Cisco Unified IP Phone 8961, 9951, and 9971 Administration Guide for Cisco Unified Communications Manager 8.6 (SIP)
Configuring Settings on the Cisco Unified IP Phone
Downloads: This chapterpdf (PDF - 541.0KB) The complete bookPDF (PDF - 15.26MB) | Feedback

Configuring Settings on the Cisco Unified IP Phone

Table Of Contents

Configuring Settings on the Cisco Unified IP Phone

Setup Menus on the Cisco Unified IP Phone

Displaying a Setup Menu

Unlocking and Locking Options

Editing Values

Ethernet Setup Menu

WLAN Setup Menu

IPv4 Setup Menu Options

Security Setup Menu

Trust List Menu

802.1X Authentication and Transaction Status

VPN Configuration Menu

Connecting to VPN

VPN Configuration Settings


Configuring Settings on the Cisco Unified IP Phone


The Cisco Unified IP Phone includes many configurable network settings that you may need to modify before the phone is functional for your users. You can access these settings, and change some of them, through menus on the phone. Settings that are display-only on the phone are configured in Cisco Unified Communications Manager Administration.

This chapter includes the following topics:

Setup Menus on the Cisco Unified IP Phone

Ethernet Setup Menu

WLAN Setup Menu

IPv4 Setup Menu Options

Security Setup Menu

Setup Menus on the Cisco Unified IP Phone

The Cisco Unified IP Phone includes the following configuration menus:

Network Setup—Provides options for viewing and configuring a variety of network settings. For more information, see the "Ethernet Setup Menu" section.

Ethernet Setup—A submenu of the Network Setup menu, the Ethernet Setup menu items provide configuration options to configure the Cisco Unified IP Phone over an ethernet network. For more information, see the "Ethernet Setup Menu" section.

WLAN Setup—A submenu of the Network Setup menu, the WLAN Setup menu items provide configuration options to configure the Cisco Unified IP Phone with the wireless local area network (WLAN). For more information, see the "WLAN Setup Menu" section.

IPv4 Setup—A submenu of the Ethernet Setup menu and of the WLAN Setup menu, the IPv4 menu items provide additional network options for viewing and setting. For more information, see the "IPv4 Setup Menu Options" section.

Security Setup—Provides options for viewing and configuring a variety of security settings. For more information, see the "Security Setup Menu" section.

Before you can change option settings on the Network Setup menu, you must unlock options for editing. See the "Unlocking and Locking Options" section for instructions.

For information about the keys you can use to edit or change option settings, see the "Editing Values" section.

You can control whether a phone user has access to phone settings by using the Settings Access field in the Cisco Unified Communications Manager Administration Phone Configuration window (in the Product Specific Information portion of the window).

Related Topics

Displaying a Setup Menu

Unlocking and Locking Options

Editing Values

Ethernet Setup Menu

WLAN Setup Menu

IPv4 Setup Menu Options

Security Setup Menu

Displaying a Setup Menu

To display a configuration menu, perform the following steps.

Procedure


Step 1 Press the Applications button .

Step 2 Select Administrator Settings.

Step 3 Select Network Setup or Security Setup.


Note For information about the Status menu, see Chapter 10 "Viewing Model Information, Status, and Statistics on the Cisco Unified IP Phone." For information about the Reset Settings menu, see Chapter 12 "Troubleshooting and Maintenance."


Step 4 Enter your user ID and password, if required, then click Sign-In.

Step 5 Perform one of these actions to display the desired menu:

Use the navigation arrows to select the desired menu and then press the Select button.

Use the keypad on the phone to enter the number that corresponds to the menu.

Step 6 To display a submenu repeat Step 5.

Step 7 To exit a menu, press the Exit softkey or the back arrow softkey .


Related Topics

Unlocking and Locking Options

Editing Values

Ethernet Setup Menu

WLAN Setup Menu

IPv4 Setup Menu Options

Security Setup Menu

Unlocking and Locking Options

You can apply a password to the phone so that no changes can be made to the administrative options on the phone without the password being entered on the Administrator Settings phone screen.

