Cisco Unified IP Phone 7906G and 7911G Administration Guide for Cisco Unified CM 8.5 (SCCP and SIP)
Configuring Settings on the Cisco Unified IP Phone
Downloads: This chapterpdf (PDF - 414.0KB) The complete bookPDF (PDF - 3.3MB) | Feedback

Configuring Settings on the Cisco Unified IP Phone

Table Of Contents

Configuring Settings on the Cisco Unified IP Phone

Configuration Menus on the Cisco Unified IP Phones
7906G and 7911G

Displaying a Configuration Menu

Unlocking and Locking Options

Editing the Values of an Option Setting

Overview of Options Configurable from a Phone

Network Configuration Menu

Device Configuration Menu

Unified CM Configuration Menu

SIP Configuration Menu for SIP Phones

SIP General Configuration Menu

Line Settings Menu for SIP Phones

Call Preferences Menu for SIP Phones

HTTP Configuration Menu

Locale Configuration Menu

UI Configuration Menu

Media Configuration Menu

NTP Configuration Menu for SIP Phones

Ethernet Configuration Menu

Security Configuration Menu

QoS Configuration Menu

Network Configuration

Security Configuration Menu

CTL File Submenu

ITL File Submenu

Trust List Menu

802.1X Authentication and Status


Configuring Settings on the Cisco Unified IP Phone


The Cisco Unified IP Phone includes many configurable network and device settings that you may need to modify before the phone is functional for your users. You can access these settings, and change many of them, through menus on the phone.

This chapter includes the following topics:

Configuration Menus on the Cisco Unified IP Phones 7906G and 7911G

Overview of Options Configurable from a Phone

Network Configuration Menu

Device Configuration Menu

Security Configuration Menu

Configuration Menus on the Cisco Unified IP Phones
7906G and 7911G

The Cisco Unified IP Phone includes the following configuration menus:

Network Configuration—Provides options for viewing and making a variety of network settings. For more information, see Network Configuration Menu.

Device Configuration—Provides access to sub-menus from which you can view a variety of non network-related settings. For more information, see Device Configuration Menu.

Security Configuration—Provides options for displaying and modifying security settings. For more information, see Security Configuration Menu.

Before you can change option settings on the Network Configuration menu, you must unlock options for editing. See Unlocking and Locking Options for instructions.

For information about the keys you can use to edit or change option settings, see Editing the Values of an Option Setting.

You can control whether a phone user has access to phone settings by using the Settings Access field in the Cisco Unified Communications Manager Administration Phone Configuration Settings window. See Cisco Unified Communications Manager Administration Guide for more information.

Related Topics

Unlocking and Locking Options

Editing the Values of an Option Setting

Overview of Options Configurable from a Phone

Network Configuration Menu

Device Configuration Menu

Displaying a Configuration Menu

To display a configuration menu, perform the following steps.


Note You can control whether a phone has access to the Settings menu or to options on this menu by using the Settings Access field in the Cisco Unified Communications Manager Administration Phone Configuration window. The Settings Access field accepts these values:

Enabled—Allows access to the Settings menu.

Disabled—Prevents access to the Settings menu.

Restricted—Allows access to the User Preferences menu and allows volume changes to be saved. Prevents access to other options on the Settings menu.

If you cannot access an option on the Settings menu, check the Settings Access field.


Procedure


Step 1 Press the Applications Menu button.

Step 2 Choose Settings.

Step 3 Perform one of these actions to display the desired menu:

Use the Navigation button to select the desired menu and then press the Select softkey.

Use the keypad on the phone to enter the number that corresponds to the menu.

Step 4 To display a submenu, repeat Step 3.

Step 5 To exit a menu, press the Exit softkey.


Related Topics

Unlocking and Locking Options

Editing the Values of an Option Setting

Overview of Options Configurable from a Phone

Network Configuration Menu

Device Configuration Menu

Unlocking and Locking Options

Configuration options that can be changed from a phone are locked by default to prevent users from making changes that could affect the operation of a phone. You must unlock these options before you can change them.

When options are inaccessible for modification, a locked padlock icon appears on the configuration menus. When options are unlocked and accessible for modification, an unlocked padlock icon appears on these menus, as shown next.

To unlock or lock options, press **#. This action either locks or unlocks the options, depending on the previous state.


Note If a Settings Menu password has been provisioned, SIP phones present an "Enter password" prompt after you enter **#.


After you have made your changes, you must lock the options.


Caution Do not press **# to unlock options and then immediately press **# again to lock options. The phone will interpret this sequence as **#**, which will reset the phone. To lock options after unlocking them, wait at least 10 seconds before you press **# again.

Related Topics

Displaying a Configuration Menu

Editing the Values of an Option Setting

Overview of Options Configurable from a Phone

Network Configuration Menu

Device Configuration Menu

Editing the Values of an Option Setting

When you edit the value of an option setting, follow these guidelines:

Use the keys on the keypad to enter numbers and letters.

To enter letters by using the keypad, use a corresponding number key. Press the key one or more times to display a particular letter. For example, press the 2 key once for "a," twice quickly for "b," and three times quickly for "c." After you pause, the cursor automatically advances to allow you to enter the next letter.

To enter a period (for example, in an IP address under IPv4 Configuration), press the . (period) softkey or press * on the keypad.

To enter a colon (for example, in an IP address under IPv6 Configuration), press the : (colon) softkey or press * on the keypad.

Press the << softkey if you make a mistake. This softkey deletes the character to the left of the cursor.

Press the Cancel softkey before pressing the Save softkey to discard any changes that you have made.


Note The Cisco Unified IP Phone provides several methods you can use to reset or restore option settings, if necessary. For more information, see Resetting or Restoring the Cisco Unified IP Phone.


Related Topics

Displaying a Configuration Menu

Unlocking and Locking Options

Overview of Options Configurable from a Phone

Network Configuration Menu

Device Configuration Menu

Overview of Options Configurable from a Phone

The settings that you can change on a phone fall into several categories, as shown in Table 4-1. For a detailed explanation of each setting and instructions for changing them, see Network Configuration Menu.


Note There are several options on the Network Configuration menu and on the Device Configuration Menu that are for display only or that you can configure from Cisco Unified Communications Manager. These options are also described in the Network Configuration Menu and the or the Device Configuration Menu.


Table 4-1 Configurable Settings  

Category
Description
Network Configuration Menu Option
General Network Settings

VLAN settings

Admin. VLAN ID allows you to change the administrative VLAN used by the phone. PC VLAN allows the phone to interoperate with third-party switches that do not support a voice VLAN.

Admin. VLAN ID

PC VLAN (applies to 7911G only)

Port settings

Allow you to set the speed and duplex of the network and access ports.

SW Port Configuration

PC Port Configuration (applies to 7911G only)

IPv4 Network Settings

DHCP settings

Dynamic Host Configuration Protocol (DHCP) automatically assigns IP address to devices when you connect them to the network. Cisco Unified IP Phones enable DHCP by default.

DHCP

DHCP Address Released

IP settings

If you do not use DHCP in your network, you can make IP settings manually.

Domain Name

IP Address

Subnet Mask

Default Router 1-5

DNS Server 1-5

TFTP settings

If you do not use DHCP to direct the phone to a TFTP server, you must manually assign a TFTP server. You can also assign an alternative TFTP server to use instead of the one assigned by DHCP.

