Cisco Unified IP Phone 7970G/7971G-GE Administration Guide for Cisco Unified Communications Manager 7.0
(SCCP and SIP)
Americas Headquarters
Cisco Systems, Inc. 170 West Tasman Drive
San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000
800 553-NETS (6387) Fax: 408 527-0883
Text Part Number: OL-15299-01
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The following information is for FCC compliance of Class A devices: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio-frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case users will be required to correct the interference at their own expense.
The following information is for FCC compliance of Class B devices: The equipment described in this manual generates and may radiate radio-frequency energy. If it is not installed in accordance with Cisco’s installation instructions, it may cause interference with radio and television reception. This equipment has been tested and found to comply with the limits for a Class B digital device in accordance with the specifications in part 15 of the FCC rules. These specifications are designed to provide reasonable protection against such interference in a residential installation. However, there is no guarantee that interference will not occur in a particular installation.
Modifying the equipment without Cisco’s written authorization may result in the equipment no longer complying with FCC requirements for Class A or Class B digital devices. In that event, your right to use the equipment may be limited by FCC regulations, and you may be required to correct any interference to radio or television communications at your own expense.
You can determine whether your equipment is causing interference by turning it off. If the interference stops, it was probably caused by the Cisco equipment or one of its peripheral devices. If the equipment causes interference to radio or television reception, try to correct the interference by using one or more of the following measures:
•Turn the television or radio antenna until the interference stops.
•Move the equipment to one side or the other of the television or radio.
•Move the equipment farther away from the television or radio.
•Plug the equipment into an outlet that is on a different circuit from the television or radio. (That is, make certain the equipment and the television or radio are on circuits controlled by different circuit breakers or fuses.)
Modifications to this product not authorized by Cisco Systems, Inc. could void the FCC approval and negate your authority to operate the product.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
CCDE, CCENT, Cisco Eos, Cisco Lumin, Cisco Nexus, Cisco StadiumVision, the Cisco logo, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn is a service mark; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0805R)
The Java logo is a trademark or registered trademark of Sun Microsystems, Inc. in the U.S. or other countries.
Cisco Unified IP Phone 7970G/7971G-GE Administration Guide for Cisco Unified Communications Manager 7.0
© 2008 Cisco Systems, Inc. All rights reserved.
|
|
|
|
|
C O N T E N T S |
|
|
Preface xi |
|
|
|
|
|
|
Overview |
xi |
|
|
|
|
|
Audience |
xi |
|
|
|
|
|
Organization xi |
|
|
|
|
|
|
Related Documentation |
xii |
|
|
|
|
|
Obtaining Documentation, Obtaining Support, and Security Guidelines |
xiii |
||||
|
Cisco Product Security Overview |
xiii |
|
|
||
|
Document Conventions |
xiii |
|
|
|
|
|
An Overview of the Cisco Unified IP Phone |
|
|
|||
C H A P T E R 1 |
1-1 |
|
||||
|
Understanding the Cisco Unified IP Phone 7970 Series 1-1 |
|
||||
|
What Networking Protocols Are Used? |
1-3 |
|
|
||
|
What Features are Supported on the Cisco Unified IP Phone 7970 Series? 1-7 |
|||||
|
Feature Overview |
1-7 |
|
|
|
|
|
Configuring Telephony Features |
1-8 |
|
|
||
|
Configuring Network Parameters Using the Cisco Unified IP Phone |
1-8 |
||||
|
Providing Users with Feature Information |
1-8 |
|
|||
|
Understanding Security Features for Cisco Unified IP Phones 1-8 |
|
||||
|
Overview of Supported Security Features |
1-10 |
|
|||
|
Understanding Security Profiles |
1-12 |
|
|
Identifying Authenticated, Encrypted, and Protected Phone Calls |
1-13 |
||
Establishing and Identifying Secure Conference Calls |
1-14 |
|
|
Establishing and Identifying Protected Calls |
1-14 |
|
|
Call Security Interactions and Restrictions |
1-15 |
|
|
Supporting 802.1X Authentication on Cisco Unified IP Phones |
1-16 |
||
Overview 1-16 |
|
|
|
Required Network Components 1-16 |
|
|
|
Best Practices—Requirements and Recommendations |
1-17 |
||
Security Restrictions 1-17 |
|
|
|
Overview of Configuring and Installing Cisco Unified IP Phones |
1-18 |
|
Configuring Cisco Unified IP Phones in Cisco Unified Communications Manager |
1-18 |
|
|
|
|
Checklist for Configuring the Cisco Unified IP Phone 7970 Series in |
|
|
|
|
|
Cisco Unified Communications Manager 1-19 |
|
|
|
|
|
Cisco Unified IP Phone 7970G/7971G-GE Administration Guide for Cisco Unified Communications Manager 7.0 |
|
|
|
|
|
|||||
|
|
|
|
|
|
|
OL-15299-01 |
|
|
iii |
|
|
|
|
|
Contents
|
Installing Cisco Unified IP Phones 1-21 |
|
|
Checklist for Installing the Cisco Unified IP Phone 7970 Series 1-21 |
|
|
Preparing to Install the Cisco Unified IP Phone on Your Network 2-1 |
|
C H A P T E R 2 |
||
|
Understanding Interactions with Other Cisco Unified IP Communications Products 2-2 |
|
|
Understanding How the Cisco Unified IP Phone Interacts with Cisco Unified Communications |
|
|
Manager 2-2 |
|
|
Understanding How the Cisco Unified IP Phone Interacts with the VLAN 2-3 |
|
|
Providing Power to the Phone 2-3 |
|
|
Power Guidelines 2-4 |
|
|
Phone Power Consumption and Display Brightness 2-5 |
|
|
Power Outage 2-5 |
|
|
Obtaining Additional Information about Power 2-6 |
|
|
Understanding Phone Configuration Files |
2-6 |
|
Understanding the Phone Startup Process |
2-7 |
Adding Phones to the Cisco Unified Communications Manager Database 2-9 |
||
Adding Phones with Auto-Registration 2-10 |
|
|
Adding Phones with Auto-Registration and TAPS |
2-11 |
|
Adding Phones with Cisco Unified Communications Manager Administration 2-12 |
||
Adding Phones with BAT 2-12 |
|
|
Using Cisco Unified IP Phones with Different Protocols |
2-12 |
|
Converting a New Phone from SCCP to SIP |
2-13 |
|
Converting an In-Use Phone from SCCP to SIP |
2-13 |
|
Converting an In-Use Phone from SIP to SCCP |
2-13 |
|
|
|
|
|
Deploying a Phone in an SCCP and SIP Environment |
2-14 |
|
|||
|
|
|
|
|
Determining the MAC Address of a Cisco Unified IP Phone |
2-14 |
|
|||
|
|
Setting Up the Cisco Unified IP Phone 3-1 |
|
|
||||||
C H A P T E R 3 |
|
|
|
|||||||
|
|
|
|
|
Before You Begin |
3-1 |
|
|
|
|
|
|
|
|
|
Network Requirements 3-1 |
|
|
|
||
|
|
|
|
|
Cisco Unified Communications Manager Configuration |
3-2 |
|
|||
|
|
|
|
|
Understanding the Cisco Unified IP Phone 7970 Series Components 3-2 |
|||||
|
|
|
|
|
Network and Access Ports |
3-2 |
|
|
||
|
|
|
|
|
Handset |
3-3 |
|
|
|
|
|
|
|
|
|
Speakerphone |
3-3 |
|
|
|
|
|
|
|
|
|
Headset |
3-3 |
|
|
|
|
|
|
|
|
|
Audio Quality Subjective to the User 3-4 |
|
|
|||
|
|
|
|
|
Connecting a Headset |
3-4 |
|
|
||
|
|
|
|
Cisco Unified IP Phone 7970G/7971G-GE Administration Guide for Cisco Unified Communications Manager 7.0 |
||||||
|
|
|
|
|||||||
|
|
|
|
|
|
|
|
|
|
|
|
iv |
|
|
|
|
|
|
|
OL-15299-01 |
|
|
|
|
|
|
|
|
|
|
Contents
Disabling a Headset |
3-4 |
|
Using External Devices |
3-4 |
|
Installing the Cisco Unified IP Phone |
3-5 |
|
Attaching the Cisco Unified IP Phone Expansion Module 7914 3-7 |
||
Adjusting the Placement of the Cisco Unified IP Phone 3-8 |
||
