Cisco Communications Manager 8.6 User Manual

Cisco Unified IP Phone Administration Guide for Cisco Unified Communications Manager 8.6 (SCCP and SIP)

For Cisco Unified IP Phones 7962G, 7942G, 7961G, 7961G-GE, 7941G, and 7941G-GE

Americas Headquarters

Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000

800 553-NETS (6387)

Fax: 408 527-0883

Text Part Number: OL-23091-01

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The following information is for FCC compliance of Class A devices: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio-frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case users will be required to correct the interference at their own expense.

The following information is for FCC compliance of Class B devices: The equipment described in this manual generates and may radiate radio-frequency energy. If it is not installed in accordance with Cisco’s installation instructions, it may cause interference with radio and television reception. This equipment has been tested and found to comply with the limits for a Class B digital device in accordance with the specifications in part 15 of the FCC rules. These specifications are designed to provide reasonable protection against such interference in a residential installation. However, there is no guarantee that interference will not occur in a particular installation.

Modifying the equipment without Cisco’s written authorization may result in the equipment no longer complying with FCC requirements for Class A or Class B digital devices. In that event, your right to use the equipment may be limited by FCC regulations, and you may be required to correct any interference to radio or television communications at your own expense.

You can determine whether your equipment is causing interference by turning it off. If the interference stops, it was probably caused by the Cisco equipment or one of its peripheral devices. If the equipment causes interference to radio or television reception, try to correct the interference by using one or more of the following measures:

• Turn the television or radio antenna until the interference stops.

• Move the equipment to one side or the other of the television or radio.

• Move the equipment farther away from the television or radio.

• Plug the equipment into an outlet that is on a different circuit from the television or radio. (That is, make certain the equipment and the television or radio are on circuits controlled by different circuit breakers or fuses.)

Modifications to this product not authorized by Cisco Systems, Inc. could void the FCC approval and negate your authority to operate the product.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at

www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership

relationship between Cisco and any other company. (1005R)

Cisco Unified IP Phone Administration Guide for Cisco Unified Communications Manager 8.6 (SCCP and SIP)

IMPLIED, INCLUDING, WITHOUT

The Java logo is a trademark or registered trademark of Sun Microsystems, Inc. in the U.S. or other countries.



Preface xi

Overview xi

Audience xi

Organization xi

Overview

Audience

Preface

Cisco Unified IP Phone Administration Guide for Cisco Unified Communications Manager 8.6 (SCCP and SIP) provides the information you need to understand, install, configure, manage, and troubleshoot

the phones on a Voice-over-IP (VoIP) network.

Because of the complexity of an IP telephony network, this guide does not provide complete and detailed information for procedures that you need to perform in Cisco Unified Communications Manager or other network devices. See

Network engineers, system administrators, or telecom engineers should review this guide to learn the steps required to properly set up the Cisco Unified

The tasks described are administration-level tasks and are not intended for end users of the phones. Many of the tasks involve configuring network settings and affect the phone’s ability to function in the network.

Related Documentation, page xii for a list of related documentation.

IP Phones on the network.

Because of the close interaction between the Cisco Unified IP Phones and Cisco Unified Communications Manager, many of the tasks in this manual require familiarity with Cisco Unified Communications Manager.

Organization

This manual is organized as follows:

Chapter Description

Chapter 1, An Overview of the Cisco Unified IP Phones

Chapter 2, Preparing to Install the Cisco Unified IP Phones on Your Network

Chapter 3, Setting Up the Cisco Unified IP Phones Describes how to properly and safely install and configure the Cisco

Cisco Unified IP Phone Administration Guide for Cisco Unified Communications Manager 8.6 (SCCP and SIP)

OL-23091-01

Provides a conceptual overview and description of the Cisco Unified

Describes how the Cisco Unified IP Phones interact with other key IP telephony components, and provides an overview of the tasks required prior to installation.

Unified

IP Phones.

IP Phones on your network.

Preface

Chapter 4, Configuring Settings on the Cisco Unified IP Phones

Chapter 5, Configuring Features, Templates, Services, and Users

Chapter 6, Customizing the Cisco Unified IP Phones Explains how to customize phone ring sounds, background images,

Chapter 7, Monitoring the Cisco Unified IP Phones Remotely

Chapter 8, Viewing Model Information, Status, and Statistics on the Cisco Unified IP Phones

Chapter 9, Troubleshooting and Maintenance Provides tips for troubleshooting the Cisco Unified IP Phone and the

Appendix A, Providing Information to Users Via a Website

Appendix B, Feature Support by Protocol for Cisco Unified IP Phone

Appendix C, Supporting International Users Provides information about setting up phones in non-English

Appendix D, Technical Specifications Provides technical specifications of the Cisco Unified IP Phones.

Appendix E, Basic Phone Administration Steps Provides procedures for basic administration tasks such as adding a

Describes how to configure network settings, verify status, and make global changes to the Cisco Unified

Provides an overview of procedures for configuring telephony features, configuring directories, configuring phone button and softkey templates, setting up services, and adding users to Cisco Unified

and the phone idle display at your site.

Describes the information that you can obtain from the phone’s web page to remotely monitor the operation of a phone and to assist with troubleshooting.

Explains how to view model information, status messages, network statistics, and firmware information from the Unified

Cisco Unified IP Phones Expansion Modules.

Provides suggestions for setting up a website for providing users with important information about their Cisco Unified IP Phones.

