The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Create software phone devices so that users can send and receive audio and video on their computers. Create desk phone devices that users can control with Cisco Jabber. Learn how to enable different audio and video features. Understand which server profiles you should create and which user associations you must assign.
Software phones let users send and receive audio and video through their computers.
Complete the steps in this task to create CSF devices.
Add a directory number to the device and apply the configuration.
You can optionally set up secure phone capabilities for CSF devices. Secure phone capabilities provide secure SIP signaling, secure media streams, and encrypted device configuration files.
To use secure phone capabilities, you must configure the Cisco Unified Communications Manager security mode using the Cisco CTL Client. You cannot use secure phone capabilities with the nonsecure security mode. At a minimum, you must use mixed mode security.
See the Cisco Unified Communications Manager Security Guide for instructions on configuring mixed mode with the Cisco CTL Client.
The first step to setting up secure phone capabilities is to create a phone security profile that you can apply to the device.
Configure the Cisco Unified Communications Manager security to use mixed mode.
After you add a phone security profile, you must configure it to suit your requirements.
Add the phone security profile to the devices and complete other configuration tasks for secure phone capabilities.
Step 1 | Open the CSF
device configuration window.
|
Step 2 | Select Allow Control of Device from CTI in the Device Information section. |
Step 3 | Select Save. |
Step 4 | Locate the Protocol Specific Information section. |
Step 5 | Select the phone security profile from the Device Security Profile drop-down list. |
Step 6 | Select Save. |
At this point in the secure phone set up, existing users can no longer use their CSF devices. You must complete the secure phone set up for users to be able to access their CSF devices.
What to Do Next
Specify the certificate settings and generate the authentication string for users.
Specify certificate settings in the CSF device configuration and generate the authentication strings that you provide to users.
Step 1 | Locate the Certification Authority Proxy Function (CAPF) Information section on the Phone Configuration window. |
Step 2 | Specify values
as follows:
|
Step 3 | Select Save. |
Step 4 | Create the
authentication string.
|
Provide users with the authentication string.
Users must specify the authentication string in the client interface to access their CSF devices and securely register with Cisco Unified Communications Manager.
Note | The time it takes for the enrollment process to complete can vary depending on the specifications of the user's computer and the current load for Cisco Unified Communications Manager. It can take up to one minute for the client to complete the CAPF enrollment process. |
If you enable secure phone capabilities for users, their CSF device connections to Cisco Unified Communications Manager are secure. If the other end point also has a secure connection to Cisco Unified Communications Manager, then the call can be secure. However, if the other end point does not have a secure connection to Cisco Unified Communications Manager, then the call is not secure.
Media Stream | Encryption |
---|---|
Main video stream | Can be encrypted |
Main audio stream | Can be encrypted |
Note | However, not all versions of Cisco Unified Communications Manager provide the ability to display the lock icon. If the version of Cisco Unified Communications Manager you are using does not provide this ability, the client cannot display a lock icon even when it sends encrypted media. |
Note | If you change the phone security profile while the client is connected through Expressway for Mobile and Remote Access, you must restart the client for that change to take effect. |
The client downloads and stores certificate trust lists whenever you configure Cisco Unified Communications Manager security as mixed mode. Certificate trust lists enable the client to verify the identity of Cisco Unified Communications Manager servers.
The client saves the locally significant certificates and private keys after users successfully enter the authentication code and complete the enrollment process. The locally significant certificate and private key enable the client to establish mutual TLS connections with Cisco Unified Communications Manager.
Note | The client encrypts the private key before saving it to the keychain. |
On conference, or multi-party, calls, the conferencing bridge must support secure phone capabilities. If the conferencing bridge does not support secure phone capabilities, calls to that bridge are not secure. Likewise, all parties must support a common encryption algorithm for the client to encrypt media on conference calls.
CSF device security reverts to the lowest level available on multi-party calls. For example, user A, user B, and user C join a conference call. User A and user B have CSF devices with secure phone capabilities. User C has a CSF device without secure phone capabilities. In this case, the call is not secure for all users.
Clients that do not support secure phone capabilities cannot register to secure CSF devices.
