The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Create software phone devices so that users can send and receive audio and video on their computers. Create desk phone devices that users can control with Cisco Jabber. Learn how to enable different audio and video features. Understand which server profiles you should create and which user associations you must assign.
Note | The client does not support audio and video calling on Cisco Unified Communications Manager Version 8.x when users connect to the corporate network using Expressway for Mobile and Remote Access. |
Software phones let users send and receive audio and video through their computers.
The steps in this section describe how to create CSF devices on Cisco Unified Communications Managerversion 8.6(1). CSF devices provide users with software phone capabilities.
As part of the task of creating CSF devices, you can enable video desktop sharing using Binary Floor Control Protocol (BFCP). Cisco Unified Communications Manager handles the BFCP packets that users transmit when using video desktop sharing capabilities. For this reason, you configure Cisco Unified Communications Manager to allow BFCP presentation sharing. On Cisco Unified Communications Manager version 8.6(1), you enable BFCP presentation sharing on a SIP profile. You must then apply that SIP profile to the CSF devices.
The first step in creating a software phone device is to create a SIP profile so that you can enable video desktop sharing. You cannot edit or configure the default SIP profile. For this reason, you must create a new SIP profile.
You should enable BFCP on the SIP profile before you apply the SIP profile to CSF devices.
Note | You cannot migrate a BFCP-enabled SIP profile to Cisco Unified Communications Manager version 8.6(2) or higher. If you configure video desktop sharing on Cisco Unified Communications Manager 8.61 and then upgrade to Cisco Unified Communications Manager 8.62, you must configure video desktop sharing on version 8.6.2. Video desktop sharing using BFCP is not supported if Trusted Relay Point or Media Termination Point are enabled on the software phone device. |
Complete the steps in this task to create CSF devices.
Add a directory number to the device and apply the configuration.
The steps in this section describe how to create CSF devices on Cisco Unified Communications Manager version 8.6(2) and later. CSF devices provide users with software phone capabilities.
As part of the task of creating CSF devices, you can enable video desktop sharing using Binary Floor Control Protocol (BFCP). Cisco Unified Communications Manager handles the BFCP packets that users transmit when using video desktop sharing capabilities. For this reason, you configure Cisco Unified Communications Manager to allow BFCP presentation sharing. On Cisco Unified Communications Manager version 8.6(2) and later, you must apply a COP file to add an option to allow BFCP presentation sharing on CSF devices. You must then enable BFCP presentation sharing on the CSF devices.
Tip |
You must apply cmterm-bfcp-e.8-6-2.cop.sgn to configure video desktop sharing on Cisco Unified Communications Manager version 8.6.2 and later. This COP file adds an option to enable BFCP on the CSF device.
The COP add the Allow Presentation Sharing using BFCP field to the Protocol Specific Information section on the Phone Configuration window for CSF devices.
Complete the steps in this task to create CSF devices.
Add a directory number to the device and apply the configuration.
You can optionally set up secure phone capabilities for CSF devices. Secure phone capabilities provide secure SIP signaling, secure media streams, and encrypted device configuration files.
To use secure phone capabilities, you must configure the Cisco Unified Communications Manager security mode using the Cisco CTL Client. You cannot use secure phone capabilities with the nonsecure security mode. At a minimum, you must use mixed mode security.
See the Cisco Unified Communications Manager Security Guide for instructions on configuring mixed mode with the Cisco CTL Client.
The first step to setting up secure phone capabilities is to create a phone security profile that you can apply to the device.
Configure the Cisco Unified Communications Manager security to use mixed mode.
After you add a phone security profile, you must configure it to suit your requirements.
Add the phone security profile to the devices and complete other configuration tasks for secure phone capabilities.
Step 1 | Open the CSF
device configuration window.
|
Step 2 | Select Allow Control of Device from CTI in the Device Information section. |
Step 3 | Select Save. |
Step 4 | Locate the Protocol Specific Information section. |
Step 5 | Select the phone security profile from the Device Security Profile drop-down list. |
Step 6 | Select Save. |
At this point in the secure phone set up, existing users can no longer use their CSF devices. You must complete the secure phone set up for users to be able to access their CSF devices.
