Cisco IP Phone 7970 Series Administration Guide for Cisco CallManager, Release 4.1 (for models 7970G and 7971G-GE) - An Overview of the Cisco IP Phone [Cisco Unified IP Phones 7900 Series]

Table Of Contents

An Overview of the Cisco IP Phone

Understanding the Cisco IP Phone 7970 Series

What Networking Protocols Are Used?

What Features are Supported on the Cisco IP Phone 7970 Series?

Feature Overview

Configuring Telephony Features

Configuring Network Parameters Using the Cisco IP Phone

Providing Users with Feature Information

Understanding Security Features for Cisco IP Phones

Overview of Supported Security Features

Identifying Encrypted and Authenticated Phone Calls

Security Restrictions

Understanding the Requirements for Installing and Configuring the Cisco IP Phone 7970 Series

Determining the MAC Address of a Cisco IP Phone

An Overview of the Cisco IP Phone

The Cisco IP Phone 7970 Series are full-featured telephones that provide voice communication over an Internet Protocol (IP) network. They function much like traditional analog telephones, allowing you to place and receive phone calls and to access features such as mute, hold, transfer, speed dial, call forward, and more. In addition, because Cisco IP Phones are connected to your data network, they offer enhanced IP telephony features, including access to network information and services, and customizeable features and services. The phones also support security features that include file authentication, device authentication, signaling encryption, and media encryption.

The Cisco IP Phone 7970 Series provides a color touchscreen, support for up to eight line or speed dial numbers, context-sensitive online help for buttons and features, and a variety of other sophisticated functions.

The Cisco IP Phone, like other network devices, must be configured and managed. The phone supports G.711, G.729, G.729a, G.729b, G.729ab, and wideband (16bits, 16kHz) audio compression.

This chapter includes the following topics:

•Understanding the Cisco IP Phone 7970 Series

•What Networking Protocols Are Used?

•What Features are Supported on the Cisco IP Phone 7970 Series?

•Understanding Security Features for Cisco IP Phones

•Understanding the Requirements for Installing and Configuring the Cisco IP Phone 7970 Series

•Determining the MAC Address of a Cisco IP Phone

Caution Using a cell, mobile, or GSM phone, or two-way radio in close proximity to a Cisco IP Phone might cause interference. For more information, refer to the manufacturer's documentation of the interfering device.

Understanding the Cisco IP Phone 7970 Series

Figure 1-1 shows the main components of the Cisco IP Phone 7970 Series.

Figure 1-1 Cisco IP Phone

1

Programmable buttons

Depending on configuration, programmable buttons provide access to:

•Different phone lines or extensions (line buttons)

•Frequently dialed phone numbers (speed-dial buttons)

•Web-based phone services (service buttons)

•Specialized phone features (Privacy button)

The buttons illuminate to indicate status:

•Green, steady—Active call on this line (off-hook)

•Green, blinking—Call on hold on this line

•Amber, steady—Privacy feature enabled

•Amber, blinking—Incoming call ringing on this line

•Red—Shared line, currently in use

•No color—No call activity on this line (on-hook)

2

Footstand adjustment knob

Allows you to adjust the angle of the phone.

3

Display button

Removes the touchscreen from sleep mode. Also disables the touchscreen for cleaning.

Also indicates the status of the touchscreen as follows:

•No color—Touschscreen ready for input

•Green, flashing—Touchscreen disabled

•Green, steady—Touchscreen and backlight disabled

4

Messages button

Typically auto-dials your voice messaging system.

5

Directories button

Toggles the Directories menu, which provides call logs (Missed, Received, and Placed) and a corporate directory (if available).

6

Help button

Provides access to online help.

7

Settings button

Toggles the Settings menu, which provides access to user settings, network settings, device settings, and information about the phone.

8

Services Button

Toggles the Services menu, which provides access phone services, including assigned services and services to which you have subscribed.

9

Volume button

Controls the volume for a phone call (off-hook) and the ringer (on-hook); adjusts contrast and brightness settings.

10

Speaker button

Toggles the speakerphone on or off.

11

Mute button

Toggles the Mute feature on or off.

