Cisco Cius Administration Guide, Release 9.2(3)
Overview of Cisco Cius
Downloads: This chapterpdf (PDF - 907.0KB) The complete bookPDF (PDF - 3.59MB) | Feedback

Overview of Cisco Cius

Contents

Overview of Cisco Cius

Cisco Cius is a mobile collaboration device built for business. It is designed to help organizations capitalize on the value of mobility by enabling anywhere, anytime access to important business applications and features.

Cisco Cius includes the following features:

  • Campus mobility with a choice of wired Gigabit Ethernet connectivity through handset media station or IEEE 802.11 a/b/g/n Wi-Fi connectivity
  • An Intel Atom 1.6-GHz processor
  • 1-GB RAM and 32-GB of eMMC flash memory
  • Native support for Bluetooth headsets
  • Bluetooth profile support, including Hands-Free Profile and Advanced Audio Distribution (A2DP) Profile
  • High-definition video through 7-inch (177.8 mm) high-resolution color screen.
  • High-definition audio through integrated speakers
  • Microphone
  • Front- and rear-facing cameras
  • Detachable and serviceable 8-hour battery

Cisco Cius, like other network devices, must be configured and managed. Cisco Cius devices encode G.711a-law, G.711 u-law, G.722, G.729a, G.729ab, and iLBC, and decode G.711a-law, G.711u-law, G.722, G.729, G.729a, G.729b, G.729ab, iSAC, iLBC, and H.264.


Caution


Using a mobile or GSM phone, or two-way radio in close proximity to Cisco Cius might cause interference. For more information, see the manufacturer documentation of the interfering device.


This chapter comprises the following topics:

Understanding Cisco Cius

The following image shows the front view of Cisco Cius.

Figure 1. Cisco Cius - Front View

The following table describes the keys and components on the front of Cisco Cius.

Table 1  Cisco Cius Keys and Components - Front View

No.

Item

Description

1

Camera LED

Indicates video status

2

Front-facing camera

1-megapixel camera

3

Light sensor

Ambient light sensor

4

Speaker (one of two)

Two speakers (located on each side of keys)

5

Menu key

Displays menu options

6

Home key

Returns to the home screen

7

Back key

Returns to the previous screen

The following image shows the back view of Cisco Cius.

Figure 2. Cisco Cius - Back View

The following table describes the components on the back of Cisco Cius.

Table 2  Cisco Cius Components - Back View

No.

Item

Description

1

Rear-facing camera

5-megapixel camera with 8X digital zoom

The following image shows the left-side view of Cisco Cius.

Figure 3. Cisco Cius - Left Side

The following table describes the components on the left side of Cisco Cius.

Table 3  Cisco Cius Components - Left Side

No.

Item

Description

1

Mute button

Mutes speaker

2

Volume Up button

Turns speaker volume up

3

Volume Down button

Turns speaker volume down

4

SIM slot

Location for SIM card.

The following image shows the right-side view of Cisco Cius.

Figure 4. Cisco Cius - Right Side

The following table describes the components on the right side of Cisco Cius.

Table 4  Cisco Cius Features - Right Side

No.

Item

Description

1

Battery release

Provides means for removing battery

2

Power port

Connects to external power supply

The following image shows the top view of Cisco Cius.

Figure 5. Cisco Cius - Top View

The following table describes the components on the top of Cisco Cius.

Table 5  Cisco Cius Features - Top View

No.

Item

Description

1

Micro-USB port

For Android Debug Bridge (ADB) access to get Cisco Cius debug data or to copy files to and from PC. Cannot attach mouse or other accessories

2

MicroSD card slot

Location for MicroSD card

3

Microphone

-

4

Power button

Turns unit on and off.

The following image shows the bottom view of Cisco Cius.

Figure 6. Cisco Cius - Bottom View

The following table describes the components on the bottom of Cisco Cius.

Table 6  Cisco Cius Features - Bottom View

No.

Item

Description

1

Headset port

3.5 mm single-plug stereo headphone connection

2

Dock ports

Connects to Cisco Cius media station

3

HDMI port

Type-D mini-HDMI

Supported Networking Protocols

Cisco Cius supports several industry-standard and Cisco networking protocols that are required for voice communication. The following table provides an overview of the networking protocols that Cisco Cius supports.

Table 7 Supported Networking Protocols on Cisco Cius

Networking protocol

Purpose

Usage notes

Bluetooth

Bluetooth is a wireless personal area network (WPAN) protocol that specifies how devices communicate over short distances.

Cisco Cius supports Bluetooth 2.1+EDR.

Cisco Cius supports Hands-Free Profile (HFP) and Advanced Audio Distribution (A2DP) Profile.

Bootstrap Protocol (BootP)

BootP enables a network device, such as Cisco Cius, to discover certain startup information, such as its IP address.

-

Cisco Discovery Protocol (CDP)

CDP is a device-discovery protocol that runs on all Cisco-manufactured equipment.

Using CDP, a device can advertise its existence to other devices and receive information about other devices in the network.

