[cisco-voip] Switch CUCM cluster back to no Secure

Brian Meade bmeade90 at vt.edu
Mon Jul 16 08:47:31 EDT 2018


Basically just need to run "utils ctl set-cluster non-secure-mode" and
delete the CTL from each node using "file delete tftp CTLFile.tlv".

Probably worth restarting TFTP after that.

At that point, new phones won't get a CTL and the cluster will be
non-secure.  However, you'll still need a way to delete the CTL off of all
the phones that downloaded the CTL at some point.  You could using
something like UnifiedFX for this.

Here's the official guide-
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/security/10_0_1/secugd/CUCM_BK_C68276B4_00_cucm-security-guide-100/CUCM_BK_C68276B4_00_cucm-security-guide-100_chapter_0100.html


On Fri, Jul 13, 2018 at 12:46 AM Reto Gassmann <voip at mrga.ch> wrote:

> All IP phones have a no secure profile.
> We replace the old 7960/61 with 8851 and plan to use MigrationFX to ease
> the process. Our integrator now informed us, that we have to set the
> cluster to no secure for that.
>
> Brian Meade <bmeade90 at vt.edu> schrieb am Do. 12. Juli 2018 um 23:31:
>
>> Did you use tokens or the tokenless process?
>>
>> On Thu, Jul 12, 2018 at 4:40 PM Reto Gassmann <voip at mrga.ch> wrote:
>>
>>> Hi Daniele
>>>
>>> I‘d love to upgrade to 11.5 but there are some  compatibility issues (eg
>>> UCCE) that do not allow me to upgrade right away.
>>>
>>> daniele visaggio <visaggio.daniele at gmail.com> schrieb am Do. 12. Juli
>>> 2018 um 22:14:
>>>
>>>> What about upgrading to 11.5? from 11.5 auto-registration in mixed mode
>>>> is supported.
>>>>
>>>>
>>>> https://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/200716-CUCM-Auto-registration-Process-In-Mixed.html
>>>>
>>>>
>>>> 2018-07-12 19:24 GMT+02:00 Reto Gassmann <voip at mrga.ch>:
>>>>
>>>>> Hallo Group
>>>>>
>>>>> What are the steps, challanges and risks if I switch a CUCM 10.5
>>>>> cluster from mixed mode back to no secure.
>>>>> I have to do that because I need IP phone autregistration back.
>>>>>
>>>>> Thanks a lot
>>>>> Regards Reto
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> cisco-voip mailing list
>>>>> cisco-voip at puck.nether.net
>>>>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>>>>
>>>>>
>>>> _______________________________________________
>>> cisco-voip mailing list
>>> cisco-voip at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20180716/a41ef501/attachment.html>


More information about the cisco-voip mailing list