Provides information about feature support for the Cisco Unified IP Phones 7962G, 7942G, 7961G, 7961G-GE, 7941G, and 7941G-GE using the SCCP or SIP protocol with Cisco Unified Communications Manager Release.

environments.

user and phone to Cisco Unified Communications Manager and then associating the user to the phone.

Communications Manager.

IP Phones.

Cisco

Obtaining Documentation, Obtaining Support, and Security Guidelines

For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html.

Cisco Product Security Overview

This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately.

Further information regarding U.S. export regulations may be found at

http://www.access.gpo.gov/bis/ear/ear_data.html.

Document Conventions

This document uses the following conventions:

Table 1

Convention Description

boldface font Commands and keywords are in boldface.

italic font Arguments for which you supply values are in italics.

[ ] Elements in square brackets are optional.

{ x | y | z } Alternative keywords are grouped in braces and separated by vertical bars.

[ x | y | z ] Optional alternative keywords are grouped in brackets and separated by

string A nonquoted set of characters. Do not use quotation marks around the string

screen font Terminal sessions and information the system displays are in screen font.

boldface screen font Information you must enter is in boldface screen font.

italic screen font Arguments for which you supply values are in italic screen font.

^ The symbol ^ represents the key labeled Control—for example, the key

< > Nonprinting characters, such as passwords are in angle brackets.

vertical bars.

or the string will include the quotation marks.

combination ^D in a screen display means hold down the Control key while you press the D key.

OL-23091-01

Cisco Unified IP Phone Administration Guide for Cisco Unified Communications Manager 8.6 (SCCP and SIP)

xiii

Preface

Note Means reader take note. Notes contain helpful suggestions or references to material not covered in the

publication.

Caution Means reader be careful. In this situation, you might do something that could result in equipment

damage or loss of data.

Warning

Means danger. You are in a situation that could cause bodily injury. Before you work on any equipment, be aware of the hazards involved with electrical circuitry and be familiar with standard practices for preventing accidents.

xiv

Cisco Unified IP Phone Administration Guide for Cisco Unified Communications Manager 8.6 (SCCP and SIP)

OL-23091-01

CHAP T ER

An Overview of the Cisco Unified IP Phones

The Cisco Unified IP Phones 7962G, 7942G, 7961G, 7961G-GE (gigabit Ethernet version), 7941G, and 7941G-GE (gigabit Ethernet version) are full-feature telephones that provide voice communication over an Internet Protocol (IP) network. The gigabit Ethernet Cisco Unified IP Phones 7961G-GE and 7941G-GE deliver the latest technology and advancements in Gigabit Ethernet VoIP telephony. The Cisco

Unified IP Phones function much like a digital business phone, allowing you to place and receive phone calls and to access features such as mute, hold, transfer, speed dial, call forward, and more. In addition, because the phone is connected to your data network, it offers enhanced IP telephony features, including access to network information and services, and customizeable features and services. The phone also supports features that include file authentication, device authentication, signaling encryption, and media encryption.

Cisco Unified IP Phones, like other network devices, must be configured and managed. These phones encode G.711a, G.711µ, G.722, G.729a, G.729ab, and iLBC codecs and decode G.711a, G.711u, G.722, G.729, G729a, G729b, G729ab and iLBC codecs. These phones also support uncompressed wideband (16bits, 16kHz) audio.

This chapter includes the following topics:

• Understanding the Cisco Unified IP Phone 7962G and 7942G 7962G, 7942G, 7961G, 7961G-GE,

7941G, and 7941G-GE, page 1-2

• What Networking Protocols are Used?, page 1-5

• What Features are Supported on the Cisco Unified IP Phone 7962G and 7942G?, page 1-9

• Understanding Security Features for Cisco Unified IP Phones, page 1-11

• Reducing Power Consumption on the Phones, page 1-21

• Overview of Configuring and Installing Cisco Unified IP Phones, page 1-21

Caution Using a cell, mobile, or GSM phone, or two-way radio in close proximity to a Cisco Unified IP Phone

may cause interference. For more information, see the manufacturer’s documentation of the interfering device.

OL-23091-01

Cisco Unified IP Phone Administration Guide for Cisco Unified Communications Manager 8.6 (SCCP and SIP)

1-1

Chapter 1 An Overview of the Cisco Unified IP Phones

101112131415

Understanding the Cisco Unified IP Phone 7962G and 7942G 7962G, 7942G, 7961G, 7961G-GE, 7941G, and 7941G-GE

Figure 1-1 shows the main components of the Cisco Unified IP Phone 7962G.

Figure 1-2 shows the main components of the Cisco Unified IP Phone 7942G.

Figure 1-3 shows the main components of the Cisco Unified IP Phone 7961G and 7961G-GE.

Figure 1-4 shows the main components of the Cisco Unified IP Phone 7941G and 7941G-GE.

Figure 1-1 Cisco Unified IP Phone 7962G

1-2

Cisco Unified IP Phone Administration Guide for Cisco Unified Communications Manager 8.6 (SCCP and SIP)

OL-23091-01

Chapter 1 An Overview of the Cisco Unified IP Phones

Understanding the Cisco Unified IP Phone 7962G and 7942G 7962G, 7942G, 7961G, 7961G-GE, 7941G, and 7941G-GE

Figure 1-2 Cisco Unified IP Phone 7942G

101112131415

Figure 1-3 Cisco Unified IP Phone 7961G and 7961G-GE

187004

OL-23091-01

101112131415

Cisco Unified IP Phone Administration Guide for Cisco Unified Communications Manager 8.6 (SCCP and SIP)

186845

1-3

Chapter 1 An Overview of the Cisco Unified IP Phones

Understanding the Cisco Unified IP Phone 7962G and 7942G 7962G, 7942G, 7961G, 7961G-GE, 7941G, and 7941G-GE

Figure 1-4 Cisco Unified IP Phone 7941G and 7941G-GE

101112131415

186846

Table 1-1 describes the buttons on the Cisco Unified IP Phone 7962G and 7942G.