Cisco Cius uses CDP to communicate information such as auxiliary VLAN ID, per port power-management details, and Quality of Service (QoS) configuration information with the Cisco Catalyst switch.

Cisco Peer-to-Peer Distribution Protocol (CPPDP)

CPPDP is a Cisco proprietary protocol that is used to form a peer-to-peer hierarchy of devices. This hierarchy distributes firmware files from peer devices to their neighboring devices.

The Peer Firmware Sharing feature uses CPPDP.

Dynamic Host Configuration Protocol (DHCP)

DHCP dynamically allocates and assigns an IP address to network devices.

DHCP enables you to connect Cisco Cius into the network and have Cisco Cius become operational without your needing to manually assign an IP address or to configure additional network parameters.

DHCP is enabled by default. If DHCP is disabled, you must manually configure the IP address, gateway, netmask, and a TFTP server on Cisco Cius locally.

Cisco recommends that you use DHCP custom option 150. With this method, you configure the TFTP server IP address as the option value. For additional supported DHCP configurations, see the following chapters in the Cisco Unified Communications Manager System Guide:

  • Dynamic Host Configuration Protocol
  • Cisco TFTP

If you cannot use option 150, try using DHCP option 66.

Hypertext Transfer Protocol (HTTP)

HTTP is the standard way of transferring information and moving documents across the Internet and the web.

Cisco Cius uses HTTP for XML services and for troubleshooting purposes.

Hypertext Transfer Protocol Secure (HTTPS)

HTTPS is a combination of the Hypertext Transfer Protocol with the SSL/TLS protocol to provide encryption and secure identification of servers and for transferring Cisco Cius firmware images.

Web applications with both HTTP and HTTPS support have two URLs configured.

IEEE 802.1X

The IEEE 802.1X standard defines a client-server-based access control and authentication protocol that restricts unauthorized clients from connecting to a LAN through publicly accessible ports.

Until the client is authenticated, 802.1X access control allows only Extensible Authentication Protocol over LAN (EAPOL) traffic through the port to which the client is connected. After authentication is successful, normal traffic can pass through the port.

Cisco Cius implements the IEEE 802.1X standard by providing support for the following authentication methods: EAP-FAST and EAP-TLS, PEAP, and CCKM.

After 802.1X authentication is enabled on Cisco Cius, disable the PC port on the media station and voice VLAN. See the Supporting 802.1X Authentication on Cisco Cius for additional information.

IEEE 802.11a/b/g/n

The IEEE 802.11 standard specifies how devices communicate over a wireless local area network (WLAN).

802.11a operates at the 5 GHz band and 802.11b and 802.11g operate at the 2.4 GHz band.

802.11.n operates in either 2.4 GHz or 5Ghz band.

The 802.11 interface is a deployment option for cases when Ethernet cabling is unavailable or undesirable.

Internet Protocol (IP)

IP is a messaging protocol that addresses and sends packets across the network.

To communicate using IP, network devices must have an assigned IP address, gateway, and netmask.

IP address, gateway, and netmask identifications are automatically assigned if you are using Cisco Cius with DHCP. If you are not using DHCP, you must manually assign these properties to each Cisco Cius locally.

Link Layer Discovery Protocol (LLDP)

LLDP is a standardized network discovery protocol (similar to CDP) that is supported on some Cisco and third-party devices.

-

Link Layer Discovery Protocol-Media Endpoint Devices (LLDP-MED)

LLDP-MED is an extension of the LLDP standard developed for voice products.

Cisco Cius supports LLDP-MED on the media station switch port to communicate information such as:

  • Voice VLAN configuration
  • Device discovery
  • Power management
  • Inventory management

For more information about LLDP-MED support, see the LLDP-MED and Cisco Discovery Protocol white paper at this URL:

http://www.cisco.com/en/US/technologies/tk652/tk701/technologies_white_paper0900aecd804cd46d.html

Real-Time Transport Protocol (RTP)

RTP is a standard protocol for transporting real-time data, such as interactive voice and video, over data networks.

Cisco Cius uses RTP to send and receive real-time voice and video traffic from other devices and gateways.

Real-Time Control Protocol (RTCP)

RTCP works in conjunction with RTP to provide QoS data (such as jitter, latency, and round-trip delay) on RTP streams. RTCP is also used to synchronize the audio and video stream in order to provide a better video experience.

RTCP is disabled by default, but you can use Cisco Unified Communications Manager to enable it on a per-device basis.

Session Description Protocol (SDP)

SDP is the portion of the SIP protocol that determines which parameters are available during a connection between two endpoints. Conferences are established by using only the SDP capabilities that are supported by all endpoints in the conference.

SDP capabilities, such as codec types, DTMF detection, and comfort noise, are normally configured on a global basis by Cisco Unified Communications Manager or Media Gateway in operation. Some SIP endpoints may allow these parameters to be configured on the endpoint itself.

Session Initiation Protocol (SIP)

SIP is the IETF standard for multimedia conferencing over IP. SIP is an ASCII-based application-layer control protocol (defined in RFC 3261) that can be used to establish, maintain, and terminate calls between two or more endpoints.

