Cisco 6901 User Manual
Cisco Unified IP Phone 6901 and 6911
Administration Guide for Cisco Unified
Communications Manager 8.5 (SCCP and
SIP)
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Text Part Number: OL-23874-01
THE SPECIFICATIONS AND INFORMATION REGA RDING THE P RODUCTS IN THIS MA NUAL ARE SUBJECT TO CHANGE W ITH OUT NOT ICE. A LL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILIT Y FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRA NTY FO R THE A CCOMPA NYING PRODUCT A RE SET FORTH IN T HE INFORM ATION P ACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The following information is for FCC compliance of Class A devices: This equipment has been tested and found to comply with the limits for a Class A di gital device, pursuant
to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial
environment. This equipment generates, uses, and can radiate radio-frequency energy and, if not installed and used in accordance with the instruction manual, may cause
harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case users will be required
to correct the interference at their own expense.
The following information is for FCC compliance of Class B devices: The equipment described in this manual generates and may radiate radio-frequency energy. If it is not
installed in accordance with Cisco’s installation instructions, it may cause interference with radio and television reception. This equipment has been tested and found to
comply with the limits for a Class B digital device in accordance with the specifications in part 15 of the FCC rules. These specifications are designed to provide reasonable
protection against such interference in a residential installation. However, there is no guarantee that interference will not occur in a particular installation.
Modifying the equipment without Cisco’s written authorization may result in the equipment no longer complying with FCC requirements for Class A or Class B digital
devices. In that event, your right to use the equipment may be limited by FCC regulations, and you may be required to correct any interference to radio or television
communications at your own expense.
You can determine whether your equipment is causing interference by turning it off. If the interference stops, it was probabl y caused by the Cisco equipment or one of its
peripheral devices. If the equipment causes interference to radio or television reception, try to correct the interference by using one or more of the following measures:
• Turn the television or radio antenna until the interference stops.
• Move the equipment to one side or the other of the television or radio.
• Move the equipment farther away from the television or radio.
• Plug the equipment into an outlet that is on a different circuit from the television or radio. (That is, make certain the equipment and the television or radio are on circuits
controlled by different circuit breakers or fuses.)
Modifications to this product not authorized by Ci sco Systems, Inc. cou ld void th e FCC approval and negate your auth ority to op erate the product.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public
domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DO CUMENT FILES AND SOFTWARE OF THESE SUPPL IERS ARE PROVI DED “AS IS” WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAI M ALL WARRANTIE S, EXPRESSED OR
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICUL AR PURPOSE AN D NONINFRINGE MENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOS T PROFITS OR LOSS OR DAMAGE TO DATA ARISIN G OUT OF THE USE OR INABILI TY TO USE THIS MA NUAL, EVEN I F CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SU CH DAMA GES.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this
URL:
www.cisco.com/go/trademarks. Third-party trademarks men tioned are th e propert y of their respecti ve owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1110R)
IMPLIED, INCLUDING, WITHOUT
The Java logo is a trademark or registered trademark of Sun Microsystems, Inc. in the U.S. or other countries.
Cisco Unified IP Phone 6901 and 6911 Administration Guide for Cisco Unified Communications Manager 8.5 (SCCP and SIP)
© 2013 Cisco Systems, Inc. All rights reserved.
CONTENTS
Preface vii
Overview vii
Audience vii
Organization vii
Related Documentation viii
Obtaining Documentation, Obtaining Support, and Security Guidelines ix
Document Conventions x
CHAPTER
1 An Overview of the Cisco Unified IP Phone 1-1
Understanding the Cisco Unified IP Phone 6901 and 6911 1-2
What Networking Protocols are Used? 1-6
What Features are Supported on the Cisco Unified IP Phone 6901 and 6911? 1-9
Feature Overview 1-9
Configuring Telephony Features 1-9
Configuring Network Parameters Using the Cisco Unified IP Phone 1-10
Providing Users with Feature Information 1-10
Understanding Security Features for Cisco Unified IP Phones 1-10
Overview of Supported Security Features 1-13
Understanding Security Profiles 1-15
Identifying Authenticated, Encrypted, and Protected Phone Calls 1-15
Establishing and Identifying Protected Calls 1-16
Call Security Interactions and Restrictions 1-16
Supporting 802.1X Authentication on Cisco Unified IP Phones 1-17
Overview 1-17
Required Network Components 1-18
Best Practices—Requirements and Recommendations 1-19
OL-23874-01
Overview of Configuring and Installing Cisco Unified IP Phones 1-19
Configuring Cisco Unified IP Phones in Cisco Unified Communications Manager 1-20
Checklist for Configuring the Cisco Unified IP Phone 6901 and 6911 in Cisco Unified
Communications Manager
1-21
Installing Cisco Unified IP Phones 1-23
Checklist for Installing the Cisco Unified IP Phone 6901 and 6911 1-23
Terminology Differences 1-24
Cisco Unified IP Phone 6901 and 6911 Administration Guide for Cisco Unified Communications Manager 8.5 (SCCP and SIP)
i
Contents
CHAPTER
2 Preparing to Install the Cisco Unified IP Phone on Your Network 2-1
Understanding Interactions with Other Cisco Unified IP Telephony Products 2-1
Understanding How the Cisco Unified IP Phone Interacts with Cisco Unified Communications
Manager
2-2
Understanding How the Cisco Unified IP Phone 6911 Interacts with the VLAN 2-2
Providing Power to the Cisco Unified IP Phone 2-3
Power Guidelines 2-4
Power Outage 2-4
Obtaining Additional Information About Power 2-5
Understanding Phone Configuration Files 2-5
Understanding the Phone Startup Process 2-6
Adding Phones to the Cisco Unified Communications Manager Database 2-7
Adding Phones with Auto-Registration 2-8
Adding Phones with Auto-Registration and TAPS 2-9
Adding Phones with Cisco Unified Communications Manager Administration 2-10
Adding Phones Using the BAT Phone Template 2-10
Using Cisco Unified IP Phones with Different Protocols 2-11
Converting a New Phone from SCCP to SIP 2-11
Converting an In-Use Phone from One Protocol to the Other Protocol 2-11
Deploying a Phone in an SCCP and SIP Environment 2-12