Ta b l e 1-1 Features on the Cisco Unified IP Phones 7962G, 7942G, 7961G, 7961G-GE, 7941G, and 7941 G-GE

1 Programmable buttons Depending on configuration, programmable buttons provide access to:

• Phone lines (line buttons)

• Speed-dial numbers (speed-dial buttons, including the BLF speed-dial feature)

• Web-based services (for example, a Personal Address Book [PAB] button)

• Phone features (for example, a Privacy button)

The buttons illuminate to indicate status:

Green, steady—Active call

Green, flashing—Held call

Amber, steady—Privacy in use

Amber, flashing—Incoming call

Red steady—Remote line in use (shared line, BLF status, or active Mobile Connect

call)

2 Phone screen Shows phone features.

3 Footstand button Allows you to adjust the angle of the phone base.

4 Messages button Dials your voice-message service automatically (varies by service).

5 Directories button Opens/closes the Directories menu. Use the button to access call logs and directories.

1-4

Cisco Unified IP Phone Administration Guide for Cisco Unified Communications Manager 8.6 (SCCP and SIP)

OL-23091-01

Chapter 1 An Overview of the Cisco Unified IP Phones

What Networking Protocols are Used?

6 Help button Activates the Help menu.

7 Settings button Opens/closes the Settings menu. Use the button to control phone screen contrast and ring

sounds.

8 Services button Opens/closes the Services menu.

9 Volume button Controls the handset, headset, and speakerphone volume (off-hook) and the ringer volume

(on-hook).

10 Speaker button Toggles the speakerphone on or off. When the speakerphone is on, the button is lit.

11 Mute button Toggles the Mute feature on or off. When Mute is on, the button is lit.

12 Headset button Toggles the headset on or off. When the headset is on, the button is lit.

13 Navigation button Allows you to scroll through menus and highlight items. When the phone is on-hook, displays

phone numbers from your Placed Calls log.

14 Keypad Allows you to dial phone numbers, enter letters, and choose menu items.

15 Softkey buttons Each activates a softkey option (displayed on your phone screen).

16 Handset light strip Indicates an incoming call or new voice message.

What Networking Protocols are Used?

Cisco Unified IP Phones support several industry-standard and Cisco networking protocols required for voice communication. IP Phones support.

Ta b l e 1-2 Supported Networking Protocols on the Cisco Unified IP Phones

Networking Protocol Purpose Usage Notes

Bootstrap Protocol (BootP)

BootP enables a network device such as the Cisco Unified IP Phones to discover certain startup information, such as its IP address.

Table 1-2 provides an overview of the networking protocols that the Cisco Unified

If you use BootP to assign IP addresses to the Cisco Unified shows “Yes” in the network configuration settings on the phone.

IP Phones, the BOOTP Server option

OL-23091-01

Cisco Unified IP Phone Administration Guide for Cisco Unified Communications Manager 8.6 (SCCP and SIP)

1-5

Chapter 1 An Overview of the Cisco Unified IP Phones

What Networking Protocols are Used?

Table 1-2 Supported Networking Protocols on the Cisco Unified IP Phones (continued)

Networking Protocol Purpose Usage Notes

Cisco Discovery Protocol (CDP)

CDP is a device-discovery protocol that runs on all Cisco-manufactured equipment.

Using CDP, a device advertises its existence to other devices and receives

The Cisco Unified IP Phones use CDP to communicate information such as auxiliary VLAN ID, per port power management details, and Quality of Service (QoS) configuration information with the Cisco Catalyst switch.

information about other devices in the network.

Cisco Peer-to-Peer Distribution Protocol (CPPDP)

CPPDP is a Cisco proprietary protocol used to form a peer-to-peer hierarchy of devices. CPPDP is also used to copy

CPPDP is used by the Peer Firmware Sharing feature.

firmware or other files from peer devices to neighboring devices.

Dynamic Host Configuration Protocol (DHCP)

DHCP dynamically allocates and assigns an IP address to network devices.

DHCP enables you to connect an IP Phone into the network and have the phone become operational without your needing to manually assign an IP address or to configure additional network parameters.

DHCP is enabled by default. If disabled, you must manually configure the IP address, subnet mask, gateway, and a TFTP server on each phone locally.

Cisco recommends that you use DHCP custom option 150. With this method, you configure the TFTP server IP address as the option value. For additional supported DHCP configurations, see

Dynamic Host Configuration Protocol and Cisco TFTP in the Cisco Unified Communications

Manager System Guide.

Hypertext Transfer Protocol (HTTP)

HTTP is the standard way of transferring information and moving documents across the Internet and the web.

Cisco Unified IP Phones use HTTP for the XML services and for troubleshooting purposes.

Cisco Unified IP Phones do not support the use of IPv6 addresses in the URL. You cannot use a literal IPv6 address in the URL or a hostname that maps to an IPv6 address.

Hypertext Transfer Protocol Secure (HTTPS)

Hypertext Transfer Protocol Secure (HTTPS) is a combination of the Hypertext Transfer Protocol with the SSL/TLS protocol to provide encryption

Web applications with both HTTP and HTTPS support have two URLs configured. Cisco Unified IP Phones that support HTTPS choose the HTTPS URL out of the two URLs.

and secure identification of servers.