Alternate TFTP

TFTP Server 1

TFTP Server 2


Related Topics

Displaying a Configuration Menu

Unlocking and Locking Options

Editing the Values of an Option Setting

Network Configuration Menu

Device Configuration Menu

Network Configuration Menu

The Network Configuration menu provides options for viewing and making a variety of network settings. Table 4-2, Table 4-3 and Table 4-4 describe these options and, where applicable, explain how to change them.

For information about how to access the Network Configuration menu, see Displaying a Configuration Menu.

Before you can change an option on this menu, you must unlock options as described in the Unlocking and Locking Options. The Edit, Yes, or No softkeys for changing network configuration options appear only if options are unlocked.

For information about the keys you can use to edit options, see Editing the Values of an Option Setting.

Table 4-2 Network Configuration Menu Options  

Option
Description
To Change

IPv4 Configuration

Internet Protocol v4 address menu.

In the IPv4 Configuration menu, you can do the following:

Enable or disable the phone to use the address that is assign by the DHCPv4 server.

Manually set the IPv4 Address, Subnet Mask, Default Routers, DNSv4 Server, and Alternate TFTP servers for IPv4.

For more information on the address fields, refer to Table 4-3.

1. Unlock network configuration options.

2. Scroll to IPv4 Configuration and press the Select softkey.

IPv6 Configuration

Enable or disable the phone to use the IPv6 address that is assigned by the DHCPv6 server or to use the IPv6 address that it acquires through Stateless Address Autoconfiguration (SLAAC).

Manually set the IPv6 Address, Subnet Prefix Length, DNSv6 Server, and IPv6 TFTP Servers.For more information on SLAAC, refer to Deploying IPv6 in Unified Communications Networks with Cisco Unified Communications Manager.

 

MAC Address

Unique Media Access Control (MAC) address of the phone.

Display only—Cannot configure.

Host Name

Unique host name that the DHCP server assigned to the phone.

Display only—Cannot configure.

Domain Name

Name of the Domain Name System (DNS) domain in which the phone resides.

Note If the phone receives different domain names from the DHCPv4 and DHCPv6 servers, the domain name from the DHCPv6 takes precedence.

1. Unlock network configuration options.

2. Disable DHCP.

If the IP Addressing mode is configured for IPv4 only, set the DHCP option to No.

If the IP Addressing mode is configured for IPv6 only, set the DHCPv6 option to No.

If the IP Addressing mode is configured for both IPv4 and IPv6, set both DHCP option and DHCPv6 to No.

3. Scroll to the Domain Name option, press the Edit softkey, and then enter a new domain name.

4. Press the Validate softkey and then press the Save softkey.

Operational VLAN ID

Auxiliary Virtual Local Area Network (VLAN) configured on a Cisco Catalyst switch in which the phone is a member.

If the phone has not received an auxiliary VLAN, this option indicates the Administrative VLAN.

If neither the auxiliary VLAN nor the Administrative VLAN are configured, this option is blank.

The phone obtains its Operational VLAN ID via Cisco Discovery Protocol (CDP) from the switch to which the phone is attached. To assign a VLAN ID manually, use the Admin VLAN ID option.

Admin. VLAN ID

Auxiliary VLAN in which the phone is a member.

Used only if the phone does not receive an auxiliary VLAN from the switch; otherwise it is ignored.

1. Unlock network configuration options.

2. Scroll to the Admin. VLAN ID option, press the Edit softkey, and then enter a new Admin VLAN setting.

3. Press the Validate softkey and then press the Save softkey.

SW Port Configuration

Speed and duplex of the network port (labeled 10/100 SW on the Cisco Unified IP Phone 7970, and 10/100/1000 SW on the Cisco Unified IP Phone 7971G-GE). Valid values:

Auto Negotiate

10 Half—10-BaseT/half duplex

10 Full—10-BaseT/full duplex

100 Half—100-BaseT/half duplex

100 Full—100-BaseT/full duplex

1000 Full—1000-BaseT/full duplex

If the phone is connected to a switch, configure the port on the switch to the same speed/duplex as the phone, or configure both to auto-negotiate.

If you change the setting of this option, you must change the PC Port Configuration option to the same setting.

1. Unlock network configuration options.

2. Scroll to the SW Port Configuration option and then press the Edit softkey.

3. Scroll to the setting that you want and then press the Select softkey.

4. Press the Save softkey.

PC Port Configuration

Speed and duplex of the access port (labeled 10/100 PC on the Cisco Unified IP Phone 7970, and 10/100/1000 PC on the Cisco Unified IP Phone 7971G-GE). Valid values:

Auto Negotiate

10 Half—10-BaseT/half duplex

10 Full—10-BaseT/full duplex

100 Half—100-BaseT/half duplex

100 Full—100-BaseT/full duplex

1000 Full—1000-BaseT/full duplex

If the phone is connected to a switch, configure the port on the switch to the same speed/duplex as the phone, or configure both to auto-negotiate.

If you change the setting of this option, you must change the SW Port Configuration option to the same setting.

1. Unlock network configuration options.

2. Scroll to the PC Port Configuration option and then press the Edit softkey.

3. Scroll to the setting that you want and then press the Select softkey.

4. Press the Save softkey.

To configure the setting on multiple phones simultaneously, enable Remote Port Configuration in Enterprise Phone Configuration (System > Enterprise Phone Configuration).

Note If the ports are configured for Remote Port Configuration in Unified CM, the data cannot be changed on the phone.

PC VLAN

Allows the phone to interoperate with 3rd party switches that do not support a voice VLAN. The Admin VLAN ID option must be set before you can change this option.

1. Unlock network configuration options.

2. Make sure the Admin VLAN ID option is set.

3. Scroll to the PC VLAN option, press the Edit softkey, and then enter a new PC VLAN setting.

4. Press the Validate softkey and then press the Save softkey.


Table 4-3 describes the IPv4 configuration menu options.

Table 4-3 IPv4 Configuration Menu Options  

Option
Description
To Change

DHCP

Indicates whether the phone has DHCP enabled or disabled.

When DHCP is enabled, the DHCP server assigns the phone anIPv4 address. When DHCP is disabled, the administrator must manually assign an IPv4 address to the phone.

1. Unlock network configuration options.

2. Scroll to the DHCP option and press the No softkey to disable DHCP, or press the Yes softkey to enable DHCP.

3. Press the Save softkey.

IP Address

Internet Protocol version 4 (IPv4) address of the phone.

If you assign an IPv4 address with this option, you must also assign a subnet mask and default router. See the Subnet Mask and Default Router options in this table.

1. Unlock network configuration options.

2. Set the DHCP option to No.

3. Scroll to the IP Address option, press the Edit softkey, and then enter a new IP Address.

4. Press the Validate softkey and then press the Save softkey.

Subnet Mask

Subnet mask used by the phone.

1. Unlock network configuration options.

2. Set the DHCP option to No.

3. Scroll to the Subnet Mask option, press the Edit softkey, and then enter a new subnet mask.

4. Press the Validate softkey and then press the Save softkey.

Default Router 1

Default Router 2

Default Router 3

Default Router 4

Default Router 5

Default router used by the phone (Default Router 1) and optional backup routers (Default Router 2-5).

1. Unlock network configuration options.

2. Set the DHCP option to No.

3. Scroll to the appropriate Default Router option, press the Edit softkey, and then enter a new router IP address.

4. Press the Validate softkey.

5. Repeat Steps 3 and 4 as needed to assign backup routers.

6. Press the Save softkey.

DNS Server 1

DNS Server 2

DNS Server 3

DNS Server 4

DNS Server 5

Primary Domain Name System (DNS) server (DNS Server 1) and optional backup DNS servers (DNS Server 2-5) used by the phone.

