Home » Cisco Manuals » Telephony » Cisco CP-7975G » Manual Viewer

Cisco CP-7975G Administration Guide - Page 27

Understanding Security Features for Cisco Unified IP Phones

Add to My Manuals
Save this manual to your list of manuals

Page 27 highlights

Chapter 1 An Overview of the Cisco Unified IP Phone Understanding Security Features for Cisco Unified IP Phones Understanding Security Features for Cisco Unified IP Phones Implementing security in the Cisco Unified Communications Manager system prevents identity theft of the phone and Cisco Unified Communications Manager server, prevents data tampering, and prevents call signaling and media stream tampering. To alleviate these threats, the Cisco Unified IP telephony network establishes and maintains authenticated and encrypted communication streams between a phone and the server, digitally signs files before they are transferred to a phone, and encrypts media streams and call signaling between Cisco Unified IP phones. The Cisco Unified IP Phones 7975G, 7971G-GE, 7970G, 7965G, and 7945G use the Phone Security Profile, which defines whether the device is nonsecure, authenticated, or encrypted. For information on applying the security profile to the phone, refer to Cisco Unified Communications Manager Security Guide. If you configure security-related settings in Cisco Unified Communications Manager Administration, the phone configuration file will contain sensitive information. To ensure the privacy of a configuration file, you must configure it for encryption. For detailed information, refer to Configuring Encrypted Phone Configuration Files in Cisco Unified Communications Manager Security Guide. Table 1-3 shows where you can find additional information about security in this and other documents. Table 1-3 Cisco Unified IP Phone and Cisco Unified Communications Manager Security Topics Topic Reference Detailed explanation of security, including set up, configuration, and troubleshooting information for Cisco Unified Communications Manager and Cisco Unified IP Phones Refer to the Troubleshooting Guide for Cisco Unified Communications Manager Security features supported on the Cisco Unified IP Phone See Overview of Supported Security Features, page 1-14 Restrictions regarding security features See Security Restrictions, page 1-21 Viewing a security profile name See Understanding Security Profiles, page 1-16 Identifying phone calls for which security is implemented See Identifying Authenticated, Encrypted, and Protected Phone Calls, page 1-17 TLS connection See What Networking Protocols are Used?, page 1-6 See Understanding Phone Configuration Files, page 2-7 Security and the phone startup process See Understanding the Phone Startup Process, page 2-9 Security and phone configuration files See Understanding Phone Configuration Files, page 2-7 Changing the TFTP Server 1 or TFTP Server 2 option on the See Table 4-2 in the Network Configuration Menu, page 4-5 phone when security is implemented Understanding security icons in the Unified CM 1 through See Unified CM Configuration, page 4-18 Unified CM 5 options in the Device Configuration Menu on the phone Items on the Security Configuration menu that you access See Security Configuration Menu, page 4-30 from the Device Configuration menu on the phone Items on the Security Configuration menu that you access See Security Configuration Menu, page 4-36 from the Settings menu on the phone OL-23092-01 Cisco Unified IP Phone Administration Guide for Cisco Unified Communications Manager 8.5 1-13