Adjusting Cisco Unified IP Phone Footstand and Phone Height 3-8 |
||
Securing the Phone with a Cable Lock 3-8 |
||
Mounting the Phone to the Wall |
3-9 |
|
Verifying the Phone Startup Process |
3-10 |
|
Configuring Startup Network Settings |
3-11 |
|
Configuring Security on the Cisco Unified IP Phone |
3-12 |
|
|
Configuring Settings on the Cisco Unified IP Phone |
|
|
C H A P T E R 4 |
4-1 |
||
|
Configuration Menus on the Cisco Unified IP Phone 7970 Series 4-1 |
||
|
Displaying a Configuration Menu |
4-2 |
|
|
Unlocking and Locking Options |
4-3 |
|
|
Editing Values 4-3 |
|
|
|
Overview of Options Configurable from a Phone |
4-4 |
|
|
|
||
|
Network Configuration Menu |
4-5 |
|
|
|
|
|
|
Device Configuration Menu |
4-10 |
|
|
|
|
|
|
Unified CM Configuration |
4-11 |
|
|
|
|
|
|
SIP Configuration Menu (SIP Phones Only) |
4-12 |
|
|
|
||
|
SIP General Configuration Menu 4-13 |
|
|
|
|
||
|
Line Settings Menu (SIP Phones Only) |
4-14 |
|
|
|
||
|
Call Preferences Menu (SIP Phones Only) |
4-14 |
|
|
|
||
|
HTTP Configuration Menu |
4-15 |
|
|
|
|
|
|
Locale Configuration Menu |
4-16 |
|
|
|
|
|
|
NTP Configuration Menu (SIP Phones Only) 4-17 |
||||||
|
UI Configuration Menu |
4-17 |
|
|
|
|
|
|
Media Configuration Menu |
4-19 |
|
|
|
|
|
|
Power Save Configuration Menu 4-22 |
|
|
|
|
||
|
Ethernet Configuration Menu |
4-23 |
|
|
|
|
|
|
Security Configuration Menu |
4-23 |
|
|
|
|
|
|
QoS Configuration Menu |
4-25 |
|
|
|
|
|
|
Network Configuration |
4-25 |
|
|
|
|
|
|
Security Configuration Menu |
4-29 |
|
|
|
|
|
|
CTL File Menu 4-30 |
|
|
|
|
|
|
|
Cisco Unified IP Phone 7970G/7971G-GE Administration Guide for Cisco Unified Communications Manager 7.0 |
|
|
|
|||
|
|||||||
|
|
|
|
|
|
|
|
|
OL-15299-01 |
|
|
|
|
v |
|
|
|
|
|
|
|
Contents
|
Trust List Menu |
4-31 |
|
|
802.1X Authentication and Status |
4-31 |
|
|
Configuring Features, Templates, Services, and Users 5-1 |
||
C H A P T E R 5 |
|||
|
Telephony Features Available for the Phone 5-1 |
||
|
Configuring Corporate and Personal Directories 5-16 |
||
|
Configuring Corporate Directories |
5-17 |
|
|
Configuring Personal Directory 5-17 |
||
|
Modifying Phone Button Templates |
5-17 |
|
|
Modifying a Phone Button Template for Personal Address Book or Fast Dials 5-18 |
||
|
Configuring Softkey Templates 5-19 |
|
|
|
Setting Up Services |
5-20 |
|
|
|
|
|
|
Adding Users to Cisco Unified Communications Manager |
5-20 |
|
|||
|
|
|
|
|
Managing the User Options Web Pages |
5-21 |
|
|
|
|
|
|
|
|
|
Giving Users Access to the User Options Web Pages |
5-21 |
|
|||
|
|
|
|
|
Specifying Options that Appear on the User Options Web Pages 5-21 |
|||||
|
|
|
Customizing the Cisco Unified IP Phone |
|
|
|
|
|||
C H A P T E R |
6 |
|
6-1 |
|
|
|
||||
|
|
|
|
|
Customizing and Modifying Configuration Files |
6-1 |
|
|
||
|
|
|
|
|
Creating Custom Phone Rings |
6-2 |
|
|
|
|
|
|
|
|
|
Ringlist.xml File Format Requirements 6-2 |
|
|
|
||
|
|
|
|
|
PCM File Requirements for Custom Ring Types 6-3 |
|
|
|||
|
|
|
|
|
Configuring a Custom Phone Ring |
6-3 |
|
|
|
|
|
|
|
|
|
Creating Custom Background Images |
6-3 |
|
|
|
|
|
|
|
|
|
List.xml File Format Requirements |
6-4 |
|
|
|
|
|
|
|
|
|
PNG File Requirements for Custom Background Images |
6-5 |
|
|||
|
|
|
|
|
Configuring a Custom Background Image |
6-5 |
|
|
||
|
|
|
|
|
Configuring Wideband Codec |
6-6 |
|
|
|
|
|
|
|
|
|
Configuring the Idle Display |
6-7 |
|
|
|
|
|
|
|
|
|
Automatically Disabling the Cisco Unified IP Phone Touchscreen 6-7 |
|||||
|
|
|
Viewing Model Information, Status, and Statistics on the Cisco Unified IP Phone 7-1 |
|||||||
C H A P T E R |
7 |
|
||||||||
|
|
|
|
|
Model Information Screen 7-2 |
|
|
|
|
|
|
|
|
|
|
Status Menu 7-3 |
|
|
|
|
|
|
|
|
|
|
Status Messages Screen |
7-3 |
|
|
|
|
|
|
|
|
|
Network Statistics Screen |
7-9 |
|
|
|
|
|
|
|
|
|
Firmware Versions Screen |
7-11 |
|
|
|
|
|
|
|
|
Cisco Unified IP Phone 7970G/7971G-GE Administration Guide for Cisco Unified Communications Manager 7.0 |
||||||
|
|
|
|
|||||||
|
|
|
|
|
|
|
|
|
|
|
|
vi |
|
|
|
|
|
|
|
OL-15299-01 |
|
|
|
|
|
|
|
|
|
|
Contents
|
|
Expansion Module(s) Screen |
7-12 |
|||
|
|
Call Statistics Screen |
7-13 |
|
||
|
|
Monitoring the Cisco Unified IP Phone Remotely 8-1 |
||||
C H A P T E R |
8 |
|||||
|
|
Accessing the Web Page for a Phone 8-1 |
||||
|
|
Disabling and Enabling Web Page Access 8-3 |
||||
|
|
Device Information |
8-3 |
|
|
|
|
|
Network Configuration 8-4 |
|
|
||
|
|
Network Statistics |
8-8 |
|
|
|
|
|
Device Logs |
8-10 |
|
|
|
|
|
Streaming Statistics |
8-10 |
|
|
|
|
|
Troubleshooting and Maintenance |
|
|||
C H A P T E R |
9 |
9-1 |
||||
|
|
Resolving Startup Problems |
9-1 |
|
||
|
|
Symptom: The Cisco Unified IP Phone Does Not Go Through its Normal Startup Process 9-2 |
||||
|
|
Symptom: The Cisco Unified IP Phone Does Not Register with Cisco Unified Communications |
||||
|
|
Manager |
9-2 |
|
|
|
|
Identifying Error Messages 9-3 |
|
|
|
|
|
|
|
||
|
Checking Network Connectivity |
9-3 |
|
|
|
|
|
|
||
|
Verifying TFTP Server Settings |
9-3 |
|
|
|
|
|
|
||
|
Verifying IP Addressing and Routing |
9-3 |
|
|
|
|
|
|||
|
Verifying DNS Settings |
9-4 |
|
|
|
|
|
|
|
|
|
Verifying Cisco Unified Communications Manager Settings 9-4 |
|||||||||
|
Cisco CallManager and TFTP Services Are Not Running |
9-4 |
|
|
|
|||||
|
Creating a New Configuration File |
9-5 |
|
|
|
|
|
|||
|
Registering the Phone with Cisco Unified Communications Manager 9-5 |
|||||||||
|
Symptom: Cisco Unified IP Phone Unable to Obtain IP Address |
9-6 |
|
|
|
|||||
|
Cisco Unified IP Phone Resets Unexpectedly |
9-6 |
|
|
|
|
|
|||
|
Verifying Physical Connection |
9-6 |
|
|
|
|
|
|
|
|
|
Identifying Intermittent Network Outages |
9-6 |
|
|
|
|
||||
|
Verifying DHCP Settings |
9-7 |
|
|
|
|
|
|
|
|
|
Checking Static IP Address Settings |
9-7 |
|
|
|
|
|
|
||
|
Verifying Voice VLAN Configuration |
9-7 |
|
|
|
|
|
|
||
|
Verifying that the Phones Have Not Been Intentionally Reset |
9-7 |
|
|
|
|||||
|
Eliminating DNS or Other Connectivity Errors |
9-7 |
|
|
|
|
||||
|
Checking Power Connection |
9-8 |
|
|
|
|
|
|
|
|
|
Troubleshooting Cisco Unified IP Phone Security |
9-8 |
|
|
|
|
||||
|
General Troubleshooting Tips |
9-10 |
|
|
|
|
|
|
|
|
|
Cisco Unified IP Phone 7970G/7971G-GE Administration Guide for Cisco Unified Communications Manager 7.0 |
|
|
|
||||||
|
||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
OL-15299-01 |
|
|
|
|
|
|
|
vii |
|
|
|
|
|
|
|
|
|
|
Contents
General Troubleshooting Tips for the Cisco Unified IP Phone Expansion Module 7914 9-12 |
|
Resetting or Restoring the Cisco Unified IP Phone 9-13 |
|
Performing a Basic Reset |
9-13 |
Performing a Factory Reset |
9-14 |
Using the Quality Report Tool |
9-14 |
Monitoring the Voice Quality of Calls 9-15 |
|
Using Voice Quality Metrics |
9-15 |
Troubleshooting Tips 9-16 |
|
|
|
|
|
Where to Go for More Troubleshooting Information |
9-17 |
|
|
|
||
|
|
|
|
Cleaning the Cisco Unified IP Phone |
9-17 |
|
|
|
|
|
|
|
Providing Information to Users Via a Website |
|
|
|
|
|
|||
A P P E N D I X |
A |
A-1 |
|
|
|
|
||||
|
|
|
|
How Users Obtain Support for the Cisco Unified IP Phone |
A-1 |
|
|
|||
|
|
|
|
Giving Users Access to the User Options Web Pages |
A-1 |
|
|
|
||
|
|
|
|
How Users Access the Online Help System on the Phone |
A-2 |
|
|
|||
|
|
|
|
How Users Get Copies of Cisco Unified IP Phone Manuals |
A-2 |
|
|
|||
|
|
|
|
Accessing Cisco 7900 Series Unified IP Phone eLearning Tutorials (SCCP Phones Only) |
A-2 |
|||||
|
|
|
|
How Users Subscribe to Services and Configure Phone Features A-3 |
|
|
||||
|
|
|
|
How Users Access a Voice-Messaging System |
A-3 |
|
|
|
|
|
|
|
|
|
How Users Configure Personal Directory Entries |