CHAPTER
Determining the MAC Address for a Cisco Unified IP Phone 2-12
3 Setting Up the Cisco Unified IP Phone 3-1
Before You Begin 3-1
Network Requirements 3-1
Cisco Unified Communications Manager Configuration 3-2
Understanding the Cisco Unified IP Phone 6901 and 6911 Components 3-2
Network and Access Ports 3-2
Handset 3-3
Speakerphone (Cisco Unified IP Phone 6911 Only) 3-3
Installing the Cisco Unified IP Phone 3-4
Footstand 3-7
Higher Viewing Angle 3-8
Lower Viewing Angle 3-8
Mounting the Phone to the Wall 3-9
Verifying the Phone Startup Process 3-9
Configuring Startup Network Settings 3-9
Configuring Security on the Cisco Unified IP Phone 3-10
Cisco Unified IP Phone 6901 and 6911 Administration Guide for Cisco Unified Communications Manager 8.5 (SCCP and SIP)
ii
OL-23874-01
Contents
CHAPTER
CHAPTER
CHAPTER
4 Configuring Settings on the Cisco Unified IP Phone 4-1
Configuring Settings on the Cisco Unified IP Phone 4-1
Phone Settings Options 4-1
Accessing the Phone Configuration Settings 4-2
Accessing the IVR and Configuring Your Phone Setting 4-2
5 Configuring Features, Templates, Services, and Users 5-1
Telephony Features Available for the Cisco Unified IP Phone 5-1
Adding Users to Cisco Unified Communications Manager 5-8
Managing the User Options Web Pages 5-9
Giving Users Access to the User Options Web Pages 5-9
Specifying Options that Appear on the User Options Web Pages 5-11
6 Monitoring the Cisco Unified IP Phone Remotely 6-1
Accessing the Web Page for a Phone 6-2
Disabling and Enabling Web Page Access 6-3
Device Information 6-3
CHAPTER
Network Setup 6-4
Network Statistics 6-7
Device Logs 6-9
Status Messages 6-10
Streaming Statistics 6-13
7 Troubleshooting and Maintenance 7-1
Resolving Startup Problems 7-1
Symptom: The Cisco Unified IP Phone Does Not Go Through its Normal Startup Process 7-2
Symptom: The Cisco Unified IP Phone Does Not Register with Cisco Unified Communications
Manager
7-2
Identifying Error Messages 7-3
Checking Network Connectivity 7-3
Verifying TFTP Server Settings 7-3
Verifying IP Addressing and Routing 7-3
Cisco CallManager and TFTP Services Are Not Running 7-4
Creating a New Configuration File 7-4
Registering the Phone with Cisco Unified Communications Manager 7-5
Symptom: Cisco Unified IP Phone Unable to Obtain IP Address 7-5
OL-23874-01
Cisco Unified IP Phone Resets Unexpectedly 7-6
Verifying the Physical Connection 7-6
Cisco Unified IP Phone 6901 and 6911 Administration Guide for Cisco Unified Communications Manager 8.5 (SCCP and SIP)
iii
Contents
Identifying Intermittent Network Outages 7-6
Verifying DHCP Settings 7-6
Checking Static IP Address Settings 7-7
Verifying the Voice VLAN Configuration 7-7
Verifying that the Phones Have Not Been Intentionally Reset 7-7
Eliminating DNS or Other Connectivity Errors 7-7
Checking Power Connection 7-8
General Troubleshooting Tips 7-8
Resetting or Restoring the Cisco Unified IP Phone 7-10
Performing a Basic Reset 7-10
Performing a Factory Reset 7-10
Monitoring the Voice Quality of Calls 7-11
Using Voice Quality Metrics 7-11
Troubleshooting Tips 7-12
APPENDIX
APPENDIX
APPENDIX
Where to Go for More Troubleshooting Information 7-13
Cleaning the Cisco Unified IP Phone 7-13
A Providing Information to Users Via a Website A-1
How Users Obtain Support for the Cisco Unified IP Phone A-1
Giving Users Access to the User Options Web Pages A-1
How Users Configure Phone Features A-2
How Users Access a Voice Messaging System A-2
B Supporting International Users B-1
Installing the Cisco Unified Communications Manager Locale Installer B-1
C Technical Specifications C-1
Physical and Operating Environment Specifications C-1
Cable Specifications C-2
Network and Access Port Pinouts C-3
APPENDIX
iv
D Basic Phone Administration Steps D-1
Example User Information for These Procedures D-1
Adding a User to Cisco Unified Communications Manager D-2
Adding a User From an External LDAP Directory D-2
Adding a User Directly to Cisco Unified Communications Manager D-2
Configuring the Phone D-3
Cisco Unified IP Phone 6901 and 6911 Administration Guide for Cisco Unified Communications Manager 8.5 (SCCP and SIP)
OL-23874-01
Performing Final End User Configuration Steps D-6
Contents
APPENDIX
APPENDIX
APPENDIX
I
NDEX
E Installing the Wall Mount for the Cisco Unified IP Phone 6901 and 6911 E-1
Installing a Wall Mount for the Cisco Unified IP Phone 6901 E-1
Before You Begin E-2
Installing the Phone on Wall Mount Plate E-3
Installing a Wall Mount for the Cisco Unified IP Phone 6911 E-7
Before You Begin E-7
Installing the Bracket E-8
F Cisco Unified IP Phone Non-Lockable Wall Mount F-1
ADA Non-Lockable Wall Mount Kit for 6900 Series F-1
Components F-2
Before You Begin F-3
Install Non-Lockable Wall Mount Kit for Phone F-3
Remove Phone from Non-Lockable Wall Mount F-6
G Feature Support by Protocol for the Cisco Unified IP Phone 6901 and 6911 G-1
OL-23874-01
Cisco Unified IP Phone 6901 and 6911 Administration Guide for Cisco Unified Communications Manager 8.5 (SCCP and SIP)
v
Contents
vi
Cisco Unified IP Phone 6901 and 6911 Administration Guide for Cisco Unified Communications Manager 8.5 (SCCP and SIP)
OL-23874-01
Overview
Preface
Cisco Unified IP Phone 6901 and 6911 Administration Guide for Cisco Unified Communications
Manager 8.5 (SCCP and SIP) provides the information you need to understand, install, configure,
manage, and troubleshoot the phones on a Voice-over-IP (VoIP) network.
Because of the complexity of an IP telephony network, this g uide does not provide complete and detailed
information for procedures that you need to perform in Cisco Unified Communications Man ager or other
network devices. See the
“Related Documentation” section on page viii.
Audience
Network engineers, system administrators, or telecom engineers should review this guide to learn the
steps required to properly set up the Cisco Unified
The tasks described are administration-level tasks and are not intended for end-users of the phones.
Many of the tasks involve configuring network settings and affect the phone’s ability to function in the
network.
Because of the close interaction between the Cisco Unified IP Phone and Cisco Unified
Communications Manager, many of the tasks in this manual require familiarity with Cisco Unified
Communications Manager.
IP Phone on the network.
Organization
This manual is organized as follows:
Chapter Description
Chapter 1, “An Overview of the Cisco
Unified IP Phone”
Chapter 2, “Preparing to Install the Cisco Unified IP
Phone on Your Network”
Chapter 3, “Setting Up the Cisco Unified IP Phon e” Describes how to properly and safely install and config ure the Cisco
Provides a conceptual overview and description of the Cisco
Unified
Describes how the Cisco Unified IP Phone int eracts with o ther key
IP telephony components, and provides an overview of the tasks
required prior to installation.
Unified
IP Phone.
IP Phone on your network.