Section	Page
Cisco Unified IP Phone Administration Guide for Cisco Unified CM 8.5 (SCCP and SIP)	1
Contents	3
Preface	11
An Overview of the Cisco Unified IP Phone	15
Understanding the Cisco Unified IP Phones 7975G, 7971G-GE, 7970G, 7965G, and 7945G	16
What Networking Protocols are Used?	20
IPv6 Support on Cisco Unified IP Phones	23
What Features are Supported on the Cisco Unified IP Phone 7975G, 7971G-GE, 7970G, 7965G, and 7945G?	25
Feature Overview	25
Configuring Telephony Features	26
Configuring Network Parameters Using the Cisco Unified IP Phone	26
Providing Users with Feature Information	26
Understanding Security Features for Cisco Unified IP Phones	27
Overview of Supported Security Features	28
Understanding Security Profiles	30
Identifying Authenticated, Encrypted, and Protected Phone Calls	31
Establishing and Identifying Secure Conference Calls	31
Establishing and Identifying Protected Calls	32
Call Security Interactions and Restrictions	32
Supporting 802.1X Authentication on Cisco Unified IP Phones	33
Overview	34
Required Network Components	34
Best Practices-Requirements and Recommendations	34
Security Restrictions	35
Overview of Configuring and Installing Cisco Unified IP Phones	36
Configuring Cisco Unified IP Phones in Cisco Unified Communications Manager	36
Checklist for Configuring the Cisco Unified IP Phone 7975G, 7971G-GE, 7970G, 7965G, and 7945G in Cisco Unified Communications Manager Administration	36
Installing Cisco Unified IP Phones	39
Checklist for Installing the Cisco Unified IP Phone 7975G, 7971G-GE, 7970G, 7965G, and 7945G	39
Preparing to Install the Cisco Unified IP Phone on Your Network	45
Understanding Interactions with Other Cisco Unified IP Communications Products	46
Understanding How the Cisco Unified IP Phone Interacts with Cisco Unified Communications Manager	46
Understanding How the Cisco Unified IP Phone Interacts with the VLAN	47
Providing Power to the Phone	48
Power Guidelines	48
Phone Power Consumption and Display Brightness	49
Power Outage	50
Obtaining Additional Information about Power	50
Understanding Phone Configuration Files	51
Understanding the Phone Startup Process	53
Adding Phones to the Cisco Unified Communications Manager Database	55
Adding Phones with Auto-Registration	55
Adding Phones with Auto-Registration and TAPS	56
Adding Phones with Cisco Unified Communications Manager Administration	57
Adding Phones with BAT	57
Using Cisco Unified IP Phones with Different Protocols	58
Converting a New Phone from SCCP to SIP	58
Converting an In-Use Phone from One Protocol to the Other Protocol	59
Deploying a Phone in an SCCP and SIP Environment	59
Determining the MAC Address of a Cisco Unified IP Phone	59
Setting Up the Cisco Unified IP Phone	61
Before You Begin	61
Network Requirements	61
Cisco Unified Communications Manager Configuration	62
Understanding the Cisco Unified IP Phone Components	62
Network and Access Ports	62
Handset	63
Speakerphone	63
Headset	63
Audio Quality Subjective to the User	64
Connecting a Headset	64
Disabling a Headset	64
Enabling a Wireless Headset	65
Using External Devices	65
Installing the Cisco Unified IP Phone	65
Attaching a Cisco Unified IP Phone Expansion Module	69
Feature Key Capacity Increase for Cisco Unified IP Phones	70
Adjusting the Placement of the Cisco Unified IP Phone	71
Adjusting Cisco Unified IP Phone Footstand and Phone Height	71
Securing the Phone with a Cable Lock	72
Mounting the Phone to the Wall	73
Verifying the Phone Startup Process	74
Configuring Startup Network Settings	75
Configuring Security on the Cisco Unified IP Phone	76
Configuring Settings on the Cisco Unified IP Phone	79
Configuration Menus on the Cisco Unified IP Phone	79
Displaying a Configuration Menu	80
Unlocking and Locking Options	81
Editing Values	81
Overview of Options Configurable from a Phone	82
Network Configuration Menu	83
Understanding DHCPv6 and Autoconfiguration	94
Device Configuration Menu	95
Unified CM Configuration	96
SIP Configuration Menu for SIP Phones	97
SIP General Configuration Menu	97
Line Settings Menu for SIP Phones	98
Call Preferences Menu for SIP Phones	98
HTTP Configuration Menu	99
Locale Configuration Menu	101
NTP Configuration Menu for SIP Phones	101
UI Configuration Menu	102
Media Configuration Menu	104
Power Save Configuration Menu	107
Ethernet Configuration Menu	108
Security Configuration Menu	108
QoS Configuration Menu	109
Network Configuration	110
Security Configuration Menu	114
CTL File Submenu	116
ITL File Submenu	117
Trust List Menu	119
802.1X Authentication and Status	120
VPN Configuration	122
Connecting to VPN	122
VPN Configuration Settings	123
Configuring Features, Templates, Services, and Users	125
Telephony Features Available for the Phone	125
