Home » Cisco Manuals » Telephony » Cisco 7921G » Manual Viewer

Cisco 7921G Administration Guide - Page 23

Feature, Description, Cisco Unified IP Phone 7921G supports only the Secure Hash

UPC - 882658123108

Add to My Manuals
Save this manual to your list of manuals

Page 23 highlights

Chapter 1 Overview of the Cisco Unified Wireless IP Phone 7921G Understanding Security Features for Cisco Unified IP Phones OL-15985-01 Table 1-2 Overview of Security Features (continued) Feature Device authentication File authentication Signaling Authentication Manufacturing installed certificate Secure SRST reference Media encryption Signaling encryption CAPF (Certificate Authority Proxy Function) Security profiles Encrypted configuration files Description Occurs between the Cisco Unified Communications Manager server and the phone when each entity accepts the certificate of the other entity. Determines whether a secure connection between the phone and a Cisco Unified Communications Manager should occur, and, if necessary, creates a secure signaling path between the entities using TLS protocol. Cisco Unified Communications Manager will not register phones unless authenticated by the Cisco Unified Communications Manager. Cisco Unified IP Phone 7921G supports only the Secure Hash Algorithm-1 (SHA-1) signature algorithm. Validates digitally-signed files that the phone downloads. The phone validates the signature to make sure that file tampering did not occur after the file creation. Files that fail authentication are not written to Flash memory on the phone. The phone rejects such files without further processing. Uses the TLS protocol to validate that no tampering has occurred to signaling packets during transmission. Each Cisco Unified IP Phone contains a unique manufacturing installed certificate (MIC), which is used for device authentication. The MIC is a permanent unique proof of identity for the phone, and allows Cisco Unified Communications Manager to authenticate the phone. After you configure a SRST reference for security and then reset the dependent devices in Cisco Unified Communications Manager Administration, the TFTP server adds the SRST certificate to the phone cnf.xml file and sends the file to the phone. A secure phone then uses a TLS connection to interact with the SRST-enabled router. Uses SRTP to ensure that the media streams between supported devices proves secure and that only the intended device receives and reads the data. Includes creating a media master key pair for the devices, delivering the keys to the devices, and securing the delivery of the keys while the keys are in transport. Ensures that all SCCP signaling messages that are sent between the device and the Cisco Unified Communications Manager server are encrypted. Implements parts of the certificate generation procedure that are too processing-intensive for the phone, and it interacts with the phone for key generation and certificate installation. The CAPF can be configured to request certificates from customer-specified certificate authorities on behalf of the phone, or it can be configured to generate certificates locally. Defines whether the phone is non-secure, authenticated, or encrypted. See the "Understanding Security Profiles" section on page 1-10 for more information. Lets you ensure the privacy of phone configuration files. Cisco Unified Wireless IP Phone 7921G Administration Guide for Cisco Unified Communications Manager Release 7.0 1-9