What to Do Next
Specify the certificate settings and generate the authentication string for users.
Specify certificate settings in the CSF device configuration and generate the authentication strings that you provide to users.
Provide users with the authentication string.
Users must specify the authentication string in the client interface to access their devices and securely register with Cisco Unified Communications Manager.
Note | The time it takes for the enrollment process to complete can vary depending on the user's computer or mobile device and the current load for Cisco Unified Communications Manager. It can take up to one minute for the client to complete the CAPF enrollment process. |
Users enter an incorrect authentication string.
Users can attempt to enter authentication strings again to complete the CAPF enrollment. However, if a user continually enters an incorrect authentication string, the client might reject any string the user enters, even if the string is correct. In this case, you must generate a new authentication string on the user's device and then provide it to the user.
Users do not enter the authentication string before the expiration time you set in the Operation Completes By field.
In this case, you must generate a new authentication string on the user's device. The user must then enter that authentication string before the expiration time.
Users must not belong to the Standard CTI Secure Connection user group.
SIP connections between CSF devices and Cisco Unified Communications Manager are over TLS.
If you select Authenticated as the value for the Device Security Mode field on the phone security profile, the SIP connection is over TLS using NULL-SHA encryption.
If you select Encrypted as the value for the Device Security Mode field on the phone security profile, the SIP connection is over TLS using AES 128/SHA encryption.
Mutual TLS ensures that only CSF devices with the correct certificates can register to Cisco Unified Communications Manager. Likewise, CSF devices can register only to Cisco Unified Communications Manager instances that provide the correct certificate.
If you enable secure phone capabilities for users, their CSF device connections to Cisco Unified Communications Manager are secure. If the other end point also has a secure connection to Cisco Unified Communications Manager, then the call can be secure. However, if the other end point does not have a secure connection to Cisco Unified Communications Manager, then the call is not secure.
Media Stream | Encryption |
---|---|
Main video stream |
Can be encrypted |
Main audio stream |
Can be encrypted |
Presentation video stream Refers to video desktop sharing using BFCP. |
Can be encrypted |
BFCP application stream
Refers to BFCP flow control. |
Not encrypted |
You enable media encryption for user A and user B. In other words, Device Security Mode is set to Encrypted on the phone security profile for the users' CSF devices.
You do not enable media encryption for user C. In other words, Device Security Mode is set to Authenticated on the phone security profile for the user's CSF device.
User A calls user B. The client encrypts the main video stream and audio stream.
User A calls user C. The client does not encrypt the main video stream and audio stream.
User A, user B, and user C start a conference call. The client does not encrypt the main video stream or audio stream for any user.
Note | However, not all versions of Cisco Unified Communications Manager provide the ability to display the lock icon. If the version of Cisco Unified Communications Manager you are using does not provide this ability, the client cannot display a lock icon even when it sends encrypted media. |
You configure a user's CSF device for secure phone capabilities.
That user connects to the internal corporate network through Expressway for Mobile and Remote Access.
The client notifies the user that it cannot use secure phone capabilities instead of prompting the user to enter an authentication string.
Media is encrypted on the call path between the Cisco Expressway-C and devices that are registered to the Cisco Unified Communications Manager using Expressway for Mobile and Remote Access.
Media is not encrypted on the call path between the Cisco Expressway-C and devices that are registered locally to Cisco Unified Communications Manager.
Note | If you change the phone security profile while the client is connected through Expressway for Mobile and Remote Access, you must restart the client for that change to take effect. |
The client downloads and stores certificate trust lists whenever you configure Cisco Unified Communications Manager security as mixed mode. Certificate trust lists enable the client to verify the identity of Cisco Unified Communications Manager nodes.
Note | The client encrypts the private key before saving it to the file system. |
The client stores these files in the following folder: %User_Profile%\AppData\Roaming\Cisco\Unified Communications\Jabber\CSF\Security
Because the client stores the files in the user's Roaming folder, users can sign in to any Microsoft Windows account on the Windows domain to register their CSF devices.