1. Unlock network configuration options.

2. Set the DHCP option to No.

3. Scroll to the appropriate DNS Server option, press the Edit softkey, and then enter a new DNS server IP address.

4. Press the Validate softkey.

5. Repeat Steps 3 and 4 as needed to assign backup DNS servers.

6. Press the Save softkey.

DHCP Server

IP address of the Dynamic Host Configuration Protocol (DHCP) server from which the phone obtains its IPv4 address.

Display only—Cannot configure.

DHCP Address Released

Releases the address assigned by DHCP.

1. Unlock network configuration options.

2. Scroll to the DHCP Address Released option and press the Yes softkey to release the IP address assigned by DHCP, or press the No softkey if you do not want to release this IP address.

3. Press the Save softkey.

Alternate TFTP

Indicates whether the phone is using an alternative TFTP server.

1. Unlock network configuration options.

2. Scroll to the Alternate TFTP option and press the Yes softkey if the phone should use an alternative TFTP server.

3. Press the Save softkey.

TFTP Server 1

Primary Trivial File Transfer Protocol (TFTP) server used by the phone. If you are not using DHCP in your network and you want to change this server, you must use the TFTP Server 1 option.

If you set the Alternate TFTP option to yes, you must enter a non-zero value for the TFTP Server 1 option.

If neither the primary TFTP server nor the backup TFTP server is listed in the CTL or ITL file on the phone, you must unlock either of the files before you can save changes to the TFTP Server 1 option. In this case, the phone will delete either of the files when you save changes to the TFTP Server 1 option. A new CTL or ITL file will be downloaded from the new TFTP Server 1 address.

When the phone looks for its TFTP server, the phone gives precedence to manually assigned TFTP servers, regardless of the protocol. If your configuration includes both IPv6 and IPv4 TFTP servers, the phone prioritizes the order that it looks for its TFTP server by giving priority to manually assigned IPv6 TFTP servers and IPv4 TFTP servers. The phone looks for its TFTP server in the following order:

1. Manually assigned IPv6 TFTP Servers

2. Manually assigned IPv4 TFTP Servers

3. DHCPv6 assigned TFTP Servers

4. DHCP assigned TFTP Servers

Note For information about the CTL and ITL files, refer to Cisco Unified Communications Manager Security Guide. For information about unlocking the CTL and ITL files, see Unlocking the CTL and ITL files.

1. Unlock the CTL or ITL file if necessary (for example, if you are changing the administrative domain of the phone). If both the CTL and ITL files exist, unlock either of the files.

2. If DHCP is enabled, set the Alternate TFTP option to Yes.

3. Scroll to the TFTP Server 1 option, press the Edit softkey, and then enter a new TFTP server IP address.

4. Press the Validate softkey, and then press the Save softkey.

TFTP Server 2

Optional backup TFTP server that the phone uses if the primary TFTP server is unavailable.

If neither the primary TFTP server nor the backup TFTP server is listed in the CTL or ITL file on the phone, you must unlock either of the files before you can save changes to the TFTP Server 2 option. In this case, the phone will delete either of the files when you save changes to the TFTP Server 2 option. A new CTL or ITL file will be downloaded from the new TFTP Server 2 address.

When the phone looks for its TFTP server, the phone gives precedence to manually assigned TFTP servers, regardless of the protocol. If your configuration includes both IPv6 and IPv4 TFTP servers, the phone prioritizes the order that it looks for its TFTP server by giving priority to manually assigned IPv6 TFTP servers and IPv4 TFTP servers. The phone looks for its TFTP server in the following order:

1. Manually assigned IPv6 TFTP Servers

2. Manually assigned IPv4 TFTP Servers

3. DHCPv6 assigned TFTP Servers

4. DHCP assigned TFTP Servers

For information about the CTL or ITL file, refer to Cisco Unified Communications Manager Security Guide. For information about unlocking the CTL and ITL files, see Unlocking the CTL and ITL files.

1. Unlock the CTL or ITL file if necessary (for example, if you are changing the administrative domain of the phone). If both the CTL and ITL files exist, unlock either of the files.

2. Unlock network configuration options.

3. Enter an IP address for the TFTP Server 1 option.

4. Scroll to the TFTP Server 2 option, press the Edit softkey, and then enter a new backup TFTP server IP address.

5. Press the Validate softkey, and then press the Save softkey.

Note If you forgot to unlock the CTL or ITL file, you can change the TFTP Server 2 address in either file, then erase them by pressing the Erase softkey from the Security Configuration menu. A new CTL or ITL file will be downloaded from the new TFTP Server 2 address.

BOOTP Server

Indicates whether the phone obtains its configuration from a Bootstrap Protocol (BootP) server instead of from a DHCP server.

Display only—Cannot configure.


Table 4-4 describes the IPv6 configuration menu options.You can choose to configure the IP address and other network settings, such as the TFTP server, DNS server, domain, name, and so forth. on an IP phone manually or by using a router and/or a DHCP server to automatically assign the IP address and other network information. For more information on how the Auto IP Configuration and DHCPv6 settings determine where the IP Phone acquires its IPv6 address and other network settings, see Table 4-5.

Device Configuration Menu

The Device Configuration menu provides access to submenus from which you can view a variety of settings that are specified in the configuration file for a phone. (The phone downloads the configuration file from the TFTP server.) These sub-menus are:

Unified CM Configuration Menu

SIP Configuration Menu for SIP Phones

Call Preferences Menu for SIP Phones

HTTP Configuration Menu

Locale Configuration Menu

UI Configuration Menu

Media Configuration Menu

NTP Configuration Menu for SIP Phones

Ethernet Configuration Menu

Security Configuration Menu

Security Configuration Menu

QoS Configuration Menu

Network Configuration

For instructions about how to access the Device Configuration menu and its sub-menus, see Displaying a Configuration Menu.

Unified CM Configuration Menu

The Unified CM Configuration menu contains the options Unified CM1, Unified CM2, Unified CM3, Unified CM4, and Unified CM5. These options show Cisco Unified Communications Manager servers that are available for processing calls from the phone, in prioritized order. To change these options, use Cisco Unified Communications Manager Administration.

For an available Cisco Unified Communications Manager server, an option on the Unified CM Configuration menu will show the Cisco Unified Communications Manager server IP address or name and one of the states shown in Table 4-4.

Table 4-4 Cisco Unified Communications Manager Server States 

State
Description

Active

Cisco Unified Communications Manager server from which the phone is currently receiving call-processing services

Standby

Cisco Unified Communications Manager server to which the phone switches if the current server becomes unavailable

Blank

No current connection to this Cisco Unified Communications Manager server


An option may also display one of more of the designations or icons shown in Table 4-5.

Table 4-5 Cisco Unified Communications Manager Server Designations 

Designation
Description

SRST

Indicates a Survivable Remote Site Telephony router capable of providing Cisco Unified Communications Manager functionality with a limited feature set. This router assumes control of call processing if all other Cisco Unified Communications Manager servers become unreachable. The SRST Cisco Unified Communications Manager always appears last in the list of servers, even if it is active.

For more information, refer to Survivable Remote Site Telephony Configuration in the Cisco Unified Communications Manager Administration Guide.

TFTP

Indicates that the phone was unable to register with a Cisco Unified Communications Manager listed in its configuration file, and that it registered with the TFTP server instead.