Section	Page
Cisco Unified Wireless IP Phone 7921G Administration Guide for Cisco Unified Communications Manager 7.0	1
Contents	3
Preface	11
Overview	11
Audience	11
Organization	11
Related Documentaton	12
Obtaining Documentation and Submitting a Service Request	13
Cisco Product Security Overview	13
Document Conventions	14
Overview of the Cisco Unified Wireless IP Phone 7921G	15
Understanding the Cisco Unified Wireless IP Phone 7921G	15
Features Supported on the Cisco Unified Wireless IP Phone 7921G	18
Feature Overview	19
Configuring Telephony Features	19
Configuring Network Access for the Phone	19
Providing Users with Feature Information	20
Understanding Security Features for Cisco Unified IP Phones	21
Overview of Supported Security Features	22
Understanding Security Profiles	24
Identifying Encrypted and Authenticated Phone Calls	25
Security Restrictions	25
Overview of Configuring and Installing the Cisco Unified Wireless IP Phone 7921G	25
Configuring the Cisco Unified Wireless IP Phone 7921G in Cisco Unified Communications Manager	26
Installing the Cisco Unified Wireless IP Phone 7921G	26
Overview of the VoIP Wireless Network	29
Understanding the Wireless LAN	29
Understanding WLAN Standards and Technologies	31
802.11 Standards for WLAN Communications	31
Radio Frequency Ranges	31
Wireless Modulation Technologies	32
AP, Channel, and Domain Relationships	32
WLANs and Roaming	34
Components of the VoIP Wireless Network	35
Networking Protocols Used with Cisco Unified Wireless IP Phones	35
Interacting with Cisco Unified Wireless APs	37
Associating to an AP	38
Voice QoS in a Wireless Network	38
Interacting with Cisco Unified Communications Manager	40
Phone Configuration Files and Profile Files	40
Interacting with the DHCP Server	41
Security for Voice Communications in WLANs	42
Authentication Methods	42
Authenticated Key Management	44
Encryption Methods	44
AP Authentication and Encryption Methods	44
VoIP WLAN Configuration	46
Wireless Network Requirements for VoIP	47
Configuring APs for Voice	47
Configuration Tip for Cisco Aironet APs	48
Site Survey Verification	48
Site Survey Verification Tasks	48
Neighbor List Utility	49
Site Survey Utility	50
Setting Up the Cisco Unified Wireless IP Phone 7921G	51
Before You Begin	51
Network Requirements	51
Methods for Adding Phones to Cisco Unified Communications Manager	52
Adding Phones with Auto-Registration	53
Adding Phones with Auto-Registration and TAPS	53
Adding Phones with BAT	54
Adding Phones with Cisco Unified Communications Manager Administration	54
Safety Information	55
Battery Safety Notices	56
Installing the Cisco Unified Wireless IP Phone 7921G	57
Providing Power to the Phone	57
Installing or Removing the Phone Battery	58
Using the Power Supply to Charge the Phone	59
Using the USB Cable to Charge the Phone	61
Installing and Using the Desktop Charger	63
Using the Desktop Charger to Charge the Phone	64
Battery Charging Times Using the Desktop Charger	64
Configuring Wireless LAN Settings	65
Cisco Unified Wireless IP Phone 7921G Web Pages	65
Network Profile Menu on the Cisco Unified Wireless IP Phone 7921G	65
Using a Headset	65
Audio Quality Subjective to the User	65
Connecting Headsets	66
Using External Devices with Cisco Unified IP Phones	66
Powering On the Cisco Unified Wireless IP Phone 7921G	66
Active and Standby Phone Modes	67
Active Mode	67
Standby Mode	68
Understanding the Phone Startup Process	68
Using the Cisco Unified Wireless IP Phone 7921G Web Pages	71
Setting Up Your PC to Configure the Phones	71
Installing the USB Drivers	72
Configuring the USB LAN on the PC	72
Accessing the Phone Web Page	73
Using the USB Cable to Configure Phones	74
Updating Phones Remotely	74
Setting Configuration Privileges for the Phone Web Page	74
Accessing the Configuration Web Page for a Phone	75
HOME: Summary Web Page	77
Configuring Network Profiles	78
Network Profile Settings	78
Configuring Wireless Settings in a Network Profile	83
Configuring Wireless LAN Security	84
Configuring the Authentication Mode	85
Setting the Wireless Security Credentials	85
Configuring the Username and Password	86
Configuring the Pre-shared Key	86
Setting Wireless Encryption	88
Installing Authentication Certificates for EAP-TLS Authentication	89
Configuring PEAP	94
Configuring IP Network Settings	95
Enabling DHCP	95
Disabling DHCP	96
Configuring the Alternate TFTP Server	96
Configuring Advanced Network Profile Settings	97
Configuring USB Settings	98
Configuring Trace Settings	99
Configuring Wavelink Avalanche Server Settings	101
Configuring the Phone Book	101
Importing and Exporting Contacts	102
Importing and Exporting CSV Phone Contact Records	102
Searching the Phone Book Information	104
Updating Phone Book Information	104
Adding a Contact	104
Deleting Contacts	105
Editing Contact Information	105
Assigning A Speed-Dial Hot Key to a Contact Number	105
Using System Settings	106
Viewing Trace Logs	106
Backup Settings for Phone Configuration	107
Using Network Profile Templates	107
Creating a Configuration Template	108
Importing a Configuration Template	109
Upgrading Phone Firmware	110
Changing the Admin Password	110
Viewing the Site Survey Report on the Web	111
Configuring Settings on the Cisco Unified Wireless IP Phone	115
Accessing Network and Phone Settings	115
Configuring Network Profile Settings	116
Accessing a Network Profile	117
Changing the Profile Name	117
Guidelines for Editing Settings in the Network Profile	118
Changing Network Configuration Settings	118