Configuring Product Specific Configuration Parameters	146
Configuring Corporate and Personal Directories	148
Configuring Corporate Directories	148
Configuring Personal Directory	148
Modifying Phone Button Templates	149
Modifying a Phone Button Template for Personal Address Book or Fast Dials	150
Configuring Softkey Templates	151
Setting Up Services	152
Adding Users to Cisco Unified Communications Manager	152
Managing the User Options Web Pages	153
Giving Users Access to the User Options Web Pages	153
Specifying Options that Appear on the User Options Web Pages	154
Customizing the Cisco Unified IP Phone	157
Customizing and Modifying Configuration Files	157
Creating Custom Phone Rings	158
Ringlist.xml File Format Requirements	158
PCM File Requirements for Custom Ring Types	159
Configuring a Custom Phone Ring	159
Creating Custom Background Images	159
List.xml File Format Requirements	160
PNG File Requirements for Custom Background Images	161
Configuring a Custom Background Image	162
Configuring Wideband Codec	163
Configuring the Idle Display	163
Automatically Disabling the Cisco Unified IP Phone Screen	164
Viewing Model Information, Status, and Statistics on the Cisco Unified IP Phone	167
Model Information Screen	168
Status Menu	169
Status Messages Screen	169
Network Statistics Screen	176
Firmware Versions Screen	179
Expansion Module(s) Screen	180
Call Statistics Screen	181
Using Test Tone	184
Monitoring the Cisco Unified IP Phone Remotely	187
Accessing the Web Page for a Phone	188
Disabling and Enabling Web Page Access	189
Configuring the Cisco Unified IP Phone to use HTTP/HTTPS Protocols	190
Device Information	190
Network Configuration	191
Network Statistics	195
Device Logs	197
Streaming Statistics	198
Troubleshooting and Maintenance	203
Resolving Startup Problems	203
Symptom: The Cisco Unified IP Phone Does Not Go Through its Normal Startup Process	204
Symptom: The Cisco Unified IP Phone Does Not Register with Cisco Unified Communications Manager	204
Identifying Error Messages	205
Checking Network Connectivity	205
Verifying TFTP Server Settings	205
Verifying IP Addressing and Routing	205
Verifying DNS Settings	206
Verifying Cisco Unified Communications Manager Settings	206
Cisco CallManager and TFTP Services Are Not Running	206
Creating a New Configuration File	207
Registering the Phone with Cisco Unified Communications Manager	207
Symptom: Cisco Unified IP Phone Unable to Obtain IP Address	208
Cisco Unified IP Phone Resets Unexpectedly	208
Verifying Physical Connection	208
Identifying Intermittent Network Outages	208
Verifying DHCP Settings	209
Checking Static IP Address Settings	209
Verifying Voice VLAN Configuration	209
Verifying that the Phones Have Not Been Intentionally Reset	209
Eliminating DNS or Other Connectivity Errors	210
Checking Power Connection	210
Troubleshooting Cisco Unified IP Phone Security	210
General Troubleshooting Tips	212
General Troubleshooting Tips for the Cisco Unified IP Phone Expansion Module	216
Resetting or Restoring the Cisco Unified IP Phone	216
Performing a Basic Reset	216
Performing a Factory Reset	217
Using the Quality Report Tool	219
Monitoring the Voice Quality of Calls	219
Using Voice Quality Metrics	220
Troubleshooting Tips	220
Where to Go for More Troubleshooting Information	221
Cleaning the Cisco Unified IP Phone	222
Providing Information to Users Via a Website	223
How Users Obtain Support for the Cisco Unified IP Phone	223
Giving Users Access to the User Options Web Pages	223
How Users Access the Online Help System on the Phone	224
How Users Get Copies of Cisco Unified IP Phone Manuals	224
Accessing Cisco 7900 Series Unified IP Phone eLearning Tutorials (SCCP Phones Only)	224
How Users Subscribe to Services and Configure Phone Features	225
How Users Access a Voice-Messaging System	225
How Users Configure Personal Directory Entries	226
Installing and Configuring the Cisco Unified IP Phone Address Book Synchronizer	226
Feature Support by Protocol for the Cisco Unified IP Phone 7975G, 7971G-GE, 7970G, 7965G, and 7945G	229
Supporting International Users	237
Adding Language Overlays to Phone Buttons	237
Installing the Cisco Unified Communications Manager Locale Installer	237
Support for International Call Logging	238
Technical Specifications	239
Physical and Operating Environment Specifications	239
Cable Specifications	240
Network and Access Port Pinouts	241
Basic Phone Administration Steps	243
Example User Information for these Procedures	243
Adding a User to Cisco Unified Communications Manager	244
Adding a User From an External LDAP Directory	244
Adding a User Directly to Cisco Unified Communications Manager	245
Configuring the Phone	245
Performing Final End User Configuration Steps	249