"For example, you set up secure phone capabilities on a CSF device. Two versions of Cisco Jabber register the device. However, one version of Cisco Jabber does not support secure phone capabilities. In this scenario, you must create two different CSF devices, one secure CSF device for Cisco Jabber that supports secure phone capabilities and another CSF device that is not secure for the other Cisco Jabber "
Multiple users can have unique credentials for the client and share the same Mac account. However, the secure CSF devices are restricted to the Mac account that the users share. Users who share the same Mac account cannot make calls with their secure CSF devices from different Mac accounts.
You should ensure that multiple users who share the same Mac account have CSF devices with unique names. Users cannot register their CSF devices if they share the same Mac account and have CSF devices with identical names, but connect to different Cisco Unified Communications Manager clusters.
For example, user A has a CSF device named CSFcompanyname and connects to cluster 1. User B has a CSF device named CSFcompanyname and connects to cluster 2. In this case, a conflict occurs for both CSF devices. Neither user A or user B can register their CSF devices after both users log in to the same Mac account.
The client caches the certificates for each user's secure CSF device in a location that is unique to each Mac user. When a user logs in to their Mac account on the shared computer, that user can access only the secure CSF device that you provision to them. That user cannot access the cached certificates for other Mac users.
You must add directory numbers to devices in Cisco Unified Communications Manager. This topic provides instructions on adding directory numbers using the menu option after you create your device. Under this menu option, only the configuration settings that apply to the phone model or CTI route point display. See the Cisco Unified Communications Manager documentation for more information about different options to configure directory numbers.
Step 1 | Locate the Association Information section on the Phone Configuration window. |
Step 2 | Select Add a new DN. The Directory Number Configuration window opens. |
Step 3 | Specify a directory number in the Directory Number field. |
Step 4 | Specify all other required configuration settings as appropriate. |
Step 5 | Associate end users with the directory number as follows: |
Step 6 | Select Save. |
Step 7 | Select Apply Config. The Apply Configuration window opens. |
Step 8 | Follow the prompts on the Apply Configuration window to apply the configuration. |
Users can control desk phones on their computers to place audio calls.
Step 1 | Open the Cisco Unified CM Administration interface. |
Step 2 | Select . The Find and List Phones window opens. |
Step 3 | Select Add New. |
Step 4 | Select the appropriate device from the Phone Type drop-down list and then select Next. The Phone Configuration window opens. |
Step 5 | Complete the following steps in the Device Information section: |
Step 6 | Set the Owner User ID field to the appropriate user. On Cisco Unified Communications Manager version 9.x, the client uses the Owner User ID field to get service profiles for users. For this reason, each user must have a device and the User Owner ID field must be associated with the user. If you do not associate users with devices and set the Owner User ID field to the appropriate user, the client cannot retrieve the service profile that you apply to the user. |
Step 7 | Specify all other configuration settings on the Phone Configuration window as appropriate. See the Cisco Unified Communications Manager documentation for more information about the configuration settings on the Phone Configuration window. |
Step 8 | Select Save. An message displays to inform you if the device is added successfully. The Association Information section becomes available on the Phone Configuration window. |
Add a directory number to the device and apply the configuration.
You must add directory numbers to devices in Cisco Unified Communications Manager. This topic provides instructions on adding directory numbers using the menu option after you create your device. Under this menu option, only the configuration settings that apply to the phone model or CTI route point display. See the Cisco Unified Communications Manager documentation for more information about different options to configure directory numbers.
Step 1 | Locate the Association Information section on the Phone Configuration window. |
Step 2 | Select Add a new DN. The Directory Number Configuration window opens. |
Step 3 | Specify a directory number in the Directory Number field. |
Step 4 | Specify all other required configuration settings as appropriate. |
Step 5 | Associate end users with the directory number as follows: |
Step 6 | Select Save. |
Step 7 | Select Apply Config. The Apply Configuration window opens. |
Step 8 | Follow the prompts on the Apply Configuration window to apply the configuration. |
The client uses video rate adaptation to negotiate optimum video quality. Video rate adaptation dynamically increases or decreases video quality based on network conditions.