Like other VoIP protocols, SIP is designed to address the functions of signaling and session management within a packet telephony network. Signaling allows call information to be carried across network boundaries. Session management provides the ability to control the attributes of an end-to-end call.

Transmission Control Protocol (TCP)

TCP is a connection-oriented transport protocol.

Cisco Cius uses TCP to connect to Cisco Unified Communications Manager and to access XML services.

Transport Layer Security

TLS is a standard protocol for securing and authenticating communications.

Cisco Cius uses the TLS protocol after registering with Cisco Unified Communications Manager securely.

Trivial File Transfer Protocol (TFTP)

TFTP allows you to transfer files over the network.

On Cisco Cius, TFTP enables you to obtain a configuration file specific to Cisco Cius.

TFTP requires a TFTP server in your network, that can be automatically identified from the DHCP server. If you want Cisco Cius to use a TFTP server other than the one specified by the DHCP server, you must use the Network Configuration menu on Cisco Cius to assign the IP address of the TFTP server manually.

For more information, see the Cisco TFTP chapter in the Cisco Unified Communications Manager System Guide.

User Datagram Protocol (UDP)

UDP is a connectionless messaging protocol for delivery of data packets.

Cisco Cius transmits and receives RTP streams, which utilize UDP.

Related References

Supported Features on Cisco Cius

Cisco Cius is a business device that delivers anytime, anywhere access to Cisco Collaboration applications, including Unified Communications features. Cisco Cius also provides access to other business and Android applications.

Feature Overview

Cisco Cius is a mobile collaboration device for business. Cisco Cius provides an integrated suite of collaborative applications, including Cisco Quad, Cisco WebEx, Cisco Unified Presence, instant messaging, email, visual voice mail, and Cisco Unified Communications Manager voice and video telephony features. Cisco Cius also provides Virtual Desktop Infrastructure (VDI) and cloud computing and support for a wide range of applications through Cisco AppHQ Developer Network Marketplace. Cisco Cius also supports applications from the Google Android Marketplace. For an overview of the features that Cisco Cius supports and for tips on configuring them, see Configuring Features, Templates, Services, and Users.

As with other network devices, you must configure Cisco Cius to prepare to access Cisco Unified Communications Manager and the rest of the IP network. By using DHCP, you have fewer settings to configure on Cisco Cius, but if your network requires it, you can manually configure an IP address, TFTP server, netmask information, and so on. For instructions on configuring the network settings on Cisco Cius, see the Setup Menus on Cisco Cius.

Finally, because Cisco Cius is a network device, you can obtain detailed status information from it directly. This information can assist you with troubleshooting problems that users might encounter when using their Cisco Cius devices. See Viewing Model Information Status and Statistics on Cisco Cius for more information.

Related References

Configuring Telephony Features

You can modify settings for Cisco Cius from Cisco Unified Communications Manager Administration. Use this web-based application to set up Cisco Cius registration criteria and calling search spaces, to configure corporate directories and services, and to modify phone button templates, among other tasks.

For more information, see the Telephony Features Available for Cisco Cius and the Cisco Unified Communications Manager Administration Guide. You can also use the context-sensitive help available within the application for guidance.

You can access Cisco Unified Communications Manager documentation at this location:

http://www.cisco.com/en/US/products/sw/voicesw/ps556/tsd_products_support_series_home.html

You can access Cisco Unified Communications Manager Business Edition 5000 documentation at this location:

http://www.cisco.com/en/US/products/ps7273/tsd_products_support_series_home.html

Configuring Network Parameters Using Cisco Cius

You can configure parameters, such as DHCP, TFTP, and IP settings, on the Cisco Cius device. You can also obtain statistics about a current call or firmware versions on Cisco Cius.

For more information about configuring features and viewing statistics from Cisco Cius, see Configuring Settings on Cisco Cius and Viewing Model Information Status and Statistics on Cisco Cius.

Providing Users with Feature Information

You are likely the primary source of information for Cisco Cius users in your network or company. To ensure that you distribute the most current feature and procedural information, familiarize yourself with Cisco Cius documentation. Make sure to visit the Cisco Cius website:

http://www.cisco.com/en/US/products/ps11156/tsd_products_support_series_home.html

From this site, you can view the user guide and quick start documentation.


Note


The Cisco Cius User Guide is also available directly through a link on the tablet. Choose Settings > About Cius > Cisco Cius User Guide.


In addition to providing documentation, it is important to inform users about available Cisco Cius features, including those specific to your company or network, and about how to access and customize those features, if appropriate.

For a summary of some of the key information that Cisco Cius users may need, see Providing Information to Users Through a Website.

Understanding Security Features for Cisco Cius

Implementing security in the Cisco Unified Communications Manager system prevents data tampering, and prevents call-signaling and media-stream tampering of the Cisco Cius and the Cisco Unified Communications Manager server.

To alleviate these threats, the Cisco IP telephony network establishes and maintains secure (encrypted) communication streams between Cisco Cius and the server, digitally signs files before they are transferred to Cisco Cius, and encrypts media streams and call signaling between Cisco Cius devices.