(Authentication icon)

Indicates that the call is from a trusted device, and that the connection to the Cisco Unified Communications Manager is authenticated. For more information about authentication, refer to Cisco Unified Communications Manager Security Guide.

(Encryption icon)

Indicates that the call is from a trusted device, and that the connection to the Cisco Unified Communications Manager is authenticated and encrypted. For more information about authentication and encryption, refer to Cisco Unified Communications Manager Security Guide.

The Encryption icon is also displayed when a Cisco Unified IP phone is configured as protected. For more information about protected calls, refer to Cisco Unified Communications Manager Security Guide. Protected calls are not authenticated.


SIP Configuration Menu for SIP Phones

The SIP Configuration menu is available on SIP phones. This menu contains the following sub-menus:

SIP General Configuration Menu

Line Settings Menu for SIP Phones

SIP General Configuration Menu

The SIP General Configuration menu displays information about the configurable SIP parameters on the phone. Table 4-6 describes the options in this menu.

Table 4-6 SIP General Configuration Menu Options 

Option
Description
To Change

Preferred CODEC

Displays the CODEC to use when a call is initiated.

Display only—cannot configure.

Out of Band DTMF

Displays the configuration of the out-of-band signaling (for tone detection on the IP side of a gateway). The Cisco Unified IP Phone (SIP) supports out-of-band signaling by using the AVT tone method. Valid values are none, avt, and avt_always.

Display only—cannot configure.

Register with Proxy

This value is set to Yes.

Display only—cannot configure.

Register Expires

Displays the amount of time, in seconds, after which a registration request expires.

From Cisco Unified Communications Manager Administration, choose Device > Device Settings > SIP Profile.

Phone Label

Displays the text that is displayed on the top right status line of the display on the phone. This text is for end-user display only and has no effect on caller identification or messaging.

Display only—cannot configure.

Enable VAD

The default value is set to No.

From Cisco Unified Communications Manager Administration, choose Device > Device Settings > SIP Profile.

Start Media Port

Displays the start Real-Time Transport Protocol (RTP) range for media.

From Cisco Unified Communications Manager Administration, choose Device > Device Settings > SIP Profile.

End Media Port

Displays the end Real-Time Transport Protocol (RTP) range for media.

From Cisco Unified Communications Manager Administration, choose Device > Device Settings > SIP Profile.

NAT Enabled

Displays if Network Address Translation (NAT) is enabled.

Display only—cannot configure.

NAT Address

Displays the WAN IP address of the NAT or firewall server.

Display only—cannot configure.

Call Statistics

The default value is set to No.

From Cisco Unified Communications Manager Administration, choose Device > Device Settings > SIP Profile.


Related Topics

Displaying a Configuration Menu

Device Configuration Menu

Line Settings Menu for SIP Phones

The Line Settings menu displays information that relates to the configurable parameters for each of the lines on your SIP phone. Table 4-7 describes the options in this menu.

Table 4-7 Line Settings Menu Options 

Option
Description
To Change

Name

Displays the lines and the number used to register each line.

Use Cisco Unified Communications Manager Administration to modify.

Short Name

Displays the short name configured for the line.

Use Cisco Unified Communications Manager Administration to modify.

Longer Authentication Name

Displays the name used by the phone for authentication if a registration is challenged by the proxy server during initialization.

The length of the SIP digest authentication name has been increased to 128 characters for Cisco Unified 7900 Series SIP phones. The authentication name is used to verify that the phone is allowed to send SIP messages (REGISTER, INVITE, and SUBSCRIBE) to the Cisco Unified Communications Manager.

Use Cisco Unified Communications Manager Administration to modify.

Authentication Password

Displays the password used by the phone for authentication if a registration is challenged by the proxy server during initialization.

Use Cisco Unified Communications Manager Administration to modify.

Display Name

Displays the identification the phone uses for display for caller identification purposes.

Use Cisco Unified Communications Manager Administration to modify.

Proxy Address

Displays the IP address of the proxy server that will be used by the phone. The value is left blank because it is not applicable to SIP phones that are using Cisco Unified Communications Manager.

Display only—cannot configure.

Proxy Port

The value is left blank because it is not applicable to SIP phones that are using Cisco Unified Communications Manager.

Display only—cannot configure.

Shared Line

Displays if the line is part of a shared line (Yes) or not (No).

Display only—cannot configure.


Related Topics

Displaying a Configuration Menu

Device Configuration Menu

Call Preferences Menu for SIP Phones

The Call Preferences menu displays settings that relate to the settings for the call preferences on a SIP phone. Table 4-8 describes the options in this menu.

Table 4-8 Call Preferences Menu Options 

Option
Description
To Change

Caller ID Blocking

Indicates whether caller ID blocking is enabled (Yes) or disabled (No) for the phone.

From Cisco Unified Communications Manager Administration, choose Device > Device Settings > SIP Profile.

Anonymous Call Block

Indicates whether anonymous call block is enabled (Yes) or disabled (No) for the phone.

From Cisco Unified Communications Manager Administration, choose Device > Device Settings > SIP Profile.

Call Waiting

Indicates whether call waiting is enabled (Yes) or disabled (No) for the phone.

From Cisco Unified Communications Manager Administration, choose Call Routing > Directory Number.

Call Hold Ringback

Indicates whether the call hold ringback feature is enabled (Yes) or disabled (No) for the phone.

From Cisco Unified Communications Manager Administration, choose Device > Device Settings > SIP Profile.

Shutter Msg Waiting

Indicates whether shutter message waiting is enabled (Yes) or disabled (No) for the phone.

From Cisco Unified Communications Manager Administration, choose Device > Device Settings > SIP Profile.

Auto Answer Preferences

Indicates whether auto answer is enabled (Yes) or disabled (No) for the phone.

From Cisco Unified Communications Manager Administration, choose Call Routing > Directory Number.

Speed Dials

Indicates whether speed dial is enabled (Yes) or disabled (No) for the phone.

From Cisco Unified Communications Manager Administration, choose Device > Phone > Add a New Speed Dial.


HTTP Configuration Menu

The HTTP Configuration menu displays the URLs of servers from which the phone obtains a variety of information. This menu also displays information about the idle display on the phone.


Note Cisco Unified IP Phones do not support URLs with IPv6 addresses in the URL. This includes hostname which maps to a IPv6 address for directories, services, messages, and information URLs. If you support the phone usage of URLs, you must configure the phone and the servers that provide URL services with IPv4 addresses.


Table 4-9 describes the HTTP Configuration menu options.

Table 4-9 HTTP Configuration Menu Options 

Option
Description
To Change

Directories URL

URL of the server from which the phone obtains directory information.

From Cisco Unified Communications Manager Administration, choose Device > Phone > Phone Configuration.

Services URL

URL of the server from which the phone obtains Cisco Unified IP Phone services.

From Cisco Unified Communications Manager Administration, choose Device > Phone > Phone Configuration.

Messages URL

URL of the server from which the phone obtains message services.

From Cisco Unified Communications Manager Administration, choose Device > Phone > Phone Configuration.

Information URL

URL of the help text that appears on the phone.

From Cisco Unified Communications Manager Administration, choose Device > Phone > Phone Configuration.

Authentication URL

URL that the phone uses to validate requests made to the phone web server.

From Cisco Unified Communications Manager Administration, choose Device > Phone > Phone Configuration.

Proxy Server URL

URL of proxy server, which makes HTTP requests to non-local host addresses on behalf of the phone HTTP client and provides responses from the non-local host to the phone HTTP client.

