Table Of Contents
Displaying IPT Security Details
IP Phone Security Displays
Unregistered Suspect Phone Detail Display
Duplicate MAC/IP Phone Detail Display
IP Phone Audit Detail Display
IP Phone Move Detail Display
Generating IPT Security Display Reports
Maintaining IPT Security Displays
IP Phone Movement Tracking (Minor Discovery)
Types of IP Phone Moves Tracked by IP Phone Movement Tracking
Maintaining Audit Information in the Database
Displaying IPT Security Details
Note 
IPT Security Displays might not be available on your IP Telephony Monitor (ITM) desktop; it is installed when Incremental Device Update (IDU) 2 or later is installed. For information about installing IDUs, see the "Device Support" section.
ITM can generate various security displays that provide information about your IP phones. For details on viewing and generating the security displays, see the following sections:
•IP Phone Security Displays
•Generating IPT Security Display Reports
•Maintaining IPT Security Displays
IP Phone Security Displays
You can generate displays that show the following:
•All the IP phones in your network that are not registered with a Cisco CallManager or that have made unsuccessful attempts to register with a Cisco CallManager (for instructions on generating the display, see the "Unregistered Suspect Phone Detail Display" section).
•The IP Phones that have duplicate MAC or IP addresses (for instructions on generating the display, see the "Duplicate MAC/IP Phone Detail Display" section).
•Changes (such as IP phone additions and removals) that have occurred in the managed IP phone network (for instructions on generating the display, see the "IP Phone Audit Detail Display" section).
•Move details of IP phones that have moved between switches or are registered to different Cisco CallManagers in your network (for instructions on generating the display, see the "IP Phone Move Detail Display" section).
Note The IP Phone Audit Detail and IP Phone Move Detail displays obtain their data from IP Phone Movement Tracking (Minor Discovery), which runs every 5 minutes. Therefore, you can run these displays and obtain fresh data about once every 5 minutes.
Unregistered Suspect Phone Detail Display
The Unregistered Suspect Phone Detail displays the attributes of all IP phones in your network that:
•Have not registered with a Cisco CallManager.
•Have made an unsuccessful attempt to register with a Cisco CallManager.
Note ITM considers a phone to be in the active partition when the Cisco CallManager for that phone is in the active partition.
Note The Unregistered Suspect Phone Detail display is not supported for Cisco Wireless IP Phone 7920.
Step 1 Select IP Telephony Monitor > IPT Security Displays > IP Phone Security Displays. The IP Phone Detail Display dialog box appears.
Step 2 Select Unregistered/Suspect Phones from the list.
Step 3 Click View.
If there are any unregistered or suspect IP phones, the Unregistered Suspect Phone Detail display appears. Table 6-1 describes the information displayed in the Unregistered Suspect Phone Detail display.
Table 6-1 Unregistered Phone Detail Display
Column
|
Description
|
Extension
|
Extension number of the unregistered suspect IP phone.
|
IP Address
|
IP address of the unregistered suspect IP phone.
|
MAC Address
|
MAC address of the unregistered suspect IP phone.
|
Switch Address
|
IP address of the switch to which the unregistered suspect IP phone is connected.
|
Switch Port
|
Switch port used by the unregistered suspect IP phone.
|
Indication
|
Indicates the Cisco CallManager registration status of the IP phone.
|
Tip Some IP phones appear marked as Suspect when they are not. To correct this, make sure that the Cisco CallManager is managed by ITM. You can check the status of the Cisco CallManager on the View Discovery Status page of Device Management. For details, see the "Viewing Discovery Status" section.
•If the Cisco CallManager is not managed by ITM, add it to ITM.
•If the Cisco CallManager is managed by ITM but is not reachable, the cause may be loss of connectivity with ITM. Make sure that the connectivity with ITM is restored.
Duplicate MAC/IP Phone Detail Display
The Duplicate MAC/IP Phone Detail display shows you the attributes of all IP phones in your network that have:
•Duplicate MAC addresses; that is, a phone that has the same MAC address as another phone but a different IP address.
•Duplicate IP addresses; that is, a phone that has the same IP address as another phone but a different MAC address.
ITM does not show a multihomed host as a phone having a duplicate MAC address.
