Home » Cisco Manuals » Telephony » Cisco CP-7911G » Manual Viewer

Cisco CP-7911G Administration Guide - Page 34

Feature, Description, Each Cisco Unified IP Phones 7906G and 7911G contains

Add to My Manuals
Save this manual to your list of manuals

Page 34 highlights

Understanding Security Features for Cisco Unified IP Phones Chapter 1 An Overview of the Cisco Unified IP Phone Table 1-3 Overview of Security Features (continued) Feature Customer-site certificate installation Device authentication File authentication Signaling Authentication Manufacturing installed certificate Description Each Cisco Unified IP Phone requires a unique certificate for device authentication. Phones include a manufacturing installed certificate (MIC), but for additional security, you can specify in Cisco Unified Communications Manager Administration that a certificate be installed by using the Certificate Authority Proxy Function (CAPF). Alternatively, you can install an Locally Significant Certificate (LSC) from the Security Configuration menu on the phone. See the "Configuring Security on the Cisco Unified IP Phone" section on page 3-17 for more information. Occurs between the Cisco Unified Communications Manager server and the phone when each entity accepts the certificate of the other entity. Determines whether a secure connection between the phone and a Cisco Unified Communications Manager should occur, and, if necessary, creates a secure signaling path between the entities using TLS protocol. Cisco Unified Communications Manager does not register phones configured in authenticated or encrypted mode unless they can be authenticated by the Cisco Unified Communications Manager. Validates digitally-signed files that the phone downloads. The phone validates the signature to make sure that file tampering did not occur after the file creation. Files that fail authentication are not written to Flash memory on the phone. The phone rejects such files without further processing. Uses the TLS protocol to validate that no tampering has occurred to signaling packets during transmission. Each Cisco Unified IP Phones 7906G and 7911G contains a unique MIC, which is used for device authentication. The MIC is a permanent unique proof of identity for the phone, and allows Cisco Unified Communications Manager to authenticate the phone. 1-16 Cisco Unified IP Phone 7906G and 7911G for Cisco Unified Communications Manager 6.0 OL11954-01