From Cisco Unified Communications Manager Administration, choose Device > Phone > Phone Configuration.

Idle URL

URL of an XML service that the phone displays when the phone has not been used for the time specified in the Idle URL Time option and no menu is open. For example, you could use the Idle URL option and the Idle URL Timer option to display a stock quote or a calendar on the LCD screen when the phone has not been used for 5 minutes.

From Cisco Unified Communications Manager Administration, choose Device > Phone > Phone Configuration.

Idle URL Time

Number of seconds that the phone has not been used and no menu is open before the XML service specified in the Idle URL option is activated.

From Cisco Unified Communications Manager Administration, choose Device > Phone > Phone Configuration.


Locale Configuration Menu

The Locale Configuration menu displays information about the user locale and the network locale used by the phone. Table 4-10 describes the options on this menu.

Table 4-10 Locale Configuration Menu Options 

Option
Description
To Change

User Locale

User locale associated with the phone user. The user locale identifies a set of detailed information to support users, including language, font, date and time formatting, and alphanumeric keyboard text information.

For more information on installing user locale, refer to the Cisco Unified Communications Operating System Administration Guide.

From Cisco Unified Communications Manager Administration, choose Device > Phone > Phone Configuration.

User Locale Version

Version of the user locale loaded on the phone.

Display only—cannot configure.

User Locale Char Set

Character set that the phone uses for the user locale.

Display only—cannot configure.

Network Locale

Network locale associated with the phone user. The network locale identifies a set of detailed information that supports the phone in a specific location, including definitions of the tones and cadences used by the phone.

From Cisco Unified Communications Manager Administration, choose Device > Phone > Phone Configuration.

Network Locale Version

Version of the network locale loaded on the phone.

Display only—cannot configure.

NTP Configuration

(SIP phones only)

Menu to view information on NTP server and mode configuration. For more information, see Network Configuration Menu.

From Cisco Unified Communications Manager Administration, choose System > Phone NTP Reference.


UI Configuration Menu

The UI Configuration menu displays whether the group listen function is enabled. Use Cisco Unified Communications Manager Administration to modify.

Table 4-11 UI Configuration Menu Options 

Option
Description
To Change

Group Listen, Enabled/Disabled

Indicates whether the group listen feature is enabled or disabled.

From Cisco Unified Communications Manager Administration, choose Device > Phone > Phone Configuration.

Reverting Focus Priority

Indicates whether the phone shifts the call focus on the phone screen to an incoming call or a reverting hold call. Settings include:

Lower—Focus priority given to incoming calls.

Higher —Focus priority given to reverting calls.

Even —Focus priority given to the first call.

Use Cisco Unified Communications Manager to modify options.

See Hold Reversion.

Auto Call Select

Indicates whether the phone automatically shifts the call focus to an incoming call on the same line when the user is already on a call.

When this option is enabled, the phone shifts the call focus to the most recent incoming call.

When this option is disabled, all automatic focus changes are disabled regardless of their settings.

Default: Enabled.

From Cisco Unified Communications Manager Administration, choose Device > Phone > Phone Configuration.

"more" Softkey Timer

Indicates the number of seconds that additional softkeys are displayed after the user presses more. If this timer expires before the user presses another softkey, the display reverts to the initial softkeys.

Range: 5 to 30; 0 represents an infinite timer.

Default: 5.

From Cisco Unified Communications Manager Administration, choose
Device > Phone > Phone Configuration.

Wideband Handset UI Control

Indicates whether the user can configure the Wideband Handset option in the phone user interface.

Values:

Enabled—The user can configure the Wideband Handset option in the Audio Preferences menu on the phone (choose > User Preferences > Audio Preferences> Wideband Handset).

Disabled—The value of the Wideband Handset option in Cisco Unified Communications Manager Administration gets used (see Media Configuration Menu).

Default: Enabled

From Cisco Unified Communications Manager Administration, choose Device > Phone > Phone Configuration.

Personalization

Indicates whether the phone has been enabled for configuring custom ring tones and wallpaper images.

From Cisco Unified Communications Manager Administration, choose Device > Phone > Phone Configuration.

Enbloc Dialing (SCCP only)

Indicates whether the phone will use Enbloc dialing. If "Enabled", the phone will use Enbloc dialing when possible. If "Disabled", the phone will not use Enbloc dialing. You should disable Enbloc dialing if either Forced Authorization Codes (FAC) or Client Matter Codes (CMC) dialing is being used.

Default: Enabled

From Cisco Unified Communications Manager Administration, choose Device > Phone > Phone Configuration.


Media Configuration Menu

The Media Configuration menu displays whether the speaker capability is enabled. Table 4-12 describes the options on this menu.

Table 4-12 Media Configuration Menu Options 

Option
Description
To Change

Speaker Enabled

Indicates whether the speaker is enabled for monitoring calls on the phone.

From Cisco Unified Communications Manager Administration, choose Device > Phone > Phone Configuration.

Wideband Handset

Indicates whether wideband is enabled or disabled for the handset.

Default: "Use Phone Default" on Cisco Unified Communications Manager Administration. (This default means that the phone will be enabled for a wideband handset only if the phone was shipped with a wideband handset.)

If Wideband Handset UI Control is enabled, you or the user can choose > User Preferences >

Audio Preferences > Wideband Handset.

If Wideband Handset UI Control is disabled, from Cisco Unified Communications Manager Administration, choose Device > Phone > Phone Configuration to set this value.

Note If you allowed this option to be user controllable (in the Wideband Handset UI Control option), the user-configured value takes precedence.

Enterprise Advertise G.722 Codec

Enables/disables Cisco Unified IP Phones to advertise the G.722 codec to Cisco Unified Communications Manager.

For more information, see Cisco Unified Communications Manager System Guide, Cisco Unified IP Phones.

Note When a phone is registered with a Cisco Unified Communications Manager that does not support this setting, the default is "Disabled."

From Cisco Unified Communications Manager Administration, choose System > Enterprise Parameters.

Device Advertise G.722 Codec

Allows you to override the Enterprise Advertise G.722 Codec on a per-phone basis.

The default is "Use System Default," which means the value configured for the Enterprise Advertise G.722 Codec parameter gets used.

From Cisco Unified Communications Manager Administration, choose Device > Phone.


NTP Configuration Menu for SIP Phones

The NTP Configuration menu, which opens when you select NTP Configuration on the Locale Configuration menu, displays information about the NTP server and mode configuration used by the phone. Table 4-13 describes the options on this menu. For more information, see Locale Configuration Menu.

Table 4-13 NTP Configuration Menu Options 

Option
Description
To Change

NTP IP Address 1

The IP address of the primary NTP server.

From Cisco Unified Communications Manager Administration, choose System > Phone NTP Reference.

NTP IP Address 2

The IP address of the secondary or backup NTP server.

From Cisco Unified Communications Manager Administration, choose System > Phone NTP Reference.

NTP Mode 1

The primary server mode. Supported modes are Directed Broadcast and Unicast.

From Cisco Unified Communications Manager Administration, choose System > Phone NTP Reference.

NTP Mode 2

The secondary server mode. Supported modes are Directed Broadcast and Unicast.

From Cisco Unified Communications Manager Administration, choose System > Phone NTP Reference.


Ethernet Configuration Menu

The Ethernet Configuration menu includes the options that are described in Table 4-14.

Table 4-14 Ethernet Configuration Menu Option 

Option
Description
To Change

Span to PC Port (applies to 7911G only)

Indicates whether the phone will forward packets transmitted and received on the network port to the access port.

