[cisco-voip] callmanager usb etokens

Patrick Diener patrick.diener at gmail.com
Wed Jan 9 04:18:06 EST 2008 

verify that your phones downloaded the CTL file (Settings -> Security
Configuration)
in this menu you will also see if the phone has acquired a Certificate (LSC)

if the LSC is missing:
- go to the device config. page of the phone on CCM
- Certification Operation: Install/Upgrade
- Authentication Mode: By Null String (!!!UNSECURE!!! but easy to use ;-))
- go to the settings menu of the phone
- unlock config (**#)
- Security Configuration
- LSC -> Update (Softkey)

> Any other things which could cause the phones not to register when security
> is enabled.
wrong/old CTL file or Certificate on the phone, e.g. when you take
equipment from the lab and connect it to your live environment.
factory reset will fix this easily

Regards
Patrick

On Jan 9, 2008 9:46 AM, Aman Chugh <aman.chugh at gmail.com> wrote:
> 1.Yes
> 2. I ran the CTL client and generated the CTL file and I can see the CTL.TLV
> file on the tftp server along with cnf.xml.sgn files for my phones .
> 3. I am not sure about the LSC for phones, I did go through the guide for
> CTL client installation, will dig deeper into the guide  for this .
>
> Any other things which could cause the phones not to register when security
> is enabled.
>
> Aman
>
>
>
>
> On 1/8/08, Patrick Diener <patrick.diener at gmail.com> wrote:
> > that is exactly what is supposed to happen! ;-)
> >
> > Did you start the CAPF service on the Pub?
> > Did you create the CTL file?
> > Did you install the LSCs (Local Significant Certificates) on the Phones?
> >
> > => read the "Cisco CallManager Security Guide, Release 4.2(1)"
> > carefully there are quite some steps involved to get Security up and
> > running...
> >
> > Regards
> > Patrick
> >
> >
> >
> > On 1/8/08, Aman Chugh <aman.chugh at gmail.com> wrote:
> > >
> > > I am configuring these with callmanager and when I change my cluster
> mode to
> > > mixed mode and change the device security mode to authenticated in
> > > enterprise parrametters my ipphones dont register, I am using 7960 and
> 7940
> > > . I have set the device security mode set to encrypted and cluster mode
> is
> > > set to 1. I have even tried changing the phone ethernet port to 2444 ,
> but
> > > phones wont register. I re run the CTL client and change cluster mode to
> non
> > > secure and change the device modes to non secure and my phones resigter
> > > again.
> > >
> > > CM 4.2.1 SR1
> > >
> > > Any help would be appriciated.
> > >
> > >
> > > Aman
> > > _______________________________________________
> > > cisco-voip mailing list
> > > cisco-voip at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/cisco-voip
> > >
> >
>
>

More information about the cisco-voip mailing list