Step 1 Select IP Telephony Monitor > IPT Security Displays > IP Phone Security Displays. The IP Phone Detail Display dialog box appears.
Step 2 Select Duplicate MAC/IP Address IP Phones from the list.
Step 3 Click View.
The Duplicate MAC/IP Address IP Phone Detail display appears. Table 6-2 describes the information in the display.
This display is network wide, so the same information appears regardless of whether you have ITM or ITM Multi-View.
Table 6-2 Duplicate MAC/IP Address IP Phone Detail Display
Column
|
Description
|
Extension
|
Extension number of the duplicate IP phone.
|
IP Address
|
One of the following:
•If the problem is a shared MAC address, the IP address of the duplicate IP phone
or
•If the problem is a shared IP address, the IP address in question
|
MAC Address
|
One of the following:
•If the problem is a shared IP address, the MAC address of the duplicate IP phone
or
•If the problem is a shared MAC address, the MAC address in question
|
Switch Address
|
IP address of the switch to which the duplicate IP phone is connected.
|
Switch Port
|
Switch port used by the duplicate IP phone.
|
Indication
|
Indicates the Cisco CallManager registration status of the IP phone.
|
IP Phone Audit Detail Display
The IP Phone Audit Detail display shows the changes that have occurred in the managed IP phone network. For example, this display shows you the IP phones that have been added to or deleted from your network, or changes in IP phone status. Phone status changes occur, for instance, when a phone becomes unregistered with the CallManager.
You can see what has changed within the last 30 days. Audits are maintained in the database for a period of 30 days, after which they are purged.
Information for the IP Phone Audit Detail display is gathered by IP Phone Movement Tracking (Minor Discovery). IP Phone Movement Tracking runs every 5 minutes, so you can run the IP Phone Audit Details display and obtain fresh data about once every 5 minutes. This interval is not configurable.
Note ITM considers a phone to be in the active partition when either the Cisco CallManager or the switch for that phone is in the active partition. IP Information Facility looks for information on the Cisco CallManager first.
Note The IP Phone Audit Detail display is not supported for 7920 IP Phones.
Step 1 Select IP Telephony Monitor > IPT Security Displays > IP Phone Security Displays. The IP Phone Detail Display dialog box appears.
Step 2 Select IP Phone Audit from the list, and click View.
The IP Phone Audit Detail appears. Table 6-3 describes the information displayed in the IP Phone Audit Detail display.
Table 6-3 IP Phone Audit Detail Display
Column
|
Description
|
Extension
|
Extension number of the IP phone.
|
IP Address
|
IP address of the IP phone.
|
MAC Address
|
MAC address of the IP phone.
|
CCM Address
|
Cisco CallManager address.
|
Switch Address
|
IP address of the switch to which the IP phone is connected.
|
Switch Port
|
Switch port used by the IP phone.
|
Time
|
Time of audit with respect to Cisco CallManager.
|
Audit Type
|
Type of audit. Displays whether the IP phone was added to the network, removed from it, registered with the Cisco CallManager, or unregistered with the Cisco CallManager.
|
Tip If the audit date and time on the ITM server is inconsistent with those shown in the Audit display, make sure that all the Cisco CallManagers in the network are set to synchronize.
IP Phone Move Detail Display
The IP Phone Move Detail display shows the move details of IP phones in your network.
Phone moves are shown separately from other audit events. This is because a phone move is associated with two sets of data:
•The original parameter set.
•The current parameter set.
The display provides information about the phone before and after the move. This makes it easy for the administrator to track the move. The IP Phone Move Detail display shows the time at which the IP phone move was detected, and not the time at which the move occurred. The other audit events display data about the state of the phone at the time of the event.
Note In ITM Multi-View, the report displays the details of all moves in which either the source or target Cisco CallManager is in the active partition.
Information for the IP Phone Move Detail display is gathered by IP Phone Movement Tracking (Minor Discovery). IP Phone Movement Tracking checks all the switches and Cisco CallManagers, and identifies the list of changes. It then generates the data on IP phone moves. IP Phone Movement Tracking runs every 5 minutes, so you can run the IP Phone Audit Details display and obtain fresh data about once every 5 minutes. This interval is not configurable.
Note The IP Phone Move Detail display is not supported for 7920 IP Phones.