Enable this option if an application that requires monitoring of the phone traffic is being run on the access port. These applications include monitoring and recording applications (common in call center environments) and network packet capture tools that are used for diagnostic purposes.

When Span to PC Port is enabled, the PC attached to the Cisco Unified IP Phone 7911 cannot authenticate using 802.1x.

From Cisco Unified Communications Manager Administration, choose Device > Phone > Phone Configuration.

Forwarding Delay

(applies to 7911G only)

Indicates whether the internal switch begins forwarding packets between the PC port and switched port on the phone when the phone becomes active.

When forwarding delay is set to disabled, the internal switch begins forwarding packets immediately.

When forwarding delay is set to enabled, the internal switch waits 8 seconds before forwarding packets between the PC port and the switch port.

Default is disabled.

From Cisco Unified Communications Manager Administration, choose Device > Phone > Phone Configuration.


Security Configuration Menu

The Security Configuration menu that you display from the Device Configuration menu displays settings that relate to security for the phone.


Note The phone also has a Security Configuration menu that you access directly from the Settings menu. For information about the security options on that menu, see Security Configuration Menu.


Table 4-15 describes the Security Configuration menu options.

Table 4-15 Security Configuration Menu Options 

Option
Description
To Change

PC Port Disabled (applies to 7911G only)

Indicates whether the access port on the phone is enabled (No) or disabled (Yes).

From Cisco Unified Communications Manager Administration, choose Device > Phone > Phone Configuration.

GARP Enabled

Indicates whether the phone learns MAC addresses from Gratuitous ARP responses. Disabling the phone ability to accept Gratuitous ARP will prevent applications that use this mechanism to monitor and record voice streams from working. If voice monitoring is not desired, set this option to No (disabled).

From Cisco Unified Communications Manager Administration, choose Device > Phone > Phone Configuration.

Voice VLAN Enabled (applies to 7911G only)

Indicates whether the phone allows a device attached to the access port to access the Voice VLAN. Setting this option to No (disabled) prevents the attached PC from sending and receiving data on the Voice VLAN. This setting also prevents the PC from receiving data sent and received by the phone. Set this setting to Yes (enabled) if an application that requires monitoring of the phone traffic is running on the PC. These applications include monitoring and recording applications and network monitoring software.

From Cisco Unified Communications Manager Administration, choose Device > Phone > Phone Configuration.

Web Access Enabled

Indicates whether web access is enabled (Yes) or disabled (No) for the phone.

For more information, see Disabling and Enabling Web Page Access.

Security Mode

Displays the security mode that is set for the phone.

Use Cisco Unified Communications Manager Administration to modify.

Logging Display

Used by Cisco Technical Assistance Center (TAC) for troubleshooting.

The Cisco Unified IP Phone 7911G can be configured for Enabled/Disabled/PC Controlled.

The Cisco Unified IP Phone 7906G supports only Enabled/Disabled (no PC Controlled).


QoS Configuration Menu

The QoS Configuration menu displays information that relates to quality of service (QoS) for the phone. Table 4-16 describes the QoS Configuration menu options.

Table 4-16 QoS Configuration Menu Options 

Option
Description
To Change

DSCP For Call Control

DSCP IP classification for call control signaling.

From Cisco Unified Communications Manager Administration, choose System > Enterprise Parameters.

DSCP For Configuration

DSCP IP classification for any phone configuration transfer.

From Cisco Unified Communications Manager Administration, choose System > Enterprise Parameters.

DSCP For Services

DSCP IP classification for phone-based services.

From Cisco Unified Communications Manager Administration, choose System > Enterprise Parameters.


Related Topics

Displaying a Configuration Menu

Network Configuration Menu

Network Configuration

The Network Configuration menu displays device-specific network configuration settings on the phone. Table 4-17 describes the options in this menu.


Note The phone also has a Network Configuration menu that you access from the main menu. For information about the options on that menu, see Network Configuration Menu.


Table 4-17 Network Configuration Menu Options 

Option
Description
To Change

Load Server

Used to optimize installation time for phone firmware upgrades and offload the WAN by storing images locally, negating the need to traverse the WAN link for each phone's upgrade.

You can set the Load Server to another TFTP server IP address or name (other than the TFTP Server 1 or TFTP Server 2) from which the phone firmware can be retrieved for phone upgrades. When the Load Server option is set, the phone contacts the designated server for the firmware upgrade.

Note The Load Server option allows you to specify an alternate TFTP server for phone upgrades only. The phone continues to use TFTP Server 1 or TFTP Server 2 to obtain configuration files. The Load Server option does not provide management of the process and of the files, such as file transfer, compression, or deletion.

From Cisco Unified Communications Manager Administration, choose Device > Phone > Phone Configuration.

IPv6 Load Server

This feature is disabled in this release.

 

RTP Control Protocol

Indicates whether the phone supports the Real Time Control Protocol. Settings include:

Enabled

Disabled—default

If this feature is disabled, several call statistic values display as 0. For additional information, see the following sections:

Call Statistics Screen

Streaming Statistics

From Cisco Unified Communications Manager Administration, choose Device > Phone > Phone Configuration.

CDP: SW Port

Indicates whether CDP is enabled on the switch port (default is enabled).

Enable CDP on the switch port for VLAN assignment for the phone, power negotiation, QoS management, and 802.1x security.

Enable CDP on the switch port when the phone is connected to a Cisco switch.

Note When CDP is disabled in Cisco Unified Communications Manager, a warning is presented, indicating that CDP should be disabled on the switch port only if the phone is connected to a non-Cisco switch.

The current PC and switch port CDP values are shown on the Settings menu.

Use Cisco Unified Communications Manager Administration, and choose Device > Phone > Phone Configuration.

Peer Firmware Sharing

The Peer Firmware Sharing feature provides these advantages in high speed campus LAN settings:

Limits congestion on TFTP transfers to centralized remote TFTP servers

Eliminates the need to manually control firmware upgrades

Reduces phone downtime during upgrades when large numbers of devices are reset simultaneously

Peer Firmware Sharing may also aid in firmware upgrades in branch/remote office deployment scenarios over bandwidth-limited WAN links.

When enabled, it allows the phone to discover like phones on the subnet that are requesting the files that make up the firmware image, and to automatically assemble transfer hierarchies on a per-file basis. The individual files making up the firmware image are retrieved from the TFTP server by only the root phone in the hierarchy, and are then rapidly transferred down the transfer hierarchy to the other phones on the subnet using TCP connections.

This menu option indicates whether the phone supports peer firmware sharing. Settings include:

Enabled—default

Disabled

Use Cisco Unified Communications Manager Administration, and choose Device > Phone > Phone Configuration.

Log Server

Indicates the IP address and port of the remote logging machine to which the phone sends log messages. These log messages help in debugging the peer to peer image distribution feature.

Note The remote logging setting does not affect the sharing log messages sent to the phone log.

Use Cisco Unified Communications Manager Administration, and choose Device >  Phone > Phone Configuration.

IPv6 Log Server

This feature is disabled in this release.

 

CDP: PC Port

(applies to 7911G only)

Indicates whether CDP is enabled on the PC port (default is enabled).

Enable CDP on the PC port when Cisco VT Advantage/Unified Video Advantage (CVTA) is connected to the PC port. CVTA does not work without CDP interaction with the phone.