Configuring DHCP Settings	120
Disabling DHCP	120
Configuring an Alternate TFTP Server	121
Changing the Cisco Discovery Protocol Settings	121
Erasing the Configuration	122
Configuring Wireless Settings for the Network Profile	122
Accessing the WLAN Configuration Menu	122
Changing WLAN Configuration Settings	123
Changing Phone Settings	124
Configuring the Security Certificate on the Phone	126
Changing the USB Configuration	127
Configuring the Phone Using the Wavelink Avalanche Server	129
Before You Begin	129
Best Practices	130
Assigning the Wavelink Avalanche Server	130
Assigning the Wavelink Avalanche Server from the Phone	130
Assigning the Wavelink Avalanche Server using the Phone Web Page	131
Setting Up and Using the Phone Configuration Utility	131
Assigning Attributes for the Phone	131
Defining Custom Names and Custom Values on the Phone	132
Defining Custom Parameters from the Phone Web Page	132
Installing the Cisco Unified Wireless IP Phone 7921G Configuration Utility	133
Updating Configuration Files	133
Configuring Profile Settings	134
Configuring USB Settings	137
Configuring Trace Settings	137
Configuring Wavelink Avalanche Server Settings	138
Updating the Phone	139
Configuring Features, Templates, Services, and Users	141
Configuring Cisco Unified Wireless IP Phones	141
Telephony Features Available for the Phone	142
Product-Specific Configuration Options for the Cisco Unified Wireless IP Phone 7921G	153
Configuring Softkey Templates	156
Softkey Templates for the Cisco Unified Wireless IP Phone 7921G	156
Changing Softkeys in a Template	156
Modifying Phone Button Templates	157
Setting Up Services	157
Configuring Corporate and Personal Directories	158
Configuring Corporate Directories	159
Configuring Personal Directory	159
Adding Users to Cisco Unified Communications Manager Administration	159
Managing the User Options Web Pages	160
Giving Users Access to the User Options Web Pages	160
Specifying Options that Appear on the User Options Web Pages	161
Creating Custom Phone Rings	162
Viewing Security, Device, Model, Status, and Call Statistics Information on the Phone	163
Viewing Security Information	163
Accessing the CTL File Screen	165
Trust List Screen	166
Viewing Device Information	166
Viewing Model Information	169
Viewing the Status Menu	170
Viewing the Status Messages	171
Viewing the Current Configuration	174
Viewing Network Statistics	174
Viewing Call Statistics	176
Viewing Firmware Versions	178
Monitoring the Cisco Unified Wireless IP Phone Remotely	181
Accessing the Web Page for a Phone	181
Wireless LAN Statistics	182
Network Statistics	183
Stream Statistics	185
Troubleshooting the Cisco Unified Wireless IP Phone 7921G	187
Resolving Startup and Connectivity Problems	187
Symptom: Incomplete Startup Process	187
Symptom: No Association to Cisco Aironet Access Points	188
Verifying Access Point Settings	188
Symptom: No Registration with Cisco Unified Communications Manager	189
Registering the Phone with Cisco Unified Communications Manager	190
Checking Network Connectivity	190
Verifying TFTP Server Settings	190
Verifying IP Addresses	191
Verifying DNS Settings	191
Verifying Cisco Unified Communications Manager Settings	191
Cisco Communications Manager and TFTP Services are not Running	192
Creating a New Configuration File	193
Resolving Voice Quality and Roaming Problems	193
Symptom: Cisco Unified Wireless IP Phone Resets Unexpectedly	194
Verifying Access Point Settings	194
Identifying Intermittent Network Outages	194
Verifying DHCP Settings	194
Verifying Voice VLAN Configuration	195
Verifying that the Phones Have Not Been Intentionally Reset	195
Eliminating DNS or Other Connectivity Errors	195
Symptom: Audio Problems	196
No Audio During a Connected Call	196
One-Way Audio During a Connected Call	196
Symptom: Improper Roaming and Voice Quality or Lost Connection	197
Voice Quality Deteriorates While Roaming	197
Delays in Voice Conversation While Roaming	197
Phone Loses Connection with Cisco Unified Communications Manager While Roaming	197
Phone Does Not Roam Back to Preferred Band	198
Monitoring the Voice Quality of Calls	198
Using Voice Quality Metrics	199
Troubleshooting Tips	199
General Troubleshooting Information	200
Common Phone Status Messages	200
Troubleshooting Tips for the Cisco Unified Wireless IP Phone 7921G	201
Logging Information for Troubleshooting	203
Using a System Log Server	203
Using the Trace Logs on the Unified IP Phone	203
Erasing the Local Configuration	204
Providing Information to Users By Using a Website	207
How the Cisco Unified Wireless IP Phone Operates	207
How to Care for and Clean the Phone	208
How Users Access the Help System on the Phone	209
How Users Get Copies of Cisco Unified IP Phone Manuals	209
How Users Configure Phone Features and Services	210
How Users Access Voice Messages	210
Supporting International Users	213
Installing the Cisco Unified Communications Manager Locale Installer	213
Support for International Call Logging	214
Physical and Operating Environment Specifications	215
Checklist for Deploying the Cisco Unified Wireless IP Phone 7921G	217
Configuring the Wireless Network	217
Configuration Tip for Cisco Aironet Access Points	218
Configuring QoS Policies	219
Access Point Configuration Settings	219
Controller Settings	219
Switch Configuration	220
Configuring the Cisco Unified Wireless IP Phone 7921G in Cisco Unified Communications Manager	220
Installing the Cisco Unified Wireless IP Phone 7921G	223