12

Headset button

Toggles the headset on or off.

13

Navigation button

Allows you to scroll through menus and highlight items. Use with softkeys to activate highlighted items.

14

Keypad

Works exactly like the keypad on a traditional telephone.

15

Softkeys

Enable you to engage any of the functions displayed on the corresponding LCD tabs. Softkeys point to feature options displayed along the bottom of the LCD screen. Softkeys change depending on the status of the phone.

16

Handset with indicator light

Functions like a traditional handset. The light strip at the top of the handset blinks when the phone rings and remains lit to indicate a new voice message.

17

Touchscreen

Provides color display on the Cisco IP Phone 7970 Series.

What Networking Protocols Are Used?

Cisco IP Phones support several industry-standard and Cisco networking protocols required for voice communication. Table 1-1 provides an overview of the networking protocols that the Cisco IP Phone 7970 Series supports.

Table 1-1 Supported Networking Protocols on the Cisco IP Phone

Networking Protocol

Purpose

Usage Notes

Bootstrap Protocol (BootP)

BootP enables a network device such as the Cisco IP Phone to discover certain startup information, such as its IP address.

If you are using BootP to assign IP addresses to the Cisco IP Phone, the BOOTP Server option shows "Yes" in the network configuration settings on the phone.

Cisco Discovery Protocol (CDP)

CDP is a device-discovery protocol that runs on all Cisco-manufactured equipment.

Using CDP, a device can advertise its existence to other devices and receive information about other devices in the network.

The Cisco IP Phone uses CDP to communicate information such as auxiliary VLAN ID, per port power management details, and Quality of Service (QoS) configuration information with the Cisco Catalyst switch.

Dynamic Host Configuration Protocol (DHCP)

DHCP dynamically allocates and assigns an IP address to network devices.

DHCP enables you to connect an IP phone into the network and have the phone become operational without you needing to manually assign an IP address or to configure additional network parameters.

DHCP is enabled by default. If disabled, you must manually configure the IP address, subnet mask, gateway, and a TFTP server on each phone locally.

Cisco recommends that you use DHCP custom option 150. With this method, you configure the TFTP server IP address as the option value. For additional supported DCHP configurations, refer to Cisco CallManager System Guide.

Internet Protocol (IP)

IP is a messaging protocol that addresses and sends packets across the network.

To communicate using IP, network devices must have an assigned IP address, subnet, and gateway.

IP addresses, subnets, and gateways identifications are automatically assigned if you are using the Cisco IP Phone with Dynamic Host Configuration Protocol (DHCP). If you are not using DHCP, you must manually assign these properties to each phone locally.

Real-Time Transport Protocol (RTP)

RTP is a standard protocol for transporting real-time data, such as interactive voice and video, over data networks.

Cisco IP Phones use the RTP protocol to send and receive real-time voice traffic from other phones and gateways.

Transmission Control Protocol (TCP)

TCP is a connection-oriented transport protocol.

Cisco IP Phones use TCP to connect to Cisco CallManager and to access XML services.

Transport Layer Security (TLS)

TLS is a standard protocol for securing and authenticating communications.

When security is implemented, Cisco IP Phones use the TLS protocol when securely registering with Cisco CallManager.

Trivial File Transfer Protocol (TFTP)

TFTP allows you to transfer files over the network.

On the Cisco IP Phone, TFTP enables you to obtain a configuration file specific to the phone type.

TFTP requires a TFTP server in your network, which can be automatically identified from the DHCP server. If you want a phone to use a TFTP server other than the one specified by the DHCP server, you must manually assign TFTP server from the Network Configuration menu on the phone.

User Datagram Protocol (UDP)

UDP is a connectionless messaging protocol for delivery of data packets.

Cisco IP Phones transmit and receive RTP streams, which utilize UDP.

Related Topics

•Understanding Interactions with Other Cisco IP Telephony Products

•Understanding the Phone Startup Process

•Network Configuration Menu

What Features are Supported on the Cisco IP Phone 7970 Series?