IEEE 802.1X The IEEE 802.1X standard defines a

client-server-based access control and authentication protocol that restricts unauthorized clients from connecting to a LAN through publicly accessible ports.

Until the client is authenticated, 802.1X access control allows only Extensible Authentication Protocol over LAN (EAPOL) traffic through the port to which

The Cisco Unified IP Phones implement the IEEE

802.1X standard by providing support for the following authentication methods: EAP-FAST, EAP-TLS, and EAP-MD5.

When 802.1X authentication is enabled on the phone, you should disable the PC port and voice VLAN. See

Supporting 802.1X Authentication on Cisco Unified IP Phones, page 1-19 for additional

information.

the client is connected. After authentication is successful, normal traffic can pass through the port.

1-6

Cisco Unified IP Phone Administration Guide for Cisco Unified Communications Manager 8.6 (SCCP and SIP)

OL-23091-01

Chapter 1 An Overview of the Cisco Unified IP Phones

What Networking Protocols are Used?

Table 1-2 Supported Networking Protocols on the Cisco Unified IP Phones (continued)

Networking Protocol Purpose Usage Notes

Internet Protocol (IP) IP is a messaging protocol that addresses

and sends packets across the network.

To communicate using IP, network devices must have an assigned IP address, subnet, and gateway.

IP addresses, subnets, and gateway identifications are automatically assigned if you are using the Cisco Unified

IP Phones with Dynamic Host Configuration Protocol (DHCP). If you are not using DHCP, you must manually assign these properties to each phone locally. The Cisco Unified IP Phones support concurrent IPv4 and IPv6 addresses. Configure the IP addressing mode (IPv4 only, IPv6 only, and both IPv4 and IPv6) in Cisco Unified Communications Manager Administration. For more information, see

6 (IPv6) in the Cisco Unified Communications

Manager Features and Services Guide.

Link Layer Discovery Protocol (LLDP)

LLDP is a standardized network discovery protocol (similar to CDP) that some Cisco

The Cisco Unified IP Phones support LLDP on the PC port.

and third-party devices support.

Link Layer Discovery Protocol-Media Endpoint Devices (LLDP-MED)

LLDP-MED is an extension of the LLDP standard developed for voice products.

The Cisco Unified IP Phones support LLDP-MED on the SW port to communicate information such as:

• Voice VLAN configuration

• Device discovery

Internet Protocol Version

Real-Time Transport Protocol (RTP)

Real-Time Control Protocol (RTCP)

Session Description Protocol (SDP)

RTP is a standard protocol for transporting real-time data, such as interactive voice and video, over data networks.

RTCP works in conjunction with RTP to provide Quality of Service (QoS) data (such as jitter, latency, and round trip delay) on RTP streams.

SDP is the portion of the SIP protocol that determines which parameters are available during a connection between two endpoints. Conferences are established by using only the SDP capabilities that are supported by all endpoints in the conference.

• Power management

• Inventory management

For more information about LLDP-MED support, see the LLDP-MED and Cisco Discovery Protocol white paper:

http://www.cisco.com/en/US/tech/tk652/tk701/tech nologies_white_paper0900aecd804cd46d.shtml

Cisco Unified IP Phones use the RTP protocol to send and receive real-time voice traffic from other phones and gateways.

RTCP is disabled by default, but you can enable it on a per phone basis by using Cisco

Unified Communications Manager. For more information, see

Network Configuration Menu, page 4-34.

SDP capabilities, such as codec types, DTMF detection, and comfort noise, are normally configured on a global basis by Cisco Unified Communications Manager or Media Gateway in operation. Some SIP endpoints may allow these parameters to be configured on the endpoint itself.

OL-23091-01

Cisco Unified IP Phone Administration Guide for Cisco Unified Communications Manager 8.6 (SCCP and SIP)

1-7

Chapter 1 An Overview of the Cisco Unified IP Phones

What Networking Protocols are Used?

Table 1-2 Supported Networking Protocols on the Cisco Unified IP Phones (continued)

Networking Protocol Purpose Usage Notes

Session Initiation Protocol (SIP)

SIP is the Internet Engineering Task Force (IETF) standard for multimedia conferencing over IP. SIP is an ASCII-based application-layer control protocol (defined in RFC 3261) that can be used to establish, maintain, and terminate calls between two or more endpoints.

Like other VoIP protocols, SIP is designed to address the functions of signaling and session management within a packet telephony network. Signaling allows call information to be carried across network boundaries. Session management provides the ability to control the attributes of an end-to-end call.

You can configure the Cisco Unified IP Phones to use either SIP or Skinny Client Control Protocol (SCCP). Cisco Unified IP Phones do not support the SIP protocol when the phones are operating in IPv6 address mode.

Skinny Client Control Protocol (SCCP)

Transmission Control Protocol (TCP)

SCCP includes a messaging set that allows communications between call control servers and endpoint clients such as IP Phones. SCCP is proprietary to Cisco.

TCP is a connection-oriented transport protocol.

Cisco Unified IP Phones use SCCP for call control. You can configure the Cisco Unified use either SCCP or Session Initiation Protocol (SIP).

Cisco Unified IP Phones use TCP to connect to Cisco Unified Communications Manager and to access XML services.

Transport Layer Security (TLS)

TLS is a standard protocol for securing and authenticating communications.