On conference, or multi-party, calls, the conferencing bridge must support secure phone capabilities. If the conferencing bridge does not support secure phone capabilities, calls to that bridge are not secure. Likewise, all parties must support a common encryption algorithm for the client to encrypt media on conference calls.
CSF device security reverts to the lowest level available on multi-party calls. For example, user A, user B, and user C join a conference call. User A and user B have CSF devices with secure phone capabilities. User C has a CSF device without secure phone capabilities. In this case, the call is not secure for all users.
Clients that do not support secure phone capabilities cannot register to secure CSF devices.
For example, you set up secure phone capabilities on a CSF device to which both Cisco Jabber for Windows version 9.2 and Cisco Jabber for Windows version 9.1 register. However, Cisco Jabber for Windows version 9.1 does not support secure phone capabilities. In this scenario, you must create two different CSF devices, one secure CSF device for Cisco Jabber for Windows version 9.2 and another CSF device that is not secure for Cisco Jabber for Windows version 9.1.
Multiple users can have unique credentials for the client and share the same Windows account. However, the secure CSF devices are restricted to the Windows account that the users share. Users who share the same Windows account cannot make calls with their secure CSF devices from different Windows accounts.
You should ensure that multiple users who share the same Windows account have CSF devices with unique names. Users cannot register their CSF devices if they share the same Windows account and have CSF devices with identical names, but connect to different Cisco Unified Communications Manager clusters.
For example, user A has a CSF device named CSFcompanyname and connects to cluster 1. User B has a CSF device named CSFcompanyname and connects to cluster 2. In this case, a conflict occurs for both CSF devices. Neither user A or user B can register their CSF devices after both users sign in to the same Windows account.
The client caches the certificates for each user's secure CSF device in a location that is unique to each Windows user. When a user logs in to their Windows account on the shared computer, that user can access only the secure CSF device that you provision to them. That user cannot access the cached certificates for other Windows users.
You must add directory numbers to devices in Cisco Unified Communications Manager. This topic provides instructions on adding directory numbers using the menu option after you create your device. Under this menu option, only the configuration settings that apply to the phone model or CTI route point display. See the Cisco Unified Communications Manager documentation for more information about different options to configure directory numbers.
Step 1 | Locate the Association Information section on the Phone Configuration window. |
Step 2 | Select
Add a
new DN.
The Directory Number Configuration window opens. |
Step 3 | Specify a directory number in the Directory Number field. |
Step 4 | Specify all other required configuration settings as appropriate. |
Step 5 | Associate end
users with the directory number as follows:
|
Step 6 | Select Save. |
Step 7 | Select
Apply
Config.
The Apply Configuration window opens. |
Step 8 | Follow the prompts on the Apply Configuration window to apply the configuration. |
Users can control desk phones on their computers to place audio calls.
Step 1 | Open the Cisco Unified CM Administration interface. |
Step 2 | Select . The Find and List Phones window opens. |
Step 3 | Select Add New. |
Step 4 | Select the appropriate device from the Phone Type drop-down list and then select Next. The Phone Configuration window opens. |
Step 5 | Complete the following steps in the Device Information section: |
Step 6 | Complete the following steps to enable desk phone video capabilities: See Desk Phone Video Configuration for more information about desk phone video. |
Step 7 | Specify all other configuration settings on the Phone Configuration window as appropriate. See the Cisco Unified Communications Manager documentation for more information about the configuration settings on the Phone Configuration window. |
Step 8 | Select Save. An message displays to inform you if the device is added successfully. The Association Information section becomes available on the Phone Configuration window. |
Add a directory number to the device and apply the configuration.
Desk phone video capabilities let users receive video transmitted to their desk phone devices on their computers through the client.
Physically connect the computer to the computer port on the desk phone device.
You must physically connect the computer to the desk phone device through the computer port so that the client can establish a connection to the device. You cannot use desk phone video capabilities with wireless connections to desk phone devices.