Match case Limit results 1 per page

1-9

Cisco Unified Wireless IP Phone 7921G Administration Guide for Cisco Unified Communications Manager Release 7.0

OL-15985-01

Chapter 1

Overview of the Cisco Unified Wireless IP Phone 7921G

Understanding Security Features for Cisco Unified IP Phones

Device authentication

Occurs between the Cisco Unified Communications Manager server

and the phone when each entity accepts the certificate of the other

entity. Determines whether a secure connection between the phone

and a Cisco

Unified

Communications Manager should occur, and, if

necessary, creates a secure signaling path between the entities using

TLS protocol. Cisco Unified Communications Manager will not

Communications Manager.

Cisco Unified IP Phone 7921G supports only the Secure Hash

Algorithm-1 (SHA-1) signature algorithm.

File authentication

Validates digitally-signed files that the phone downloads. The

phone validates the signature to make sure that file tampering did

not occur after the file creation. Files that fail authentication are not

written to Flash memory on the phone. The phone rejects such files

without further processing.

Signaling Authentication

Uses the TLS protocol to validate that no tampering has occurred to

signaling packets during transmission.

Manufacturing installed

certificate

Each Cisco Unified IP Phone contains a unique manufacturing

installed certificate (MIC), which is used for device authentication.

The MIC is a permanent unique proof of identity for the phone, and

allows Cisco Unified Communications Manager to authenticate the

phone.

Secure SRST reference

After you configure a SRST reference for security and then reset the

dependent devices in Cisco Unified Communications Manager

Administration, the TFTP server adds the SRST certificate to the

phone cnf.xml file and sends the file to the phone. A secure phone

then uses a TLS connection to interact with the SRST-enabled

router.

Media encryption

Uses SRTP to ensure that the media streams between supported

devices proves secure and that only the intended device receives

and reads the data. Includes creating a media master key pair for the

devices, delivering the keys to the devices, and securing the

delivery of the keys while the keys are in transport.

Signaling encryption

Ensures that all SCCP signaling messages that are sent between the

device and the Cisco Unified Communications Manager server are

encrypted.

CAPF (Certificate Authority

Proxy Function)

Implements parts of the certificate generation procedure that are too

processing-intensive for the phone, and it interacts with the phone

for key generation and certificate installation. The CAPF can be

configured to request certificates from customer-specified

certificate authorities on behalf of the phone, or it can be configured

to generate certificates locally.

Security profiles

Defines whether the phone is non-secure, authenticated, or

encrypted. See the

“Understanding Security Profiles” section on

page 1-10

for more information.

Encrypted configuration files

Lets you ensure the privacy of phone configuration files.

Table 1-2

Overview of Security Features (continued)

Feature

Description