The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Create software phone devices so that users can send and receive audio and video on their computers. Create desk phone devices that users can control with Cisco Jabber. Learn how to enable different audio and video features. Understand which server profiles you should create and which user associations you must assign.
Note | The client does not support audio and video calling on Cisco Unified Communications Manager Version 8.x when users connect to the corporate network using Expressway for Mobile and Remote Access. |
Software phones let users send and receive audio and video through their computers.
The steps in this section describe how to create CSF devices on Cisco Unified Communications Managerversion 8.6(1). CSF devices provide users with software phone capabilities.
The first step in creating a software phone device is to create a SIP profile. You cannot edit or configure the default SIP profile. For this reason, you must create a new SIP profile.
Complete the steps in this task to create CSF devices.
Add a directory number to the device and apply the configuration.
The steps in this section describe how to create CSF devices on Cisco Unified Communications Manager version 8.6(2) and higher. CSF devices provide users with software phone capabilities.
Complete the steps in this task to create CSF devices.
Add a directory number to the device and apply the configuration.
You can optionally set up secure phone capabilities for CSF devices. Secure phone capabilities provide secure SIP signaling, secure media streams, and encrypted device configuration files.
To use secure phone capabilities, you must configure the Cisco Unified Communications Manager security mode using the Cisco CTL Client. You cannot use secure phone capabilities with the nonsecure security mode. At a minimum, you must use mixed mode security.
See the Cisco Unified Communications Manager Security Guide for instructions on configuring mixed mode with the Cisco CTL Client.
The first step to setting up secure phone capabilities is to create a phone security profile that you can apply to the device.
Configure the Cisco Unified Communications Manager security to use mixed mode.
After you add a phone security profile, you must configure it to suit your requirements.
Add the phone security profile to the devices and complete other configuration tasks for secure phone capabilities.
Step 1 | Open the CSF
device configuration window.
|
Step 2 | Select Allow Control of Device from CTI in the Device Information section. |
Step 3 | Select Save. |
Step 4 | Locate the Protocol Specific Information section. |
Step 5 | Select the phone security profile from the Device Security Profile drop-down list. |
Step 6 | Select Save. |
At this point in the secure phone set up, existing users can no longer use their CSF devices. You must complete the secure phone set up for users to be able to access their CSF devices.
What to Do Next
Specify the certificate settings and generate the authentication string for users.
Specify certificate settings in the CSF device configuration and generate the authentication strings that you provide to users.
Step 1 | Locate the Certification Authority Proxy Function (CAPF) Information section on the Phone Configuration window. |
Step 2 | Specify values
as follows:
|
Step 3 | Select Save. |
Step 4 | Create the
authentication string.
|
Provide users with the authentication string.
Users must specify the authentication string in the client interface to access their CSF devices and securely register with Cisco Unified Communications Manager.
Note | The time it takes for the enrollment process to complete can vary depending on the specifications of the user's computer and the current load for Cisco Unified Communications Manager. It can take up to one minute for the client to complete the CAPF enrollment process. |
If you enable secure phone capabilities for users, their CSF device connections to Cisco Unified Communications Manager are secure. If the other end point also has a secure connection to Cisco Unified Communications Manager, then the call can be secure. However, if the other end point does not have a secure connection to Cisco Unified Communications Manager, then the call is not secure.
Media Stream | Encryption |
---|---|
Main video stream | Can be encrypted |
Main audio stream | Can be encrypted |
Note | However, not all versions of Cisco Unified Communications Manager provide the ability to display the lock icon. If the version of Cisco Unified Communications Manager you are using does not provide this ability, the client cannot display a lock icon even when it sends encrypted media. |
Note | If you change the phone security profile while the client is connected through Expressway for Mobile and Remote Access, you must restart the client for that change to take effect. |
The client downloads and stores certificate trust lists whenever you configure Cisco Unified Communications Manager security as mixed mode. Certificate trust lists enable the client to verify the identity of Cisco Unified Communications Manager servers.
The client saves the locally significant certificates and private keys after users successfully enter the authentication code and complete the enrollment process. The locally significant certificate and private key enable the client to establish mutual TLS connections with Cisco Unified Communications Manager.