Step 1 Select IP Telephony Monitor > IPT Security Displays > IP Phone Security Displays. The IP Phone Detail Display dialog box appears.
Step 2 Select IP Phone Move from the list, and click View.
The IP Phone Move Detail display appears. Table 6-4 describes the information displayed in the IP Phone Move Detail display.
Table 6-4 IP Phone Move Detail Display
Column
|
Description
|
Extension
|
Extension number of the IP phone. The Extension column has two columns—Old and New:
•The Old column displays the extension number of the IP phone before it was moved.
•The New column displays the extension number of the IP phone after it was moved.
|
IP Address
|
IP address of the IP phone.
|
MAC Address
|
MAC address of the IP phone.
|
CCM Address
|
Cisco CallManager address. The CCM Address column has two columns—Old and New:
•The Old column displays the CCM address of the IP phone before it was moved.
•The New column displays the CCM address of the IP phone after it was moved.
|
Switch Address
|
IP address of the switch to which the IP phone is connected. The Switch Address column has two columns—Old and New:
•The Old column displays the address of the switch used by the IP phone before it was moved.
•The New column displays the address of the switch used by the IP phone after it was moved.
|
Switch Port
|
Switch port used by the IP phone. The Switch Port column has two columns—Old and New:
•The Old column displays the switch port used by the IP phone before it was moved.
•The New column displays the switch port used by the IP phone after it was moved.
|
Time Stamp
|
Displays the time at which the IP phone move was detected.
|
Tip Some phones that have moved do not appear in the display. 30VIP and 12SP+ do not run CDP, so IP phone move tracking is not supported on these phones. If you have IP phones such as 30VIP and 12SP+ in your network, you will not see move entries for them.
Generating IPT Security Display Reports
The IPT Security Display reports are generated once every 24 hours. They are created in PDF format and stored on the ITM system. When the file is created, the date and time stamp of the file is used to name the file. The filename format is
typeofreport_date_time.
Note You are required to remove files manually. ITM does not automatically purge old files.
Step 1 Select IP Telephony Monitor > IPT Security Displays > Automatic Report Generation. The Automatic PDF Report Generation page appears.
Step 2 Select the Enable check box.
Step 3 Choose the type of report that you want to generate by selecting the check box next to the report name.
Step 4 In the Location field, enter the location on your system where you want the files to be stored.
Step 5 Click Apply.
Note For ITM Multi-View users only: The folder name where the files are located will be the same as the partition name. A folder with the partition name is created under the specified location.
Maintaining IPT Security Displays
This section discusses the maintenance of IPT security displays:
•IP Phone Movement Tracking (Minor Discovery)
•Maintaining Audit Information in the Database
IP Phone Movement Tracking (Minor Discovery)
Information for the IP Phone Move Detail and IP Phone Audit Detail displays is gathered by IP Phone Movement Tracking. IP Phone Movement Tracking checks all the switches and Cisco CallManagers and identifies changes. It then generates data on IP phone audits and moves.
Note If you are using a Cisco CallManager release earlier than 3.3, for IP Phone Movement Tracking to work, you must first set the CCM MIB variables. For details on setting the CCM MIB variables, see the "Setting the CCM MIB Variables for IP Phone Movement Tracking" section.
IP Phone Movement Tracking runs every 5 minutes, so you can run the IP Phone Audit Detail display and obtain fresh data about once every 5 minutes. This interval is not configurable.
For details about IP phone discovery, see the "Overview of IP Phone Discovery" section.
Types of IP Phone Moves Tracked by IP Phone Movement Tracking
IP Phone Movement Tracking detects two kinds of IP phone moves:
•An intercluster move, where a phone that is registered with one Cisco CallManager cluster is reconfigured to register with another cluster.
•A physical move, where the phone has been physically moved from one switch port to another.
Note IP Phone Movement Tracking is supported for phones that run Cisco Discovery Protocol (CDP); for example, the 7902, 7905, 7910, 7912, 7920, 7935, 7940, 7960, and 7970 phones. The 30VIP and 12SP+ phones do not run CDP; therefore, IP Phone Movement Tracking is not supported on these phones. If you have IP phones such as the 30VIP and 12SP+ in your network, you will not see a move entry for them.
Maintaining Audit Information in the Database
Audits are maintained in the database for a period of 30 days, after which they are purged.