OL-23874-01
Cisco Unified IP Phone 6901 and 6911 Administration Guide for Cisco Unified Communications Manager 8.5 (SCCP and SIP)
vii
Preface
Chapter 4, “Configuring Settings on the Cisco
Unified IP Phone”
Chapter 5, “Configuring Features, Templates,
Services, and Users”
Chapter 6, “Monitoring the Cisco Unified IP Phone
Remotely”
Chapter 7, “Troubleshooting and Maintenance” Provides tips for troubleshooting the Cisco Unified IP Phone.
Appendix A, “Providing Information to Users Via a
Website”
Appendix B, “Supporting International Users” Provides information about setting up phones in non-English
Appendix C, “Technical Specifications” Provides technical specifications of the Cisco Unified IP Phone.
Appendix D, “Basic Phone Administration Steps” Provides procedures for basic administration tasks such as adding a
Appendix E, “Installing the Wall Mount for the
Cisco Unified IP Phone 6901 and 6911”
Appendix F, “Cisco Unified IP Phone Non-Lockable
Wall Mount”
Appendix G, “Feature Support by Protocol for the
Cisco Unified IP Phone 6901 and 6911”
Describes how to configure network settings, verify status, and make
global changes to the Cisco Unified
Provides an overview of procedures for configuring telephony
features, configuring directories, configuring phone button, and
adding users to Cisco Unified
Describes the information that you can obtain from the phone’s web
page to remotely monitor the operation of a phone and to assist with
troubleshooting.
Provides suggestions for setting up a website for providing users
with important information about their Cisco Unified IP Phones.
environments.
user and phone to Cisco Unified Communications Manager and then
associating the user to the phone.
Contains instructions for installing the wall mount for the Cisco
Unified
Contains instructions for installing the Cisco Unified IP Phone
Non-Lockable Wall Mount for the Cisco Unified IP Phone 6911.
Describes the features supported by each protocol (SCCP and SIP).
IP Phone.
IP Phone.
Communications Manager.
Related Documentation
For more information about Cisco Unified IP Phones or Cisco Unified Communications Manager, refer
to the following publications:
Cisco Unified IP Phone 6900 Series
Related publications are available at the following URL:
http://www.cisco.com/en/US/products/ps10326/tsd_products_support_series_home.html
Cisco Unified Communications Manager Administration
Related publications are available at the following URL:
http://www.cisco.com/en/US/products/sw/voicesw/ps556/tsd_products_support_series_home.html
Cisco Unified Communications Manager Business Edition
Related publications are available at the following URL:
http://www.cisco.com/en/US/products/ps7273/tsd_products_support_series_home.html
viii
Cisco Unified IP Phone 6901 and 6911 Administration Guide for Cisco Unified Communications Manager 8.5 (SCCP and SIP)
OL-23874-01
Preface
Obtaining Documentation, Obtaining Support, and Security
Guidelines
For information on obtaining documentation, obtaining support, providing documentation feedback,
security guidelines, and also recommended aliases and general Cisco do cuments, see the monthly What’s
New in Cisco Product Documentation, which also lists all new and revised Cisco technical
documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS)
feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds
are a free service and Cisco currently supports RSS Version 2.0.
Cisco Product Security Overview
This product contains cryptographic features and is subject to United States and local country laws
governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors
and users are responsible for compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local
laws, return this product immediately.
Further information regarding U.S. export regulations may be found at
http://www.access.gpo.gov/bis/ear/ear_data.html.
OL-23874-01
Cisco Unified IP Phone 6901 and 6911 Administration Guide for Cisco Unified Communications Manager 8.5 (SCCP and SIP)
ix
Document Conventions
This document uses the following conventions:
Convention Description
boldface font Commands and keywords are in boldface.
italic font Arguments for which you supply values are in italics.
[ ] Elements in square brackets are optional.
{ x | y | z } Alternative keywords are grouped in braces and separated by vertical bars.
[ x | y | z ] Optional alternative keywords are grouped in brackets and separated by
string A nonquoted set of characters. Do not use quotation marks around the
screen font Terminal sessions and information the system displays are in screen font.
boldface screen font Information you must enter is in boldface screen font.
italic screen font Arguments for which you supply values are in italic screen font.
^ The symbol ^ represents the key labeled Control—for example, the key
< > Nonprinting characters, such as passwords are in angle brackets.
Preface
vertical bars.
string or the string will include the quotation marks.
combination ^D in a screen disp lay means hold d own the Co ntrol key
while you press the D key.
Note Means reader take note. Notes contain helpful suggestions or references to material not covered in the
publication.
Caution Means read er be caref ul. In this situation, you might do something that could result in equipment
damage or loss of data.
Warnings use the following convention:
Warning
IMPORTANT SAFETY INSTRUCTIONS
This warning symbol means danger. You are in a situation that could cause bodily injury. Before
you work on any equipment, be aware of the hazards involved with electrical circuitry and be
familiar with standard practices for preventing accidents. Use the statement number provided at
the end of each warning to locate its translation in the translated safety warnings that
accompanied this device.
SAVE THESE INSTRUCTIONS
Statement 1071
Cisco Unified IP Phone 6901 and 6911 Administration Guide for Cisco Unified Communications Manager 8.5 (SCCP and SIP)
x
OL-23874-01
CHAP T E R
1
An Overview of the Cisco Unified IP Phone
The Cisco Unified IP Phone 6901 and 6911 provide voice communication over an Internet Protocol (IP)
network. The Cisco
place and receive phone calls. In addition, the phone includes the following:
• The Cisco Unified IP Phone 6901 supports basic features such as hold, redial, transfer, and
conference.
• The Cisco Unified IP Phone 6911 supports features such as mute, hold, transfer, conference, speed
dial, call forward, and more.
A Cisco Unified IP Phone, like other network devices, must be configured and managed. These phones
encode G.711a, G.711µ, G.729a, and iLBC, and decode G.711a, G.711µ, G.729, G.729ab and iLBC.
This chapter includes the following topics:
• Understanding the Cisco Unified IP Phone 6901 and 6911, page 1-2
• What Networking Protocols are Used?, page 1-6
• What Features are Supported on the Cisco Unified IP Phone 6901 and 6911?, page 1-9
• Overview of Configuring and Installing Cisco Unified IP Phones, page 1-19
Unified IP Phone functions much like a digital business phone, allowing you to
OL-23874-01
• Terminology Differences, page 1-24
Caution Using a cell, mobile, or GSM phone, or two-way radio in close proximity to a Cisco Unified IP Phone
might cause interference. For more information, refer to the manufacturer’s documentation of the
interfering device.
Cisco Unified IP Phone 6901 and 6911 Administration Guide for Cisco Unified Communications Manager 8.5 (SCCP and SIP)
1-1
Chapter 1 An Overview of the Cisco Unified IP Phone
Understanding the Cisco Unified IP Phone 6901 and 6911
Understanding the Cisco Unified IP Phone 6901 and 6911
Figure 1-1 shows the main components of the Cisco Unified IP Phone 6901.