Section	Page
Cisco Unified IP Phone 7906G and 7911G Administration Guide for Cisco Unified Communications Mana...	1
Contents	5
Preface	13
Overview	13
Audience	13
Organization	14
Related Documentation	15
Obtaining Documentation, Obtaining Support, and Security Guidelines	16
Cisco Product Security Overview	16
Document Conventions	17
An Overview of the CiscoUnifiedIPPhone	19
Understanding the CiscoUnifiedIPPhones7906G and 7911G	20
What Networking Protocols Are Used?	23
What Features are Supported?	27
Feature Overview	28
Configuring Telephony Features	29
Configuring Network Parameters Using the CiscoUnified IP Phone	29
Providing Users with Feature Information	30
Understanding Security Features for CiscoUnified IP Phones	30
Overview of Supported Security Features	33
Understanding Security Profiles	37
Identifying Encrypted and Authenticated Phone Calls	37
Establishing and Identifying Secure Conference Calls	38
Call Security Interactions and Restrictions	39
Supporting 802.1X Authentication on Cisco Unified IP Phones	41
Overview	41
Required Network Components	42
Best Practices—Requirements and Recommendations	42
Security Restrictions	43
Overview of Configuring and Installing CiscoUnifiedIPPhones	44
Configuring CiscoUnified IP Phones in CiscoUnified Communications Manager	44
Checklist for Configuring the CiscoUnified IP Phones7906G and 7911G in CiscoUnified Communicat...	45
Installing CiscoUnified IP Phones	50
Checklist for Installing the CiscoUnified IP Phones7906G and 7911G	50
Preparing to Install the CiscoUnifiedIPPhone on Your Network	55
Understanding Interactions with Other CiscoUnifiedCommunications Products	56
Understanding How the CiscoUnifiedIPPhone Interacts with CiscoUnifiedCommunications Manager	56
Understanding How the CiscoUnified IP Phone Interacts with the VLAN	57
Providing Power to the CiscoUnifiedIPPhones7906G and 7911G	58
Power Guidelines	59
Power Outage	59
Obtaining Additional Information about Power	60
Understanding Phone Configuration Files	61
SIP Dial Rules	62
Understanding the Phone Startup Process	62
Adding Phones to the CiscoUnifiedCommunications Manager Database	66
Adding Phones with Auto-Registration	67
Adding Phones with Auto-Registration and TAPS	68
Adding Phones with Cisco Unified Communications Manager Administration	70
Adding Phones with BAT	70
Using Cisco Unified IP Phones with Different Protocols	71
Converting a New Phone from SCCP to SIP	71
Converting an In-Use Phone from SCCP to SIP	72
Converting an In-Use Phone from SIP to SCCP	72
Deploying a Phone in an SCCP and SIP Environment	73
Determining the MAC Address of a CiscoUnifiedIPPhone	73
Setting Up the CiscoUnifiedIPPhone	75
Before You Begin	76
Network Requirements	76
CiscoUnifiedCommunications Manager Configuration	77
Understanding the CiscoUnifiedIP Phones7906G and 7911G Components	77
Network and Access Ports	78
Handset	78
Speaker	78
Monitor Mode	79
Group Listen Mode	79
Headset	80
Audio Quality Subjective to User	81
Connecting a Headset	81
Using External Devices with Your CiscoUnifiedIPPhone	82
Installing the CiscoUnifiedIP Phone	83
Mounting the Phone to a Wall	89
Verifying the Phone Startup Process	90
Configuring Startup Network Settings	91
Configuring Security on the CiscoUnifiedIP Phone	91
Configuring Settings on the CiscoUnifiedIPPhone	95
Configuration Menus on the CiscoUnifiedIPPhones7906G and 7911G	95
Displaying a Configuration Menu	96
Unlocking and Locking Options	98
Editing the Values of an Option Setting	99
Overview of Options Configurable from a Phone	100
Network Configuration Menu	101
Device Configuration Menu	109
CallManager Configuration Menu	109
SIP Configuration Menu (SIP Phones Only)	112
SIP General Configuration Menu	112
Line Settings Menu	114
Call Preferences Menu (SIP Phones Only)	115
HTTP Configuration Menu	116
Locale Configuration Menu	118
UI Configuration Menu	119
Media Configuration Menu	122
NTP Configuration Menu (SIP Phones Only)	123
Ethernet Configuration Menu	125
Security Configuration Menu	126
QoS Configuration Menu	127
Network Configuration	128
Security Configuration Menu	132
CTL File Screen	134
Trust List Menu	136
802.1X Authentication and Status	137
Configuring Features, Templates, Services, and Users	141
Telephony Features Available for the Cisco Unified IP Phone	142
Configuring Corporate and Personal Directories	163
Configuring Corporate Directories	163
Configuring Personal Directory	164
Modifying Phone Button Templates	164
Configuring Softkey Templates	165
Setting Up Services	165
Adding Users to CiscoUnifiedCommunications Manager	166
Managing the User Options Web Pages	167
Giving Users Access to the User Options Web Pages	167
Specifying Options that Appear on the User Options Web Pages	168
Specifying Options that Appear on the User Options Web Pages	169
Customizing the CiscoUnifiedIPPhone	171
Customizing and Modifying Configuration Files	171
Creating Custom Phone Rings	172
Ringlist.xml File Format Requirements	172
PCM File Requirements for Custom Ring Types	173
Configuring a Custom Phone Ring	174
Creating Custom Background Images	175
List.xml File Format Requirements	175
PNG File Requirements for Custom Background Images	176
Configuring a Custom Background Image	177
Configuring Wideband Codec	178
Viewing Model Information, Status, and Statistics on the CiscoUnifiedIPPhone	181
Model Information Screen	182
Status Menu	183
Status Messages Screen	184
Network Statistics Screen	193
Firmware Versions Screen	195
Call Statistics Screen	196
Monitoring the CiscoUnifiedIP Phone Remotely	201
Accessing the Web Page for a Phone	202
Disabling and Enabling Web Page Access	204
Device Information	204
Network Configuration	206
Network Statistics	211
Device Logs	214
Streaming Statistics	215
Troubleshooting and Maintenance	221
Resolving Startup Problems	222
Symptom: The CiscoUnifiedIP Phone Does Not Go Through its Normal Startup Process	222
Symptom: The CiscoUnifiedIP Phone Does Not Register with CiscoUnifiedCommunications Manager	223
Identifying Error Messages	224
Registering the Phone with CiscoUnifiedCommunications Manager	224
Checking Network Connectivity	224
Verifying TFTP Server Settings	225
Verifying IP Addressing and Routing	225
Verifying DNS Settings	226
Verifying CiscoUnifiedCommunications Manager Settings	226
CiscoUnifiedCommunications Manager and TFTP Services Are Not Running	226
Creating a New Configuration File	227
Registering the Phone with CiscoUnifiedCommunications Manager	228
CiscoUnifiedIP Phone Resets Unexpectedly	229
Verifying Physical Connection	229
Identifying Intermittent Network Outages	229
Verifying DHCP Settings	230
Checking Static IP Address Settings	230
Verifying Voice VLAN Configuration	230
Verifying that the Phones Have Not Been Intentionally Reset	231
Eliminating DNS or Other Connectivity Errors	231
Checking Power Connection (SIP Phones Only)	232
Troubleshooting CiscoUnifiedIP Phone Security	232
General Troubleshooting Tips	236
Resetting or Restoring the CiscoUnifiedIP Phone	242
Performing a Basic Reset	242
Performing a Factory Reset	243
Using the Quality Report Tool	245
Monitoring the Voice Quality of Calls	245
Using Voice Quality Metrics	246
Troubleshooting Tips	247
Where to Go for More Troubleshooting Information	249
Cleaning the CiscoUnifiedIP Phone	249
Providing Information to Users	251
How Users Obtain Support for the CiscoUnifiedIP Phone	251
Giving Users Access to the User Options Web Pages	252
How Users Get Copies of CiscoUnifiedIP Phone Manuals	252
How Users Subscribe to Services and Configure Phone Features	253
How Users Access a Voice Messaging System	253
How Users Configure Personal Directory Entries	254
Applying the Cisco Unified IP Phone Address Book Synchronizer	254
Feature Support by Protocol for CiscoUnifiedIP Phone 7906G and 7911G	257
Supporting International Users	265
Technical Specifications	267
Physical and Operating Environment Specifications	267
Cable Specifications	268
Network and Access Port Pinouts	269

