Home » Cisco Manuals » Telephony » Cisco 7906G » Manual Viewer

Cisco 7906G Administration Guide - Page 34

Feature, Description, Supporting, 1X Authentication on Cisco Unified IP Phones - firmware download

UPC - 882658089343

Add to My Manuals
Save this manual to your list of manuals

Page 34 highlights

Understanding Security Features for Cisco Unified IP Phones Chapter 1 An Overview of the Cisco Unified IP Phone Table 1-3 Overview of Security Features Feature Image authentication 802.1X Authentication Customer-site certificate installation Device authentication File authentication Description Signed binary files (with the extension .sbn) prevent tampering with the firmware image before it is loaded on a phone. Tampering with the image causes a phone to fail the authentication process and reject the new image. The Cisco Unified IP Phone can use 802.1X authentication to request and gain access to the network. See the "Supporting 802.1X Authentication on Cisco Unified IP Phones" section on page 1-23 for more information. Each Cisco Unified IP Phone requires a unique certificate for device authentication. Phones include a manufacturing installed certificate (MIC), but for additional security, you can specify in Cisco Unified Communications Manager Administration that a certificate be installed by using the Certificate Authority Proxy Function (CAPF). Alternatively, you can install an Locally Significant Certificate (LSC) from the Security Configuration menu on the phone. See the "Configuring Security on the Cisco Unified IP Phone" section on page 3-17 for more information. Occurs between the Cisco Unified Communications Manager server and the phone when each entity accepts the certificate of the other entity. Determines whether a secure connection between the phone and a Cisco Unified Communications Manager should occur, and, if necessary, creates a secure signaling path between the entities by using transport layer security (TLS) protocol. Cisco Unified Communications Manager does not register phones configured in authenticated or encrypted mode unless they can be authenticated by the Cisco Unified Communications Manager. Validates digitally signed files that the phone downloads. The phone validates the signature to make sure that file tampering did not occur after the file creation. Files that fail authentication are not written to Flash memory on the phone. The phone rejects such files without further processing. 1-16 Cisco Unified IP Phone 7906G and 7911G for Cisco Unified Communications Manager 6.1 OL-14585-01