Cisco Cius uses a security profile that defines whether the device is nonsecure or secure. For information about applying the security profile to the device, see the Cisco Unified Communications Manager Security Guide.

If you configure security-related settings in Cisco Unified Communications Manager Administration, the phone configuration file contains sensitive information. To ensure the privacy of a configuration file, you must configure the file for encryption. For detailed information, see the "Configuring Encrypted Phone Configuration Files" chapter in Cisco Unified Communications Manager Security Guide.

The following table shows where you can find information about security in this and other documents.

Table 8  Cisco Cius and Cisco Unified Communications Manager Security Topics

Topic

Reference

Detailed explanation of security, including setup, configuration, and troubleshooting information for Cisco Unified Communications Manager and Cisco Cius

See the Cisco Unified Communications Manager Security Guide.

Security features supported on Cisco Cius

See the Overview of Supported Security Features.

See the Cisco Cius Wireless LAN Deployment Guide.

Restrictions regarding security features

See the Security Restrictions.

Viewing a security profile name

Table 1 provides an overview of the security features that Cisco Cius supports. For more information about these features and about Cisco Unified Communications Manager and Cisco Unified IP Phone security, see the Cisco Unified Communications Manager Security Guide.

Identifying phone calls for which security is implemented

See the Identifying Secure (Encrypted) Phone Calls.

TLS connection

See the Supported Networking Protocols.

See the Adding Cisco Cius Mobile Collaboration Endpoints with Cisco Unified Communications Manager Administration.

Security and Cisco Cius startup process

See the Understanding Cisco Cius Startup Process.

Security and Cisco Cius configuration files

See the Adding Cisco Cius Mobile Collaboration Endpoints with Cisco Unified Communications Manager Administration.

Changing the TFTP Server 1 or TFTP Server 2 option on Cisco Cius after security is implemented

See the TFTP Server Settings Menu.

Items on the Security Setup menu that you access from Cisco Cius

See the Location and Security Setup Menu.

Disabling access to a device web page

See the Enabling and Disabling Web Page Access.

Troubleshooting

See the Troubleshooting Cisco Cius Security.

See the Cisco Unified Communications Manager Security Guide.

Deleting the CTL/ITL file from Cisco Cius

See theResetting Cisco Cius.

Resetting or restoring Cisco Cius

See the Resetting Cisco Cius.

802.1X Authentication for Cisco Cius

See these sections:

Overview of Supported Security Features

The following table provides an overview of the security features that Cisco Cius supports. For more information about these features and about Cisco Unified Communications Manager and Cisco Cius security, see the Cisco Unified Communications Manager Security Guide and the Wireless Security chapter of the Cisco Cius Wireless LAN Deployment Guide.

For information about current security settings on Cisco Cius, press the Menu key and choose Settings > Location and security. For more information, see the Location and Security Setup Menu.

Table 9 Overview of Security Features

Feature

Description

Image authentication

Signed binary files (with the extension .sbn) prevent tampering with the firmware image before it is loaded on a Cisco Cius device. Tampering with the image causes Cisco Cius to fail the authentication process and reject the new image.

Customer-site certificate installation

Each Cisco Cius requires a unique certificate for device authentication. Cisco Cius devices include a manufacturing installed certificate (MIC), but for additional security, you can specify in Cisco Unified Communications Manager Administration that a certificate be installed by using the Certificate Authority Proxy Function (CAPF). Alternatively, you can install a Locally Significant Certificate (LSC) from the Enterprise security menu on the device. See the Configuring Security on Cisco Cius for more information.

Device authentication

Occurs between the Cisco Unified Communications Manager server and Cisco Cius when each entity accepts the certificate of the other entity. Determines whether a secure connection between Cisco Cius and Cisco Unified Communications Manager occurs and, if necessary, creates a secure signaling path between the entities by using TLS protocol. Cisco Unified Communications Manager will not register Cisco Cius devices unless Cisco Unified Communications Manager can authenticate them.

File authentication

Validates digitally signed files that Cisco Cius downloads. Cisco Cius validates the signature to make sure that file tampering did not occur after file creation. Files that fail authentication are not written to Flash memory on Cisco Cius. Cisco Cius rejects such files without further processing.

File encryption

Encryption prevents sensitive information from being revealed while the file is in transit to Cisco Cius. In addition, Cisco Cius validates the signature to make sure that file tampering did not occur after file creation. Files that fail authentication are not written to Flash memory on the Cius. Cisco Cius rejects such files without further processing.

Signaling Authentication

Uses the TLS protocol to validate that no tampering has occurred to signaling packets during transmission.

Manufacturing installed certificate

Each Cisco Cius contains a unique manufacturing-installed certificate (MIC), which is used for device authentication. The MIC provides permanent unique proof of identity for the device and allows Cisco Unified Communications Manager to authenticate Cisco Cius.

Media encryption

Uses SRTP to ensure that the media streams between supported devices are secure and that only the intended device receives and reads the data. Includes creating a media master key pair for the devices, delivering the keys to the devices, and securing the delivery of the keys.