Match case Limit results 1 per page

Chapter 1

An Overview of the Cisco Unified IP Phone

Understanding Security Features for Cisco Unified IP Phones

1-16

Cisco Unified IP Phone 7906G and 7911G for Cisco Unified Communications Manager 6.0

OL11954-01

Customer-site certificate installation

Each Cisco Unified IP Phone requires a unique certificate for

device authentication. Phones include a manufacturing

installed certificate (MIC), but for additional security, you

can specify in Cisco Unified Communications Manager

Administration that a certificate be installed by using the

Certificate Authority Proxy Function (CAPF). Alternatively,

you can install an Locally Significant Certificate (LSC) from

the Security Configuration menu on the phone. See the

“Configuring Security on the Cisco Unified IP Phone”

section on page 3-17

for more information.

Device authentication

Occurs between the Cisco

Unified Communications Manager

server and the phone when each entity accepts the certificate

of the other entity. Determines whether a secure connection

between the phone and a Cisco Unified Communications

Manager should occur, and, if necessary, creates a secure

signaling path between the entities using TLS protocol.

Cisco Unified Communications Manager does not register

phones configured in authenticated or encrypted mode unless

they can be authenticated by the

Cisco Unified Communications Manager.

File authentication

Validates digitally-signed files that the phone downloads.

The phone validates the signature to make sure that file

tampering did not occur after the file creation. Files that fail

authentication are not written to Flash memory on the phone.

The phone rejects such files without further processing.

Signaling Authentication

Uses the TLS protocol to validate that no tampering has

occurred to signaling packets during transmission.

Manufacturing installed certificate

Each Cisco Unified IP Phones 7906G and 7911G contains a

unique MIC, which is used for device authentication. The

MIC is a permanent unique proof of identity for the phone,

and allows Cisco Unified Communications Manager to

authenticate the phone.

Table 1-3

Overview of Security Features (continued)

Feature

Description