Note | RTCP is enabled on software phone devices by default. However, you must enable RTCP on desk phone devices. |
You can enable RTCP on a common phone profile to enable video rate adaptation on all devices that use the profile.
Step 1 | Open the Cisco Unified CM Administration interface. |
Step 2 | Select . The Find and List Common Phone Profiles window opens. |
Step 3 | Specify the appropriate filters in the Find Common Phone Profile where field and then select Find to retrieve a list of profiles. |
Step 4 | Select the appropriate profile from the list. The Common Phone Profile Configuration window opens. |
Step 5 | Locate the Product Specific Configuration Layout section. |
Step 6 | Select Enabled from the RTCP drop-down list. |
Step 7 | Select Save. |
You can enable RTCP on specific device configurations instead of a common phone profile. The specific device configuration overrides any settings you specify on the common phone profile.
Step 1 | Open the Cisco Unified CM Administration interface. |
Step 2 | Select . The Find and List Phones window opens. |
Step 3 | Specify the appropriate filters in the Find Phone where field and then select Find to retrieve a list of phones. |
Step 4 | Select the appropriate phone from the list. The Phone Configuration window opens. |
Step 5 | Locate the Product Specific Configuration Layout section. |
Step 6 | Select Enabled from the RTCP drop-down list. |
Step 7 | Select Save. |
The CTI service lets users control devices.
Step 1 | Open the Cisco Unified CM Administration interface. |
Step 2 | Select . The Find and List UC Services window opens. |
Step 3 | Select Add New. The UC Service Configuration window opens. |
Step 4 | In the Add a UC Service section, select CTI from the UC Service Type drop-down list. |
Step 5 | Select Next. |
Step 6 | Provide details for the instant messaging and presence service as follows: |
Step 7 | Select Save. |
Add the CTI service to your service profile.
After you add a CTI service on Cisco Unified Communications Manager, you must apply it to a service profile so that the client can retrieve the settings.
Create a service profile if none already exist or you require a separate service profile for CTI.
Step 1 | Open the Cisco Unified CM Administration interface. |
Step 2 | Select . The Find and List Service Profiles window opens. |
Step 3 | Find and select your service profile. The Service Profile Configuration window opens. |
Step 4 | In the CTI Profile section, select up to three services from the following drop-down lists: |
Step 5 | Select Save. |
You can enable URI dialing on Cisco Unified Communications Manager version 9.1(2) and higher.
URI dialing allows users to make calls and resolve contacts with Uniform Resource Identifiers (URI). For example, a user named Adam McKenzie has the following SIP URI associated with his directory number: amckenzi@example.com. URI dialing enables users to call Adam with his SIP URI rather than his directory number.
For detailed information on URI dialing requirements, such as valid URI formats, as well as advanced configuration including ILS setup, see the URI Dialing section of the Cisco Unified Communications Manager System Guide.
When users make URI calls, Cisco Unified Communications Manager routes the inbound calls to the directory numbers associated to the URIs. For this reason, you must associate URIs with directory numbers. You can either automatically populate directory numbers with URIs or configure directory numbers with URIs.
When you add users to Cisco Unified Communications Manager, you populate the Directory URI field with a valid SIP URI. Cisco Unified Communications Manager saves that SIP URI in the end user configuration.
When you specify primary extensions for users, Cisco Unified Communications Manager populates the directory URI from the end user configuration to the directory number configuration. In this way, automatically populates the directory URI for the user's directory number. Cisco Unified Communications Manager also places the URI in the default partition, which is Directory URI.
The following task outlines, at a high level, the steps to configure Cisco Unified Communications Manager so that directory numbers inherit URIs:
Verify that the directory URIs are associated with the directory numbers.
After you specify primary extensions for users, you should complete the following steps to verify that the directory URIs are associated with the directory numbers.
The primary directory URI for the directory number should correspond to the end user with whom you associated the device.
The partition should be Directory URI. This partition is the default into which Cisco Unified Communications Manager places URIs.
You can specify URIs for directory numbers that are not associated with users. You should configure directory numbers with URIs for testing and evaluation purposes only.
To configure directory numbers with URIs, do the following:
Step 1 | Open the Cisco Unified CM Administration interface. | ||
Step 2 | Select
.