Figure 1-1 Cisco Unified IP Phone 6901
7
1
2
3
4
+
6
Table 1-1 describes the buttons on the Cisco Unified IP Phone 6901.
Ta b l e 1-1 Features on the Cisco Unified IP Phone 6901
1 Hookswitch Activates the features (hookflash) on your phone.
2 Hold button Places an active call on hold.
5
195793
3 Redial button
Cisco Unified IP Phone 6901 and 6911 Administration Guide for Cisco Unified Communications Manager 8.5 (SCCP and SIP)
1-2
Dials the last dialed number.
OL-23874-01
Chapter 1 An Overview of the Cisco Unified IP Phone
Understanding the Cisco Unified IP Phone 6901 and 6911
4 Line button Allows users to pick up second incoming call. The line button LED shows
call status.
The line button enables users to answer an incoming call and swap between
two calls on the line. The LED associated with the line button lights up to
reflect the line status.
The line button illuminates to indicate status:
• Green, steady—Active call
• Green, flashing—Held call
• Amber, flashing—Incoming call
• Amber, steady—Call Forward All activated
• Red, steady—Remote line in use (sha red li ne)
• Red, flashing—Remote line on hold
5 Volume button Controls the handset and the ringer volume (on-hook).
6 Keypad Allows you to dial phone numbers, *, and #, and choose menu items (by
entering the item number).
7 Handset light strip Lights up to indicate a ringing call (flashing red) or a new voice message
(steady red).
OL-23874-01
Cisco Unified IP Phone 6901 and 6911 Administration Guide for Cisco Unified Communications Manager 8.5 (SCCP and SIP)
1-3
Understanding the Cisco Unified IP Phone 6901 and 6911
Figure 1-2 shows the main components of the Cisco Unified IP Phone 6911.
Figure 1-2 Cisco Unified IP Phone 6911
1 2
14
Chapter 1 An Overview of the Cisco Unified IP Phone
13
12
11
3
4
5
10
6
9
+
7
8
195778
Table 1-2 describes the buttons on the Cisco Unified IP Phone 6911.
Ta b l e 1-2 Features on the Cisco Unified IP Phone 6911
1 Handset light strip Lights up to indicate a ringing call (flashing red) or a new voice messag e (steady
red).
Phone Template A paper strip where you can enter names and contact numbers.
2
3 Transfer button Transfers a call.
4 Conference button Creates a conference call.
5 Hold button Places an active call on hold.
Cisco Unified IP Phone 6901 and 6911 Administration Guide for Cisco Unified Communications Manager 8.5 (SCCP and SIP)
1-4
OL-23874-01
Chapter 1 An Overview of the Cisco Unified IP Phone
Understanding the Cisco Unified IP Phone 6901 and 6911
6 Line button Allows users to pick up an incoming call. The line button LED shows call status.
The line button enables users to answer an incoming call and swap between two
calls on the line. The LED associated with the line button lights up to reflect the
line status.
The line button illuminates to indicate status:
• Green, steady—Active call
• Green, flashing—Held call
• Amber, flashing—Incoming call
• Amber, steady—Call Forward All activated
• Red, steady—Remote line in use (sha red li ne)
• Red, flashing—Remote line on hold
7 Speakerphone
button
8 Keypad Allows you to dial phone numbers, *, and #, and choose menu i tems (by enteri ng
9 Mute button Toggles the microphone on or off. When the microphone is muted, the button is
Selects the speakerphone as the default audio path and initiates a new call, picks
up an incoming call, or ends a call. During a call, the button is lit green. The
speakerphone audio path does not change until a new default audio path is
selected (for example, by picking up the handset).
the item number).
lit red.
10 Volume button Controls the handset and speakerphone volume (of f-hook) and the ringer vol ume
(on-hook).
11 Messages button Auto-dials your voice messaging service (varies by service).
12 Redial Dials the last dialed number.
13 Feature button Depending on how the phone is set up in Cisco Unified Communications
Manager, the programmabl e feature button provides access to the Speed dialing,
Call Forward, Pickup, Group Pickup, and Meet Me features. Users can configure
up to nine items on the feature key. The user accesses each of these features by
pressing the feature key followed by the number associated with the feature. The
number must be pressed within five seconds of pressing the feature key. The
number can only be a single digit number from 1-9.
These features can be accessed off-hook or on-hook.
• Call Forward—Allows you to forward a call.
• Pickup—Allows you to pickup a call on the third-party phone.
• Group Pickup—Allows you to pick up a call within a group.
• Meet Me—Allows you to setup a conference.
• Speed Dial—Allows you to dial a specific number that has been previou sly
stored.
OL-23874-01
Cisco Unified IP Phone 6901 and 6911 Administration Guide for Cisco Unified Communications Manager 8.5 (SCCP and SIP)
1-5
Chapter 1 An Overview of the Cisco Unified IP Phone
What Networking Protocols are Used?
14 Handset Phone handset.
What Networking Protocols are Used?
Cisco Unified IP Phones support several industry-standard and Cisco networking protocols required for
voice communication.
Cisco Unified IP Phone 6901 and 6911 support.
Ta b l e 1-3 Supported Networking Protocols on the Cisco Unified IP Phone
Networking Protocol Purpose Usage Notes
Cisco Audio Session
Tunneling (CAST)
(Cisco Unified IP Phone
6911 only)
Cisco Discovery Protocol
(CDP)
Dynamic Host
Configuration Protocol
(DHCP)
Hypertext Transfer
Protocol (HTTP)
The CAST protocol allows IP phones and
associated applications behind the phone
to discover and communicate with the
remote endpoints without requiring
changes to the traditional signaling
components like Cisco Unified
Communications Manager and g ateways.
The CAST protocol allows separate
hardware devices to synchronize related
media and it allows PC applications to
augment non Video capable phones to
become video enabled by using the PC as
the video resource.
CDP is a device-discovery protocol that
runs on all Cisco-manufactured
equipment.
Using CDP, a device can advertise its
existence to other devices and receive
information about other devices in the
network.
DHCP dynamically allocates and assigns
an IP address to network devices.
DHCP enables you to connect an IP phone
into the network and have the phone
become operational without your needing
to manually assign an IP address or to
configure additional network parameters.
HTTP is the standard way of transferring
information and moving documents across
the Internet and the web.
Table 1-3 provides an overview of the networking protocols that the
—
The Cisco Unified IP Phone uses CDP to
communicate information such as auxiliary VLAN ID,
per port power management details, and Quality of
Service (QoS) configuration information with the
Cisco Catalyst switch.
DHCP is enabled by default. If disabled, you must
manually configure the IP address, subnet mask,
gateway, and a TFTP server on each phone locally.