Note When CDP is disabled in Cisco Unified Communications Manager, a warning is displayed, indicating that disabling CDP on the PC port prevents CVTA from working.

Note The current PC and switch port CDP values are shown on the Settings menu.

Use Cisco Unified Communications Manager Administration, and choose Device > Phone.

LLDP: PC Port

Enables and disables Link Layer Discovery Protocol (LLDP) on the PC port. Use this setting to force the phone to use a specific discovery protocol, which should match the protocol supported by the switch. Settings include:

Enabled—default

Disabled

Use Cisco Unified Communications Manager Administration, and choose Device >  Phone > Phone Configuration

LLDP-MED: SW Port

Enables and disables Link Layer Discovery Protocol Media Endpoint Discovery (LLDP-MED) on the switch port. Use this setting to force the phone to use a specific discovery protocol, which should match the protocol supported by the switch. Settings include:

Enabled—default

Disabled

Use Cisco Unified Communications Manager Administration, and choose Device >  Phone > Phone Configuration

LLDP Power Priority

Advertises the phone power priority to the switch, enabling the switch to appropriately provide power to the phones. Settings include:

Unknown—default

Low

High

Critical

Use Cisco Unified Communications Manager Administration, and choose Device >  Phone > Phone Configuration

LLDP Asset ID

Identifies the asset ID assigned to the phone for inventory management.

Use Cisco Unified Communications Manager Administration, and choose Device >  Phone > Phone Configuration

IP Addressing Mode

Displays the IP addressing mode that is available on the phone—IPv4 only, IPv6 only, or IPv4 and IPv6.

From Cisco Unified Communications Manager Administration, choose Device > Device Settings > Common Device Configuration.

IP Preference Mode Control

Indicates the IP address version that the phone uses during signaling with Cisco Unified Communications Manager when both IPv4 and IPv6 are both available on the phone.

Displays one of the following options:

IPv4—The dual-stack phone prefers to establish a connection via an IPv4 address during a signaling event.

IPv6—The dual-stack phone prefers to establish a connection via an IPv6 address during a signaling event.

From Cisco Unified Communications Manager Administration, choose Device > Device Settings > Common Device Configuration.

Auto IP Configuration

Displays whether the auto configurations is enabled or disabled on the phone.

The Auto IP Configuration setting along with the DHCPv6 setting determine how the IP Phone obtains its IPv6 address and other network settings. For more information on how these two settings affect the network settings on the phone, see Table 4-5.

Note Use the Allow Auto-Configuration for Phones setting in Cisco Unified Communications Manager Administration.

From Cisco Unified Communications Manager Administration, choose Device > Device Settings > Common Device Configuration.

IPv6 Load Server

Used to optimize installation time for phone firmware upgrades and off load the WAN by storing images locally, negating the need to traverse the WAN link for each phone's upgrade.

You can set the Load Server to another TFTP server IP address or name (other than the IPv6 TFTP Server 1 or IPv6 TFTP Server 2) from which the phone firmware can be retrieved for phone upgrades. When the Load Server option is set, the phone contacts the designated server for the firmware upgrade.

Note The Load Server option allows you to specify an alternate TFTP server for phone upgrades only. The phone continues to use IPv6 TFTP Server 1 or IPv6 TFTP Server 2 to obtain configuration files. The Load Server option does not provide management of the process and of the files, such as file transfer, compression, or deletion.

Note When you configure both an IPv6 Load Server and a Load Server (for IPv4), the IPv6 Load server takes precedence.

Use Cisco Unified Communications Manager Administration to modify.

IPv6 Log Server

Indicates the IP address and port of the remote logging machine to which the phone sends log messages. These log messages help in debugging the peer to peer image distribution feature.

Note The remote logging setting does not affect the sharing log messages sent to the phone log.

Use Cisco Unified Communications Manager Administration to modify.


Related Topics

Displaying a Configuration Menu

Network Configuration Menu

Security Configuration Menu

The Security Configuration menu that you access directly from the Settings menu provides information about various security settings. It also provides access to the Trust List menu. This menu indicates if the CTL or ITL file is installed on the phone.

For instructions about how to access the Device Configuration menu and its sub-menus, see Displaying a Configuration Menu.


Note The phone also has a Security Configuration menu that you access from the Device menu. For information about the security options on that menu, see Security Configuration Menu.


Table 4-18 describes the options in this menu.

Table 4-18 Security Configuration Menu Options 

Option
Description
To Change

Web Access Enabled

Indicates whether web access is enabled (Yes) or disabled (No) for the phone.

For more information, see Disabling and Enabling Web Page Access.

Security Mode

Displays the security mode that is set for the phone.

From Cisco Unified Communications Manager Administration, choose Device > Phone > Phone Configuration.

MIC

Indicates whether a manufacturing installed certificate (used for the security features) is installed on the phone (Yes) or is not installed on the phone (No).

For information about how to manage the MIC for your phone, refer to the Using the Certificate Authority Proxy Function in Cisco Unified Communications Manager Security Guide.

LSC

Indicates whether a locally significant certificate (used for the security features) is installed on the phone (Yes) or is not installed on the phone (No).

For information about how to manage the MIC for your phone, refer to Using the Certificate Authority Proxy Function in Cisco Unified Communications Manager Security Guide.

Trust List

The Trust List is a top-level menu that provides submenus for the CTL, ITL, and Signed Configuration files.

The CTL File submenu displays the contents of the CTL file. The ITL File submenu displays contents of the ITL file. The CTL and ITL files submenus also display the MD5 hash of the file. The MD5 hash value from the phone can be compared with the MD5 hash value of the file from the TFTP server to verify if the correct file is installed on the phone.

The Signed Configuration File submenu displays the SRST certificate that is installed via the authenticated digitally signed configuration file.

For more information, see Trust List Menu.

IPv6 CAPF Server

Displays the IP address and the port of the IPv6 CAPF server that the phone uses.

For more information about this server, refer to the Using the Certificate Authority Proxy Function in Cisco Unified Communications Manager Security Guide.

802.1X Authentication

Allows you to enable 802.1X authentication for this phone.

See 802.1X Authentication and Status.

802.1X Authentication Status

Displays real-time status progress of the 802.1X authentication transaction.

Display only—Cannot configure.


CTL File Submenu

The CTL File submenu includes the options that are described in Table 4-19.

If a CTL file is installed on the phone, you can access the CTL File submenu by pressing the Applications Menu button and choosing Security Configuration > Trust List.

Table 4-19 CTL File Settings 

Option
Description
To Change

CTL File

Displays the MD5 hash of the CTL file that is installed in the phone. If security is configured for the phone, the CTL file installs automatically when the phone reboots or resets.

A locked padlock icon in this option indicates that the CTL file is locked.

An unlocked padlock icon indicates that the CTL file is unlocked.

For more information about the CTL file, refer to Configuring the Cisco CTL Client in Cisco Unified Communications Manager Security Guide.

Unified CM/ TFTP Server

Common Name (from the Cisco Unified Communications Manager Certificate) of a Cisco Unified Communications Manager and TFTP server used by the phone. Also displays a certificate icon if a certificate is installed for this server.

If the certificate of the TFTP (TFTP Server 1) or the backup TFTP (TFTP Server 2) is not in the CTL or ITL file, one of the files must be unlocked.

For information about changing these options, see Network Configuration Menu.

Application Server

Common Name (from the Cisco Unified Communications Manager Certificate) of the trusted application server used by the phone. Also displays a certificate icon.

A phone-trust certificate is used to authenticate application servers with which the phone communicates.