Section	Page
Cisco Unified IP Phone 7906G and 7911G Administration Guide for Cisco Unified Communications Manager 6.1	1
Contents	5
Preface	13
An Overview of the Cisco Unified IP Phone	19
Understanding the Cisco Unified IP Phones 7906G and 7911G	20
What Networking Protocols Are Used?	22
What Features are Supported?	27
Feature Overview	28
Configuring Telephony Features	29
Configuring Network Parameters Using the Cisco Unified IP Phone	29
Providing Users with Feature Information	30
Understanding Security Features for Cisco Unified IP Phones	30
Overview of Supported Security Features	33
Understanding Security Profiles	37
Identifying Encrypted and Authenticated Phone Calls	37
Establishing and Identifying Secure Conference Calls	38
Call Security Interactions and Restrictions	39
Supporting 802.1X Authentication on Cisco Unified IP Phones	41
Overview	41
Required Network Components	41
Best Practices-Requirements and Recommendations	42
Security Restrictions	43
Overview of Configuring and Installing Cisco Unified IP Phones	43
Configuring Cisco Unified IP Phones in Cisco Unified Communications Manager	44
Checklist for Configuring the Cisco Unified IP Phones 7906G and 7911G in Cisco Unified Communications Manager	45
Installing Cisco Unified IP Phones	50
Checklist for Installing the Cisco Unified IP Phones 7906G and 7911G	50
Preparing to Install the Cisco Unified IP Phone on Your Network	55
Understanding Interactions with Other Cisco Unified Communications Products	56
Understanding How the Cisco Unified IP Phone Interacts with Cisco Unified Communications Manager	56
Understanding How the Cisco Unified IP Phone Interacts with the VLAN	57
Providing Power to the Cisco Unified IP Phones 7906G and 7911G	58
Power Guidelines	58
Power Outage	59
Obtaining Additional Information about Power	59
Understanding Phone Configuration Files	60
SIP Dial Rules	62
Understanding the Phone Startup Process	62
Adding Phones to the Cisco Unified Communications Manager Database	65
Adding Phones with Auto-Registration	66
Adding Phones with Auto-Registration and TAPS	67
Adding Phones with Cisco Unified Communications Manager Administration	68
Adding Phones with BAT	68
Using Cisco Unified IP Phones with Different Protocols	69
Converting a New Phone from SCCP to SIP	69
Converting an In-Use Phone from SCCP to SIP	70
Converting an In-Use Phone from SIP to SCCP	70
Deploying a Phone in an SCCP and SIP Environment	71
Determining the MAC Address of a Cisco Unified IP Phone	71
Setting Up the Cisco Unified IP Phone	73
Before You Begin	74
Network Requirements	74
Cisco Unified Communications Manager Configuration	75
Understanding the Cisco Unified IP Phones 7906G and 7911G Components	75
Network and Access Ports	76
Handset	76
Speaker	76
Monitor Mode	77
Group Listen Mode	77
Headset	78
Audio Quality Subjective to User	79
Connecting a Headset	79
Using External Devices with Your Cisco Unified IP Phone	80
Installing the Cisco Unified IP Phone	80
Mounting the Phone to a Wall	87
Verifying the Phone Startup Process	88
Configuring Startup Network Settings	88
Configuring Security on the Cisco Unified IP Phone	89
Configuring Settings on the Cisco Unified IP Phone	93
Configuration Menus on the Cisco Unified IP Phones 7906G and 7911G	93
Displaying a Configuration Menu	95
Unlocking and Locking Options	96
Editing the Values of an Option Setting	97
Overview of Options Configurable from a Phone	98
Network Configuration Menu	99
Device Configuration Menu	107
CallManager Configuration Menu	107
SIP Configuration Menu (SIP Phones Only)	109
SIP General Configuration Menu	109
Line Settings Menu	111
Call Preferences Menu (SIP Phones Only)	113
HTTP Configuration Menu	114
Locale Configuration Menu	115
UI Configuration Menu	116
Media Configuration Menu	118
NTP Configuration Menu (SIP Phones Only)	120
Ethernet Configuration Menu	121
Security Configuration Menu	122
QoS Configuration Menu	124
Network Configuration	125
Security Configuration Menu	130
CTL File Screen	132
Trust List Menu	134
802.1X Authentication and Status	135
Configuring Features, Templates, Services, and Users	139
Telephony Features Available for the Cisco Unified IP Phone	140
Configuring Corporate and Personal Directories	159
Configuring Corporate Directories	159
Configuring Personal Directory	160
Modifying Phone Button Templates	160
Configuring Softkey Templates	161
Setting Up Services	161
Adding Users to Cisco Unified Communications Manager	162
Managing the User Options Web Pages	163
Giving Users Access to the User Options Web Pages	164
Specifying Options that Appear on the User Options Web Pages	164
Customizing the Cisco Unified IP Phone	167
Customizing and Modifying Configuration Files	167
Creating Custom Phone Rings	168
Ringlist.xml File Format Requirements	169
PCM File Requirements for Custom Ring Types	170
Configuring a Custom Phone Ring	170
Creating Custom Background Images	171
List.xml File Format Requirements	171
PNG File Requirements for Custom Background Images	172
Configuring a Custom Background Image	173
Configuring Wideband Codec	174
Viewing Model Information, Status, and Statistics on the Cisco Unified IP Phone	177
Model Information Screen	178
Status Menu	179
Status Messages Screen	180
Network Statistics Screen	190
Firmware Versions Screen	191
Call Statistics Screen	192
Monitoring the Cisco Unified IP Phone Remotely	197
Accessing the Web Page for a Phone	198
Disabling and Enabling Web Page Access	199
Device Information	200
Network Configuration	202
Network Statistics	207
Device Logs	210
Streaming Statistics	211
Troubleshooting and Maintenance	217
Resolving Startup Problems	218
Symptom: The Cisco Unified IP Phone Does Not Go Through its Normal Startup Process	218
Symptom: The Cisco Unified IP Phone Does Not Register with Cisco Unified Communications Manager	219
Identifying Error Messages	220
Registering the Phone with Cisco Unified Communications Manager	220
Checking Network Connectivity	220
Verifying TFTP Server Settings	221
Verifying IP Addressing and Routing	221
Verifying DNS Settings	222
Verifying Cisco Unified Communications Manager Settings	222
Cisco Unified Communications Manager and TFTP Services Are Not Running	222
Creating a New Configuration File	223
Registering the Phone with Cisco Unified Communications Manager	224
Cisco Unified IP Phone Resets Unexpectedly	225
Verifying Physical Connection	225
Identifying Intermittent Network Outages	225
Verifying DHCP Settings	226
Checking Static IP Address Settings	226
Verifying Voice VLAN Configuration	226
Verifying that the Phones Have Not Been Intentionally Reset	226
Eliminating DNS or Other Connectivity Errors	227
Checking Power Connection (SIP Phones Only)	228
Troubleshooting Cisco Unified IP Phone Security	228
General Troubleshooting Tips	232
Resetting or Restoring the Cisco Unified IP Phone	237
Performing a Basic Reset	238
Performing a Factory Reset	239
Using the Quality Report Tool	240
Monitoring the Voice Quality of Calls	240
Using Voice Quality Metrics	241
Troubleshooting Tips	242
Where to Go for More Troubleshooting Information	244
Cleaning the Cisco Unified IP Phone	244
Providing Information to Users	245
How Users Obtain Support for the Cisco Unified IP Phone	245
Giving Users Access to the User Options Web Pages	246
How Users Get Copies of Cisco Unified IP Phone Manuals	246
How Users Subscribe to Services and Configure Phone Features	247
How Users Access a Voice Messaging System	247
How Users Configure Personal Directory Entries	248
Applying the Cisco Unified IP Phone Address Book Synchronizer	248
Feature Support by Protocol for Cisco Unified IP Phone 7906G and 7911G	251
Supporting International Users	259
Technical Specifications	261
Physical and Operating Environment Specifications	261
Cable Specifications	262
Network and Access Port Pinouts	262