To apply a password to the phone, in Cisco Unified Communications Manager administration, navigate to the Common Phone Profile Configuration window (Device > Device Settings > Common Phone Profile). Enter a password in the Local Phone Unlock Password option. Apply the password to the common phone profile that the phone uses.

Related Topics

Displaying a Setup Menu

Editing Values

Ethernet Setup Menu

WLAN Setup Menu

IPv4 Setup Menu Options

Editing Values

When you edit the value of an option setting, follow these guidelines:

Use the arrows on the navigation pad to highlight the field you wish to edit, then press the Select button of the navigation pad to activate that field. (You can also double-tap on an editable field to activate it for editing.) After the field is activated, you can enter values.

Use the keys on the keypad to enter numbers and letters.

To enter letters by using the keypad, use a corresponding number key. Press the key one or more times to display a particular letter. For example, press the 2 key once for "a," twice quickly for "b," and three times quickly for "c." After you pause, the cursor automatically advances to allow you to enter the next letter.

Press the arrow softkey if you make a mistake. This softkey deletes the character to the left of the cursor.

Press the Cancel softkey before pressing the Save softkey to discard any changes that you made.

To enter an IP address, you enter values into four segments already divided for you. When you are done entering the leftmost digits before the first period, use the right arrow key to move to the next segment. The period that follows the leftmost digits is automatically inserted.


Note The Cisco Unified IP Phone provides several methods you can use to reset or restore option settings, if necessary. For more information, see the "Resetting the Cisco Unified IP Phone" section.


Related Topics

Displaying a Setup Menu

Unlocking and Locking Options

Ethernet Setup Menu

WLAN Setup Menu

IPv4 Setup Menu Options

Ethernet Setup Menu

The Ethernet Setup menu provides options for viewing and making a variety of network settings. Table 7-1 describes these options and, where applicable, explains how to change them.

For information about how to access the Ethernet Setup menu, see the "Displaying a Setup Menu" section.

For information about the keys you can use to edit options, see the "Editing Values" section.


Note The Ethernet data fields are overwritten when a VPN connection is established.


Table 7-1 Ethernet Setup Menu Options 

Option
Description
To Change

IPv4 Setup

In the IPv4 Setup configuration submenu, you can do the following:

Enable or disable the phone to use the IP address that is assign by the DHCP server.

Manually set the IP Address, Subnet Mask, Default Routers, DNS Server, and Alternate TFTP servers.

For more information about the IPv4 address fields, see Table 7-3.

Scroll to IPv4 Setup and press the Select button.

MAC Address

Unique Media Access Control (MAC) address of the phone.

Display only—Cannot configure.

Domain Name

Name of the Domain Name System (DNS) domain in which the phone resides.

1. Set the DHCP Enabled option to No.

2. Scroll to the Domain Name option, press the Select key, and then enter a new domain name.

3. Press the Apply softkey.

Operational VLAN ID

Auxiliary Virtual Local Area Network (VLAN) configured on a Cisco Catalyst switch in which the phone is a member.

If the phone has not received an auxiliary VLAN, this option indicates the Administrative VLAN.

If neither the auxiliary VLAN nor the Administrative VLAN are configured, this option is blank.

Display only—Cannot configure.

The phone obtains the Operational VLAN ID via Cisco Discovery Protocol (CDP) or Link Level Discovery Protocol Media Endpoint Discovery (LLDP-MED). This information comes from the switch to which the phone is attached. To assign a VLAN ID manually, use the Admin VLAN ID option.

Admin. VLAN ID

Auxiliary VLAN in which the phone is a member.

Used only if the phone does not receive an auxiliary VLAN from the switch; otherwise it is ignored.

1. Scroll to the Admin. VLAN ID option, press the Select softkey, and then enter a new Admin VLAN setting.

2. Press the Apply softkey.

PC VLAN

Allows the phone to interoperate with third party switches that do not support a voice VLAN. The Admin VLAN ID option must be set before you can change this option.