Match case Limit results 1 per page

1-13

Cisco Unified IP Phone Administration Guide for Cisco Unified Communications Manager 8.5

OL-23092-01

Chapter 1

An Overview of the Cisco Unified IP Phone

Understanding Security Features for Cisco Unified IP Phones

Implementing security in the Cisco Unified Communications Manager system prevents identity theft of

the phone and Cisco Unified Communications Manager server, prevents data tampering, and prevents

call signaling and media stream tampering.

To alleviate these threats, the Cisco Unified IP telephony network establishes and maintains

authenticated and encrypted communication streams between a phone and the server, digitally signs files

before they are transferred to a phone, and encrypts media streams and call signaling between

Cisco Unified IP phones.

The Cisco Unified IP Phones 7975G, 7971G-GE, 7970G, 7965G, and 7945G use the Phone Security

Profile, which defines whether the device is nonsecure, authenticated, or encrypted. For information on

applying the security profile to the phone, refer to

Cisco Unified Communications Manager Security

Guide

If you configure security-related settings in Cisco Unified Communications Manager Administration,

the phone configuration file will contain sensitive information. To ensure the privacy of a configuration

file, you must configure it for encryption. For detailed information, refer to

Configuring Encrypted

Phone Configuration Files

Cisco Unified Communications Manager Security Guide

Table 1-3

shows where you can find additional information about security in this and other documents.

Table 1-3

Cisco Unified IP Phone and Cisco Unified Communications Manager Security Topics

Topic

Reference

Detailed explanation of security, including set up,

configuration, and troubleshooting information for Cisco

Unified Communications Manager and Cisco Unified

IP Phones

Refer to the

Troubleshooting Guide for Cisco Unified

Communications Manager

Security features supported on the Cisco Unified IP Phone

See

Overview of Supported Security Features, page 1-14

Restrictions regarding security features

See

Security Restrictions, page 1-21

Viewing a security profile name

See

Understanding Security Profiles, page 1-16

Identifying phone calls for which security is implemented

See

Identifying Authenticated, Encrypted, and Protected

Phone Calls, page 1-17

TLS connection

See

What Networking Protocols are Used?, page 1-6

See

Understanding Phone Configuration Files, page 2-7

Security and the phone startup process

See

Understanding the Phone Startup Process, page 2-9

Security and phone configuration files

See

Understanding Phone Configuration Files, page 2-7

Changing the TFTP Server 1 or TFTP Server 2 option on the

phone when security is implemented

See

Table 4-2

in the

Network Configuration Menu, page 4-5

Understanding security icons in the Unified CM 1 through

Unified CM 5 options in the Device Configuration Menu on

the phone

See

Unified CM Configuration, page 4-18

Items on the Security Configuration menu that you access

from the Device Configuration menu on the phone

See

Security Configuration Menu, page 4-30

Items on the Security Configuration menu that you access

from the Settings menu on the phone

See

Security Configuration Menu, page 4-36