Cisco recommends that you use DHCP custom
option 150. With this method, you configure the
TFTP server IP address as the option value. For
additional supported DHCP configurations, go to
the
Dynamic Host Configuration Protocol chapter
and the Cisco TFTP chapter in the Cisco Unified
Communications Manager System Guide.
Note If you cannot use option 150, you may try
using DHCP option 66.
Cisco Unified IP Phones use HTTP for
troubleshooting purposes.
1-6
Cisco Unified IP Phone 6901 and 6911 Administration Guide for Cisco Unified Communications Manager 8.5 (SCCP and SIP)
OL-23874-01
Chapter 1 An Overview of the Cisco Unified IP Phone
What Networking Protocols are Used?
Table 1-3 Supported Networking Protocols on the Cisco Unified IP Phone (continued)
Networking Protocol Purpose Usage Notes
IEEE 802.1X The IEEE 802.1X standard defines a
client-server-based access control and
authentication protocol that restricts
unauthorized clients from connecting to a
LAN through publicly accessible ports.
Until the client is authenticated, 802.1X
access control allows only Extensible
Authentication Protocol over LAN
(EAPOL) traffic through the port to which
the client is connected. After
authentication is successful, normal traffic
can pass through the port.
Internet Protocol (IP) IP is a messaging protocol that addresses
and sends packets across the network.
Link Layer Discovery
Protocol (LLDP)
(Cisco Unified IP Phone
LLDP is a standardized network discovery
protocol (similar to CDP) that is supported
on some Cisco and third-party devices.
6911 only)
Link Layer Discovery
Protocol-Media Endpoint
LLDP-MED is an extension of the LLDP
standard developed for voice products.
Devices (LLDP-MED)
The Cisco Unified IP Phone implements the IEEE
802.1X standard by providing suppo rt for the
following authentication methods: EAP-FAST and
EAP-TLS.
When 802.1X authentication is enabled on the
phone, you should disable the voice VLAN. Refer to
the
“Supporting 802.1X Authentication on Cisco
Unified IP Phones” section on page 1-17 for
additional information.
To communicate using IP, network devices must
have an assigned IP address, subnet, and gatewa y.
IP addresses, subnets, and gateways identificati ons
are automatically assigned if you are using the
Cisco Unified
IP Phone with Dynamic Host
Configuration Protocol (DHCP). If you are not
using DHCP, you must manually assign these
properties to each phone locally.
The Cisco Unified IP Phone supports LLDP on the
switch and PC port.
The Cisco Unified IP Phone supports LLDP-MED
on th e S W p o r t t o communicate information such as:
• Voice VLAN configuration
• Device discovery
Real-Time Transport
Protocol (RTP)
Real-Time Control
Protocol (RTCP)
Cisco Unified IP Phone 6901 and 6911 Administration Guide for Cisco Unified Communications Manager 8.5 (SCCP and SIP)
OL-23874-01
RTP is a standard protocol for transporting
real-time data, such as interactive voice
and video, over data networks.
RTCP works in conjunction with RTP to
provide QoS data (such as jitter, latency,
and round trip delay) on RTP streams.
• Power management
• Inventory management
For more information about LLDP-MED support,
see the LLDP-MED and Cisco Discovery Protocol
white paper:
http://www.cisco.com/en/US/technologies/tk652/tk
701/technologies_white_paper0900aecd804cd46d.
html
Cisco Unified IP Phones use the RTP protocol to
send and receive real-time voice traffic from other
phones and gateways.
RTCP is disabled by default, but you can enable it
on a per phone basis by using Cis co
Unified
Communications Manager.
1-7
Chapter 1 An Overview of the Cisco Unified IP Phone
What Networking Protocols are Used?
Table 1-3 Supported Networking Protocols on the Cisco Unified IP Phone (continued)
Networking Protocol Purpose Usage Notes
Session Initiation Protocol
(SIP)
Skinny Client Control
Protocol (SCCP)
Transmission Control
Protocol (TCP)
Transport Layer Security
(TLS)
Trivial File Transfer
Protocol (TFTP)
SIP is the Internet Engineering T ask Force
(IETF) standard for multimedia
conferencing over IP. SIP is an
ASCII-based application-layer control
protocol (defined in RFC 3261) that can be
used to establish, maintain, and terminate
calls between two or more endpoints.
SCCP includes a messaging set that allows
communications between call control
servers and endpoint clients such as IP
Phones. SCCP is proprietary to Cisco
Systems.
TCP is a connection-oriented transport
protocol.
TLS is a standard protocol for securing
and authenticating communications.
TFTP allows you to transfer files over the
network.
On the Cisco Unified IP Phone, TFTP
enables you to obtain a configuration file
specific to the phone type.
Like other VoIP protocols, SIP is designed to
address the functions of signaling and session
management within a packet telephony network.
Signaling allows call information to be carried
across network boundaries. Session management
provides the ability to control the attributes of an
end-to-end call.
Y ou can configure the Ci sco Unified IP Phone to use
either SIP or Skinny Client Control Protocol
(SCCP).
Cisco Unified IP Phone 6901 and 6911 use SCCP,
version 20 for call control.
Cisco Unified IP Phones use TCP to connect to
Cisco Unified Communicati ons Mana ger.
When security is implemented, Cisco
Unified
IP Phones use the TLS protocol when
securely registering with Cisco
Unified
Communications Manager.
For more information, refer to the Cisco Unified
Communications Manager Security Guide.
TFTP requires a TFTP server in your network,
which can be automatically identified from the
DHCP server. If you want a phone to use a TFTP
server other than the one specified by the DHCP
server, you must manually assign the IP address of
the TFTP server by using the Network
Configuration menu on the phone.
User Datagram Protocol
(UDP)
Related Topics
• Understanding Interactions with Other Cisco Unified IP Telephony Products, page 2-1
• Understanding the Phone Startup Process, page 2-6
Cisco Unified IP Phone 6901 and 6911 Administration Guide for Cisco Unified Communications Manager 8.5 (SCCP and SIP)
1-8
UDP is a connectionless messaging
protocol for delivery of data packets.
For more information, go to the Cisco TFTP chapter
in the Cisco Unified Communications Manager
System Guide.
Cisco Unified IP Phones transmit and receive RTP
streams, which utilize UDP.
OL-23874-01
Chapter 1 An Overview of the Cisco Unified IP Phone
What Features are Supported on the Cisco Unified IP Phone 6901 and 6911?
What Features are Supported on the Cisco Unified
Phone 6901 and 6911?
IP
Cisco Unified IP Phones function much like a digital business phone, allowing you to place and receive
phone calls. In addition to traditional telephony features, the Cisco Unified IP Phone includes features
that enable you to administer and monitor the phone as a network device.
This section includes the following topics:
• Feature Overview, page 1-9
• Configuring Telephony Features, page 1-9
• Configuring Network Parameters Using the Cisco Unified IP Phone, page 1-10
• Providing Users with Feature Information, page 1-10
Feature Overview
Cisco Unified IP Phones provide traditional telephony functionality, such as call forwarding and
transferring, redialing, confer ence calling , and voice messaging system access. Cisco
also provide a variety of other features. For an overview of the telephony features that the
Cisco
Unified IP Phone supports and for tips on configuring them, see the “Telephony Features
Available for the Cisco Unified IP Phone” se ction on page 5-1.