A-4 |
|
|
|
||
|
|
|
|
Installing and Configuring the Cisco Unified IP Phone Address Book Synchronizer |
A-4 |
|||||
|
|
Feature Support by Protocol for the Cisco Unified IP Phones 7970 Series B-1 |
|
|
||||||
A P P E N D I X |
B |
|
|
|||||||
|
|
Supporting International Users C-1 |
|
|
|
|
|
|
||
A P P E N D I X |
C |
|
|
|
|
|
|
|||
|
|
|
|
Adding Language Overlays to Phone Buttons C-1 |
|
|
|
|
||
|
|
|
|
Installing the Cisco Unified Communications Manager Locale Installer C-1 |
|
|
||||
|
|
|
|
Support for International Call Logging C-2 |
|
|
|
|
|
|
|
|
Technical Specifications D-1 |
|
|
|
|
|
|
||
A P P E N D I X |
D |
|
|
|
|
|
|
|||
|
|
|
|
Physical and Operating Environment Specifications |
D-1 |
|
|
|
||
|
|
|
|
Cable Specifications D-2 |
|
|
|
|
|
|
|
|
|
|
Network and Access Port Pinouts |
D-2 |
|
|
|
|
|
|
|
Basic Phone Administration Steps |
|
|
|
|
|
|
||
A P P E N D I X |
E |
E-1 |
|
|
|
|
|
|||
|
|
|
|
Example User Information for these Procedures |
E-1 |
|
|
|
|
|
|
|
|
Cisco Unified IP Phone 7970G/7971G-GE Administration Guide for Cisco Unified Communications Manager 7.0 |
|
|
|||||
|
|
|
|
|
||||||
|
|
|
|
|
|
|
|
|
|
|
|
viii |
|
|
|
|
|
|
|
OL-15299-01 |
|
|
|
|
|
|
|
|
|
|
Contents
Adding a User to Cisco Unified Communications Manager E-2
Adding a User From an External LDAP Directory E-2
Adding a User Directly to Cisco Unified Communications Manager E-2
Configuring the Phone E-3
Performing Final End User Configuration Steps E-7
I N D E X
Cisco Unified IP Phone 7970G/7971G-GE Administration Guide for Cisco Unified Communications Manager 7.0
|
OL-15299-01 |
ix |
|
Contents
Cisco Unified IP Phone 7970G/7971G-GE Administration Guide for Cisco Unified Communications Manager 7.0
|
x |
OL-15299-01 |
|
|
|
Overview
Cisco Unified IP Phone 7970G/7971G-GE Administration Guide for Cisco Unified Communications Manager 7.0 provides the information you need to understand, install, configure, manage, and troubleshoot the phones in the Cisco Unified IP Phone 7970 series on a Voice-over-IP (VoIP) network.
Because of the complexity of a Unified Communications network, this guide does not provide complete and detailed information for procedures that you need to perform in Cisco Unified Communications Manager (formerly Cisco Unified CallManager) or other network devices. See the “Related Documentation” section on page xii for a list of related documentation.
Audience
Network engineers, system administrators, or telecom engineers should review this guide to learn the steps required to properly set up the Cisco Unified IP Phone 7970 Series on the network.
The tasks described are administration-level tasks and are not intended for end-users of the phones. Many of the tasks involve configuring network settings and affect the phone’s ability to function in the network.
Because of the close interaction between the Cisco Unified IP Phone and
Cisco Unified Communications Manager, many of the tasks in this manual require familiarity with Cisco Unified Communications Manager.
Organization
This manual is organized as follows:
|
Chapter 1, “An Overview of the Cisco Unified IP Phone” |
Provides a conceptual overview and description of the |
|||
|
|
Cisco Unified IP Phone |
|||
|
|
|
|||
|
Chapter 2, “Preparing to Install the Cisco Unified IP Phone |
Describes how the Cisco Unified IP Phone interacts with |
|||
|
on Your Network” |
other key IP telephony components, and provides an overview |
|||
|
|
of the tasks required prior to installation |
|||
|
|
|
|||
|
Chapter 3, “Setting Up the Cisco Unified IP Phone” |
Describes how to properly and safely install and configure the |
|||
|
|
Cisco Unified IP Phone on your network |
|||
|
|
|
|
|
|
|
Cisco Unified IP Phone 7970G/7971G-GE Administration Guide for Cisco Unified Communications Manager 7.0 |
|
|
|
|
|
|||||
|
|
|
|
|
|
|
OL-15299-01 |
|
|
xi |
|
|
|
|
|
Preface
|
|
|
|
|
|
Chapter 4, “Configuring Settings on the Cisco |
Describes how to configure network settings, verify status, |
|
Unified IP Phone” |
and make global changes to the Cisco Unified IP Phone |
|
|
|
|
Chapter 5, “Configuring Features, Templates, Services, and |
Provides an overview of procedures for configuring telephony |
|
Users” |
features, configuring directories, configuring phone button |
|
|
|
and softkey templates, setting up services, and adding users to |
|
|
Cisco Unified Communications Manager |
|
|
|
Chapter 6, “Customizing the Cisco Unified IP Phone” |
Explains how to customize phone ring sounds, background |
|
|
|
images, and the phone idle display at your site |
|
|
|
Chapter 7, “Viewing Model Information, Status, and |
Explains how to view model information, status messages, |
|
Statistics on the Cisco Unified IP Phone” |
network statistics, and firmware information from |
|
|
|
the Cisco Unified IP Phone |
|
|
|
Chapter 8, “Monitoring the Cisco Unified IP Phone |
Describes the information that you can obtain from the |
|
Remotely” |
phone’s web page, and how to use this information to |
|
|
|
remotely monitor the operation of a phone and to assist with |
|
|
troubleshooting |
|
|
|
Chapter 9, “Troubleshooting and Maintenance” |
Provides tips for troubleshooting the Cisco Unified IP Phone |
|
|
|
|
Appendix A, “Providing Information to Users Via a Website” |
Provides suggestions for setting up a website for providing |
|
|
|
users with important information about their Cisco Unified IP |
|
|
Phones |
|
|
|
Appendix B, “Feature Support by Protocol for the Cisco |
Provides information about feature support for the Cisco |
|
Unified IP Phones 7970 Series” |
Unified IP Phone using the SCCP or SIP protocol |
|
|
|
|
Appendix C, “Supporting International Users” |
Provides information about setting up phones in non-English |
|
|
|
environments |
|
|
|
Appendix D, “Technical Specifications” |
Provides technical specifications of the |
|
|
|
Cisco Unified IP Phone |
|
|
|
Appendix E, “Basic Phone Administration Steps” |
Provides procedures for basic administration tasks such as |
|
|
|
adding a user and phone to Cisco Unified Communications |
|
|
Manager and then associating the user to the phone. |
|
|
|
Related Documentation
For more information about Cisco Unified IP Phones or Cisco Unified Communications Manager, refer to the following publications:
Cisco Unified IP Phone 7970 Series
These publications are available at the following URL:
http://www.cisco.com/en/US/products/hw/phones/ps379/tsd_products_support_series_home.html
•Cisco Unified IP Phone 7970 Series Phone Guide
•Cisco Unified IP Phone Features A–Z
•Cisco Unified IP Phone Expansion Module 7914 Phone Guide
•Installing the Wall Mount Kit for the Cisco Unified IP Phone
•Regulatory Compliance and Safety Information for the Cisco Unified IP Phones
•Open Source License Notices for the Cisco Unified IP Phones 7900 Series
Cisco Unified IP Phone 7970G/7971G-GE Administration Guide for Cisco Unified Communications Manager 7.0
|
xii |
OL-15299-01 |
|
|
|
Preface
Cisco Unified Communications Manager Administration
These publications are available at the following URL: http://www.cisco.com/en/US/products/sw/voicesw/ps556/tsd_products_support_series_home.html
Cisco Unified Communications Manager Business Edition
These publications are available at the following URL:
http://www.cisco.com/en/US/products/ps7273/tsd_products_support_series_home.html
Obtaining Documentation, Obtaining Support, and Security
Guidelines
For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Cisco Product Security Overview
This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately.
Further information regarding U.S. export regulations may be found at
http://www.access.gpo.gov/bis/ear/ear_data.html.
