The TFTP server stores the phone configuration files that
define Cisco Unified Communications Manager connection parameters. In
general, any time you make a change in Cisco Unified Communications Manager
that requires the phone to be reset, a change is automatically made to the
phone configuration file.
Configuration files also contain information about which image
load the phone should be running. If this image load differs from the one
currently loaded on a phone, the phone contacts the TFTP server to request the
required load files.
In addition, if the device security mode in the configuration
file is set to Authenticated and the CTL file on the phone has a valid
certificate for Cisco Unified Communications Manager, the phone establishes a
TLS connection to Cisco Unified Communications Manager. Otherwise, the phone
establishes a TCP connection.
If the device security mode in the configuration file is set to
Authenticated or Encrypted, but the phone has not received a CTL file, the
phone tries four times to obtain a CTL file so it can register securely.
If you configure security-related settings in Cisco Unified
Communications Manager, the phone configuration file contains sensitive
information. To ensure the privacy of a configuration file, you must configure
it for encryption. For detailed information, see the " Configuring
Encrypted Phone Configuration Files" chapter in
Cisco Unified Communications Manager Security Guide. A phone
requests a configuration file whenever it resets and registers with
Cisco Unified Communications Manager.
A phone accesses a default configuration file named
XmlDefault.cnf.xml from the TFTP server when the following conditions exist:
You have enabled autoregistration in Cisco Unified Communications
The phone has not been added to the Cisco Unified Communications
The phone is registering for the first time
If autoregistration is not enabled and the phone is not added
to the Cisco Unified Communications Manager database, the system rejects the phone registration request.
If the phone registers and works in encrypted mode, the phone
accesses the configuration file named SEPmac_address.cnf.xml.enc.sgn. If the
SEPmac_address.cnf.xml.enc.sgn does not exist on the TFTP server, the phone
requests the file SEPmac_address.cnf.xml.sgn. That is, if the phone works in
encrypted mode with TFTP Encrypted Config selected, the phone accesses the
configuration file named SEPMac_addr.cnf.xml.enc.sgn. If the phone works in
encrypted mode with TFTP Encrypted Config not selected, the phone accesses the
file SEPMac_addr.cnf.xml.sgn. To enable TFTP Encrypted Configuration, select
the TFTP Encrypted Config check box in the Phone
Security Profile Configuration page. You can access this page from the Cisco
Unified Communications Manager by selecting
For SIP phones, the TFTP server generates these SIP
The filenames derive from the MAC address and description
fields in the
Phone Configuration window of Cisco Unified
Communications Manager. The MAC address uniquely identifies the phone.
For more information on phone configuration settings, see the "Cisco Unified IP Phone Configuration" chapter in the
Cisco Communications Manager Administration Guide.