1. Make sure the Admin VLAN ID option is set.

2. Scroll to the PC VLAN option, press the Select softkey, and then enter a new PC VLAN setting.

3. Press the Apply softkey.

SW Port Setup

Speed and duplex of the Network port. Valid values:

Auto Negotiate

1000 Full—1000-BaseT/full duplex

100 Half—100-BaseT/half duplex

100 Full—100-BaseT/full duplex

10 Half—10-BaseT/half duplex

10 Full—10-BaseT/full duplex

If the phone is connected to a switch, configure the port on the switch to the same speed/duplex as the phone, or configure both to autonegotiate.

If you change the setting of this option, you must change the PC Port Configuration option to the same setting.

1. Unlock network configuration options.

2. Scroll to the SW Port Configuration option and then press the Select softkey.

3. Scroll to the setting that you want and then press the Select key.

PC Port Setup

Speed and duplex of the Computer (access) port. Valid values:

Auto Negotiate

1000 Full—1000-BaseT/full duplex

100 Half—100-BaseT/half duplex

100 Full—100-BaseT/full duplex

10 Half—10-BaseT/half duplex

10 Full—10-BaseT/full duplex

If the phone is connected to a switch, configure the port on the switch to the same speed/duplex as the phone, or configure both to autonegotiate.

If you change the setting of this option, you must change the SW Port Configuration option to the same setting.

1. Unlock network configuration options.

2. Scroll to the PC Port Configuration option and then press the Select softkey.

3. Scroll to the setting that you want and then press the Select key.

To configure the setting on multiple phones simultaneously, enable the Remote Port Configuration in the Enterprise Phone Configuration (System > Enterprise Phone Configuration).

Note If the ports are configured for Remote Port Configuration in Unified CM, the data cannot be changed on the phone.


Related Topics

Displaying a Setup Menu

Unlocking and Locking Options

WLAN Setup Menu

IPv4 Setup Menu Options

WLAN Setup Menu

The WLAN Setup menu provides options for viewing and making a variety of network settings. Table 7-2 describes these options and, where applicable, explains how to change them.


Note You can configure the WLAN settings only on the Cisco Unified IP Phone keypad. You must use the AC adapter when using the Cisco Unified IP Phone in WLAN mode. WLAN is disabled when Ethernet is connected.


For information about how to access the WLAN Setup menu, see the "Displaying a Setup Menu" section.

For information about the keys you can use to edit options, see the "Editing Values" section.

Table 7-2 WLAN Setup Menu Options 

Option
Description
To Change

Wireless

Used to turn the wireless radio on Cisco Unified IP Phone on or off. Valid values:

On—Turns the wireless radio on the phone on.

Off—Turns the wireless radio on the phone off.

Default: On

1. Scroll to the Wireless option, and use the toggle switch to change the setting between on and off.

2. Press the Apply softkey.

WLAN Sign in Access

Enables the display of the WLAN Sign in Access window in the main Applications menu:

On—The WLAN Sign In Access window displays. Turning this value on allows you to sign in or change your WLAN user ID and password on the main Applications menu. Otherwise, to change your sign-in information, you navigate down to the Security menu level and select either the LEAP or EAP-FAST methods, both of which require sign-in credentials.

Off—The WLAN Sign In Access window does not display.

Default: Off

1. Scroll to the Wireless Sign In option, and use the toggle switch to change the setting between on and off.

2. Press the Apply softkey.

IPv4 Setup

In the IPv4 Setup configuration submenu, you can do the following:

Enable or disable the phone to use the IP address that is assign by the DHCP server.

Manually set the IP Address, Subnet Mask, Default Routers, DNS Server, and Alternate TFTP servers.

For more information about the IPv4 address fields, see Table 7-3.

Scroll to IPv4 Setup and press the Select button.

MAC Address

Unique Media Access Control (MAC) address of the phone.