Note | The client encrypts the private key before saving it to the keychain. |
On conference, or multi-party, calls, the conferencing bridge must support secure phone capabilities. If the conferencing bridge does not support secure phone capabilities, calls to that bridge are not secure. Likewise, all parties must support a common encryption algorithm for the client to encrypt media on conference calls.
CSF device security reverts to the lowest level available on multi-party calls. For example, user A, user B, and user C join a conference call. User A and user B have CSF devices with secure phone capabilities. User C has a CSF device without secure phone capabilities. In this case, the call is not secure for all users.
Clients that do not support secure phone capabilities cannot register to secure CSF devices.
"For example, you set up secure phone capabilities on a CSF device. Two versions of Cisco Jabber register the device. However, one version of Cisco Jabber does not support secure phone capabilities. In this scenario, you must create two different CSF devices, one secure CSF device for Cisco Jabber that supports secure phone capabilities and another CSF device that is not secure for the other Cisco Jabber "
Multiple users can have unique credentials for the client and share the same Mac account. However, the secure CSF devices are restricted to the Mac account that the users share. Users who share the same Mac account cannot make calls with their secure CSF devices from different Mac accounts.
You should ensure that multiple users who share the same Mac account have CSF devices with unique names. Users cannot register their CSF devices if they share the same Mac account and have CSF devices with identical names, but connect to different Cisco Unified Communications Manager clusters.
For example, user A has a CSF device named CSFcompanyname and connects to cluster 1. User B has a CSF device named CSFcompanyname and connects to cluster 2. In this case, a conflict occurs for both CSF devices. Neither user A or user B can register their CSF devices after both users log in to the same Mac account.
The client caches the certificates for each user's secure CSF device in a location that is unique to each Mac user. When a user logs in to their Mac account on the shared computer, that user can access only the secure CSF device that you provision to them. That user cannot access the cached certificates for other Mac users.
You must add directory numbers to devices in Cisco Unified Communications Manager. This topic provides instructions on adding directory numbers using the menu option after you create your device. Under this menu option, only the configuration settings that apply to the phone model or CTI route point display. See the Cisco Unified Communications Manager documentation for more information about different options to configure directory numbers.
Step 1 | Locate the Association Information section on the Phone Configuration window. |
Step 2 | Select Add a new DN. The Directory Number Configuration window opens. |
Step 3 | Specify a directory number in the Directory Number field. |
Step 4 | Specify all other required configuration settings as appropriate. |
Step 5 | Associate end users with the directory number as follows: |
Step 6 | Select Save. |
Step 7 | Select Apply Config. The Apply Configuration window opens. |
Step 8 | Follow the prompts on the Apply Configuration window to apply the configuration. |
Users can control desk phones on their computers to place audio calls.
Step 1 | Open the Cisco Unified CM Administration interface. |
Step 2 | Select . The Find and List Phones window opens. |
Step 3 | Select Add New. |
Step 4 | Select the appropriate device from the Phone Type drop-down list and then select Next. The Phone Configuration window opens. |
Step 5 | Complete the following steps in the Device Information section: |
Step 6 | Specify all other configuration settings on the Phone Configuration window as appropriate. See the Cisco Unified Communications Manager documentation for more information about the configuration settings on the Phone Configuration window. |
Step 7 | Select Save. An message displays to inform you if the device is added successfully. The Association Information section becomes available on the Phone Configuration window. |
Add a directory number to the device and apply the configuration.
You must add directory numbers to devices in Cisco Unified Communications Manager. This topic provides instructions on adding directory numbers using the menu option after you create your device. Under this menu option, only the configuration settings that apply to the phone model or CTI route point display. See the Cisco Unified Communications Manager documentation for more information about different options to configure directory numbers.
Step 1 | Locate the Association Information section on the Phone Configuration window. |
Step 2 | Select Add a new DN. The Directory Number Configuration window opens. |
Step 3 | Specify a directory number in the Directory Number field. |
Step 4 | Specify all other required configuration settings as appropriate. |
Step 5 | Associate end users with the directory number as follows: |
Step 6 | Select Save. |
Step 7 | Select Apply Config. The Apply Configuration window opens. |
Step 8 | Follow the prompts on the Apply Configuration window to apply the configuration. |
The client uses video rate adaptation to negotiate optimum video quality. Video rate adaptation dynamically increases or decreases video quality based on network conditions.