Tip | If users have both wireless and wired connections available, they should configure Microsoft Windows so that wireless connections do not take priority over wired connections. See the following Microsoft documentation for more information: An explanation of the Automatic Metric feature for Internet Protocol routes. |
Enable the desk phone device for video in Cisco Unified Communications Manager.
Install Cisco Media Services Interface on the computer.
Note | Download the Cisco Media Services Interface installation program from the download site on Cisco.com. |
You cannot use desk phone video capabilities on devices if video cameras are attached to the devices, such as a Cisco Unified IP Phone 9971. You can use desk phone video capabilities if you remove video cameras from the devices.
You cannot use desk phone video capabilities with devices that do not support CTI.
Video desktop sharing, using the BFCP protocol, is not supported with desk phone video.
It is not possible for endpoints that use SCCP to receive video only. SCCP endpoints must send and receive video. Instances where SCCP endpoints do not send video result in audio only calls.
7900 series phones must use SCCP for desk phone video capabilities. 7900 series phones cannot use SIP for desk phone video capabilities.
If a user initiates a call from the keypad on a desk phone device, the call starts as an audio call on the desk phone device. The client then escalates the call to video. For this reason, you cannot make video calls to devices that do not support escalation, such as H.323 endpoints. To use desk phone video capabilities with devices that do not support escalation, users should initiate calls from the client.
A compatibility issue exists with Cisco Unified IP Phones that use firmware version SCCP45.9-2-1S. You must upgrade your firmware to version SCCP45.9-3-1 to use desk phone video capabilities.
Some antivirus or firewall applications, such as Symantec EndPoint Protection, block inbound CDP packets, which disables desk phone video capabilities. You should configure your antivirus or firewall application to allow inbound CDP packets.
See the following Symantec technical document for additional details about this issue: Cisco IP Phone version 7970 and Cisco Unified Video Advantage is Blocked by Network Threat Protection.
You must not select the Media Termination Point Required checkbox on the SIP trunk configuration for Cisco Unified Communications Manager. Desk phone video capabilities are not available if you select this checkbox.
You must add directory numbers to devices in Cisco Unified Communications Manager. This topic provides instructions on adding directory numbers using the menu option after you create your device. Under this menu option, only the configuration settings that apply to the phone model or CTI route point display. See the Cisco Unified Communications Manager documentation for more information about different options to configure directory numbers.
Step 1 | Locate the Association Information section on the Phone Configuration window. |
Step 2 | Select
Add a
new DN.
The Directory Number Configuration window opens. |
Step 3 | Specify a directory number in the Directory Number field. |
Step 4 | Specify all other required configuration settings as appropriate. |
Step 5 | Associate end
users with the directory number as follows:
|
Step 6 | Select Save. |
Step 7 | Select
Apply
Config.
The Apply Configuration window opens. |
Step 8 | Follow the prompts on the Apply Configuration window to apply the configuration. |
The client uses video rate adaptation to negotiate optimum video quality. Video rate adaptation dynamically increases or decreases video quality based on network conditions.
Note | RTCP is enabled on software phone devices by default. However, you must enable RTCP on desk phone devices. |
You can enable RTCP on a common phone profile to enable video rate adaptation on all devices that use the profile.
Step 1 | Open the Cisco Unified CM Administration interface. |
Step 2 | Select . The Find and List Common Phone Profiles window opens. |
Step 3 | Specify the appropriate filters in the Find Common Phone Profile where field and then select Find to retrieve a list of profiles. |
Step 4 | Select the appropriate profile from the list. The Common Phone Profile Configuration window opens. |
Step 5 | Locate the Product Specific Configuration Layout section. |
Step 6 | Select Enabled from the RTCP drop-down list. |
Step 7 | Select Save. |
You can enable RTCP on specific device configurations instead of a common phone profile. The specific device configuration overrides any settings you specify on the common phone profile.