Display only—Cannot configure.

Domain Name

Name of the Domain Name System (DNS) domain in which the phone resides.

1. Set the DHCP Enabled option to No.

2. Scroll to the Domain Name option, press the Select key, and then enter a new domain name.

3. Press the Apply softkey.

SSID

Specifies the Service Set Identifier, a unique identifier for accessing wireless access points.

1. Scroll to the SSID option, press the Select softkey, and then enter a SSID.

2. Press the Apply softkey.

Security Mode

The type of authentication that the phone uses to access the WLAN. Valid values:

Open—Access to all access points (APs) without encryption.

Open with WEP—Open 802.11 authentication but uses Wired Equivalent Privacy (WEP) for encrypting the data. Specifies access to all APs and authentication through WEP keys at the local AP.

Shared Key—Shared key authentication using WEP.

LEAP—Lightweight Extensible Authentication Protocol authentication exchanges a username and cryptographically secure password with a RADIUS server in the network (Cisco proprietary version of EAP). LEAP supports WPA and WPA2.

EAP-FAST—Extensible Authentication Protocol Flexible Authentication via Secure Tunneling exchanges a username and cryptographically secure password with a RADIUS server in the network where a PAC (Protected Access Credential) is used to established a secure tunnel for authentication. EAP-FAST supports WPA and WPA2.

AKM—Selects the 802.11 authentication mechanism automatically from the configuration information exhibited by the access point. WPA-PSK or WPA versions 1 or 2 can be used when configured for this mode.

Note Consider the following when you select AKM: 1) AKM uses LEAP for 802.1x when using WPA, WPA2 or CCKM, 2) AKM selects the encryption method by giving precedence to the strongest key management type and then the strongest cipher, and 3) CCKM is not supported with WPA2.

1. Scroll to the Security Mode option, then highlight the desired value.

2. Click Apply.

802.11 Mode

Specifies the wireless signal standard that is used in the WLAN. Valid values:

Auto—Default value. Gives precedence to 5.0 Ghz if available.

802.11a

802.11b/g

1. Scroll to the 802.11 Mode option, then highlight the desired value.

2. Click Apply.


IPv4 Setup Menu Options

The IPv4 Setup menu is a submenu of the Ethernet Setup menu and of the WLAN Setup menu. To reach the IPv4 menu, select the IPv4 option on the Ethernet Setup menu or on the WLAN Setup menu.

Table 7-3 describes the IPv4 Setup menu options.

For information about the keys you can use to edit options, see the "Editing Values" section.

Table 7-3 IPv4 Setup Menu Options 

Option
Description
To Change

DHCP Enabled

Indicates whether the phone has DHCP enabled or disabled.

When DHCP is enabled, the DHCP server assigns the phone an IP address. When DHCP is disabled, the administrator must manually assign an IP address to the phone.

Scroll to the DHCP Enabled option and press the No softkey to disable DHCP, or press the Yes softkey to enable DHCP.

IP Address

Internet Protocol (IP) address of the phone.

If you assign an IP address with this option, you must also assign a subnet mask and default router. See the Subnet Mask and Default Router options in this table.

1. Set the DHCP Enabled option to No.

2. Scroll to the IP Address option, press the Select softkey, and then enter a new IP Address.

3. Press the Apply softkey

Subnet Mask

Subnet mask used by the phone.

1. Set the DHCP Enabled option to No.

2. Scroll to the Subnet Mask option, press the Select softkey, and then enter a new subnet mask.

3. Press the Apply softkey.

Default Router

Default router used by the phone.

1. Set the DHCP Enabled option to No.

2. Scroll to the appropriate Default Router option, press the Select softkey, and then enter a new router IP address.

3. Press the Apply softkey.

DNS Server 1

DNS Server 2

DNS Server 3

Primary Domain Name System (DNS) server (DNS Server 1) and optional backup DNS servers (DNS Server 2-3) used by the phone.