CAPF (Certificate Authority Proxy Function)

Implements parts of the certificate generation procedure that are too processing-intensive for Cisco Cius, and interacts with Cisco Cius for key generation and certificate installation. The CAPF can be configured to request certificates from customer-specified certificate authorities on behalf of Cisco Cius, or it can be configured to generate certificates locally.

Security profiles

Defines whether Cisco Cius is nonsecure, authenticated, encrypted, or protected. For more information about these features and about Cisco Unified Communications Manager and Cisco Cius security, see the Cisco Unified Communications Manager Security Guide.

Encrypted configuration files

Lets you ensure the privacy of Cisco Cius configuration files.

Optional disabling of the web server functionality for Cisco Cius

For security purposes, you can prevent access to a Cisco Cius web page (which indicates a variety of operational statistics for the device) and user options pages. For more information, see the Enabling and Disabling Web Page Access.

Phone hardening

Additional security options, which you control from Cisco Unified Communications Manager Administration:

  • Disabling PC port on the media station
  • Disabling Gratuitous ARP (GARP)
  • Disabling PC Voice VLAN access
  • Providing restricted access to the web applications
  • Disabling Bluetooth Accessory Port
  • Disabling access to web pages
  • Requiring a screen lock
  • Controlling access to Google Android market.
  • Controlling access to installation of applications from unknown sources

802.1X Authentication

Cisco Cius can use 802.1X authentication to request and gain access to the network. See the Supporting 802.1X Authentication on Cisco Cius for more information.

Secure SIP Failover for SRST

After you configure an SRST reference for security and then reset the dependent devices in Cisco Unified Communications Manager Administration, the TFTP server adds the SRST certificate to the Cisco Cius cnf.xml file and sends the file to the device. A secure device then uses a TLS connection to interact with the SRST-enabled router.

Signaling encryption

Ensures that all SIP signaling messages that are sent between the device and the Cisco Unified CM server are encrypted.

Understanding Security Profiles

All Cisco Cius devices that support Cisco Unified Communications Manager use a security profile, which defines whether the device is nonsecure, authenticated, or encrypted. For information about configuring the security profile and applying the profile to the device, see the Cisco Unified Communications Manager Security Guide.

To view the security mode that is set for Cisco Cius, view the Signaling security mode setting in the Enterprise security settings menu.

Identifying Secure (Encrypted) Phone Calls

Security is implemented for Cisco Cius by enabling the "Protected Device" parameter from the Cisco Unified Communications Manager Administration Phone window. When security is implemented, you can identify secure phone calls by the Secure Call icon on the Cisco Cius screen. In a secure call, all call signaling and media streams are encrypted. A secure call offers a high level of security, providing integrity and privacy to the call. When a call in progress is being encrypted, the Security Mode status on Cisco Cius Enterprise security settings menu indicates "Encrypted."


Note


If the call is routed through non-IP call legs (for example, PSTN), the call may be nonsecure even though it is encrypted within the IP network and has a lock icon associated with it.


In a secure call, a 2-second tone plays to notify the users when a call is encrypted and both devices are configured as protected devices, and if secure tone features are enabled on Cisco Unified Communications Manager. The tone plays for both parties when the call is answered. The tone does not play unless both devices are protected and the call occurs over encrypted media. If the system determines that the call is not encrypted, Cisco Cius plays a nonsecure indication tone (6 beeps) to alert the user that the call is not protected. For a detailed description of the secure indication tone feature and the configuration requirements, see the Cisco Unified Communications Manager Security Guide.


Note


Video is transmitted as nonsecure. So, even if both Cisco Cius devices are secure, the Encrypted lock icon will not be displayed for video calls.


Related Information

Establishing and Identifying Secure Calls

A secure call is established when your Cisco Cius and a phone on the other end are configured for secure calling. They can be in the same Cisco IP network, or on a network outside the IP network. A secure conference call is established by using this process:

  1. A user initiates the call from a secured Cisco Cius (Encrypted security mode).
  2. Cisco Cius indicates the Encrypted status on the Enterprise security menu. This status indicates that Cisco Cius is configured for secure calls, but does not mean that the other connected phone is also secured.
  3. A security tone plays if the call is connected to another secured device, indicating that both ends of the conversation are encrypted and secured. Otherwise, nonsecure tone will be played.

Note


Secure tone is played only when enabled on Cisco Unified Communications Manager. If disabled on Cisco Unified Communications Manager, no secure tone will be played even the call is secure. For more information, see the Configuring Secure and Nonsecure Indication Tones chapter of the Cisco Unified Communications Manager Security Guide.


Establishing and Identifying Secure Conference Calls

You can initiate a secure conference call and monitor the security level of participants. A secure conference call is established by using this process:

  1. A user initiates the conference from a secure Cisco Cius device.
  2. Cisco Unified Communications Manager assigns a secure conference bridge to the call.
  3. As participants are added, Cisco Unified Communications Manager verifies the security mode of each device and maintains the secure level for the conference.
  4. Cisco Cius indicates the security level of the conference call.