As with other network devices, you must configure Cisco Unified IP Phones to prepare them to access
Cisco
Unified Communications Manager and the rest of the IP network. By using DHCP, you have fewer
settings to configure on a phone, but if your network requires it, you can manually configure an IP
address, TFTP server, subnet information, and so on. For instructions on configuring the network
settings on the Cisco
Phone.”
Finally, because the Cisco Unified IP Phone is a network device, yo u can ob tain det ailed status
information from it directly. This information can assist you with troubleshooting any problems users
might encounter when using their IP phones.
Unified IP Phones, see Chapter 4, “Configuring Settings on the Cisco Unified IP
Unified IP phones
Related Topics
• Configuring Settings on the Cisco Unified IP Phone, page 4-1
• Configuring Features, Templates, Services, and Users, page 5-1
• Troubleshooting and Maintenance, page 7-1
Configuring Telephony Features
You can modify additional settings for the Cisco Unified IP Phone from Cisco Unified Communications
Manager Administration. Use Cisco Unified Communications Manager Administration to set up phone
registration criteria and calling search spaces, among other tasks. See the
for the Cisco Unified IP Phone” section on page 5-1 and the Cisco Unified Communications Manager
documentation for additional information.
Cisco Unified IP Phone 6901 and 6911 Administration Guide for Cisco Unified Communications Manager 8.5 (SCCP and SIP)
OL-23874-01
“T elephony Features A vailable
1-9
Chapter 1 An Overview of the Cisco Unified IP Phone
Understanding Security Features for Cisco Unified IP Phones
For more information about Cisco Unified Communications Manager Administration, refer to
Cisco
Unified Communications Manager documentation, including Cisco Unified Communications
Manager Administration Guide. You can also use the context-sensitive help available within the
application for guidance.
You can access Cisco Unified Communications Manager documentation at this location:
http://www.cisco.com/en/US/products/sw/voicesw/ps556/tsd_products_support_series_home.html
You can access Cisco Unified Communications Manager Business Edition documentation at this
location:
http://www.cisco.com/en/US/products/ps7273/tsd_products_support_series_home.html
Related Topic
• Telephony Features Available for the Cisco Unified IP Phone, page 5-1
Configuring Network Parameters Using the Cisco Unified IP Phone
Y ou configure parameters such as DHCP, TFTP , and IP setting s on the phone itself. For more information
about configuring settings and viewing statistics from the phone, see
on the Cisco Unified IP Phone”.
Chapter 4, “Configuring Settings
Providing Users with Feature Information
If you are a system administrator, you ar e likely th e pr imary source of in for mation for Ci sco Unified IP
Phone users in your network or company. To ensure that you distribute the most current feature and
procedural information, familiarize yourself with Cisco
Cisco
Unified IP Phone web site:
http://www.cisco.com/en/US/products/ps10326/tsd_products_support_series_home.html
From this site, you can view various user documentation.
In addition to providing documentation, it is important to inform users of available Cisco Unified IP
Phone features—including those specific to your company or network—and of how to access and
customize those features, if appropriate.
For a summary of some of the key information that phone users need their system administrators to
provide, see
Appendix A, “Providing Information to Users Via a Website.”
Unified IP Phone documentation on the
Understanding Security Features for Cisco Unified IP Phones
Implementing security in the Cisco Unified Communications Manager system prevents identity theft of
the phone and Cisco
call signaling and media stream tampering.
To alleviate these threats, the Cisco IP telephony network establishes and maintains authenticated and
encrypted communication streams between a phone and the server, digitally signs files before they are
transferred to a phone, and encrypts media streams and call signaling between Cisco
The Cisco Unified IP Phone 6901 and 6911 use the Phone security profile, which defines whether the
device is nonsecure, authenticated, or encrypted. For information on applying the security profile to the
phone, refer to the Cisco Unified Communications Manager Security Guide.
Unified Communications Manager server, prevents data tampering, and prevents
Unified IP phones.
1-10
Cisco Unified IP Phone 6901 and 6911 Administration Guide for Cisco Unified Communications Manager 8.5 (SCCP and SIP)
OL-23874-01
Chapter 1 An Overview of the Cisco Unified IP Phone
If you configure security-related settings in Cisco Unified Communications Manager Administration,
the phone configuration file will contain sensitive information. To ensure the privacy of a configuration
file, you must configure it for encryption. For detailed in formation, ref er to the “Confi guring Encrypted
Phone Configuration Files” chapter in Cisco Unified Communications Manager Security Guide.
Understanding Security Features for Cisco Unified IP Phones
OL-23874-01
Cisco Unified IP Phone 6901 and 6911 Administration Guide for Cisco Unified Communications Manager 8.5 (SCCP and SIP)
1-11
Chapter 1 An Overview of the Cisco Unified IP Phone
Understanding Security Features for Cisco Unified IP Phones
Table 1-4 shows where you can find additional information about security in this and other documents.
Ta b l e 1-4 Cisco Unified IP Phone and Cisco Unified Communications Manager Security Topics
Topic Reference
Detailed explanation of security, including set up,
configuration, and troubleshooting information for Cisco
Unified
Communications Manager and Cisco Unified IP
Phones
Security features supported on the Cisco Unified IP Phone See the “Overview of Supported Security Features” section on
Viewing a security profile name See the Table 1-5 for an overview of the security features
Identifying phone calls for which security is implemented See the “Identifying Authenticated, Encrypted, and Protected
TLS connection • See the “What Networking Protocols are Used?” section
Refer to the Troubleshooting Guide for Cisco Unified
Communications Manager
page 1-13
supported by the Cisco Unified IP Phone 6901 and 6911. For
more information about these features and about Cisco Unified
Communications Manager and Cisco Unified IP Phone
security, refer to the Cisco Unified Communications Manager
Security Guide.
