and the Cisco Unified SRST router certificate to the Cisco Unified IP phone. The phone places the certificate into its configuration. Once the phone has the Cisco Unified SRST certificate, the Cisco Unified SRST router is considered secure. See Figure 1. If the Cisco Unified IP Phone is configured as The connection to the SRST router happens "authenticated" or "encrypted" and Cisco automatically, assuming there is not a secondary Unified Communications Manager is configured Cisco Unified Communications Manager and Cisco in mixed mode, the phone looks for an SRST Unified SRST is configured as the backup device. See certificate in its configuration file. If it finds an Figure 1. SRST certificate, it opens a standby TLS Cisco Unified Communications Manager should be connection to the default port. The default port is configured in mixed mode, which is its secure mode. the Cisco Unified IP Phone TCP port plus 443; that is, port 2443 on a Cisco Unified SRST router. In case of WAN failure, the Cisco Unified IP Phone starts Cisco Unified SRST registration. SRST Mode The Cisco Unified IP Phone registers with the - SRST router at the default port for secure communications. OL-13143-04 Cisco Unified SCCP and SIP SRST System Administrator Guide 183