The Find and List Directory Numbers window opens. | ||
Step 3 | Find and
select the appropriate directory number.
The Directory Number Configuration window opens. | ||
Step 4 | Locate the Directory URIs section. | ||
Step 5 | Specify a valid SIP URI in the URI column. | ||
Step 6 | Select the
appropriate partition from the
Partition column.
| ||
Step 7 | Add the partition to the appropriate calling search space so that users can place calls to the directory numbers. | ||
Step 8 | Select Save. |
You must associate the default partition into which Cisco Unified Communications Manager places URIs with a partition that contains directory numbers.
To enable URI dialing, you must associate the default directory URI partition with a partition that contains directory numbers.
If you do not already have a partition for directory numbers within a calling search space, you should create a partition and configure it as appropriate.
Step 1 | Open the Cisco Unified CM Administration interface. |
Step 2 | Select . The Enterprise Parameters Configuration window opens. |
Step 3 | Locate the End User Parameters section. |
Step 4 | In the Directory URI Alias Partition row, select the appropriate partition from the drop-down list. |
Step 5 | Select Save. |
The default directory URI partition is associated with the partition that contains directory numbers. As a result, Cisco Unified Communications Manager can route incoming URI calls to the correct directory numbers.
You should ensure the partition is in the appropriate calling search space so that users can place calls to the directory numbers.
To enable contact resolution with URIs, you must ensure that Cisco Unified Communications Manager uses the fully qualified domain name (FQDN) in SIP requests.
Step 1 | Open the Cisco Unified CM Administration interface. |
Step 2 | Select
.
The Find and List SIP Profiles window opens. |
Step 3 | Find and
select the appropriate SIP profile.
You cannot edit the default SIP profile. If required, you should create a copy of the default SIP profile that you can modify. |
Step 4 | Select Use Fully Qualified Domain Name in SIP Requests and then select Save. |
Associate the SIP profile with all devices that have primary extensions to which you associate URIs.
When you associate a user with a device, you provision that device to the user.
Step 1 | Open the Cisco Unified CM Administration interface. |
Step 2 | Select . The Find and List Users window opens. |
Step 3 | Specify the appropriate filters in the Find User where field and then select Find to retrieve a list of users. |
Step 4 | Select the appropriate user from the list. The End User Configuration window opens. |
Step 5 | Locate the Service Settings section. |
Step 6 | Select the appropriate service profile for the user from the UC Service Profile drop-down list. |
Step 7 | Locate the Device Information section. |
Step 8 | Select Device Association. The User Device Association window opens. |
Step 9 | Select the devices to which you want to associate the user. |
Step 10 | Select Save Selected/Changes. |
Step 11 | Select Find and List Users window. and return to the |
Step 12 | Find and select the same user from the list. The End User Configuration window opens. |
Step 13 | Locate the Permissions Information section. |
Step 14 | Select Add to Access Control Group. The Find and List Access Control Groups dialog box opens. |
Step 15 | Select the access control groups to which you want to assign the user. If you are provisioning users with secure phone capabilities, do not assign the users to the Standard CTI Secure Connection group. |
Step 16 | Select Add Selected. The Find and List Access Control Groups window closes. |
Step 17 | Select Save on the End User Configuration window. |
The client gets device configuration from the TFTP server. For this reason, you must specify your TFTP server address when you provision users with devices.
If the client gets the _cisco-uds SRV record from a DNS query, it can automatically locate the user's home cluster. As a result, the client can also locate the Cisco Unified Communications Manager TFTP service.
You do not need to specify your TFTP server address if you deploy the _cisco-uds SRV record.
Complete the steps to specify the address of your TFTP server on Cisco Unified Communications Manager IM and Presence Service.
Step 1 | Open the Cisco Unified CM IM and Presence Administration interface. |
Step 2 | Select . The Legacy Client Settings window opens. |
Step 3 | Locate the Legacy Client Security Settings section. |
Step 4 | Specify the IP address of your primary and backup TFTP servers in the following fields: |
Step 5 | Select Save. |
If the client connects to the Cisco WebEx Messenger service, you specify your TFTP server address with the Cisco WebEx Administration Tool.