Phone Calls” section on page 1-15
on page 1-6
• See the “Adding Phones to the Cisco Unified
Communications Manager Database” section on page 2-7
Security and the phone startup process See the “Understanding the Phone Startup Process” section on
page 2-6
Security and phone configuration files See the “Adding Phones to the Cisco Unif ied Communications
Manager Database” section on page 2-7
Disabling access to a phone’s web pages See the “Disabling and Enabling W eb Page Access” section on
page 6-3
Troubleshooting • See the “Troubleshooting and Maintenance” section on
page 7-1
• Refer to the Troubleshooting Guide for Cisco Unified
Communications Manager
Deleting the CTL file from the phone See the “Resetting or Restoring the Cisco Unified IP Phone”
section on page 7-10
Resetting or restoring the phone See the “Resetting or Restoring the Cisco Unified IP Phone”
section on page 7-10
802.1X Authentication for Cisco Unified IP Phones See these sections:
• “Supporting 802.1X Authentication on Cisco Unified IP
Phones” section on page 1-17
• “Troubleshooting and Maintenance” section on page 7-1
1-12
Cisco Unified IP Phone 6901 and 6911 Administration Guide for Cisco Unified Communications Manager 8.5 (SCCP and SIP)
OL-23874-01
Chapter 1 An Overview of the Cisco Unified IP Phone
Understanding Security Features for Cisco Unified IP Phones
Overview of Supported Security Features
Table 1-5 provides an overview of the security feature s that the Cisco Unified IP Phone 6901 and 6911
support. For more information about these features and about Cisco Unified Communications Manager
and Cisco
Note Most security features are available only if a certificate trust list (CTL) is installed on the phone. For
more information about the CTL, refer to “Configuring the Cisco CTL Client ” chapter in Cisco U ni fied
Communications Manager Security Guide.
Ta b l e 1-5 Overview of Security Features
Feature Description
Image authentication Signed binary files (with the extension .zz.sgn) prevent tampering with the firmware
Customer-site certificate installation Each Cisco Unified IP Phone requires a unique certificate for device authentication.
Device authentication Occurs between the Cisco Unified Communications Manager server and the phone
File authentication Validates digitally signed files that the phone downloads. The phone validates the
Signaling Authentication Uses the TLS protocol to validate that no tampering has occurred to signaling
Manufacturing installed certificate Each Cisco Unified IP Phone contains a unique manufacturing installed certificate
Unified IP Phone security, refer to Cisco Unified Communications Manager Security Guide.
image before it is loaded on a phone. Tampering with the image causes a phone to
fail the authentication pr ocess and reject the new image.
Phones include a manufacturing installed certificate (MIC), but for additional
security, you can specify in Cisco Unified
Communications Manager
Administration that a certificate be installed by using the Certificate Authority
Proxy Function (CAPF). See the
“Configuring Security on the Cisco Unified IP
Phone” section on page 3-10 for more information.
when each entity accepts the certificate of the other entity. Determines whether a
secure connection between the phone and a Cisco Unified Communications
Manager should occur; and, if necessary , creates a secure signaling path between the
entities by using TLS protocol. Cisco Unified Communications Manager will not
register phones unless they can be authenticated by the Cisco
Unified
Communications Manager.
signature to make sure that file tampering did not occur after the file creation. Files
that fail authentication are not written to Flash memory on the phone. The phone
rejects such files without further processing.
packets during transmission.
(MIC), which is used for device authentication. The MIC is a permanent unique
proof of identity for the phone, and allow s Cisco Unified Communi cations Manager
to authenticate the phone.
OL-23874-01
Cisco Unified IP Phone 6901 and 6911 Administration Guide for Cisco Unified Communications Manager 8.5 (SCCP and SIP)
1-13
Chapter 1 An Overview of the Cisco Unified IP Phone
Understanding Security Features for Cisco Unified IP Phones
Table 1-5 Overview of Security Features (continued)
Feature Description
Secure SRST reference After you configure a SRST reference for security and then reset the dependent
devices in Cisco Unified Commu nications M anager Ad ministrati on, the TF TP
server adds the SRST certificate to the phone configuration file and sends the file to
the phone. A secure phone then uses a TLS connection to interact with the
SRST-enabled router.
The configuration file is with one of the following extensions:
• .cnf.xml
• .cnf.xml.sgn
• .cnf.xml.enc.sgn
Media encryption Uses SRTP to ensure that the media streams between supported devices proves
secure and that only the intended device receives and reads the data. Includes
creating a media master key pair for the devices, delivering the keys to the devices,
and securing the delivery of the keys while the keys are in transport.
Signaling encryption Ensures that all SCCP and SIP signaling messages that are sent between the device
and the Cisco Unified Communications Manager server are encrypted.
CAPF (Certificate Authority Proxy
Function)
Security profiles Defines whether the phone is nonsecure, authenticated, encrypted, or protected. See
Encrypted configuration files Lets you ensure the privacy of phone configuration files.
Optional disabling of the web server
functionality for a phone
Phone hardening Additi onal security option, which y ou co ntrol fro m Cisco Unified Comm unicati ons
802.1X Authentication The Cisco Unified IP Phone can use 802.1X authentication to request and gain
Voice Quality Metrics
MOS LQK Objective estimate of the Mean Opinion Score (MOS) for Listening Quality (LQK)
Implements parts of the certificate generation procedure that are too
processing-intensive for the phone, and interacts with the phone for key generation
and certificate installation. The CAPF can be configured to request certificates from
customer-specified certificate authorities on behalf of the phone, or it can be
configured to generate certificates locally.
the
“Understanding Security Profiles” section on page 1-15 for more information.
You can prevent access to a phone’s web page, which displays a variety of
operational statistics for the phone.
Manager Administration:
• Disabling access to web pages for a phone
access to the network. See the
“Supporting 802.1X Authentication on Cisco Unified
IP Phones” section on page 1-17 for more information.
that ranks audio quality from 5 (excellent) to 1 (bad). This score is based on
audible-concealment events due to a frame loss in the preceding 8 seconds of the
voice stream.
Note The MOS LQK score can vary based on the type of codec t hat the
Cisco
Unified IP Phone uses.
Avg MOS LQK Average MOS LQK score for the entire voice stream.
Min MOS LQK Lowest MOS LQK score from the start of the voice stream.
Cisco Unified IP Phone 6901 and 6911 Administration Guide for Cisco Unified Communications Manager 8.5 (SCCP and SIP)
1-14
OL-23874-01
Chapter 1 An Overview of the Cisco Unified IP Phone
Understanding Security Features for Cisco Unified IP Phones
Table 1-5 Overview of Security Features (continued)
Feature Description
Max MOS LQK Baseline or highest MOS LQK score from the start of the voice stream.
The following codecs provide the corresponding maximum MOS LQK scores under
normal conditions with no frame loss:
• G.711: 4.5
• G.728/iLBC: 3.9
• G729A/AB: 3.7
MOS LQK Version Version of the Cisco-proprietary algorithm used to calculate the MOS LQK scores.
Related Topics
• Understanding Security Features for Cisco Unified IP Phones, page 1-10
• Identifying Authenticated, Encrypted, and Protected Phone Calls, page 1-15
Understanding Security Profiles
All Cisco Unified IP Phones that support Cisco Unified Communications Manager use a security profile,
which defines whether the phone is nonsecure, authenticated, or encrypted. For information about
configuring the security profile and applying the profile to the phone, refer to Cisco Unified
Communications Manager Security Guide.
To view the security mode that is set for the phone, you can view the security profile in Cisco Unified
Communications Manager Administration.