1. Set the DHCP Enabled option to No.

2. Scroll to the appropriate DNS Server option, press the Select softkey, and then enter a new DNS server IP address.

3. Press the Apply softkey.

4. Repeat Steps 2 and 3 as needed to assign backup DNS servers.

Alternate TFTP

Indicates whether the phone is using an alternative TFTP server.

Scroll to the Alternate TFTP option and press the Yes softkey if the phone should use an alternative TFTP server; press the No softkey if the phone should not use an alternative TFTP server.

TFTP Server 1

Primary Trivial File Transfer Protocol (TFTP) server used by the phone. If you are not using DHCP in your network and you want to change this server, you must use the TFTP Server 1 option.

If you set the Alternate TFTP option to yes, you must enter a non-zero value for the TFTP Server 1 option.

If neither the primary TFTP server nor the backup TFTP server is listed in the CTL or ITL file on the phone, you must unlock the file before you can save changes to the TFTP Server 1 option. In this case, the phone deletes the file when you save changes to the TFTP Server 1 option. A new CTL or ITL file downloads from the new TFTP Server 1 address.

When the phone looks for the TFTP server, it gives precedence to manually assigned TFTP servers, regardless of the protocol. If your configuration includes both IPv6 and IPv4 TFTP servers, the phone prioritizes the order that it looks for the TFTP server by giving priority to manually assigned IPv6 TFTP servers and IPv4 TFTP servers. The phone looks for the TFTP server in this order:

1. Any manually assigned IPv6 TFTP servers

2. Any manually assigned IPv4 TFTP servers

3. DHCPv6 assigned TFTP servers

4. DHCP assigned TFTP servers

Note For information about the CTL and ITL files, see Cisco Unified Communications Manager Security Guide.

1. Unlock the CTL or ITL file if necessary (for example, if you are changing the administrative domain of the phone). If the CTL and ITL files both exist, unlock either file.

2. If DHCP is enabled, set the Alternate TFTP option to Yes.

3. Scroll to the TFTP Server 1 option, press the Select softkey, and then enter a new TFTP server IP address.

4. Press the Apply softkey then press Save.

TFTP Server 2

Optional backup TFTP server that the phone uses if the primary TFTP server is unavailable.

If neither the primary TFTP server nor the backup TFTP server is listed in the CTL or ITL file on the phone, you must unlock either of the files before you can save changes to the TFTP Server 2 option. In this case, the phone deletes either of the files when you save changes to the TFTP Server 2 option. A new CTL or ITL file downloads from the new TFTP Server 2 address.

When the phone looks for the TFTP server, it gives precedence to manually assigned TFTP servers, regardless of the protocol. If your configuration includes both IPv6 and IPv4 TFTP servers, the phone prioritizes the order that it looks for the TFTP server by giving priority to manually assigned IPv6 TFTP servers and IPv4 TFTP servers. The phone looks for the TFTP server in the following order:

1. Manually assigned IPv6 TFTP servers

2. Manually assigned IPv4 TFTP servers

3. DHCPv6 assigned TFTP servers

4. DHCP assigned TFTP servers

Note For information about the CTL or ITL file, see Cisco Unified Communications Manager Security Guide.

1. Unlock the CTL or ITL file if necessary (for example, if you are changing the administrative domain of the phone). If both the CTL and ITL files exist, unlock either of the files.

2. Unlock network configuration options.

3. Enter an IP address for the TFTP Server 1 option.

4. Scroll to the TFTP Server 2 option, press the Select softkey, and then enter a new backup TFTP server IP address. If there is no secondary TFTP Server, you can use the Delete softkey to clear the field of a previous value.

5. Press the Apply softkey and then press Save.

If you forgot to unlock the CTL or ITL file, you can change the TFTP Server 2 address in either file, then erase them by pressing the Erase softkey from the Security Configuration menu. A new CTL or ITL file downloads from the new TFTP Server 2 address.

BOOTP Server

Indicates whether the phone received the IP address from a BOOTP server rather than from a DHCP server.