When security is implemented, Cisco Unified

IP Phones use the TLS protocol when securely registering with Cisco Unified

Communications Manager.

For more information, see Cisco Unified

Communications Manager Security Guide.

Trivial File Transfer Protocol (TFTP)

TFTP allows you to transfer files over the network.

On the Cisco Unified IP Phones, TFTP enables you to obtain a configuration file specific to the phone type.

TFTP requires a TFTP server in your network, which can be automatically identified from the DHCP server. If you want a phone to use a TFTP server other than the one specified by the DHCP server, you must manually assign the IP address of the TFTP server by using the Network Configuration menu on the phone.

IP Phone to

User Datagram Protocol (UDP)

UDP is a connectionless messaging protocol for delivery of data packets.

IPv6 Support on Cisco Unified IP Phones

The Cisco Unified IP Phones uses the internet protocol to provide voice communication over the network. Because it uses a 32-bit address, Internet Protocol version 4 (IPv4) cannot meet the increased demands for unique IP addresses for all devices that can connect to the internet. Internet Protocol version

Cisco Unified IP Phone Administration Guide for Cisco Unified Communications Manager 8.6 (SCCP and SIP)

1-8

For more information, see Cisco TFTP in the Cisco Unified Communications Manager System Guide.

Cisco Unified IP Phones transmit and receive RTP streams, which utilize UDP.

OL-23091-01

Chapter 1 An Overview of the Cisco Unified IP Phones

6 (IPv6) is an updated version of the current Internet Protocol, IPv4. IPv6 uses a 128-bit address and provides end-to-end security capabilities, enhanced Quality of Service (QoS), and increased number of available IP addresses.

The Cisco Unified IP Phones support IPv4 only addressing mode, IPv6 only addressing mode, as well as an IPv4/IPv6 dual stack addressing mode. In IPv4, you can enter each octet of the IP address on the phone in dotted decimal notation; for example, 192.240.22.5. In IPv6, you can enter each octet of the IP address in hexadecimal notation with each octet separated by a colon; for example, 2005:db8:0:1:ef8:9876:ba72:dc9a. The phone truncates and removes leading zeros when it displays the IPv6 address.

Cisco Unified IP Phones support both IPv4 and an IPv6 address transparently, so users can handle all calls on the phone to which they are accustomed. Cisco Unified IP Phones with the Skinny Call Control Protocol (SCCP) support IPv6. Cisco Unified IP Phones with SIP do not support IPv6.

Cisco Unified IP Phones do not support URLs with IPv6 addresses in the URL. This affects all IP Phone Service URLs, including services, directories, messages, help, and any restricted web services that require the phone to use the HTTP protocol to validate the credentials with the Authentication URL. If you configure Cisco Unified IP Phone services for Cisco IP Phones, you must configure the phone and the servers that support the phone service with IPv4 addresses.

If you configure IPv6 Only as the IP Addressing Mode for phones that are running SIP, the Cisco TFTP service overrides the IP Addressing Mode configuration and uses IPv4 Only in the configuration file.

What Features are Supported on the Cisco Unified IP Phone 7962G and 7942G?

For more information on deploying IPv6 in your Cisco Unified Communications network, see Internet

Protocol Version 6 (IPv6) in Cisco Unified Communications Manager Features and Services Guide and

Deploying IPv6 in Unified Communications Networks with Cisco Unified Communications Manager.

Related Topics

• Understanding Interactions with Other Cisco Unified IP Telephony Products, page 2-1

• Understanding the Phone Startup Process, page 2-7

• Network Configuration Menu, page 4-5

What Features are Supported on the Cisco Unified

Phone 7962G and 7942G?

Cisco Unified IP Phones function much like a digital business phone, allowing you to place and receive phone calls. In addition to traditional telephony features, the Cisco Unified IP Phones include features that enable you to administer and monitor the phone as a network device.

This section includes the following topics:

• Feature Overview, page 1-10

• Configuring Telephony Features, page 1-10

• Configuring Network Parameters Using the Cisco Unified IP Phones, page 1-11

• Providing Users with Feature Information, page 1-11

OL-23091-01

Cisco Unified IP Phone Administration Guide for Cisco Unified Communications Manager 8.6 (SCCP and SIP)

1-9

What Features are Supported on the Cisco Unified IP Phone 7962G and 7942G?

Feature Overview

Cisco Unified IP Phones provide traditional telephony functionality, such as call forward, call transfer, redial, speed dial, conference call, and voice message system access. Cisco provide a variety of other features. For an overview of the telephony features that the Cisco

Unified IP Phones support and for tips on configuring them, see Telephony Features Available for

the Cisco Unified IP Phone, page 5-1.

With other network devices, you must configure Cisco Unified IP Phones to prepare them to access Cisco

Unified Communications Manager and the rest of the IP network. By using DHCP, you have fewer settings to configure on a phone, but if your network requires it, you can manually configure an IP address, TFTP server, subnet information, and so on. For instructions on configuring the network settings on the Cisco

Cisco Unified IP Phones can interact with other services and devices on your IP network to provide enhanced functionality. For example, you can integrate the Cisco Lightweight Directory Access Protocol 3 (LDAP3) standard directory to enable users to search for coworker contact information directly from their IP Phones. You can also use XML to enable users to access information such as weather, stocks, quote of the day, and other web-based information. For information about configuring such services, see

Setting Up Services, page 5-28.

Finally, because the Cisco Unified IP Phones are network devices, you can obtain detailed status information from it directly. This information can assist you with troubleshooting many problems users might encounter when using their Cisco Unified IP Phones. See

Statistics on the Cisco Unified IP Phones for more information.