The Cisco IP Phone functions much like a traditional analog phone, allowing you to place and receive telephone calls. In addition to traditional telephony features, the Cisco IP Phone includes features that enable you to administer and monitor the phone as a network device.

This section covers the following topics:

•Feature Overview

•Configuring Telephony Features

•Configuring Network Parameters Using the Cisco IP Phone

•Providing Users with Feature Information

Feature Overview

Cisco IP Phones provide traditional telephony functionality, such as call forwarding and transferring, redialing, speed dialing, conference calling, and voice messaging system access. Cisco IP phones also provide a variety of other features. For an overview of the telephony features that the Cisco IP Phone supports, see the "Telephony Features Available for the Phone" section on page 5-2.

As with other network devices, you must configure Cisco IP Phones to prepare them to access Cisco CallManager and the rest of the IP network. By using DHCP, you have fewer settings to configure on a phone, but can manually configure an IP address, TFTP server, and subnet mask if your network requires it. For instructions on configuring the network settings on the Cisco IP Phones, see "Configuring Settings on the Cisco IP Phone."

The Cisco IP Phone can interact with other services and devices on your IP network to provide enhanced functionality. For example, you can integrate the Cisco IP Phones with the corporate Lightweight Directory Access Protocol 3 (LDAP3) standard directory to enable users to search for co-workers contact information directly from their IP phones. You can also use XML to enable users to access information such as weather, stocks, quote of the day, and other web-based information. For information about configuring such services, see the "Configuring Corporate Directories" section on page 5-8 and the "Setting Up Services" section on page 5-10.

Finally, because the Cisco IP Phone is a network device, you can obtain detailed status information from it directly. This information can assist you with troubleshooting any problems users might encounter when using their IP phones. See Chapter 7, "Viewing Security Information, Model Information, Status, and Statistics on the Cisco IP Phone," for more information.

Related Topics

•Configuring Settings on the Cisco IP Phone

•Configuring Features, Templates, Services, and Users, page 5-1

•Troubleshooting and Maintenance, page 9-1

Configuring Telephony Features

You can modify certain settings for the Cisco IP Phone from the Cisco CallManager Administration application. Use this web-based application to set up phone registration criteria and calling search spaces, to configure corporate directories and services, and to modify phone button templates, among other tasks. See the "Telephony Features Available for the Phone" section on page 5-2 and Cisco CallManager Administration Guide for additional information.

For more information about the Cisco CallManager Administration application, refer to Cisco CallManager documentation, including Cisco CallManager Administration Guide. You can also use the context-sensitive help available within the application for guidance.

You can access the complete Cisco CallManager documentation suite at this location:

http://www.cisco.com/univercd/cc/td/doc/product/voice/c_callmg/index.htm

Related Topic

•Telephony Features Available for the Phone, page 5-2

Configuring Network Parameters Using the Cisco IP Phone

You can configure parameters such as DHCP, TFTP, and IP settings on the phone itself. You can also obtain statistics about a current call or firmware versions on the phone.

For more information about configuring features and viewing statistics from the phone, see "Configuring Settings on the Cisco IP Phone," and see Chapter 7, "Viewing Security Information, Model Information, Status, and Statistics on the Cisco IP Phone."

Providing Users with Feature Information

If you are a system administrator, you are likely the primary source of information for Cisco IP Phone users in your network or company. To ensure that you distribute the most current feature and procedural information, familiarize yourself with Cisco IP Phone documentation. Make sure to visit the Cisco IP Phone web site:

http://www.cisco.com/univercd/cc/td/doc/product/voice/c_ipphon/index.htm

From this site, you can access various user guides, including wallet cards.

In addition to providing users with documentation, it is important to inform them about available Cisco IP Phone features—including features specific to your company or network—and about how to access and customize those features, if appropriate.

For a summary of some of the key information that phone users need their system administrators to provide, see Appendix A, "Providing Information to Users Via a Website."

Understanding Security Features for Cisco IP Phones

Implementing security in the Cisco CallManager system prevents identity theft of the phone and Cisco CallManager server, prevents data tampering, and prevents call signaling and media stream tampering.