Display-only field.

DHCP Address Released

Releases the IP address assigned by DHCP.

This field is editable if DHCP is enabled. If you wish to remove the phone from the VLAN and release the IP address for reassignment, set this option to "Yes" and press the Apply softkey.


Related Topics

Displaying a Setup Menu

Unlocking and Locking Options

Editing Values

Security Setup Menu

The Security Setup menu that you access directly from the Administrator Settings menu provides information about various security settings. It also provides access to the Trust List menu and indicates if the CTL or ITL file is installed on the phone.

For information about how to access the Security Setup menu and submenus, see the "Displaying a Setup Menu" section.

Table 7-4 describes the options in the security setup menu.

Table 7-4 Security Menu Settings 

Option
Description
To Change

Security Mode

Displays the security mode that is set for the phone.

From Cisco Unified Communications Manager Administration, choose Device > Phone > Phone Configuration. The setting appears in the Protocol Specific Information portion of the window.

LSC

Indicates whether a locally significant certificate (used for the security features) is installed on the phone (Yes) or is not installed on the phone (No).

For information about how to manage the LSC for your phone, see the "Using the Certificate Authority Proxy Function" chapter in Cisco Unified Communications Manager Security Guide.

Trust List

The Trust List provides submenus for the CTL, ITL, and Signed Configuration files.

The CTL File submenu displays the contents of the CTL file. The ITL File submenu displays contents of the ITL file.

For more information, see the "Trust List Menu" section.

802.1X Authentication

Allows you to enable 802.1X authentication for this phone.

See the "802.1X Authentication and Transaction Status" section.


Trust List Menu

The Trust List menu provides a top-level menu containing CTL, ITL, and the Signed Configuration submenus. The content of the Signed Configuration file is SRST.

The Trust List menu only display components with certificates associated with them. Table 7-5 describes trust list menu options.

Table 7-5 Trust List Menu Settings 

Option
Description
To Change

CTL Signature

MD5 hash of the CTL file.

For more information about these settings, see the "Configuring the Cisco CTL Client" section in Cisco Unified Communications Manager Security Guide.

Unified CM/TFTP Server

Common name of a Cisco Unified Communications Manager and TFTP server used by the phone. Also displays a certificate icon if a certificate is installed for this server.

For more information about these settings, see the "Configuring the Cisco CTL Client" section in Cisco Unified Communications Manager Security Guide.

CAPF Server

Common name of the CAPF used by the phone. Also displays a certificate icon if a certificate is installed for this server.

For more information about these settings, see the "Configuring the Cisco CTL Client" section in Cisco Unified Communications Manager Security Guide.

SRST Router

IP address of the trusted SRST router that is available to the phone, if such a device is configured in Cisco Unified Communications Manager Administration. Also displays a certificate icon if a certificate is installed for this server.

For more information about these settings, see the "Configuring the Cisco CTL Client" section in Cisco Unified Communications Manager Security Guide.


802.1X Authentication and Transaction Status

The 802.1X Authentication Settings menu allows you to enable 802.1X authentication and view transaction status. These options are described in Table 7-6.

You can access the 802.1X Authentication settings by pressing the Applications button and choosing Administrator Settings > Security Setup > 802.1X Authentication. To exit this menu, press the Exit softkey

Table 7-6 802.1X Authentication Settings 

Option
Description
To Change

Device Authentication

Determines whether 802.1X authentication is enabled:

Enabled—Phone uses 802.1X authentication to request network access.

Disabled—Default setting in which the phone uses CDP to acquire VLAN and network access.

1. After pressing the Applications button , choose Administrator Settings > Security Setup > 802.1X Authentication > Device Authentication.

2. Set the Device Authentication option to Enabled or Disabled.

3. Press the Apply softkey.

EAP-MD5

Specifies a password for use with 802.1X authentication using the following menu options (described in the following rows):

Device ID

Shared Secret

Realm

After pressing the Applications button , choose Administrator Settings > Security Setup > 802.1X Authentication > EAP-MD5.