Unified IP Phones, see Configuring Settings on the Cisco Unified IP Phones.

Chapter 1 An Overview of the Cisco Unified IP Phones

Unified IP Phones also

Unified IP Phones with the corporate

Configuring Corporate Directories, page 5-24 and

Viewing Model Information, Status, and

Related Topics

• Configuring Settings on the Cisco Unified IP Phones, page 4-1

• Configuring Features, Templates, Services, and Users, page 5-1

• Troubleshooting and Maintenance, page 9-1

Configuring Telephony Features

You can modify additional settings for the Cisco Unified IP Phones from Cisco Unified Communications Manager Administration. Use this web-based application to set up phone registration criteria and calling search spaces, to configure corporate directories and services, and to modify phone button templates, among other tasks. See

page 5-1 and the Cisco Unified Communications Manager documentation for additional information.

For more information about Cisco Unified Communications Manager Administration, see Cisco

Unified Communications Manager documentation, including Cisco Unified Communications Manager Administration Guide. You can also use the context-sensitive help available within the application for guidance.

You can access Cisco Unified Communications Manager documentation at this location:

http://www.cisco.com/en/US/products/sw/voicesw/ps556/tsd_products_support_series_home.html

You can access Cisco Unified Communications Manager Business Edition documentation at this location:

http://www.cisco.com/en/US/products/ps7273/tsd_products_support_series_home.html

Telephony Features Available for the Cisco Unified IP Phone,

1-10

Cisco Unified IP Phone Administration Guide for Cisco Unified Communications Manager 8.6 (SCCP and SIP)

OL-23091-01

Chapter 1 An Overview of the Cisco Unified IP Phones

Understanding Security Features for Cisco Unified IP Phones

Configuring Network Parameters Using the Cisco Unified IP Phones

You can configure parameters such as DHCP, TFTP, and IP settings on the phone itself. You can also obtain statistics about a current call or firmware versions on the phone.

For more information about configuring features and viewing statistics from the phone, see Configuring

Settings on the Cisco Unified IP Phones and Viewing Model Information, Status, and Statistics on the Cisco Unified IP Phones.

Providing Users with Feature Information

If you are a system administrator, you are likely the primary source of information for Cisco Unified IP Phone users in your network or company. To ensure that you distribute the most current feature and procedural information, familiarize yourself with Cisco visit the Cisco

http://www.cisco.com/en/US/products/hw/phones/ps379/tsd_products_support_series_home.html

Unified IP Phone web site:

Unified IP Phone documentation. Make sure to

From this site, you can view various user guides.

In addition to providing documentation, it is important to inform users of available Cisco Unified IP Phone features—including those specific to your company or network—and of how to access and customize those features, if appropriate.

For a summary of some of the key information that phone users need their system administrators to provide, see

Appendix A, Providing Information to Users Via a Website.

Understanding Security Features for Cisco Unified IP Phones

Implementing security in the Cisco Unified Communications Manager system prevents identity theft of the phone and Cisco call signaling and media stream tampering.

To alleviate these threats, the Cisco IP telephony network establishes and maintains authenticated and encrypted communication streams between a phone and the server, digitally signs files before they are transferred to a phone, and encrypts media streams and call signaling between Cisco

The Cisco Unified IP Phone 7962G and 7942G use the Phone security profile, which defines whether the device is nonsecure, authenticated, or encrypted. For information on applying the security profile to the phone, see Cisco Unified Communications Manager Security Guide.

If you configure security-related settings in Cisco Unified Communications Manager Administration, the phone configuration file contains sensitive information. To ensure the privacy of a configuration file, you must configure it for encryption. For detailed information, see

Configuration Files in Cisco Unified Communications Manager Security Guide.

Table 1-3 shows where you can find additional information about security in this and other documents.

Unified Communications Manager server, prevents data tampering, and prevents

Unified IP Phones.

Configuring Encrypted Phone

OL-23091-01

Cisco Unified IP Phone Administration Guide for Cisco Unified Communications Manager 8.6 (SCCP and SIP)

1-11

Understanding Security Features for Cisco Unified IP Phones

Chapter 1 An Overview of the Cisco Unified IP Phones

Ta b l e 1-3 Cisco Unified IP Phones and Cisco Unified Communications Manager Security

To p i c s



Topic Reference

Detailed explanation of security, including set up, configuration, and troubleshooting information for Cisco Unified Manager and Cisco Unified

Communications

IP Phones

Security features supported on the Cisco Unified IP Phones

See Troubleshooting Guide for Cisco Unified

Communications Manager

See Overview of Supported Security Features,

page 1-13

Restrictions regarding security features See Security Restrictions, page 1-21

Viewing a security profile name See Understanding Security Profiles, page 1-15

Identifying phone calls for which security is implemented

See Identifying Authenticated, Encrypted, and

Protected Phone Calls, page 1-15

TLS connection See these sections:

• What Networking Protocols are Used?, page 1-5

• Adding Phones to the Cisco Unified

Communications Manager Database, page 2-8

Security and the phone startup process See Understanding the Phone Startup Process,

page 2-7

Security and phone configuration files See Adding Phones to the Cisco Unified

Communications Manager Database, page 2-8

Changing the TFTP Server 1 or TFTP Server 2 option on the phone when security is

See Table 4-2, in Network Configuration Menu,

page 4-5

implemented.