Note


Various interactions, restrictions, and limitations affect the security level of the conference call, depending on the security mode of the participant devices and the availability of secure conference bridges. Cisco Cius supports secure audio conference calls only; video will not be secure.


Call Security Interactions and Restrictions

Cisco Unified Communications Manager checks the Cisco Cius security status when conferences are established and changes the security indication for the conference or blocks completion of the call to maintain integrity and also security in the system. The following table provides information about changes to call security levels when Barge is used.

Table 10 Call Security Interactions When Barge Is Used

Initiator device security level

Feature used

Call security level

Results of action

Nonsecure

Barge

Encrypted call

Call barged and identified as nonsecure call

Secure

Barge

Encrypted call

Call barged and identified as secure call

The following table provides information about changes to conference security levels depending on the initiator device security level, the security levels of participants, and the availability of secure conference bridges.

Table 11 Security Restrictions With Conference Calls

Initiator device security level

Feature used

Security level of participants

Results of action

Nonsecure

Conference

Secure

Nonsecure conference bridge

Nonsecure conference

Secure

Conference

At least one member is nonsecure

Secure conference bridge

Nonsecure conference

Secure

Conference

Secure

Secure conference bridge

Secure encrypted level conference

Supporting 802.1X Authentication on Cisco Cius

These sections provide information about 802.1X support on Cisco Cius:

Overview

Cisco Cius and Cisco Catalyst switches traditionally use Cisco Discovery Protocol (CDP) to identify each other and determine parameters such as VLAN allocation and inline power requirements. Cisco Cius also uses CDP; however, CDP does not identify any locally attached PCs; therefore, an EAPOL pass-through mechanism is used, whereby a PC that is attached locally to Cisco Cius may pass EAPOL messages to the 802.1X authenticator in the LAN switch. This mechanism prevents Cisco Cius from having to act as the authenticator, yet allows the LAN switch to authenticate a data endpoint before accessing the network.

In conjunction with the EAPOL pass-through mechanism, Cisco Cius provides a proxy EAPOL-Logoff mechanism. If the locally attached PC disconnects from Cisco Cius, the LAN switch does not detect the physical link fail, because the link between the LAN switch and Cisco Cius is maintained. To avoid compromising network integrity, Cisco Cius sends an EAPOL-Logoff message to the switch on behalf of the downstream PC, and this action triggers the LAN switch to clear the authentication entry for the downstream PC.

Cisco Cius contains an 802.1X supplicant in addition to the EAPOL pass-through mechanism. This supplicant allows network administrators to control the connectivity of Cisco Cius to the LAN switch ports. The current release of the 802.1X supplicant uses the EAP-FAST and EAP-TLS options for network authentication.

Required Network Components

Support for 802.1X authentication on Cisco Cius requires several components, including the following:

  • Cisco Cius - Cisco Cius acts as the 802.1X supplicant, which initiates the request to access the network.
  • Cisco Catalyst Switch (or other third-party switch) - The switch must support 802.1X, so that it can act as the authenticator and pass the messages between Cisco Cius and the authentication server. When the exchange is completed, the switch grants or denies access to the network to the device.

Requirements and Recommendations

The requirements and recommendations for 802.1X authentication on Cisco Cius include the following:

  • Enable 802.1X Authentication - If you want to use the 802.1X standard to authenticate Cisco Cius, be sure that you properly configure the other components before enabling 802.1X authentication on the device. See the Enterprise Security Settings for more information.
  • Configure PC Port on Media Station - The 802.1X standard does not take into account the use of VLANs and thus recommends that only a single device be authenticated to a specific switch port. However, some switches (including Cisco Catalyst switches) support multidomain authentication. The switch configuration determines whether you can connect a PC to a Cisco Cius media station PC port.
    • Enabled - If you are using a switch that supports multidomain authentication, you can enable the media station PC port and connect a PC to it. In this case, Cisco Cius supports proxy EAPOL-Logoff to monitor the authentication exchanges between the switch and the attached PC. For more information about IEEE 802.1X support on the Cisco Catalyst switches, see the Cisco Catalyst switch configuration guides at: http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html
    • Disabled - If the switch does not support multiple 802.1X-compliant devices on the same port, disable the media station PC Port when 802.1X authentication is enabled. See the Ethernet Settings Menu for more information. If you do not disable this port and subsequently attempt to attach a PC to it, the switch denies network access to both the device and the PC.
  • Configure Voice VLAN - Because the 802.1X standard does not account for VLANs, configure this setting based on the switch support.
    • Enabled - If you are using a switch that supports multidomain authentication, continue to use the voice VLAN.
    • Disabled - If the switch does not support multidomain authentication, disable the Voice VLAN and consider assigning the port to the native VLAN. See the Ethernet Settings Menu for more information.

Security Restrictions

A user cannot barge in to an encrypted call if the Cisco Cius device that is used to barge is not configured for encryption. When barge fails in this case, a fast busy tone plays on the Cisco Cius on which the user initiated the barge.