One Application Server menu item appears for each phone-trust store whose certificates have been uploaded into Cisco Unified OS Administration and later downloaded into the phone CTL file.

For more information about phone-trust certificates, refer to the following manuals:

Cisco Unified Communications Operating System Administration Guide, Security.

Cisco Unified Communication Manager Security Guide, Security Overview.


Unlocking the CTL and ITL files

To unlock the CTL and ITL files from the Security Configuration menu, follow these steps:

Procedure


Step 1 Press **# to unlock options on the overall setting menu of the Cisco Unified IP Phone.

Step 2 Select Trust List > CTL or ITL file (depending on which file is installed in your phone).


Note If both CTL and ITL files are installed in your phone, you can choose any one of the options.


Step 3 Press Unlock softkey to unlock Trust List files on the phone. The CTL or ITL files, if installed on your phone, will be unlocked together.


Note When you press the Unlock softkey, it changes to Lock. If you decide not to change the TFTP server option, press the Lock softkey to lock the CTL file.


ITL File Submenu

The ITL File screen includes the options that are described in Table 4-20.

If an ITL file is installed on the phone, you can access the ITL File submenu by pressing the Settings button and choosing Security Configuration > Trust List.


Note The TFTP server generates the ITL file. The Trust Verification Service (TVS) does not generate the ITL file, as done in previous releases.


Table 4-20 ITL File Settings  

Option
Description
To Change

ITL File

Displays the MD5 hash of the ITL file that is installed in the phone. If security is configured for the phone, the ITL file installs automatically when the phone reboots or resets.

A locked padlock icon in this option indicates that the ITL file is locked.

An unlocked padlock icon indicates that the ITL file is unlocked.

For more information about the CTL file, refer to the Configuring the Cisco ITL Client section in Cisco Unified Communications Manager Security Guide.

CAPF Server

Common Name (from the Cisco Unified Communications Manager Certificate) of the CAPF used by the phone. Also displays a certificate icon if a certificate is installed for this server.

For more information about this server, refer to the Using the Certificate Authority Proxy Function in Cisco Unified Communications Manager Security Guide.

Unified CM/TFTP Server

Common Name (from the Cisco Unified Communications Manager Certificate) of a Cisco Unified Communications Manager and TFTP server used by the phone. Also displays a certificate icon if a certificate is installed for this server.

If neither the certificate of TFTP (TFTP Server 1) nor the certificate of backup TFTP (TFTP Server 2) is not in the CTL or ITL file, you must unlock the CTL file.

For information about changing these options, see Network Configuration Menu.

Application Server

Common Name (from the Cisco Unified Communications Manager Certificate) of the trusted application server used by the phone.

Also displays a certificate icon.

A phone-trust certificate is used to authenticate application servers with which the phone communicates.

One Application Server menu item appears for each phone-trust store whose certificates have been uploaded into Cisco Unified OS Administration and later downloaded into the phone ITL file.

For more information about phone-trust certificates, refer to the following manuals:

Cisco Unified Communications Operating System Administration Guide, Security.

Cisco Unified Communication Manager Security Guide, Security Overview.

Trust Verification Service (TVS) Server

Common Name (from the Cisco Unified Communications Manager Certificate) of the trusted application server used by the phone.

Also displays a certificate icon.

A phone-trust TVS certificate is used to authenticate TVS servers with which the phone communicates. There can be more than one entry for the TVS servers.

For more information, refer to the Cisco Unified Communications Manager System Administrator Guide.


Trust List Menu

The Trust List menu provides a top-level menu containing CTL, ITL, and the Signed Configuration submenus. The content of the Signed Configuration file is SRST.

The Trust List menu displays information about all of the servers that the phone trusts. Table 4-21 describes the options in this menu.

Table 4-21 Trust List Information 

Option
Description
To Change

CAPF Server

Common Name (from the Cisco Unified Communications Manager Certificate) of the CAPF server used by the phone. Also displays a certificate icon if a certificate is installed for this server.

For more information about these settings, refer to Configuring the Cisco CTL Client in Cisco Unified Communications Manager Security Guide.

Unified CM/ TFTP Server

Common Name (from the Cisco Unified Communications Manager Certificate) of a Cisco Unified Communications Manager and the TFTP server used by the phone.Also displays a certificate icon if a certificate is installed for this server.

For more information about these settings, refer to Configuring the Cisco CTL Client in Cisco Unified Communications Manager Security Guide.

SRST Router

Common Name (from the Cisco Unified Communications Manager Certificate) of the trusted SRST router that is available to the phone, if such a device has been configured in Cisco Unified Communications Manager Administration. Also displays a certificate icon if a certificate is installed for this server.

For more information about these settings, refer to Configuring the Cisco CTL Client in Cisco Unified Communications Manager Security Guide.

Application Server

Common Name (from the Cisco Unified Communications Manager Certificate) of the trusted application server used by the phone. Also displays a certificate icon.

A phone-trust certificate is used to authenticate application servers with which the phone communicates.

One Application Server menu item appears for each phone-trust store whose certificates have been uploaded into Cisco Unified OS Administration and later downloaded into the Cisco Unified IP Phone CTL file.

For more information about phone-trust certificates, refer to the following manuals:

Cisco Unified Communications Operating System Administration Guide, Security.

Cisco Unified Communication Manager Security Guide, Security Overview.


802.1X Authentication and Status

Use the options that are described in the following tables to enable 802.1X authentication and monitor its progress:

Table 4-22—802.1X Authentication Settings

Table 4-23—802.1X Authentication Real-Time Status

Table 4-22 802.1X Authentication Settings 

Option
Description
To Change

Device Authentication

Determines whether 802.1X authentication is enabled:

Enabled—Phone uses 802.1X authentication to request network access.

Disabled—Default setting in which the phone uses CDP to acquire VLAN and network access.

1. Choose Settings > Security Configuration > 802.1X Authentication > Device Authentication.

2. Set the Device Authentication option to Enabled or Disabled.

3. Press the Save softkey.

EAP-MD5

Specifies a password for use with 802.1X Authentication using the following menu options (described in the following rows):

Device ID

Shared Secret

Realm

Choose Settings > Security Configuration > 802.1X Authentication > EAP-MD5.

Device ID—A derivative of the phone model number and unique MAC Address displayed in this format: CP-<model>-SEP-<MAC Address>

Display only—Cannot configure.

Shared Secret—Choose a password to use on the phone and on the authentication server. The password must be between 6 and 32 characters, consisting of any combination of numbers or letters.

Note If you disable 802.1X authentication or perform a factory reset of the phone, the shared secret is deleted.

1. Choose EAP-MD5 > Shared Secret.

2. Enter the shared secret.

3. Press Save.

See Troubleshooting Cisco Unified IP Phone Security for assistance in recovering from a deleted shared secret.

Realm—Indicates the user network domain, always set as Network.

Display only—Cannot configure.


Table 4-23 802.1X Authentication Real-Time Status 

Option
Description
To Change

802.1X Authentication Status

Real-time progress of the 802.1X authentication status. Displays one of the following states:

Disabled—802.1X is disabled and transaction was not attempted

Disconnected—Physical link is down or disconnected

Connecting—Trying to discover or acquire the authenticator

Acquired—Authenticator acquired, awaiting authentication to begin

Authenticating—Authentication in progress

Authenticated—Authentication successful or implicit authentication due to timeouts

Held—Authentication failed, waiting before next attempt (approximately 60 seconds)

Display only—Cannot configure.