Related Topics
• Identifying Authenticated, Encrypted, and Protected Phone Calls, page 1-15
Identifying Authenticated, Encrypted, and Protected Phone Calls
In an authenticated call, all devices participat ing in the establishment of the call are trusted devices, and
authenticated by Cisco
In an encrypted call, all devices participating in the establishment of the call are trusted devices, and
authenticated by Cisco
are encrypted. An encrypted call offers a high level of security, providing integrity and privacy to the
call.
If the call is routed through non-IP call legs, for example, PSTN, the call may be nonsecure even though
it is encrypted within the IP network.
In a protected call, a security tone plays at the beginning of a call to indicate that the other connected
phone is also receiving and transmitting encrypted audio and video (if video is involved). If your call is
connected to a non-protected phone, the security tone does not play.
Unified Communications Manager.
Unified Communications Manager. In addition, call signaling and medi a streams
OL-23874-01
Note Protected calling is supported for connections between two phones only. Some features, such as
conference calling and shared lines are not available when protected calling is configured. Protected
calls are not authenticated.
Cisco Unified IP Phone 6901 and 6911 Administration Guide for Cisco Unified Communications Manager 8.5 (SCCP and SIP)
1-15
Understanding Security Features for Cisco Unified IP Phones
Related Topic
• Understanding Security Features for Cisco Unified IP Phones, page 1-10
• Understanding Security Features for Cisco Unified IP Phones, page 1-10
Establishing and Identifying Protected Calls
A protected call is established when your phone, and the phone on the other end, is configured for
protected calling. The other phone can be in the same Cisco IP network, or on a network outside the IP
network. Protected calls can only be made between two phones. Conference calls and other mult iple-line
calls are not supported.
A protected call is established using this process:
1. A user initiates the ca ll from a protected phone (protected security mode).
2. A security tone plays if the call is connected to another protected phone, indicating that both ends
of the conversation are encrypted and protected. If the call is connected to a non-protected phone,
then the secure tone is not played.
Chapter 1 An Overview of the Cisco Unified IP Phone
Note Protected calling is supported for conversations between two phones. Some features, such as conference
calling and shared lines are not available when protected calling is configured.
Call Security Interactions and Restrictions
Cisco Unified Communication s Manage r checks the phone security status when conferences are
established and changes the security indication for the conference or blocks the completion of the call
to maintain integrity and also security in the system.
Table 1-6 provides information about changes to call security levels when using Barge for Cisco Unified
IP Phone 6901 and 6911.
Ta b l e 1-6 Call Security Interactions When Using Barge (Cisco Unified IP Phone 6911 only)
Initiator’s Phone
Security Level
Non-secure cBarge Encrypted call Call barged and identified as non-secure call
Secure (encrypted) cBarge Authenticated call Call barged and identified as authenticated call
Secure
(authenticated)
Non-secure cBarge Authenticated call Call barged and identified as non-secure call
Feature Used Call Security Level Results of Action
cBarge Encrypted call Call barged and identified as authenticated call
1-16
Table 1-7 provides information about changes to conference security levels dependin g on the in itiat or’s
phone security level, the security levels of participants, and the availability of secure conference bridges.
Cisco Unified IP Phone 6901 and 6911 Administration Guide for Cisco Unified Communications Manager 8.5 (SCCP and SIP)
OL-23874-01
Chapter 1 An Overview of the Cisco Unified IP Phone
Understanding Security Features for Cisco Unified IP Phones
Ta b l e 1-7 Security Restrictions with Conference Calls
Initiator’s Phone
Security Level
Non-secure Conference Encrypted or authenticated Non-secure conference bridge
Secure (encrypted
or authenticated)
Secure (encrypted) Conference All participants are encrypted Secure encrypted level conference
Secure
(authenticated)
Non-secure cBarge All participants are encrypted Conference changes to non-secure
Non-secure Meet Me Minimum security level is
Secure (encrypted) Meet Me Minimum security level is
Secure (encrypted) Meet Me Minimum security level is
Feature Used Security Level of Participants Results of Action
Non-secure conference
Conference At least one member is
non-secure
Conference All participants are encrypted or
authenticated
encrypted
authenticated
non-secure
Non-secure conference
Secure authenticated level conference
Initiator receives message “Does not meet Security
Level”, call rejected.
Conference accepts encrypted and authenticated
calls
Only secure conference bridge available and used
Conference accepts all calls
Supporting 802.1X Authentication on Cisco Unified IP Phones
These sections provide information about 802.1X support on the Cisco Unified IP Phones:
• Overview, page 1-17
• Required Network Components, pa ge 1-18
• Best Practices—Requirements and Recommendations, page 1-19
Overview
Cisco Unified IP phones and Cisco Catalyst switches have traditionally used Cisco Discovery Protocol
(CDP) to identify each other and determine parameters such as VLAN allocation and inline power
requirements. However, CDP is not used to identify any locally attached PCs; therefore, Cisco Unified
IP Phones provide an EAPOL pass-through mechanism, whereby a PC locally attached to the IP phone,
may pass through EAPOL messages to the 8 02.1X auth enticator in the LAN switch. This prevents the
IP phone from having to act as the authent icator, yet allows the LAN switch to authenticate a data end
point prior to accessing the network.
In conjunction with the EAPOL pass-through mechanism, Cisco Unified IP Phones provide a proxy
EAPOL-Logoff mechanism. In the event that the locally attached PC is disconnected from the IP phone,
the LAN switch would not see the physical link fail, because the link between the LAN switch and the
IP phone is maintained. T o avoid compromising network in tegrity , the IP phone sends an EAPOL-Logof f
message to the switch, on behalf of the downstream PC, which triggers the LAN switch to clear the
authentication entry for the downstream PC.
OL-23874-01
The Cisco Unified IP phones also contain an 802.1X supplicant , in additio n to the EA POL pass-through
mechanism. This supplicant allows network administrators to control the connectivity of IP phones to
the LAN switch ports. The current release of the phone 802.1X supplicant uses the EAP-FAST and
EAP-TLS options for network authentication.
Cisco Unified IP Phone 6901 and 6911 Administration Guide for Cisco Unified Communications Manager 8.5 (SCCP and SIP)
1-17
Understanding Security Features for Cisco Unified IP Phones
Required Network Components
Support for 802.1X authentication on Cisco Unified IP Phones requires several components, including:
• Cisco Unified IP Phone—The phone acts as the 802.1X supplicant, which initiates the request to
access the network.
• Cisco Secure Access Control Server (ACS) (or other third-party authentication server)—The
authentication server and the phone must both be configured with a shared secret that is used to
authenticate the phone.
• Cisco Catalyst Switch (or other third-party switch)—The switch must support 802.1X, so it can act
as the authenticator and pass the messages between the phone and the authentication server. When
the exchange is completed, the switch then grants or denies the phone access to the network.
Chapter 1 An Overview of the Cisco Unified IP Phone
1-18
Cisco Unified IP Phone 6901 and 6911 Administration Guide for Cisco Unified Communications Manager 8.5 (SCCP and SIP)
OL-23874-01
Loading...