Document Conventions
This document uses the following conventions:
|
Convention |
|
Description |
|||
|
|
|
|
|||
|
boldface font |
|
Commands and keywords are in boldface. |
|||
|
|
|
|
|||
|
italic font |
|
Arguments for which you supply values are in italics. |
|||
|
|
|
||||
[ ] |
|
Elements in square brackets are optional. |
||||
|
|
|
|
|||
|
{ x | y | z } |
|
Alternative keywords are grouped in braces and separated by vertical bars. |
|||
|
|
|
|
|||
|
[ x | y | z ] |
|
Optional alternative keywords are grouped in brackets and separated by vertical bars. |
|||
|
|
|
|
|||
|
string |
|
A nonquoted set of characters. Do not use quotation marks around the string or the string |
|||
|
|
|
will include the quotation marks. |
|||
|
|
|
|
|||
|
screen font |
|
Terminal sessions and information the system displays are in screen font. |
|||
|
|
|
|
|
|
|
|
|
Cisco Unified IP Phone 7970G/7971G-GE Administration Guide for Cisco Unified Communications Manager 7.0 |
|
|
|
|
|
|
|
||||
|
|
|
|
|
|
|
|
OL-15299-01 |
|
|
|
xiii |
|
|
|
|
|
|
Preface
|
|
|
|
|
|
Convention |
Description |
|
|
|
|
boldface screen font |
Information you must enter is in boldface screen font. |
|
italic screen font |
Arguments for which you supply values are in italic screen font. |
|
|
|
|
^ |
|
The symbol ^ represents the key labeled Control—for example, the key combination ^D in |
|
|
a screen display means hold down the Control key while you press the D key. |
|
|
|
< > |
Nonprinting characters, such as passwords are in angle brackets. |
|
|
|
|
Note Means reader take note. Notes contain helpful suggestions or references to material not covered in the publication.
Caution Means reader be careful. In this situation, you might do something that could result in equipment damage or loss of data.
Warning Means danger. You are in a situation that could cause bodily injury. Before you work on any equipment, be aware of the hazards involved with electrical circuitry and be familiar with standard practices for preventing accidents.
Cisco Unified IP Phone 7970G/7971G-GE Administration Guide for Cisco Unified Communications Manager 7.0
|
xiv |
OL-15299-01 |
|
|
|
C H A P T E R 1
The Cisco Unified IP Phone 7970 Series are full-featured telephones that provide voice communication over an Internet Protocol (IP) network. They function much like digital business phones, allowing you to place and receive phone calls and to access features such as mute, hold, transfer, speed dial, call forward, and more. In addition, because Cisco Unified IP Phones are connected to your data network, they offer enhanced IP telephony features, including access to network information and services, and customizeable features and services. The phones also support security features that include file authentication, device authentication, signaling encryption, and media encryption.
The Cisco Unified IP Phone 7970 Series provides a color touchscreen, support for up to eight line or speed dial numbers, context-sensitive online help for buttons and features, and a variety of other sophisticated functions.
The Cisco Unified IP Phone, like other network devices, must be configured and managed. These phones encodes G.711a, G.711µ, G.722, G.729a, G.729ab, iLBC, and decode G.711a, G.711µ, G722, iLBC, and G.729, G729a, G.729b, and G.729ab. These phones also support uncompressed wideband (16bits, 16kHz) audio.
This chapter includes the following topics:
•Understanding the Cisco Unified IP Phone 7970 Series, page 1-1
•What Networking Protocols Are Used?, page 1-3
•What Features are Supported on the Cisco Unified IP Phone 7970 Series?, page 1-7
•Understanding Security Features for Cisco Unified IP Phones, page 1-8
•Overview of Configuring and Installing Cisco Unified IP Phones, page 1-18
Caution Using a cell, mobile, or GSM phone, or two-way radio in close proximity to a Cisco Unified IP Phone might cause interference. For more information, refer to the manufacturer documentation of the interfering device.
Figure 1-1 shows the main components of the Cisco Unified IP Phone 7970 Series.
Cisco Unified IP Phone 7970G/7971G-GE Administration Guide for Cisco Unified Communications Manager 7.0
|
OL-15299-01 |
1-1 |
|
|
|
Chapter 1 An Overview of the Cisco Unified IP Phone
Understanding the Cisco Unified IP Phone 7970 Series
Figure 1-1 Cisco Unified IP Phone
16 17
15 |
14 |
13 |
12 |
11 |
10 |
1
2
3
4
5
6
7
8
9
186428
1 |
Programmable buttons |
Depending on configuration, programmable buttons provide access to: |
|
|
• Phone lines (line buttons) |
|
|
• Speed-dial numbers (speed-dial buttons, including the BLF speed-dial feature) |
|
|
• Web-based services (for example, a Personal Address Book button) |
|
|
• Phone features (for example, a Privacy button) |
|
|
Buttons illuminate to indicate status: |
|
|
Green, steady—Active call |
|
|
Green, flashing—Held call |
|
|
Amber, steady—Privacy in use |
|
|
Amber, flashing—Incoming call |
|
|
Red, steady—Remote line in use (shared line or BLF status) |
|
|
|
2 |
Footstand adjustment |
Allows you to adjust the angle of the phone base. |
|
button |
|
|
|
|
3 |
Display button |
Awakens the touchscreen from sleep mode or disables it for cleaning. |
|
|
No color—Ready for input |
|
|
Green flashing—Disabled |
|
|
Green steady—Sleep mode |
|
|
|
4 |
Messages button |
Auto-dials your voice message service (varies by service). |
|
|
|
Cisco Unified IP Phone 7970G/7971G-GE Administration Guide for Cisco Unified Communications Manager 7.0
1-2 |
OL-15299-01 |
|
|
Chapter 1 An Overview of the Cisco Unified IP Phone
5 |
Directories button |
Opens/closes the Directories menu. Use it to access call logs and directories. |
|
|
|
6 |
Help button |
Activates the Help menu. |
|
|
|
7 |
Settings button |
Opens/closes the Settings menu. Use it to change touchscreen and ring settings. |
|
|
|
8 |
Services button |
Opens/closes the Services menu. |
|
|
|
9 |
Volume button |
Controls the handset, headset, and speakerphone volume (off-hook) and the ringer volume |
|
|
(on-hook). |
|
|
|
10 |
Speaker button |
Toggles the speakerphone on or off. |
|
|
|
11 |
Mute button |
Toggles the Mute feature on or off. |
|
|
|
12 |
Headset button |
Toggles the headset on or off. |
|
|
|
13 |
Navigation button |
Allows you to scroll through menus and highlight items. When the phone is on-hook, displays |
|
|
phone numbers from your Placed Calls log. |
|
|
|
14 |
Keypad |
Allows you to dial phone numbers, enter letters, and choose menu items. |
|
|
|
15 |
Softkey buttons |
Each activates a softkey option (displayed on your touchscreen). |
|
|
|
16 |
Handset light strip |
Indicates an incoming call or new voice message. |
|
|
|
17 |
Touchscreen |
Shows phone features. |
|
|
|
What Networking Protocols Are Used?
Cisco Unified IP Phones support several industry-standard and Cisco networking protocols required for voice communication. Table 1-1 provides an overview of the networking protocols that the
Cisco Unified IP Phone 7970 Series supports.
Cisco Unified IP Phone 7970G/7971G-GE Administration Guide for Cisco Unified Communications Manager 7.0
|
OL-15299-01 |
1-3 |
|
|
|
Chapter 1 An Overview of the Cisco Unified IP Phone
What Networking Protocols Are Used?