Note | RTCP is enabled on software phone devices by default. However, you must enable RTCP on desk phone devices. |
You can enable RTCP on a common phone profile to enable video rate adaptation on all devices that use the profile.
Step 1 | Open the Cisco Unified CM Administration interface. |
Step 2 | Select . The Find and List Common Phone Profiles window opens. |
Step 3 | Specify the appropriate filters in the Find Common Phone Profile where field and then select Find to retrieve a list of profiles. |
Step 4 | Select the appropriate profile from the list. The Common Phone Profile Configuration window opens. |
Step 5 | Locate the Product Specific Configuration Layout section. |
Step 6 | Select Enabled from the RTCP drop-down list. |
Step 7 | Select Save. |
You can enable RTCP on specific device configurations instead of a common phone profile. The specific device configuration overrides any settings you specify on the common phone profile.
Step 1 | Open the Cisco Unified CM Administration interface. |
Step 2 | Select . The Find and List Phones window opens. |
Step 3 | Specify the appropriate filters in the Find Phone where field and then select Find to retrieve a list of phones. |
Step 4 | Select the appropriate phone from the list. The Phone Configuration window opens. |
Step 5 | Locate the Product Specific Configuration Layout section. |
Step 6 | Select Enabled from the RTCP drop-down list. |
Step 7 | Select Save. |
The client requires a CTI gateway to communicate with Cisco Unified Communications Manager and perform certain functions such as desk phone control.
The first step in setting up a CTI gateway is to add a CTI gateway server on Cisco Unified Presence.
Step 1 | Open the Cisco Unified Presence Administration interface. | ||
Step 2 | Select .
The Find and List CTI Gateway Servers window opens. | ||
Step 3 | Select Add New. The CTI Gateway Server Configuration window opens. | ||
Step 4 | Specify the required details on the CTI Gateway Server Configuration window. | ||
Step 5 | Select Save. |
After you add a CTI gateway server, you must create a CTI gateway profile and add that server to the profile.
Step 1 | Open the Cisco Unified Presence Administration interface. | ||
Step 2 |
Select .
The CTI Gateway Profile Configuration window opens. | ||
Step 3 | Specify the required details on the CTI Gateway Profile Configuration window. | ||
Step 4 | Select Add Users to Profile and add the appropriate users to the profile. | ||
Step 5 | Select Save. |
When you associate a user with a device, you provision that device to the user.
Step 1 | Open the Cisco Unified CM Administration interface. |
Step 2 | Select
.
The Find and List Users window opens. |
Step 3 | Specify the appropriate filters in the Find User where field and then select Find to retrieve a list of users. |
Step 4 | Select the
appropriate user from the list.
The End User Configuration window opens. |
Step 5 | Locate the Device Information section. |
Step 6 | Select
Device
Association.
The User Device Association window opens. |
Step 7 | Select the devices to which you want to associate the user. |
Step 8 | Select Save Selected/Changes. |
Step 9 | Select Find and List Users window. and return to the |
Step 10 | Find and
select the same user from the list.
The End User Configuration window opens. |
Step 11 | Locate the Permissions Information section. |
Step 12 | Select
Add to
User Group.
The Find and List User Groups dialog box opens. |
Step 13 | Select the
groups to which you want to assign the user.
If you are provisioning users with secure phone capabilities, do not assign the users to the Standard CTI Secure Connection group. |
Step 14 | Select the groups to which you want to assign the user. |
Step 15 | Select
Add
Selected.
The Find and List User Groups window closes. |
Step 16 | Select Save on the End User Configuration window. |
After you create and associate users with devices, you should reset those devices.
Step 1 | Open the Cisco Unified CM Administration interface. |
Step 2 | Select . The Find and List Phones window opens. |
Step 3 | Specify the appropriate filters in the Find Phone where field and then select Find to retrieve a list of devices. |
Step 4 | Select the appropriate device from the list. The Phone Configuration window opens. |
Step 5 | Locate the Association Information section. |
Step 6 | Select the appropriate directory number configuration. The Directory Number Configuration window opens. |
Step 7 | Select Reset. The Device Reset dialog box opens. |
Step 8 | Select Reset. |
Step 9 | Select Close to close the Device Reset dialog box. |
The client gets device configuration from the TFTP server. For this reason, you must specify your TFTP server address when you provision users with devices.