To alleviate these threats, the Cisco IP telephony network establishes and maintains authenticated and encrypted communication streams between a phone and the server, digitally signs files before they are transferred to a phone, and encrypts media streams and call signaling between Cisco IP phones.

Table 1-2 shows where you can find additional information about security in this and other documents.

Table 1-2 Cisco IP Phone and Cisco CallManager Security Topics

Topic

Reference

Detailed explanation of security, including set up, configuration, and troubleshooting information for Cisco CallManager and Cisco IP Phones

Refer to Cisco CallManager Security Guide.

Security features supported on the Cisco IP Phone

See the "Overview of Supported Security Features" section.

Restrictions regarding security features

See the "Security Restrictions" section.

Identifying phone calls for which security is implemented

See the "Identifying Encrypted and Authenticated Phone Calls" section.

TLS connection

•See the "What Networking Protocols Are Used?" section.

•See the "Understanding Phone Configuration Files" section.

Security and the phone startup process

See the "Understanding the Phone Startup Process" section.

Security and phone configuration files

See the "Understanding Phone Configuration Files" section.

Changing the TFTP Server 1 or TFTP Server 2 option on the phone when security is implemented

See the Table 4-1 "Network Configuration Menu" section.

Understanding security icons in the CallManager 1 through CallManager 5 options in the Device Configuration Menu on the phone

See the "CallManager Configuration Menu" section.

Items on the Security Configuration menu on the phone

See the "Security Configuration Menu" section.

Items on the Security Configuration screen on the phone

See the "Security Configuration Menu" section on page 7-2.

Unlocking the CTL file

See the "Security Configuration Menu" section on page 7-2.

Disabling access to a phone's web pages

See the "Disabling Web Page Access" section on page 8-3.

Troubleshooting

•See the "Troubleshooting Cisco IP Phone Security" section on page 9-12.

•Refer to Cisco CallManager Security Guide.

Deleting the CTL file from the phone

See the "Resetting or Restoring the Cisco IP Phone" section on page 9-16.

Resetting or restoring the phone

See the "Resetting or Restoring the Cisco IP Phone" section on page 9-16.

Overview of Supported Security Features

Table 1-3 provides an overview of the security features that the Cisco IP Phone 7970 Series supports. For more information about these features and about Cisco CallManager and Cisco IP Phone security, refer to Cisco CallManager Security Guide.

For information about current security settings on a phone, choose Settings > Security Configuration. For more information, see the "Security Configuration Menu" section on page 7-2.

Note Most security features are available only if a certificate trust list (CTL) is installed on the phone. For more information about the CTL, refer to Cisco CallManager Security Guide.

Table 1-3 Overview of Security Features

Feature

Description

Image authentication

Signed binary files (with the extension .sbn) prevent tampering with the firmware image before it is loaded on a phone. Tampering with the image causes a phone to fail the authentication process and reject the new image.

Customer-site certificate installation

Each Cisco IP Phone requires a unique certificate for device authentication. Phones include a manufacturing installed certificate, but for additional security, you can specify in Cisco CallManager Administration that a certificate be installed by using the CAPF. Alternatively, you can initiate the installation of an LSC from the Security Configuration menu on the phone.

Device authentication

Occurs between the Cisco CallManager server and the phone when each entity accepts the certificate of the other entity. Determines whether a secure connection between the phone and a Cisco CallManager should occur, and, if necessary, creates a secure signaling path between the entities using TLS protocol. Cisco CallManager will not register phones unless they can be authenticated by the Cisco CallManager.

File authentication

Validates digitally-signed files that the phone downloads. The phone validates the signature to make sure that file tampering did not occur after the file creation. Files that fail authentication are not written to Flash memory on the phone. The phone rejects such files without further processing.

Signaling Authentication

Uses the TLS protocol to validate that no tampering has occurred to signaling packets during transmission.

Manufacturing installed certificate

Each Cisco IP Phone contains a unique manufacturing installed certificate (MIC), which is used for device authentication. The MIC is a permanent unique proof of identity for the phone, and allows Cisco CallManager to authenticate the phone.