Table 1-1 |
Supported Networking Protocols on the Cisco Unified IP Phone |
||
|
|
|
|
Networking Protocol |
Purpose |
Usage Notes |
|
|
|
|
|
Bootstrap Protocol (BootP) |
BootP enables a network device such as the |
If you are using BootP to assign IP addresses |
|
|
|
Cisco Unified IP Phone to discover certain |
to the Cisco Unified IP Phone, the BOOTP |
|
|
startup information, such as its IP address. |
Server option shows “Yes” in the network |
|
|
|
configuration settings on the phone. |
|
|
|
|
Cisco Discovery Protocol |
CDP is a device-discovery protocol that runs |
The Cisco Unified IP Phone uses CDP to |
|
(CDP) |
|
on all Cisco-manufactured equipment. |
communicate information such as auxiliary |
|
|
Using CDP, a device can advertise its |
VLAN ID, per port power management details, |
|
|
and Quality of Service (QoS) configuration |
|
|
|
existence to other devices and receive |
|
|
|
information with the Cisco Catalyst switch. |
|
|
|
information about other devices in the |
|
|
|
|
|
|
|
network. |
|
|
|
|
|
Cisco Peer-to-Peer |
CPPDP is a Cisco proprietary protocol used to |
CPPDP is used by the Peer Firmware Sharing |
|
Distribution Protocol |
form a-peer-to-peer hierarchy of devices. |
feature. |
|
(CPPDP) |
|
CPPDP is also used to copy firmware or other |
|
|
|
files from peer devices to neighboring |
|
|
|
devices. |
|
|
|
|
|
Dynamic Host Configuration |
DHCP dynamically allocates and assigns an |
DHCP is enabled by default. If disabled, you |
|
Protocol (DHCP) |
IP address to network devices. |
must manually configure the IP address, |
|
|
|
DHCP enables you to connect an IP phone |
subnet mask, gateway, and a TFTP server on |
|
|
each phone locally. |
|
|
|
into the network and have the phone become |
|
|
|
|
|
|
|
operational without needing to manually |
Cisco recommends that you use DHCP |
|
|
assign an IP address or configure additional |
custom option 150. With this method, you |
|
|
network parameters. |
configure the TFTP server IP address as the |
|
|
|
option value. For additional information |
|
|
|
about DHCP configurations, refer to the |
|
|
|
“Cisco TFTP” chapter in Cisco |
|
|
|
Unified Communications Manager System |
|
|
|
Guide. |
|
|
|
|
Hypertext Transfer Protocol |
HTTP is the standard way of transferring |
Cisco Unified IP Phones use HTTP for the |
|
(HTTP) |
|
information and moving documents across the |
XML services and for troubleshooting |
|
|
Internet and the web. |
purposes. |
|
|
|
|
IEEE 802.1X |
|
The IEEE 802.1X standard defines a |
The Cisco Unified IP Phone implements the |
|
|
client-server-based access control and |
IEEE 802.1X standard by providing support |
|
|
authentication protocol that restricts |
for the EAP-MD5 option for 802.1X |
|
|
unauthorized clients from connecting to a |
authentication. |
|
|
LAN through publicly accessible ports. |
When 802.1X authentication is enabled on the |
|
|
|
|
|
|
Until the client is authenticated, 802.1X |
phone, you should disable the PC port and |
|
|
access control allows only Extensible |
voice VLAN. Refer to the “Supporting |
|
|
Authentication Protocol over LAN (EAPOL) |
802.1X Authentication on Cisco Unified IP |
|
|
traffic through the port to which the client is |
Phones” section on page 1-16 for additional |
|
|
connected. After authentication is successful, |
information. |
|
|
normal traffic can pass through the port. |
|
|
|
|
|
Cisco Unified IP Phone 7970G/7971G-GE Administration Guide for Cisco Unified Communications Manager 7.0
1-4 |
OL-15299-01 |
|
|
Chapter 1 An Overview of the Cisco Unified IP Phone
What Networking Protocols Are Used?
Table 1-1 |
Supported Networking Protocols on the Cisco Unified IP Phone (continued) |
|||
|
|
|
||
Networking Protocol |
Purpose |
Usage Notes |
||
|
|
|
||
Internet Protocol (IP) |
IP is a messaging protocol that addresses and |
To communicate using IP, network devices |
||
|
|
sends packets across the network. |
must have an assigned IP address, subnet, and |
|
|
|
|
gateway. |
|
|
|
|
IP addresses, subnets, and gateways |
|
|
|
|
identifications are automatically assigned if |
|
|
|
|
you are using the Cisco Unified IP Phone |
|
|
|
|
with Dynamic Host Configuration Protocol |
|
|
|
|
(DHCP). If you are not using DHCP, you must |
|
|
|
|
manually assign these properties to each |
|
|
|
|
phone locally. |
|
|
|
|
||
Link Layer Discovery |
LLDP is a standardized network discovery |
The Cisco Unified IP Phone supports LLDP |
||
Protocol (LLDP) |
protocol (similar to CDP) that is supported on |
on the PC port. |
||
|
|
some Cisco and third-party devices. |
|
|
|
|
|
||
Link Layer Discovery |
LLDP-MED is an extension of the LLDP |
The Cisco Unified IP Phone supports |
||
Protocol-Media Endpoint |
standard developed for voice products. |
LLDP-MED on the SW port to communicate |
||
Devices (LLDP-MED) |
|
information such as: |
||
|
|
|
• |
Voice VLAN configuration |
|
|
|
• |
Device discovery |
|
|
|
• |
Power management |
|
|
|
• |
Inventory management |
|
|
|
For more information about LLDP-MED |
|
|
|
|
support, see the LLDP-MED and Cisco |
|
|
|
|
Discovery Protocol white paper: |
|
|
|
|
http://www.cisco.com/en/US/tech/tk652/tk70 |
|
|
|
|
1/technologies_white_paper0900aecd804cd4 |
|
|
|
|
6d.shtml |
|
|
|
|
||
Real-Time Control Protocol |
RTCP works with Real-Time Transport |
RTCP is disabled by default, but you can |
||
(RTCP) |
|
Protocol (RTP) to provide QoS data (such as |
enable it on a per-phone basis using Cisco |
|
|
|
jitter, latency, and round trip delay) on RTP |
Unified Communications Manager. For more |
|
|
|
streams. |
information, see the “Network Configuration” |
|
|
|
|
section on page 4-25. |
|
|
|
|
||
Real-Time Transport Protocol |
RTP is a standard protocol for transporting |
Cisco Unified IP Phones use the RTP protocol |
||
(RTP) |
|
real-time data, such as interactive voice and |
to send and receive real-time voice traffic |
|
|
|
video, over data networks. |
from other phones and gateways. |
|
|
|
|
|
|
Cisco Unified IP Phone 7970G/7971G-GE Administration Guide for Cisco Unified Communications Manager 7.0
|
OL-15299-01 |
1-5 |
|
|
|
Chapter 1 An Overview of the Cisco Unified IP Phone
What Networking Protocols Are Used?
Table 1-1 |
Supported Networking Protocols on the Cisco Unified IP Phone (continued) |
||
|
|
|
|
Networking Protocol |
Purpose |
Usage Notes |
|
|
|
|
|
Session Initiation Protocol |
SIP is the Internet Engineering Task Force |
Like other VoIP protocols, SIP is designed to |
|
(SIP) |
|
(IETF) standard for multimedia conferencing |
address the functions of signaling and session |
|
|
over IP. SIP is an ASCII-based |
management within a packet telephony |
|
|
application-layer control protocol (defined in |
network. Signaling allows call information to |
|
|
RFC 3261) that can be used to establish, |
be carried across network boundaries. Session |
|
|
maintain, and terminate calls between two or |
management provides the ability to control |
|
|
more endpoints. |
the attributes of an end-to-end call. |
|
|
|
You can configure the Cisco Unified IP Phone |
|
|
|
to use either SIP or Skinny Client Control |
|
|
|
Protocol (SCCP). |
|
|
|
|
Skinny Client Control |
SCCP includes a messaging set that allows |
Cisco Unified IP Phones use SCCP for call |
|
Protocol (SCCP) |
communications between call control servers |
control. You can configure the Cisco |
|
|
|
and endpoint clients such as IP Phones. SCCP |
Unified IP Phone to use either SCCP or |
|
|
is proprietary to Cisco Systems. |
Session Initiation Protocol (SIP). |
|
|
|
|
Session Description Protocol |
SDP is the portion of the SIP protocol that |
SDP capabilities, such as codec types, DTMF |
|
(SDP) |
|
determines which parameters are available |
detection, and comfort noise, are normally |
|
|
during a connection between two endpoints. |
configured on a global basis by Cisco Unified |
|
|
Conferences are established using only the |
Communications Manager or Media Gateway |
|
|
SDP capabilities that are supported by all |
in operation. Some SIP endpoints may allow |
|
|
endpoints in the conference. |
these parameters to be configured on the |
|
|
|
endpoint itself. |
|
|
|
|
Transmission Control |
TCP is a connection-oriented transport |
Cisco Unified IP Phones use TCP to connect |
|
Protocol (TCP) |
|
protocol. |
to Cisco Unified Communications Manager |
|
|
|
and to access XML services. |
|
|
|
|
Transport Layer Security |
TLS is a standard protocol for securing and |
When security is implemented, Cisco |
|
(TLS) |
|
authenticating communications. |
Unified IP Phones use the TLS protocol when |
|
|
|
securely registering with Cisco |
|
|
|
Unified Communications Manager. |
|
|
|
|
Trivial File Transfer Protocol |
TFTP allows you to transfer files over the |
TFTP requires a TFTP server in your network, |
|
(TFTP) |
|
network. |
which can be automatically identified from |
|
|
On the Cisco Unified IP Phone, TFTP enables |
the DHCP server. If you want a phone to use |
|
|
you to obtain a configuration file specific to |
a TFTP server other than the one specified by |
|
|
the DHCP server, you must manually assign |
|
|
|
the phone type. |
|
|
|
TFTP server from the Network Configuration |
|
|
|
|
|
|
|
|
menu on the phone. |
|
|
|
|
User Datagram Protocol |
UDP is a connectionless messaging protocol |
Cisco Unified IP Phones transmit and receive |
|
(UDP) |
|
for delivery of data packets. |
RTP streams, which utilize UDP. |
|
|
|
|
Related Topics
•Understanding Interactions with Other Cisco Unified IP Communications Products, page 2-2
•Understanding the Phone Startup Process, page 2-7
•Network Configuration Menu, page 4-5
Cisco Unified IP Phone 7970G/7971G-GE Administration Guide for Cisco Unified Communications Manager 7.0
1-6 |
OL-15299-01 |
|
|
Chapter 1 An Overview of the Cisco Unified IP Phone
What Features are Supported on the Cisco
Unified IP Phone 7970 Series?
The Cisco Unified IP Phone functions much like a digital business phone, allowing you to place and receive telephone calls. In addition to traditional telephony features, the Cisco Unified IP Phone includes features that enable you to administer and monitor the phone as a network device.