If the client gets the _cisco-uds SRV record from a DNS query, it can automatically locate the user's home cluster. As a result, the client can also locate the Cisco Unified Communications Manager TFTP service.
You do not need to specify your TFTP server address if you deploy the _cisco-uds SRV record.
Complete the steps to specify the address of your TFTP server on Cisco Unified Presence.
Step 1 | Open the Cisco Unified Presence Administration interface. | ||
Step 2 | Select .
The Cisco Jabber Settings window opens. | ||
Step 3 | Locate the fields to specify TFTP servers in one of the following sections, depending on your version of Cisco Unified Presence: | ||
Step 4 | Specify the IP address of your primary and backup TFTP servers in the following fields: | ||
Step 5 | Select Save. |
If the client connects to the Cisco WebEx Messenger service, you specify your TFTP server address with the Cisco WebEx Administration Tool.
Step 1 | Open the Cisco WebEx Administration Tool. |
Step 2 | Select the Configuration tab. |
Step 3 | Select Unified Communications in the Additional Services section. The Unified Communications window opens. |
Step 4 | Select the Clusters tab. |
Step 5 | Select the appropriate cluster from the list. The Edit Cluster window opens. |
Step 6 | Select Advanced Server Settings in the Cisco Unified Communications Manager Server Settings section. |
Step 7 | Specify the IP address of your primary TFTP server in the TFTP Server field. |
Step 8 | Specify the IP address of your backup TFTP servers in the Backup Server #1 and Backup Server #2 fields. |
Step 9 | Select Save. The Edit Cluster window closes. |
Step 10 | Select Save in the Unified Communications window. |
The client gets device lists for users from the CCMCIP server.
Step 1 | Open the Cisco Unified Presence Administration interface. | ||
Step 2 |
Select .
The Find and List CCMCIP Profiles window opens. | ||
Step 3 | Select Add New. The CCMCIP Profile Configuration window opens. | ||
Step 4 | Specify service details in the CCMCIP profile as follows:
| ||
Step 5 | Add users to the CCMCIP profile as follows: | ||
Step 6 | Select Save. |
You configure dial plan mapping to ensure that dialing rules on Cisco Unified Communications Manager match dialing rules on your directory.
Application dial rules automatically add or remove digits in phone numbers that users dial. Application dialing rules manipulate numbers that users dial from the client.
For example, you can configure a dial rule that automatically adds the digit 9 to the start of a 7 digit phone number to provide access to outside lines.
Directory lookup dial rules transform caller ID numbers into numbers that the client can lookup in the directory. Each directory lookup rule you define specifies which numbers to transform based on the initial digits and the length of the number.
For example, you can create a directory lookup rule that automatically removes the area code and two digit prefix digits from 10 digit telephone numbers. An example of this type of rule is to transform 4089023139 into 23139.
Cisco Unified Communications Manager version 8.5 or lower does not automatically publish dial rules to the client. For this reason, you must deploy a COP file to publish your dial rules. This COP file copies your dial rules from the Cisco Unified Communications Manager database to an XML file on your TFTP server. The client can then download that XML file and access your dial rules.
You must deploy the COP file every time you update or modify dial rules on Cisco Unified Communications Manager version 8.5 or lower.
Step 1 | Open the Cisco Unified OS Administration interface. |
Step 2 | Select . |
Step 3 | Specify the location of cmterm-csf-dialrule-wizard-0.1.cop.sgn in the Software Installation/Upgrade window. |
Step 4 | Select Next. |
Step 5 | Select cmterm-csf-dialrule-wizard-0.1.cop.sgn from the Available Software list. |
Step 6 | Select Next and then select Install. |
Step 7 | Restart the TFTP service. |
Step 8 | Open the dial rules XML files in a browser to verify that they are available on your TFTP server.
If you can access AppDialRules.xml and DirLookupDialRules.xml with your browser, the client can download your dial rules. |
Step 9 | Repeat the preceding steps for each Cisco Unified Communications Manager instance that runs a TFTP service. |
After you repeat the preceding steps on each Cisco Unified Communications Manager instance, restart the client.