Understanding security icons in the Unified

See Unified CM Configuration Menu, page 4-19 CM1 through Unified CM5 options in the Device Configuration Menu on the phone

Items on the Security Configuration menu that

See Security Configuration Menu, page 4-32 you access from the Device Configuration menu on the phone

Items on the Security Configuration menu that

See Security Configuration Menu, page 4-39 you access from the Settings menu on the phone

Unlocking the CTL and ITL files See Unlocking the CTL and ITL Files section on

page 4-41

Disabling access to a phone’s web pages See Disabling and Enabling Web Page Access,

page 7-3

Deleting the CTL file from the phone See Resetting or Restoring the Cisco

Unified IP Phones, page 9-13

Resetting or restoring the phone See Resetting or Restoring the Cisco

Unified IP Phones, page 9-13

1-12

Cisco Unified IP Phone Administration Guide for Cisco Unified Communications Manager 8.6 (SCCP and SIP)

OL-23091-01

Chapter 1 An Overview of the Cisco Unified IP Phones

Understanding Security Features for Cisco Unified IP Phones

Table 1-3 Cisco Unified IP Phones and Cisco Unified Communications Manager Security

Topics (continued)

Topic Reference

Cisco Extension Mobility HTTPS support See What Networking Protocols are Used?, page 1-5

802.1X Authentication for Cisco Unified IP Phones

Overview of Supported Security Features

Table 1-4 provides an overview of the security features that the Cisco Unified IP Phones support. For

more information about these features and about Cisco Unified Communications Manager and Cisco

Unified IP Phone security, see Cisco Unified Communications Manager Security Guide.

For information about current security settings on a phone, choose Settings > Security Configuration and choose Settings > Device Configuration > Security Configuration. For more information, see

Security Configuration Menu, page 4-32.



See these sections:

• Supporting 802.1X Authentication on Cisco

Unified IP Phones, page 1-19

• Security Configuration Menu, page 4-32

• Status Menu, page 8-2

• Troubleshooting Cisco Unified IP Phone

Security, page 9-9

Note Most security features are available only if a certificate trust list (CTL) is installed on the phone. For

more information about the CTL, see

Configuring the Cisco CTL Client in Cisco Unified

Communications Manager Security Guide.

Ta b l e 1-4 Overview of Security Features

Feature Description

Image authentication Signed binary files (with the extension .sbn) prevent tampering with the firmware image

before it is loaded on a phone. Tampering with the image causes a phone to fail the authentication process and reject the new image.

Customer-site certificate installation

Each Cisco Unified IP Phone requires a unique certificate for device authentication. Phones include a manufacturing installed certificate (MIC), but for additional security, you can specify in Cisco Unified

Communications Manager Administration that a certificate be installed by using the Certificate Authority Proxy Function (CAPF). Alternatively, you can install a Locally Significant Certificate (LSC) from the Security Configuration menu on the phone. See

Configuring Security on the Cisco Unified IP Phones, page 3-15 for more

information.

Device authentication Occurs between the Cisco Unified Communications Manager server and the phone when each

entity accepts the certificate of the other entity. Determines whether a secure connection between the phone and a Cisco Unified Communications Manager should occur, and if necessary, creates a secure signaling path between the entities by using TLS protocol. Cisco Unified Communications Manager will not register phones unless they can be authenticated by the Cisco Unified

Communications Manager.

OL-23091-01

Cisco Unified IP Phone Administration Guide for Cisco Unified Communications Manager 8.6 (SCCP and SIP)

1-13

Chapter 1 An Overview of the Cisco Unified IP Phones

Understanding Security Features for Cisco Unified IP Phones

Table 1-4 Overview of Security Features (continued)

Feature Description

File authentication Validates digitally signed files that the phone downloads. The phone validates the signature to

make sure that file tampering did not occur after file creation. Files that fail authentication are not written to Flash memory on the phone. The phone rejects such files without further processing.

Signaling Authentication Uses the TLS protocol to validate that no tampering has occurred to signaling packets during

transmission.

Manufacturing installed certificate

Each Cisco Unified IP Phone contains a unique manufacturing installed certificate (MIC), which is used for device authentication. The MIC is a permanent, unique proof of identity for the phone, and allows Cisco Unified Communications Manager to authenticate the phone.

Secure SRST reference After you configure an SRST reference for security and then reset the dependent devices in

Cisco Unified Communications Manager Administration, the TFTP server adds the SRST certificate to the phone cnf.xml file and sends the file to the phone. A secure phone then uses a TLS connection to interact with the SRST-enabled router.

Media encryption Uses SRTP to ensure that the media streams between supported devices proves secure and that

only the intended device receives and reads the data. Includes creating a media master key pair for the devices, delivering the keys to the devices, and securing the delivery of the keys while the keys are in transport.

Signaling encryption Ensures that all SCCP and SIP signaling messages that are sent between the device and the

Cisco Unified Communications Manager server are encrypted.

CAPF (Certificate Authority Proxy Function)

Implements parts of the certificate generation procedure that are too processing-intensive for the phone, and interacts with the phone for key generation and certificate installation. The CAPF can be configured to request certificates from customer-specified certificate authorities on behalf of the phone, or it can be configured to generate certificates locally.

Security profiles Defines whether the phone is nonsecure, authenticated, encrypted, or protected. See

Understanding Security Profiles, page 1-15 for more information.