Step 1 | Open the Cisco Unified CM Administration interface. |
Step 2 | Select . The Find and List Phones window opens. |
Step 3 | Specify the appropriate filters in the Find Phone where field and then select Find to retrieve a list of phones. |
Step 4 | Select the appropriate phone from the list. The Phone Configuration window opens. |
Step 5 | Locate the Product Specific Configuration Layout section. |
Step 6 | Select Enabled from the RTCP drop-down list. |
Step 7 | Select Save. |
The client requires a CTI gateway to communicate with Cisco Unified Communications Manager and perform certain functions such as desk phone control.
The first step in setting up a CTI gateway is to add a CTI gateway server on Cisco Unified Presence.
Step 1 | Open the Cisco Unified Presence Administration interface. | ||
Step 2 | Select .
The Find and List CTI Gateway Servers window opens. | ||
Step 3 | Select Add New. The CTI Gateway Server Configuration window opens. | ||
Step 4 | Specify the required details on the CTI Gateway Server Configuration window. | ||
Step 5 | Select Save. |
After you add a CTI gateway server, you must create a CTI gateway profile and add that server to the profile.
Step 1 | Open the Cisco Unified Presence Administration interface. | ||
Step 2 |
Select .
The CTI Gateway Profile Configuration window opens. | ||
Step 3 | Specify the required details on the CTI Gateway Profile Configuration window. | ||
Step 4 | Select Add Users to Profile and add the appropriate users to the profile. | ||
Step 5 | Select Save. |
You can set up additional audio path functions for devices such as silent monitoring and call recording.
Note | This feature is currently supported on Cisco Jabber for Windows only. |
To enable silent monitoring and call recording, you configure Cisco Unified Communications Manager. See the Monitoring and Recording section of the Cisco Unified Communications Manager Features and Services Guide for step-by-step instructions.
Cisco Jabber does not provide any interface to initiate silent monitoring or call recording. You must use the appropriate software to silently monitor or record calls.
Cisco Jabber does not currently support monitoring notification tone or recording notification tone.
You can use silent monitoring and call recording functionality only. Cisco Jabber does not support other functionality such as barging or whisper coaching.
When you associate a user with a device, you provision that device to the user.
Step 1 | Open the Cisco Unified CM Administration interface. |
Step 2 | Select
.
The Find and List Users window opens. |
Step 3 | Specify the appropriate filters in the Find User where field and then select Find to retrieve a list of users. |
Step 4 | Select the
appropriate user from the list.
The End User Configuration window opens. |
Step 5 | Locate the Device Information section. |
Step 6 | Select
Device
Association.
The User Device Association window opens. |
Step 7 | Select the devices to which you want to associate the user. |
Step 8 | Select Save Selected/Changes. |
Step 9 | Select Find and List Users window. and return to the |
Step 10 | Find and
select the same user from the list.
The End User Configuration window opens. |
Step 11 | Locate the Permissions Information section. |
Step 12 | Select
Add to
User Group.
The Find and List User Groups dialog box opens. |
Step 13 | Select the
groups to which you want to assign the user.
If you are provisioning users with secure phone capabilities, do not assign the users to the Standard CTI Secure Connection group. |
Step 14 | Select the groups to which you want to assign the user. |
Step 15 | Select
Add
Selected.
The Find and List User Groups window closes. |
Step 16 | Select Save on the End User Configuration window. |
After you create and associate users with devices, you should reset those devices.
Step 1 | Open the Cisco Unified CM Administration interface. |
Step 2 | Select . The Find and List Phones window opens. |
Step 3 | Specify the appropriate filters in the Find Phone where field and then select Find to retrieve a list of devices. |
Step 4 | Select the appropriate device from the list. The Phone Configuration window opens. |
Step 5 | Locate the Association Information section. |
Step 6 | Select the appropriate directory number configuration. The Directory Number Configuration window opens. |
Step 7 | Select Reset. The Device Reset dialog box opens. |
Step 8 | Select Reset. |
Step 9 | Select Close to close the Device Reset dialog box. |
The client gets device configuration from the TFTP server. For this reason, you must specify your TFTP server address when you provision users with devices.
If the client gets the _cisco-uds SRV record from a DNS query, it can automatically locate the user's home cluster. As a result, the client can also locate the Cisco Unified Communications Manager TFTP service.