Secure SRST reference

After you configure a SRST reference for security and then reset the dependent devices in Cisco CallManager Administration, the TFTP server adds the SRST certificate to the phone cnf.xml file and sends the file to the phone. A secure phone then uses a TLS connection to interact with the SRST-enabled router.

Media encryption

Uses SRTP to ensure that the media streams between supported devices proves secure and that only the intended device receives and reads the data. Includes creating a media master key pair for the devices, delivering the keys to the devices, and securing the delivery of the keys while the keys are in transport.

Signaling Encryption

Ensures that all SCCP signaling messages that are sent between the device and the Cisco CallManager server are encrypted.

CAPF (Certificate Authority Proxy Function)

Implements parts of the certificate generation procedure that are too processing-intensive for the phone, and it interacts with the phone for key generation and certificate installation. The CAPF can be configured to request certificates from customer-specified certificate authorities on behalf of the phone, or it can be configured to generate certificates locally.

Optional disabling of the web server functionality for a phone

You can prevent access to a phone's web page, which displays a variety of operational statistics for the phone.

Phone hardening

•Additional security options, which you control from Cisco CallManager Administration:

–Disabling PC port

–Disabling Gratuitous ARP

–Disabling PC Voice VLAN access

–Disabling access to the Setting menus, or providing restricted access that allows access to the User Preferences menu and saving volume changes only

Disabling access to web pages for a phone.

Note You can view current settings for the PC Port Disabled, GARP Enabled, and Voice VLAN enabled options by looking at the phone's Security Configuration menu. For more information, see the "Device Configuration Menu" section.

Related Topics

•Identifying Encrypted and Authenticated Phone Calls

•Device Configuration Menu

•Security Restrictions

Identifying Encrypted and Authenticated Phone Calls

When security is implemented for a phone, you can identify authenticated or encrypted phone calls by icons on the LCD screen on the phone.

In an authenticated call, all devices participating in the establishment of the call are authenticated by the Cisco CallManager. When a call in progress is authenticated end-to-end, the call progress icon to the right of the call duration timer in the phone LCD screen changes to the following icon:

In an encrypted call, all devices participating in the establishment of the call are authenticated by the Cisco CallManager. In addition, call signaling and media streams are encrypted. An encrypted call offers the highest level of security, providing integrity and privacy to the call. When a call in progress is being encrypted, the call progress icon to the right of the call duration timer in the phone LCD screen changes to the following icon:

Note If the call is routed through non-IP call legs, for example, H.323 or PSTN, the call will be nonsecure even though it is encrypted within the IP network and has a lock icon associated with it.

Related Topic

•Understanding Security Features for Cisco IP Phones

•Security Restrictions

Security Restrictions

A user cannot barge into an encrypted call if the phone that is used to barge is not configured for encryption. When barge fails in this case, a reorder tone (fast busy tone) plays on the phone on which the user initiated the barge.

If the initiator phone is configured for encryption, the barge initiator can barge into an authenticated or nonsecure call from the encrypted phone. After the barge occurs, Cisco CallManager classifies the call as nonsecure.

If the initiator phone is configured for encryption, the barge initiator can barge into an encrypted call, and the phone indicates that the call is encrypted.

A user can barge into an authenticated call, even if the phone that is used to barge is nonsecure. The authentication icon continues to appear on the authenticated devices in the call, even if the initiator phone does not support security.

Understanding the Requirements for Installing and Configuring the Cisco IP Phone 7970 Series

To install and configure the Cisco IP Phone, you must configure some network settings, set up Cisco CallManager, and make changes on the phone.

See Table 1-4 for an overview of required procedures. For detailed information about these steps, refer to the sources shown.

Table 1-4 Cisco IP Phone Installation and Configuration Checklist

Required Task

Purpose

For More Information

1. Gather the following information for use in Cisco CallManager Administration:

–Information requested in the Device Information fields, if applicable, such as the device pool and calling search space.

–The Cisco CallManager user to associate with the phone.

–The number of lines and associated directory numbers to assign to the phone.

–Features to be added to and configured for the phone.

Refer to this information when using the Phone Configuration web page to configure a device in Cisco CallManager Administration.