Match case Limit results 1 per page

Chapter 1

An Overview of the Cisco Unified IP Phone

Understanding Security Features for Cisco Unified IP Phones

1-16

Cisco Unified IP Phone 7906G and 7911G for Cisco Unified Communications Manager 6.1

OL-14585-01

Table 1-3

Overview of Security Features

Feature

Description

Image authentication

Signed binary files (with the extension .sbn) prevent

tampering with the firmware image before it is loaded on a

phone. Tampering with the image causes a phone to fail the

authentication process and reject the new image.

802.1X Authentication

The Cisco Unified IP Phone can use 802.1X authentication to

request and gain access to the network. See the

“Supporting

802.1X Authentication on Cisco Unified IP Phones” section

on page 1-23

for more information.

Customer-site certificate installation

Each Cisco Unified IP Phone requires a unique certificate for

device authentication. Phones include a manufacturing

installed certificate (MIC), but for additional security, you

can specify in Cisco Unified Communications Manager

Administration that a certificate be installed by using the

Certificate Authority Proxy Function (CAPF). Alternatively,

you can install an Locally Significant Certificate (LSC) from

the Security Configuration menu on the phone. See the

“Configuring Security on the Cisco Unified IP Phone”

section on page 3-17

for more information.

Device authentication

Occurs between the Cisco Unified Communications Manager

server and the phone when each entity accepts the certificate

of the other entity. Determines whether a secure connection

between the phone and a Cisco Unified Communications

Manager should occur, and, if necessary, creates a secure

signaling path between the entities by using transport layer

security (TLS) protocol. Cisco Unified Communications

Manager does not register phones configured in authenticated

or encrypted mode unless they can be authenticated by the

Cisco Unified Communications Manager.

File authentication

Validates digitally signed files that the phone downloads. The

phone validates the signature to make sure that file tampering

did not occur after the file creation. Files that fail

authentication are not written to Flash memory on the phone.

The phone rejects such files without further processing.