If the initiator Cisco Cius device is configured for encryption, the barge initiator can barge in to a nonsecure call from the encrypted Cisco Cius device. After the barge occurs, Cisco Unified Communications Manager classifies the call as nonsecure.

If the initiating Cisco Cius is configured for encryption, the barge initiator can barge in to an encrypted call, and Cisco Cius indicates that the call is encrypted.

Overview of Configuring and Installing Cisco Cius

When deploying a new IP telephony system, system administrators and network administrators must complete several initial configuration tasks to prepare the network for IP telephony service. For information and a checklist for setting up and configuring a Cisco IP telephony network, see the System Configuration Overview chapter in the Cisco Unified Communications Manager System Guide.

After you set up the IP telephony system and configure system-wide features in Cisco Unified Communications Manager, you can add Cisco Cius to the system.

The following topics provide an overview of procedures for adding Cisco Cius to your network:

Configuring Cisco Cius in Cisco Unified Communications Manager

Use the following methods to add Cisco Cius devices to the Cisco Unified Communications Manager database:

  • Auto-registration
  • Cisco Unified Communications Manager Administration
  • Bulk Administration Tool (BAT)
  • BAT and the Tool for Auto-Registered Phones Support (TAPS)

For more information about these choices, see the Understanding How Cisco Cius Interacts with Cisco Unified Communications Manager.

For general information about configuring Cisco Cius devices in Cisco Unified Communications Manager, see the following documentation:

  • Cisco Unified Communications Manager Administration Guide
  • Cisco Unified Communications Manager Bulk Administration Guide

Checklist for Configuring Cisco Cius in Cisco Unified Communications Manager

The following procedure outlines the configuration tasks for Cisco Cius in Cisco Unified Communications Manager Administration. The procedure presents a suggested order to guide you through the Cisco Cius configuration process. Some tasks are optional, depending on your system and user needs. For detailed procedures and information, see the listed sources.

Procedure
    Step 1   Gather the following information about Cisco Cius:
    • MAC address (Ethernet MAC address)
      Note   

      Cisco Cius uses two addresses: Ethernet MAC and Wireless LAN MAC. When adding Cisco Cius to the Cisco Unified Communications Manager, it must be provisioned using the Ethernet MAC address.

    • Physical location of Cisco Cius
    • Name or user ID of Cisco Cius user
    • Device pool
    • Partition, calling search space, and location information
    • Number of lines and associated directory numbers (DNs) to assign to Cisco Cius
    • Cisco Unified Communications Manager user to associate with Cisco Cius
    • Cisco Cius usage information that affects telephony features, or applications

    These values provide list of configuration requirements for setting up Cisco Cius. These values also identify the preliminary configuration that you must perform before configuring Cisco Cius

    For more information, go to the Cisco Unified IP Phones chapter in the Cisco Unified Communications Manager System Guide.

    See the Telephony Features Available for Cisco Cius.

    Step 2   Verify that you have sufficient unit licenses for your Cisco Cius.

    For more information, go to the Licensing chapter in the Cisco Unified Communications Manager Features and Services Guide.

    Step 3   Add and configure Cisco Cius by completing the required fields in the Phone Configuration window of Cisco Unified Communications Manager Administration.

    Required fields are indicated by an asterisk (*) next to the field name; for example, MAC address and device pool.

    This step adds the device with its default settings to the Cisco Unified Communications Manager database.

    For more information, go to the Cisco Unified IP Phone Configuration chapter in the Cisco Unified Communications Manager Administration Guide.

    For information about Product Specific Configuration fields, use the ? button in the Phone Configuration window.

    Note   

    If you want to add both Cisco Cius and user to the Cisco Unified Communications Manager database at the same time, go to the User/Phone Add Configuration chapter in the Cisco Unified Communications Manager Administration Guide.

    Step 4   Add and configure directory numbers (lines) on Cisco Cius by completing the required fields in the Phone Configuration window in Cisco Unified Communications Manager Administration. .

    Required fields are indicated by an asterisk (*) next to the field name; for example, directory number and presence group

    This step adds primary and secondary directory numbers and features associated with directory numbers to Cisco Cius.

    For more information, go to the Directory Number Configuration chapter in the Cisco Unified Communications Manager Administration Guide.

    See the Telephony Features Available for Cisco Cius.

    Step 5   (Optional)Configure speed-dial buttons and assign speed-dial numbers.

    This step adds speed-dial buttons and numbers.

    Users can change speed-dial settings on their Cisco Cius by using Cisco Unified Communications Manager User Options.

    For more information, go to the Configuring Speed-Dial Buttons or Abbreviated Dialing section in the Cisco Unified IP Phone Configuration chapter in the Cisco Unified Communications Manager Administration Guide.

    Step 6   (Optional)Configure Cisco Cius services and assign services.

    This step provides Cisco Cius services.

    Users can add or change services on their Cisco Cius by using the Cisco Unified Communications Manager User Options.

    Note   

    Users can subscribe to the IP phone service only if the Enterprise Subscription check box is unchecked when the IP phone service is first configured in Cisco Unified Communications Manager Administration.