Device Information fields on this page auto-populate if information is relevant and available. You must edit fields to override system settings on a per-device basis.

•See the "Adding Phones to the Cisco CallManager Database" section.

•See the "Telephony Features Available for the Phone" section on page 5-2.

•Refer to Cisco CallManager System Guide.

•Refer to Cisco CallManager Administration Guide.

2. Implement security in the Cisco CallManager system (optional).

Establishes security, which includes protection against data tampering threats and identity theft of phones.

Refer to Cisco CallManager Security Guide.

3. Configure routers, gateways, and switches to handle voice communication.

Establishes the infrastructure for the IP telephony network.

See the "Understanding How the Cisco IP Phone Interacts with the VLAN" section and refer to the documentation included with these devices.

4. Decide how you want to add phones to the Cisco CallManager database:

–With auto-registration

–With Cisco CallManager Administration only

–With the Bulk Administration Tool (BAT) only

–With BAT and the Tool for Auto-Registered Phones Support (TAPS)

How you add the phones to Cisco CallManager determines how the directory number is assigned and whether you need to obtain a MAC address first, among other things.

Note Auto-registration is not supported when security is implemented.

•See the "Adding Phones to the Cisco CallManager Database" section.

•Refer to Cisco CallManager Administration Guide.

•Refer to Bulk Administration Tool Guide for Cisco CallManager.

5. Obtain the MAC address from the IP phone.

Not necessary if you plan to add phones to the Cisco CallManager database using auto-registration only or in conjunction with the Tool for Auto-Registered Phones Support (TAPS).

See the "Determining the MAC Address of a Cisco IP Phone" section.

6. Choose the best power source for the phone.

Determines how the phone receives power.

See the "Providing Power to the Phone" section.

7. Install the phone in the network.

Adds the phone to the network.

See "Setting Up the Cisco IP Phone."

8. Add a Cisco IP Phone 7914 Expansion Module to the Cisco IP Phone.

Extends functionality to a Cisco IP Phone by adding 14 line appearances or speed dial numbers.

See the "Configuring the Cisco IP Phone 7970 Series to Support the Cisco IP Phone 7914 Expansion Module" section.

9. Configure network settings on the phone.

Sets IP settings (if not using DHCP in the network) and assigns a TFTP server.

See the "Network Configuration Menu" section.

10. Configure phone features such as call waiting, call forward, call park, call pickup, and voice messaging system.

Provides enhanced telephony functionality.

See the "Telephony Features Available for the Phone" section on page 5-2, and refer to Cisco CallManager Administration Guide.

11. Modify button templates.

Provides customized phone buttons.

See the "Modifying Phone Button Templates" section on page 5-9.

12. Configure Cisco IP Phone services.

Gives users access to information such as stock quotes and weather reports, which are displayed on the phone as interactive content with text and graphics.

See the "Setting Up Services" section on page 5-10 and refer to Cisco CallManager Administration Guide.

13. Configure directories.

Enables users to search through a corporate directory and to store a set of personal numbers.

See the "Configuring Corporate and Personal Directories" section on page 5-7 and refer to Cisco CallManager Administration Guide.

14. Add users to Cisco CallManager.

Associates users with phones, enabling access to the Cisco CallManager User Options web pages where users set up features such as call forwarding and speed dial, and subscribe to services.

See the "Adding Users to Cisco CallManager" section on page 5-10 and refer to Cisco CallManager Administration Guide.

15. Provide information to end users about how to use their phones and how to configure their phone options.

Ensures that users have adequate information to successfully use their Cisco IP Phones.

See Appendix A, "Providing Information to Users Via a Website."

Determining the MAC Address of a Cisco IP Phone

Several of the procedures described in this manual require you to determine the MAC address of a Cisco IP Phone. You can determine a phone's MAC address in these ways:

•From the phone, choose Settings > Model Information and look at the MAC Address field.

•Look at the MAC label on the back of the phone.

•Display the web page for the phone and click the Device Information hyperlink.

For information about accessing the web page, see the "Accessing the Web Page for a Phone" section on page 8-2.