Device ID—Derivative of the phone model number and unique MAC address displayed in this format: CP-<model>-SEP-<MAC>

Display only—Cannot configure.

Shared Secret—Choose a password to use on the phone and on the authentication server. The password must be between 6 and 32 characters, consisting of any combination of numbers or letters.

Note If you disable 802.1X authentication or perform a factory reset (reset all settings) of the phone, the shared secret is deleted.

1. Choose EAP-MD5 > Shared Secret.

2. Enter the shared secret.

3. Press the Apply softkey.

See the "Troubleshooting Cisco Unified IP Phone Security" section for assistance in recovering from a deleted shared secret.

Realm—Indicates the user network domain, always set as Network.

Display only—Cannot configure.

Transaction Status

State—Displays the state of 802.1x authentication:

Disconnected—Indicates that 802.1x authentication is not configured on the phone.

Authenticated—Indicates that the phone is authenticated.

Held—Indicates that the authentication process is in progress.

Protocol—Displays the EAP method used for 802.1x authentication (can be EAP-MD5, EAP-FAST or EAP-TLS).

Display only—Cannot configure.


VPN Configuration Menu

The VPN Configuration menu allows you to enable the VPN Client connection using the Secure Sockets Layer (SSL). The VPN connection is used when a phone is located outside a trusted network or when network traffic between the phone and Unified CM must cross untrusted networks.

Your system administrator determines if your phone should be configured with the VPN functionality and enables the VPN feature.

If your phone is configured for VPN, the status of Auto-Detect Network Connection, which is configured on the UCM server, determines if a VPN connection is possible:

If Auto-Detect Network Connection is disabled, a VPN connection is possible. The Sign In screen appears, and you are prompted for credentials based on the authentication method that your system administrator configured on your phone. (On the phone in the Applications > VPN window, you can toggle the VPN Enabled field to On or Off to turn on or off the ability of the phone to attempt a VPN connection.)

If Auto-Detect Network Connection is enabled, you cannot connect through VPN, so the Sign In screen does not appear, and you are not prompted for credentials.

Connecting to VPN

Use this procedure to connect through VPN.

Procedure Steps


Step 1 After you turn on your phone and the Sign In screen for VPN Client appears (except with certificate authentication mode), enter your credentials based on the configured authentication method:

Username and password—Enter the username and the password that your system administrator gave you.

Certificate and password—Enter the password that your system administrator gave you. Your username is derived from the certificate.

Certificate—If the phone uses only a certificate for authentication, the Sign In screen does not appear, and phone displays the status of the phone attempting the VPN connection.

(When the power is lost or reset under some circumstances, the stored credentials are cleared.)

When a phone is at the Sign In screen, the screen stays lit and does not enter a power-save mode. This alerts the user that the phone is unregistered. If the phone remains in this state for a long time, the image may persist in the display for a short time after the user logs back in and then the image fades.

Step 2 Select the Sign In softkey to connect.

(If you press Cancel while the phone is attempting the connection, the connection attempt stops, and the Sign In screen appears again. Then if you press Cancel, the VPN menu appears and shows the VPN field as Off. The phone does not attempt a connection again until you set the VPN Enabled field to On.)


VPN Configuration Settings

Table 7-7 describes the VPN configuration options on the Cisco Unified IP Phone.

Table 7-7 VPN Configuration Settings 

Option
Description
To Change

VPN Enabled

If Auto-Detect Network Connection is disabled, toggle the VPN Enabled field to On or Off to turn on or off the ability of the phone to attempt a VPN connection.

Choose Applications > VPN.

Set the VPN option to On or Off.

If the feature is disabled on the Cisco Unified Communications Manager, this option is disabled.

Change Credentials

Changes the user ID and password.

If authentication is certificate-only or VPN Enabled is off, the option is grayed out.

VPN Status

Shows if option is enabled or disabled.

Display only—Configured on Unified CM.