    Some Cisco-provided default services are classified as enterprise subscriptions, so the user cannot add them through the user options pages. These services are on Cisco Cius by default, and they can be removed from the device only if you disable them in Cisco Unified Communications Manager Administration.

    For more information, go to the IP Phone Services Configuration chapter in the Cisco Unified Communications Manager Administration Guide.

    See the Configuring Reset Options/Load Upgrades.

    Step 7   Add user information by configuring required fields.

    Required fields are indicated by an asterisk (*); for example, User ID and last name.

    Note   

    Assign a password for User Options web pages.

    This step adds user information to the global directory for Cisco Unified Communications Manager.

    For more information, go to the End User Configuration chapter in the Cisco Unified Communications Manager Administration Guide.

    See the Configuring Reset Options/Load Upgrades.

    If your company uses a Lightweight Directory Access Protocol (LDAP) directory to store information about users, you can install and configure Cisco Unified Communications Manager to use your existing LDAP directory.

    If you want to add both Cisco Cius and user to the Cisco Unified Communications Manager database at the same time, go to the User/Phone Add Configuration chapter in the Cisco Unified Communications Manager Administration Guide.

    Step 8   Associate a user to a user group.

    This step assigns users a common list of roles and permissions that apply to all users in a user group. Administrators can manage user groups, roles, and permissions to control the level of access (and, therefore, the level of security) for system users. For example, you must add users to the standard Cisco CCM End Users group so users can access Cisco Unified Communications Manager User Options.

    See the following sections in the Cisco Unified Communications Manager Administration Guide:

    Step 9   Associate a user with Cisco Cius.

    This step provides users with control over their Cisco Cius for tasks such as forwarding calls or adding speed-dial numbers or services.

    For more information, go to the Associating Devices to an End User section in the End User Configuration chapter in the Cisco Unified Communications Manager Administration Guide.


    Installing Cisco Cius

    After you add Cisco Cius to the Cisco Unified Communications Manager Administration database, you can complete Cisco Cius installation. You (or Cisco Cius users) can install Cisco Cius at the user location. For information about installing Cisco Cius, see the Cisco Cius User Guide, which is located at:

    http://www.cisco.com/en/US/products/ps11156/products_user_guide_list.html

    The Cisco Cius User Guide provides directions for connecting Cisco Cius media station, cables, and other accessories.

    After Cisco Cius connects to the network, the Cisco Cius startup process begins and Cisco Cius registers with Cisco Unified Communications Manager. Cisco Cius will upgrade itself when connecting to Cisco Unified Communications Manager if a newer load is in its config file. To finish installing Cisco Cius, configure the network settings, including whether you enable or disable DHCP service.

    If you used auto-registration, you must update the specific configuration information for Cisco Cius, such as associating Cisco Cius with a user, changing the button table, or adding the directory number.

    Checklist for Installing Cisco Cius

    The following procedure provides an overview of the installation tasks for Cisco Cius. The list presents a suggested order to guide you through Cisco Cius installation. Some tasks are optional, depending on your system and user needs. For detailed procedures and information, see the sources in the list.

    For more information on installing Cisco Cius, see Installing Cisco Cius.

    Procedure
      Step 1   Choose the power source for Cisco Cius:
      • AC Adapter (CIUS-PWR-CUBE)
      • Media Station Dock (CP-PWR-CUBE-4)
      • Power over Ethernet (PoE+ 802.3at)

      This step determines how Cisco Cius receives power.

      See the Providing Power to Cisco Cius.

      Step 2   Assemble Cisco Cius and media station, adjust Cisco Cius placement, and connect the network cable.

      Alternatively, connect Cisco Cius to the wireless network.

      This step provides wired or wireless connectivity for Cisco Cius to the network.

      See the Cisco Cius User Guide.

      Step 3   Monitor the Cisco Cius startup process.

      This step adds primary and secondary directory numbers and features associated with directory numbers to Cisco Cius.

      See the Verifying Cisco Cius Startup Process.

      Step 4   Configure the Ethernet network settings on Cisco Cius.

      See the Configuring Startup Network Settings.

      See the Ethernet Settings Menu.

      Step 5   If you choose to deploy Cisco Cius on the wireless network, you must perform the following configuration:
      • Configure the wireless network.
      • Enable Wireless LAN for Cisco Cius devices on Cisco Unified Communications Manager Administration.
      • Configure a wireless network profile on Cisco Cius.
      Note   

      Cisco Cius prefers wireless for telephony signaling and wired for telephony media data.

      See Understanding the VoIP Wireless Network

      See the Cisco Cius Wireless LAN Deployment Guide.

      Step 6   Make calls using Cisco Cius.

      This step verifies that Cisco Cius and features work correctly.

      See the Cisco Cius User Guide.

      Step 7   Provide information to users about how to use their Cisco Cius and how to configure their Cisco Cius options.

      This step ensures that users have adequate information to use their Cisco Cius successfully.

      See Providing Information to Users Through a Website

      See the Cisco Cius User Guide.