Step 1 | Open the Cisco WebEx Administration Tool. |
Step 2 | Select the Configuration tab. |
Step 3 | Select Unified Communications in the Additional Services section. The Unified Communications window opens. |
Step 4 | Select the Clusters tab. |
Step 5 | Select the appropriate cluster from the list. The Edit Cluster window opens. |
Step 6 | Select Advanced Server Settings in the Cisco Unified Communications Manager Server Settings section. |
Step 7 | Specify the IP address of your primary TFTP server in the TFTP Server field. |
Step 8 | Specify the IP address of your backup TFTP servers in the Backup Server #1 and Backup Server #2 fields. |
Step 9 | Select Save. The Edit Cluster window closes. |
Step 10 | Select Save in the Unified Communications window. |
After you create and associate users with devices, you should reset those devices.
Step 1 | Open the Cisco Unified CM Administration interface. |
Step 2 | Select . The Find and List Phones window opens. |
Step 3 | Specify the appropriate filters in the Find Phone where field and then select Find to retrieve a list of devices. |
Step 4 | Select the appropriate device from the list. The Phone Configuration window opens. |
Step 5 | Locate the Association Information section. |
Step 6 | Select the appropriate directory number configuration. The Directory Number Configuration window opens. |
Step 7 | Select Reset. The Device Reset dialog box opens. |
Step 8 | Select Reset. |
Step 9 | Select Close to close the Device Reset dialog box. |
The client gets device lists for users from the CCMCIP server.
If the client gets the _cisco-uds SRV record from a DNS query, it can automatically locate the user's home cluster and discover services. One of the services the client discovers is UDS, which replaces CCMCIP.
You do not need to create a CCMCIP profile if you deploy the _cisco-uds SRV record.
Step 1 | Open the Cisco Unified CM IM and Presence Administration interface. |
Step 2 | Select
.
The Find and List CCMCIP Profiles window opens. |
Step 3 | Select
Add
New.
The CCMCIP Profile Configuration window opens. |
Step 4 | Specify service details in the CCMCIP profile as follows: |
Step 5 | Add users to
the CCMCIP profile as follows:
|
Step 6 | Select Save. |
You configure dial plan mapping to ensure that dialing rules on Cisco Unified Communications Manager match dialing rules on your directory.
Application dial rules automatically add or remove digits in phone numbers that users dial. Application dialing rules manipulate numbers that users dial from the client.
For example, you can configure a dial rule that automatically adds the digit 9 to the start of a 7 digit phone number to provide access to outside lines.
Directory lookup dial rules transform caller ID numbers into numbers that the client can lookup in the directory. Each directory lookup rule you define specifies which numbers to transform based on the initial digits and the length of the number.
For example, you can create a directory lookup rule that automatically removes the area code and two digit prefix digits from 10 digit telephone numbers. An example of this type of rule is to transform 4089023139 into 23139.
Cisco Unified Communications Manager version 8.5 or lower does not automatically publish dial rules to the client. For this reason, you must deploy a COP file to publish your dial rules. This COP file copies your dial rules from the Cisco Unified Communications Manager database to an XML file on your TFTP server. The client can then download that XML file and access your dial rules.
You must deploy the COP file every time you update or modify dial rules on Cisco Unified Communications Manager version 8.5 or lower.
Step 1 | Open the Cisco Unified OS Administration interface. |
Step 2 | Select . |
Step 3 | Specify the location of cmterm-csf-dialrule-wizard-0.1.cop.sgn in the Software Installation/Upgrade window. |
Step 4 | Select Next. |
Step 5 | Select cmterm-csf-dialrule-wizard-0.1.cop.sgn from the Available Software list. |
Step 6 | Select Next and then select Install. |
Step 7 | Restart the TFTP service. |
Step 8 | Open the dial rules XML files in a browser to verify that they are available on your TFTP server.
If you can access AppDialRules.xml and DirLookupDialRules.xml with your browser, the client can download your dial rules. |
Step 9 | Repeat the preceding steps for each Cisco Unified Communications Manager instance that runs a TFTP service. |
After you repeat the preceding steps on each Cisco Unified Communications Manager instance, restart the client.