This section includes the following topics:
•Feature Overview, page 1-7
•Configuring Telephony Features, page 1-8
•Configuring Network Parameters Using the Cisco Unified IP Phone, page 1-8
•Providing Users with Feature Information, page 1-8
Cisco Unified IP Phones provide traditional telephony functionality, such as call forwarding and transferring, redialing, speed dialing, conference calling, and voice messaging system access. Cisco Unified IP phones also provide a variety of other features. For an overview of the telephony
features that the Cisco Unified IP Phone supports, see the “Telephony Features Available for the Phone” section on page 5-1.
As with other network devices, you must configure Cisco Unified IP Phones to prepare them to access Cisco Unified Communications Manager and the rest of the IP network. By using DHCP, you have fewer settings to configure on a phone, but if your network requires it, you can manually configure an IP address, TFTP server, subnet information, etc. For instructions on configuring the network settings on the Cisco Unified IP Phones, see Chapter 4, “Configuring Settings on the Cisco Unified IP Phone.”
The Cisco Unified IP Phone can interact with other services and devices on your IP network to provide enhanced functionality. For example, you can integrate the Cisco Unified IP Phones with the corporate Lightweight Directory Access Protocol 3 (LDAP3) standard directory to enable users to search for co-workers contact information directly from their IP phones. You can also use XML to enable users to access information such as weather, stocks, quote of the day, and other web-based information. For information about configuring such services, see the “Configuring Corporate Directories” section on page 5-17 and the “Setting Up Services” section on page 5-20.
Finally, because the Cisco Unified IP Phone is a network device, you can obtain detailed status information from it directly. This information can assist you with troubleshooting any problems users might encounter when using their IP phones. See Chapter 7, “Viewing Model Information, Status, and Statistics on the Cisco Unified IP Phone,” for more information.
Related Topics
•Configuring Settings on the Cisco Unified IP Phone, page 4-1
•Configuring Features, Templates, Services, and Users, page 5-1
•Troubleshooting and Maintenance, page 9-1
Cisco Unified IP Phone 7970G/7971G-GE Administration Guide for Cisco Unified Communications Manager 7.0
|
OL-15299-01 |
1-7 |
|
|
|
Chapter 1 An Overview of the Cisco Unified IP Phone
You can modify certain settings for the Cisco Unified IP Phone from the Cisco Unified Communications Manager Administration application. Use this web-based application to set up phone registration criteria and calling search spaces, to configure corporate directories and services, and to modify phone button templates, among other tasks. See the “Telephony Features Available for the Phone” section on page 5-1 and Cisco Unified Communications Manager Administration Guide for additional information.
For more information about the Cisco Unified Communications Manager Administration application, refer to Cisco Unified Communications Manager documentation, including Cisco
Unified Communications Manager System Guide. You can also use the context-sensitive help available within the application for guidance.
You can access the complete Cisco Unified Communications Manager documentation suite at this location:
http://www.cisco.com/en/US/products/sw/voicesw/ps556/tsd_products_support_series_home.html
Related Topic
• Telephony Features Available for the Phone, page 5-1
You can configure parameters such as DHCP, TFTP, and IP settings on the phone itself. You can also obtain statistics about a current call or firmware versions on the phone.
For more information about configuring features and viewing statistics from the phone, see Chapter 4, “Configuring Settings on the Cisco Unified IP Phone,” and see Chapter 7, “Viewing Model Information, Status, and Statistics on the Cisco Unified IP Phone.”
If you are a system administrator, you are likely the primary source of information for Cisco Unified IP Phone users in your network or company. To ensure that you distribute the most current feature and procedural information, familiarize yourself with Cisco Unified IP Phone documentation. Make sure to visit the Cisco Unified IP Phone web site:
http://www.cisco.com/en/US/products/hw/phones/ps379/tsd_products_support_series_home.html
From this site, you can access various user guides, including wallet cards.
In addition to providing users with documentation, it is important to inform them about available Cisco Unified IP Phone features—including features specific to your company or network—and about how to access and customize those features, if appropriate.
For a summary of some of the key information that phone users need their system administrators to provide, see Appendix A, “Providing Information to Users Via a Website.”
Understanding Security Features for Cisco Unified IP Phones
Implementing security in the Cisco Unified Communications Manager system prevents identity theft of the phone and Cisco Unified Communications Manager server, prevents data tampering, and prevents call signaling and media stream tampering.
Cisco Unified IP Phone 7970G/7971G-GE Administration Guide for Cisco Unified Communications Manager 7.0
1-8 |
OL-15299-01 |
|
|
Chapter 1 An Overview of the Cisco Unified IP Phone
Understanding Security Features for Cisco Unified IP Phones
To alleviate these threats, the Cisco Unified IP telephony network establishes and maintains authenticated and encrypted communication streams between a phone and the server, digitally signs files before they are transferred to a phone, and encrypts media streams and call signaling between
Cisco Unified IP phones.
The Cisco Unified IP Phones Series use the Phone Security Profile, which defines whether the device is nonsecure, authenticated, or encrypted. For information on applying the security profile to the phone, refer to Cisco Unified Communications Manager Security Guide.
If you configure security-related settings in Cisco Unified Communications Manager Administration, the phone configuration file will contain sensitive information. To ensure the privacy of a configuration file, you must configure it for encryption. For detailed information, refer to the “Configuring Encrypted Phone Configuration Files” chapter in Cisco Unified Communications Manager Security Guide.
Table 1-2 shows where you can find additional information about security in this and other documents.
Table 1-2 |
Cisco Unified IP Phone and Cisco Unified Communications Manager Security Topics |
|
||||
|
|
|
|
|
||
|
Topic |
|
Reference |
|
||
|
|
|
|
|||
|
Detailed explanation of security, including set up, |
Refer to Cisco Unified Communications Manager Security |
|
|||
|
configuration, and troubleshooting information for Cisco |
Guide |
|
|||
|
Unified Communications Manager and Cisco Unified IP |
|
|
|
|
|
|
Phones |
|
|
|
|
|
|
|
|
|
|||
|
Security features supported on the Cisco Unified IP Phone |
See the “Overview of Supported Security Features” section on |
|
|||
|
|
|
page 1-10 |
|
||
|
|
|
|
|||
|
Restrictions regarding security features |
See the “Security Restrictions” section on page 1-17 |
|
|||
|
|
|
|
|||
|
Viewing a security profile name |
See the “Understanding Security Profiles” section on |
|
|||
|
|
|
page 1-12 |
|
||
|
|
|
|
|||
|
Identifying phone calls for which security is implemented |
See the “Identifying Authenticated, Encrypted, and Protected |
|
|||
|
|
|
Phone Calls” section on page 1-13 |
|
||
|
|
|
|
|
||
|
TLS connection |
|
See the “What Networking Protocols Are Used?” section on |
|
||
|
|
|
page 1-3 |
|
||
|
|
|
See the “Understanding Phone Configuration Files” section on |
|
||
|
|
|
page 2-6 |
|
||
|
|
|
|
|||
|
Security and the phone startup process |
See the “Understanding the Phone Startup Process” section on |
|
|||
|
|
|
page 2-7 |
|
||
|
|
|
|
|||
|
Security and phone configuration files |
See the “Understanding Phone Configuration Files” section on |
|
|||
|
|
|
page 2-6 |
|
||
|
|
|
|
|||
|
Changing the TFTP Server 1 or TFTP Server 2 option on the |
See Table 4-2 in the “Network Configuration Menu” section |
|
|||
|
phone when security is implemented |
on page 4-5 |
|
|||
|
|
|
|
|||
|
Understanding security icons in the Unified CM 1 through |
See the “Unified CM Configuration” section on page 4-11 |
|
|||
|
Unified CM 5 options in the Device Configuration Menu on |
|
|
|
|
|
|
the phone |
|
|
|
|
|
|
|
|
|
|||
|
Items on the Security Configuration menu that you access |
See the “Security Configuration Menu” section on page 4-23 |
|
|||
|
from the Device Configuration menu on the phone |
|
|
|
|
|
|
|
|
|
|||
|
Items on the Security Configuration menu that you access |
See the “Security Configuration Menu” section on page 4-29 |
|
|||
|
from the Settings menu on the phone |
|
|
|
|
|
|
|
|
|
|||
|
Unlocking the CTL file |
See the “CTL File Menu” section on page 4-30 |
|
|||
|
|
|
|
|
|
|
|
|
Cisco Unified IP Phone 7970G/7971G-GE Administration Guide for Cisco Unified Communications Manager 7.0 |
|
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
OL-15299-01 |
|
|
|
1-9 |
|
|
|
|
|
|
Chapter 1 An Overview of the Cisco Unified IP Phone
Understanding Security Features for Cisco Unified IP Phones
Table 1-2 |
Cisco Unified IP Phone and Cisco Unified Communications Manager Security Topics (continued) |
|
|
|
|
Topic |
|
Reference |
|
|
|
Disabling access to web pages for a phone |
See the “Disabling and Enabling Web Page Access” section on |
|
|
|
page 8-3 |
|
|
|
Troubleshooting |
|
See the “Troubleshooting Cisco Unified IP Phone Security” |
|
|
section on page 9-8 |
|
|
Refer to Cisco Unified Communications Manager Security |
|
|
Guide, Troubleshooting chapter |
|
|
|
Deleting the CTL file from the phone |
See the “Resetting or Restoring the Cisco Unified IP Phone” |
|
|
|
section on page 9-13 |
|
|
|
Resetting or restoring the phone |
See the “Resetting or Restoring the Cisco Unified IP Phone” |
|
|
|
section on page 9-13 |
|
|
|
802.1X Authentication for Cisco Unified IP Phones |
See these sections: |
|
|
|
• “Supporting 802.1X Authentication on Cisco Unified IP |
|
|
Phones” section on page 1-16 |
|
|
• “802.1X Authentication and Status” section on page 4-31 |
|
|
• “Troubleshooting Cisco Unified IP Phone Security” |
|
|
section on page 9-8 |
|
|
|
Table 1-3 provides an overview of the security features that the Cisco Unified IP Phone 7970 Series supports. For more information about these features and about Cisco Unified Communications Manager and Cisco Unified IP Phone security, refer to Cisco Unified Communications Manager Security Guide.