You do not need to specify your TFTP server address if you deploy the _cisco-uds SRV record.
If you are using Cisco Unified Communications Manager Version 8.x, complete the steps to specify the address of your TFTP server on Cisco Unified Presence. If you are using Cisco Unified Communications Manager Version 9.x, then you do not need to follow the steps below.
Step 1 | Open the Cisco Unified Presence Administration interface. | ||
Step 2 | Select .
The Cisco Jabber Settings window opens. | ||
Step 3 | Locate the fields to specify TFTP servers in one of the following sections, depending on your version of Cisco Unified Presence: | ||
Step 4 | Specify the IP address of your primary and backup TFTP servers in the following fields: | ||
Step 5 | Select Save. |
If the client connects to the Cisco WebEx Messenger service, you specify your TFTP server address with the Cisco WebEx Administration Tool.
Step 1 | Open the Cisco WebEx Administration Tool. |
Step 2 | Select the Configuration tab. |
Step 3 | Select Unified Communications in the Additional Services section. The Unified Communications window opens. |
Step 4 | Select the Clusters tab. |
Step 5 | Select the appropriate cluster from the list. The Edit Cluster window opens. |
Step 6 | Select Advanced Server Settings in the Cisco Unified Communications Manager Server Settings section. |
Step 7 | Specify the IP address of your primary TFTP server in the TFTP Server field. |
Step 8 | Specify the IP address of your backup TFTP servers in the Backup Server #1 and Backup Server #2 fields. |
Step 9 | Select Save. The Edit Cluster window closes. |
Step 10 | Select Save in the Unified Communications window. |
The client gets device lists for users from the CCMCIP server.
Step 1 | Open the Cisco Unified Presence Administration interface. | ||
Step 2 |
Select .
The Find and List CCMCIP Profiles window opens. | ||
Step 3 | Select Add New. The CCMCIP Profile Configuration window opens. | ||
Step 4 | Specify service details in the CCMCIP profile as follows:
| ||
Step 5 | Add users to the CCMCIP profile as follows: | ||
Step 6 | Select Save. |
You configure dial plan mapping to ensure that dialing rules on Cisco Unified Communications Manager match dialing rules on your directory.
Application dial rules automatically add or remove digits in phone numbers that users dial. Application dialing rules manipulate numbers that users dial from the client.
For example, you can configure a dial rule that automatically adds the digit 9 to the start of a 7 digit phone number to provide access to outside lines.
Directory lookup dial rules transform caller ID numbers into numbers that the client can lookup in the directory. Each directory lookup rule you define specifies which numbers to transform based on the initial digits and the length of the number.
For example, you can create a directory lookup rule that automatically removes the area code and two-digit prefix digits from 10-digit phone numbers. An example of this type of rule is to transform 4089023139 into 23139.
Cisco Unified Communications Manager version 8.6.1 or earlier does not automatically publish dial rules to the client. For this reason, you must deploy a COP file to publish your dial rules. This COP file copies your dial rules from the Cisco Unified Communications Manager database to an XML file on your TFTP server. The client can then download that XML file and access your dial rules.
You must deploy the COP file every time you update or modify dial rules on Cisco Unified Communications Manager version 8.6.1 or earlier.
Step 1 | Open the Cisco Unified OS Administration interface. |
Step 2 | Select . |
Step 3 | Specify the location of cmterm-cupc-dialrule-wizard-0.1.cop.sgn in the Software Installation/Upgrade window. |
Step 4 | Select Next. |
Step 5 | Select cmterm-cupc-dialrule-wizard-0.1.cop.sgn from the Available Software list. |
Step 6 | Select Next and then select Install. |
Step 7 | Restart the TFTP service. |
Step 8 | Open the dial
rules XML files in a browser to verify that they are available on your TFTP
server.
If you can access AppDialRules.xml and DirLookupDialRules.xml with your browser, the client can download your dial rules. |
Step 9 | Repeat the preceding steps for each Cisco Unified Communications Manager instance that runs a TFTP service. |
After you repeat the preceding steps on each Cisco Unified Communications Manager instance, restart the client.