Encrypted configuration

Lets you ensure the privacy of phone configuration files.

files

Optional disabling of the web server functionality for

You can prevent access to a phone’s web page, which displays a variety of operational statistics for the phone.

a phone

1-14

Cisco Unified IP Phone Administration Guide for Cisco Unified Communications Manager 8.6 (SCCP and SIP)

OL-23091-01

Chapter 1 An Overview of the Cisco Unified IP Phones

Understanding Security Features for Cisco Unified IP Phones

Table 1-4 Overview of Security Features (continued)

Feature Description

Phone hardening Additional security options, which you control from Cisco Unified Communications Manager

Administration:

• Disabling PC port

• Disabling Gratuitous ARP (GARP)

• Disabling PC Voice VLAN access

• Disabling access to the Setting menus, or providing restricted access that allows access to

the User Preferences menu and saving volume changes only

• Disabling access to web pages for a phone

Note You can view current settings for the PC Port Disabled, GARP Enabled, and Voice

VLAN enabled options by looking at the phone’s Security Configuration menu. For more information, see

Device Configuration Menu, page 4-18.

802.1X Authentication The Cisco Unified IP Phone can use 802.1X authentication to request and gain access to the network. See

Supporting 802.1X Authentication on Cisco Unified IP Phones, page 1-19 for

more information.

Related Topics

• Understanding Security Profiles, page 1-15

• Identifying Authenticated, Encrypted, and Protected Phone Calls, page 1-15

• Security Restrictions, page 1-21

• Device Configuration Menu, page 4-18

Understanding Security Profiles

All Cisco Unified IP Phones that support Cisco Unified Communications Manager use a security profile, which defines whether the phone is nonsecure, authenticated, or encrypted. For information about configuring the security profile and applying the profile to the phone, see Cisco Unified Communications Manager Security Guide.

To view the phone security mode, look at the Security Mode setting in the Security Configuration menu. For more information, see

Related Topics

• Identifying Authenticated, Encrypted, and Protected Phone Calls, page 1-15

• Security Restrictions, page 1-21

• Device Configuration Menu, page 4-18

Security Configuration Menu, page 4-32.

Identifying Authenticated, Encrypted, and Protected Phone Calls

When security is implemented for a phone, you can identify authenticated or encrypted phone calls by icons on the screen on the phone. You can also determine if the connected phone is secure and protected if a security tone plays at the beginning of the call.

Cisco Unified IP Phone Administration Guide for Cisco Unified Communications Manager 8.6 (SCCP and SIP)

OL-23091-01

1-15

Understanding Security Features for Cisco Unified IP Phones

In an authenticated call, all devices participating in the establishment of the call are trusted devices, and authenticated by Cisco

Unified Communications Manager. When an in-progress call is authenticated,

the call progress icon to the right of the call duration timer in the phone LCD screen changes to this icon:

In an encrypted call, all devices participating in the establishment of the call are trusted devices, and authenticated by Cisco

Unified Communications Manager. In addition, call signaling and media streams are encrypted. An encrypted call offers a high level of security, providing integrity and privacy to the call. When an in-progress call is being encrypted, the call progress icon to the right of the call duration timer in the phone LCD screen changes to this icon:

Note If the call is routed through non-IP call legs, for example, PSTN, the call may be nonsecure even though

it is encrypted within the IP network and has a lock icon associated with it.

In a protected call, a security tone plays at the beginning of a call to indicate that the other connected phone is also receiving and transmitting encrypted audio and video (if video is involved). If your call is connected to a non-protected phone, the security tone does not play.

Chapter 1 An Overview of the Cisco Unified IP Phones

Note Protected calling is supported for connections between two phones only. Some features, such as

conference calls, shared lines, Extension Mobility, and Join Across Lines are not available when protected calling is configured. Protected calls are not authenticated.

Establishing and Identifying Secure Conference Calls

You can initiate a secure conference call and monitor the security level of participants. A secure conference call is established using this process:

1. A user initiates the conference from a secure phone (encrypted or authenticated security mode).

2. Cisco Unified Communications Manager assigns a secure conference bridge to the call.

3. As participants are added, Cisco Unified Communications Manager verifies the security mode of

each phone (encrypted or authenticated) and maintains the secure level for the conference.

4. The phone displays the security level of the conference call. A secure conference displays

(encrypted) or ( authenticated) icon to the right of “Conference” on the phone screen. If icon

displays, the conference is not secure.

1-16

Note There are interactions, restrictions, and limitations that affect the security level of the conference call

depending on the security mode of the participants' phones and the availability of secure conference bridges. See Tabl e 1-5 and Tab l e 1-6 for information about these interactions.

Cisco Unified IP Phone Administration Guide for Cisco Unified Communications Manager 8.6 (SCCP and SIP)

OL-23091-01

+ 222 hidden pages

Cisco Communications Manager 8.6 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

CONTENTS

Overview

Audience

Preface

Organization

Related Documentation

Obtaining Documentation, Obtaining Support, and Security Guidelines

Cisco Product Security Overview

Document Conventions

An Overview of the Cisco Unified IP Phones

Understanding the Cisco Unified IP Phone 7962G and 7942G 7962G, 7942G, 7961G, 7961G-GE, 7941G, and 7941G-GE

What Networking Protocols are Used?

IPv6 Support on Cisco Unified IP Phones

What Features are Supported on the Cisco Unified IP Phone 7962G and 7942G?

Feature Overview

Configuring Telephony Features

Understanding Security Features for Cisco Unified IP Phones

Configuring Network Parameters Using the Cisco Unified IP Phones

Providing Users with Feature Information

Overview of Supported Security Features

Understanding Security Profiles

Identifying Authenticated, Encrypted, and Protected Phone Calls

Establishing and Identifying Secure Conference Calls