For information about current security settings on a phone, look at the Security Configuration menus on the phone (choose Settings > Security Configuration and choose Settings > Device Configuration > Security Configuration). For more information, see Chapter 4, “Configuring Settings on the Cisco Unified IP Phone.”
Note Most security features are available only if a certificate trust list (CTL) is installed on the phone. For more information about the CTL, refer to “Configuring the Cisco CTL Client” chapter in the Cisco Unified Communications Manager Security Guide.
|
Cisco Unified IP Phone 7970G/7971G-GE Administration Guide for Cisco Unified Communications Manager 7.0 |
1-10 |
OL-15299-01 |
Chapter 1 An Overview of the Cisco Unified IP Phone
Understanding Security Features for Cisco Unified IP Phones
Table 1-3 |
Overview of Security Features |
||
|
|
|
|
Feature |
|
Description |
|
|
|
||
Image authentication |
Signed binary files (with the extension .sbn) prevent tampering with the firmware |
||
|
|
image before it is loaded on a phone. Tampering with the image causes a phone to |
|
|
|
fail the authentication process and reject the new image. |
|
|
|
||
Customer-site certificate installation |
Each Cisco Unified IP Phone requires a unique certificate for device |
||
|
|
authentication. Phones include a manufacturing installed certificate (MIC), but for |
|
|
|
additional security, you can specify in Cisco Unified Communications Manager |
|
|
|
Administration that a certificate be installed by using the CAPF (Certificate |
|
|
|
Authority Proxy Function). Alternatively, you can install an LSC from the Security |
|
|
|
Configuration menu on the phone. See the “Configuring Security on the Cisco |
|
|
|
Unified IP Phone” section on page 3-12 for more information. |
|
|
|
||
Device authentication |
Occurs between the Cisco Unified Communications Manager server and the phone |
||
|
|
when each entity accepts the certificate of the other entity. Determines whether a |
|
|
|
secure connection between the phone and a Cisco Unified Communications |
|
|
|
Manager should occur, and, if necessary, creates a secure signaling path between |
|
|
|
the entities using TLS protocol. Cisco Unified Communications Manager does not |
|
|
|
register phones unless they can be authenticated by the |
|
|
|
Cisco Unified Communications Manager. |
|
|
|
||
File authentication |
Validates digitally signed files that the phone downloads. The phone validates the |
||
|
|
signature to make sure that file tampering did not occur after the file creation. Files |
|
|
|
that fail authentication are not written to Flash memory on the phone. The phone |
|
|
|
rejects such files without further processing. |
|
|
|
||
Signaling Authentication |
Uses the TLS protocol to validate that no tampering has occurred to signaling |
||
|
|
packets during transmission. |
|
|
|
||
Manufacturing installed certificate |
Each Cisco Unified IP Phone contains a unique manufacturing installed certificate |
||
|
|
(MIC), which is used for device authentication. The MIC is a permanent unique |
|
|
|
proof of identity for the phone, and allows Cisco Unified Communications |
|
|
|
Manager to authenticate the phone. |
|
|
|
||
Secure SRST reference |
After you configure a SRST reference for security and then reset the dependent |
||
(SCCP phones only) |
devices in Cisco Unified Communications Manager Administration, the TFTP |
||
server adds the SRST certificate to the phone cnf.xml file and sends the file to the |
|||
|
|
||
|
|
phone. A secure phone then uses a TLS connection to interact with the |
|
|
|
SRST-enabled router. |
|
|
|
||
Media encryption |
Uses SRTP to ensure that the media streams between supported devices proves |
||
|
|
secure and that only the intended device receives and reads the data. Includes |
|
|
|
creating a media master key pair for the devices, delivering the keys to the devices, |
|
|
|
and securing the delivery of the keys while the keys are in transport. |
|
|
|
||
Signaling encryption |
Ensures that all SCCP signaling messages that are sent between the device and the |
||
(SCCP phones only) |
Cisco Unified Communications Manager server are encrypted. |
||
|
|||
|
|
||
CAPF (Certificate Authority Proxy |
Implements parts of the certificate generation procedure that are too |
||
Function) |
|
processing-intensive for the phone, and it interacts with the phone for key |
|
|
|
generation and certificate installation. The CAPF can be configured to request |
|
|
|
certificates from customer-specified certificate authorities on behalf of the phone, |
|
|
|
or it can be configured to generate certificates locally. |
|
|
|
|
|
|
Cisco Unified IP Phone 7970G/7971G-GE Administration Guide for Cisco Unified Communications Manager 7.0 |
|
|
|
|
|
|
|||
|
OL-15299-01 |
|
|
1-11 |
|
|
|
|
|
Chapter 1 An Overview of the Cisco Unified IP Phone
Understanding Security Features for Cisco Unified IP Phones
Table 1-3 |
Overview of Security Features (continued) |
|
|
|
|
Feature |
|
Description |
|
|
|
Security profiles |
|
Defines whether the phone is nonsecure, authenticated, encrypted, or protected. |
|
|
See the “Understanding Security Profiles” section on page 1-12 for more |
|
|
information. |
|
|
|
Encrypted configuration files |
Lets you ensure the privacy of phone configuration files. |
|
|
|
|
Optional disabling of the web server |
You can prevent access to a phone’s web page, which displays a variety of |
|
functionality for a phone |
operational statistics for the phone. |
|
|
|
|
Phone hardening |
Additional security options, which you control from |
|
|
|
Cisco Unified Communications Manager Administration: |
|
|
• Disabling PC port |
|
|
• Disabling Gratuitous ARP (GARP) |
|
|
• Disabling PC Voice VLAN access |
|
|
• Disabling access to the Setting menus, or providing restricted access that |
|
|
allows access to the User Preferences menu and saving volume changes only |
|
|
• Disabling access to web pages for a phone. |
|
|
Note You can view current settings for the PC Port Disabled, GARP Enabled, |
|
|
and Voice VLAN enabled options by looking at the phone’s Security |
|
|
Configuration menu. For more information, see the “Device Configuration |
|
|
Menu” section on page 4-10. |
|
|
|
802.1X Authentication |
The Cisco Unified IP Phone can use 802.1X authentication to request and gain |
|
|
|
access to the network. See the “Supporting 802.1X Authentication on Cisco |
|
|
Unified IP Phones” section on page 1-16 for more information. |
|
|
|
Related Topics
•Understanding Security Profiles, page 1-12
•Identifying Authenticated, Encrypted, and Protected Phone Calls, page 1-13
•Establishing and Identifying Secure Conference Calls, page 1-14
•Device Configuration Menu, page 4-10
•Supporting 802.1X Authentication on Cisco Unified IP Phones, page 1-16
•Security Restrictions, page 1-17
Cisco Unified IP Phones that support Cisco Unified Communications Manager 7.0 or later use a security profile, which defines whether the phone is nonsecure, authenticated, or encrypted. For information about configuring the security profile and applying the profile to the phone, refer to Cisco Unified Communications Manager Security Guide.
To view the security mode that is set for the phone, look at the Security Mode setting in the Security Configuration menu. For more information, see the “Security Configuration Menu” section on
page 4-23.
|
Cisco Unified IP Phone 7970G/7971G-GE Administration Guide for Cisco Unified Communications Manager 7.0 |
1-12 |
OL-15299-01 |
Chapter 1 An Overview of the Cisco Unified IP Phone
Understanding Security Features for Cisco Unified IP Phones
Related Topics
•Identifying Authenticated, Encrypted, and Protected Phone Calls, page 1-13
•Device Configuration Menu, page 4-10
•Security Restrictions, page 1-17
When security is implemented for a phone, you can identify authenticated or encrypted phone calls by icons on the screen that is on the phone.You can also determine if the connected phone is secure and protected if a security tone plays at the beginning of the call.
In an authenticated call, all devices participating in the establishment of the call are authenticated by Cisco Unified Communications Manager. When a call in progress is authenticated, the call progress icon to the right of the call duration timer in the phone screen changes to this icon:
In an encrypted call, all devices participating in the establishment of the call are authenticated by the Cisco Unified Communications Manager. In addition, call signaling and media streams are encrypted. An encrypted call offers a high level of security, providing integrity and privacy to the call. When a call in progress is being encrypted, the call progress icon to the right of the call duration timer in the phone screen changes to this icon:
Note If the call is routed through non-IP call legs, for example, PSTN, the call may be nonsecure even though it is encrypted within the IP network and has a lock icon associated with it.
In a protected call, a security tone plays at the beginning of a call to indicate that the other connected phone is also receiving and transmitting encrypted audio. If your call is connected to a non-protected phone, the security tone does not play.
Note Protected calling is supported for connections between two phones only. Some features, such as conference calling, shared lines, Extension Mobility, and Join Across Lines are not available when protected calling is configured. Protected calls are not authenticated.
Related Topic
•Understanding Security Features for Cisco Unified IP Phones, page 1-8
•Understanding Security Profiles, page 1-12
•Security Restrictions, page 1-17
|
|
Cisco Unified IP Phone 7970G/7971G-GE Administration Guide for Cisco Unified Communications Manager 7.0 |
|
|
|
|
|
|
|||
|
OL-15299-01 |
|
|
1-13 |
|
|
|
|
|
Chapter 1 An Overview of the Cisco Unified IP Phone
Understanding Security Features for Cisco Unified IP Phones
You can initiate a secure conference call and monitor the security level of participants. A secure conference call is established using this process:
1.A user initiates the conference from a secure phone (encrypted or authenticated security mode).
2.Cisco Unified Communications Manager assigns a secure conference bridge to the call.
3.As participants are added, Cisco Unified Communications Manager verifies the security mode of each phone (encrypted or authenticated) and maintains the secure level for the conference.
4.The phone displays the security level of the conference call. A secure conference displays (encrypted) or (authenticated) icon to the right of “Conference” on the phone screen. If icon displays, the conference is not secure.
Note There are interactions, restrictions, and limitations that affect the security level of the conference call depending on the security mode of the participant’s phones and the availability of secure conference bridges. See Table 1-4 and Table 1-5 for information about these interactions.
A protected call is established when your phone, and the phone on the other end, is configured for protected calling. The other phone can be in the same Cisco Unified IP network, or on a network outside the IP network. Protected calls can only be made between two phones. Conference calls and other multiple-line calls are not supported.
A protected call is established using this process:
1.A user initiates the call from a protected phone (protected security mode).
2.The phone displays the icon (encrypted) on the phone screen. This icon indicates that the phone is configured for secure (encrypted) calls, but this does not mean that the other connected phone is also protected.
3.A security tone plays if the call is connected to another protected phone, indicating that both ends of the conversation are encrypted and protected. If the call is connected to a non-protected phone, then the secure tone is not played.
Note Protected calling is supported for conversations between two phones. Some features, such as conference calling, shared lines, Extension Mobility, and Join Across Lines are not available when protected calling is configured.
|
Cisco Unified IP Phone 7970G/7971G-GE Administration Guide for Cisco Unified Communications Manager 7.0 |
1-14 |
OL-15299-01 |
Chapter 1 An Overview of the Cisco Unified IP Phone
Understanding Security Features for Cisco Unified IP Phones
Cisco Unified Communications Manager checks the phone security status when conferences are established and changes the security indication for the conference or blocks the completion of the call to maintain integrity and also security in the system. Table 1-4 provides information about changes to call security levels when using Barge.
Table 1-4 |
Call Security Interactions When Using Barge |
|
||
|
|
|
|
|
Initiator’s Phone |
|
|
|
|
Security Level |
|
Feature Used |
Call Security Level |
Results of Action |
|
|
|
|
|
Non-secure |
|
Barge |
Encrypted call |
Call barged and identified as non-secure call |
|
|
|
|
|
Secure (encrypted) |
Barge |
Authenticated call |
Call barged and identified as authenticated call |
|
|
|
|
|
|
Secure (authenticated) |
Barge |
Encrypted call |
Call barged and identified as authenticated call |
|
|
|
|
|
|
Non-secure |
|
Barge |
Authenticated call |
Call barged and identified as non-secure call |
|
|
|
|
|
Table 1-5 provides information about changes to conference security levels depending on the initiator’s phone security level, the security levels of participants, and the availability of secure conference bridges.
Table 1-5 |
Security Restrictions with Conference Calls |
|
|
|
|
|||
|
|
|
|
|
|
|
|
|
|
Initiator’s Phone |
|
|
|
|
|
|
|
|
Security Level |
|
Feature Used |
Security Level of Participants |
Results of Action |
|||
|
|
|
|
|
|
|||
|
Non-secure |
|
Conference |
Encrypted or authenticated |
Non-secure conference bridge |
|||
|
|
|
|
|
Non-secure conference |
|||
|
|
|
|
|
||||
|
Secure (encrypted or |
Conference |
At least one member is |
Secure conference bridge |
||||
|
authenticated) |
|
|
non-secure |
Non-secure conference |
|||
|
|
|
|
|
||||
|
|
|
|
|
||||
|
Secure (encrypted) |
Conference |
All participants are encrypted |
Secure conference bridge |
||||
|
|
|
|
|
Secure encrypted level conference |
|||
|
|
|
|
|
||||
|
Secure (authenticated) |
Conference |
All participants are encrypted or |
Secure conference bridge |
||||
|
|
|
|
authenticated |
Secure authenticated level conference |
|||
|
|
|
|
|
||||
|
|
|
|
|
|
|||
|
Non-secure |
|
Conference |
Encrypted or authenticated |
Only secure conference bridge is available |
|||
|
|
|
|
|
and used |
|||
|
|
|
|
|
Non-secure conference |
|||
|
|
|
|
|
||||
|
Secure (encrypted or |
Conference |
Encrypted or authenticated |
Only non-secure conference bridge is |
||||
|
authenticated) |
|
|
|
available and used |
|||
|
|
|
|
|
Non-secure conference |
|||
|
|
|
|
|
||||
|
Secure (encrypted or |
Conference |
Encrypted or secure |
Conference remains secure. When one |
||||
|
authenticated) |
|
|
|
participant tries to hold the call with MOH, |
|||
|
|
|
|
|
the MOH does not play. |
|||
|
|
|
|
|
||||
|
Secure (encrypted) |
Join |
Encrypted or authenticated |
Secure conference bridge |
||||
|
|
|
|
|
Conference remains secure (encrypted or |
|||
|
|
|
|
|
authenticated) |
|||
|
|
|
|
|
|
|
|
|
|
|
|
Cisco Unified IP Phone 7970G/7971G-GE Administration Guide for Cisco Unified Communications Manager 7.0 |
|
|
|||
|
|
|
|
|||||
|
|
|
|
|
|
|
|
|
|
OL-15299-01 |
|
|
|
|
|
1-15 |
|
|
|
|
|
|
|
|
Chapter 1 An Overview of the Cisco Unified IP Phone
Understanding Security Features for Cisco Unified IP Phones
Table 1-5 |
Security Restrictions with Conference Calls (continued) |
|
||
|
|
|
|
|
Initiator’s Phone |
|
|
|
|
Security Level |
|
Feature Used |
Security Level of Participants |
Results of Action |
|
|
|
|
|
Non-secure |
|
cBarge |
All participants are encrypted |
Secure conference bridge |
|
|
|
|
Conference changes to non-secure |
|
|
|
|
|
Non-secure |
|
MeetMe |
Minimum security level is |
Initiator receives message “Does not meet |
|
|
|
encrypted |
Security Level”, call rejected. |
|
|
|
|
|
Secure (encrypted) |
MeetMe |
Minimum security level is |
Secure conference bridge |
|
|
|
|
authenticated |
Conference accepts encrypted and |
|
|
|
|
|
|
|
|
|
authenticated calls |
|
|
|
|
|
Secure (encrypted) |
MeetMe |
Minimum security level is |
Only secure conference bridge available and |
|
|
|
|
non-secure |
used |
|
|
|
|
Conference accepts all calls |
|
|
|
|
|
These sections provide information about 802.1X support on the Cisco Unified IP Phones:
•Overview, page 1-16
•Required Network Components, page 1-16
•Best Practices—Requirements and Recommendations, page 1-17
Cisco Unified IP phones and Cisco Catalyst switches have traditionally used Cisco Discovery Protocol (CDP) to identify each other and to determine parameters such as VLAN allocation and inline power requirements. However, CDP is not used to identify any locally attached PCs. Therefore, Cisco Unified IP Phones provide an EAPOL pass-through mechanism, whereby a PC locally attached to the IP phone may pass through EAPOL messages to the 802.1X authenticator in the LAN switch. This capability prevents the IP phone from having to act as the authenticator, yet allows the LAN switch to authenticate a data end point prior to accessing the network.
In conjunction with the EAPOL pass-through mechanism, Cisco Unified IP Phones provide a proxy EAPOL-Logoff mechanism. If the locally attached PC is disconnected from the IP phone, the LAN switch would not see the physical link fail, because the link between the LAN switch and the IP phone is maintained. To avoid compromising network integrity, the IP phone sends an EAPOL-Logoff message to the switch on behalf of the downstream PC, which triggers the LAN switch to clear the authentication entry for the downstream PC.
The Cisco Unified IP phones contain an 802.1X supplicant in addition to the EAPOL pass-through mechanism. This supplicant allows network administrators to control the connectivity of IP phones to the LAN switch ports. The IP phone 802.1X supplicant implements the EAP-MD5 option for 802.1X authentication.
Support for 802.1X authentication on Cisco Unified IP Phones requires several components, including:
|
Cisco Unified IP Phone 7970G/7971G-GE Administration Guide for Cisco Unified Communications Manager 7.0 |
1-16 |
OL-15299-01 |