Chapter 1 An Overview of the Cisco Unified IP Phone

Understanding Security Features for Cisco Unified IP Phones

Table 1-7

Security Restrictions with Conference Calls

 

 

 

 

 

 

Initiator’s Phone

 

 

 

 

Security Level

 

Feature Used

Security Level of Participants

Results of Action

 

 

 

 

 

Non-secure

 

Conference

Encrypted or authenticated

Non-secure conference bridge

 

 

 

 

Non-secure conference

 

 

 

 

Secure (encrypted

Conference

At least one member is

Non-secure conference

or authenticated)

 

non-secure

 

 

 

 

 

Secure (encrypted)

Conference

All participants are encrypted

Secure encrypted level conference

 

 

 

 

 

Secure

 

Conference

All participants are encrypted or

Secure authenticated level conference

(authenticated)

 

 

authenticated

 

 

 

 

 

 

Non-secure

 

cBarge

All participants are encrypted

Conference changes to non-secure

 

 

 

 

 

Non-secure

 

Meet Me

Minimum security level is

Initiator receives message “Does not meet Security

 

 

 

encrypted

Level”, call rejected.

 

 

 

 

Secure (encrypted)

Meet Me

Minimum security level is

Conference accepts encrypted and authenticated

 

 

 

authenticated

calls

 

 

 

 

Secure (encrypted)

Meet Me

Minimum security level is

Only secure conference bridge available and used

 

 

 

non-secure

Conference accepts all calls

 

 

 

 

 

 

 

 

 

Supporting 802.1X Authentication on Cisco Unified IP Phones

These sections provide information about 802.1X support on the Cisco Unified IP Phones:

Overview, page 1-17

Required Network Components, page 1-18

Best Practices—Requirements and Recommendations, page 1-19

Overview

Cisco Unified IP phones and Cisco Catalyst switches have traditionally used Cisco Discovery Protocol (CDP) to identify each other and determine parameters such as VLAN allocation and inline power requirements. However, CDP is not used to identify any locally attached PCs; therefore, Cisco Unified IP Phones provide an EAPOL pass-through mechanism, whereby a PC locally attached to the IP phone, may pass through EAPOL messages to the 802.1X authenticator in the LAN switch. This prevents the IP phone from having to act as the authenticator, yet allows the LAN switch to authenticate a data end point prior to accessing the network.

In conjunction with the EAPOL pass-through mechanism, Cisco Unified IP Phones provide a proxy EAPOL-Logoff mechanism. In the event that the locally attached PC is disconnected from the IP phone, the LAN switch would not see the physical link fail, because the link between the LAN switch and the IP phone is maintained. To avoid compromising network integrity, the IP phone sends an EAPOL-Logoff message to the switch, on behalf of the downstream PC, which triggers the LAN switch to clear the authentication entry for the downstream PC.

The Cisco Unified IP phones also contain an 802.1X supplicant, in addition to the EAPOL pass-through mechanism. This supplicant allows network administrators to control the connectivity of IP phones to the LAN switch ports. The current release of the phone 802.1X supplicant uses the EAP-FAST and EAP-TLS options for network authentication.

 

 

Cisco Unified IP Phone 6901 and 6911 Administration Guide for Cisco Unified Communications Manager 8.5 (SCCP and SIP)

 

 

 

 

 

 

OL-23874-01

 

 

1-17

 

 

 

 

 

Page 28 Page 30
Page 29
Image 29
Cisco Systems 6901 manual Supporting 802.1X Authentication on Cisco Unified IP Phones, Overview
Page 28 Page 30

6901 specifications

Cisco Systems 6901 is a versatile, compact, and powerful router designed to meet the networking needs of small to medium-sized businesses, as well as enterprise branch offices. This model is part of Cisco's ISR (Integrated Services Router) portfolio, which is known for its capability to integrate multiple services into a single platform, ensuring high efficiency and cost-effectiveness.

One of the main features of the Cisco 6901 is its ability to support advanced routing protocols, including RIP, EIGRP, OSPF, and BGP. This versatility allows for seamless integration into various network architectures, facilitating efficient communication and data transfer across multiple locations. The device is also built to handle high-bandwidth applications, making it an ideal choice for businesses that rely on robust network performance.

In terms of connectivity, Cisco 6901 offers multiple Ethernet ports, supporting both 10/100/1000 Mbps speeds. This ensures that users can connect a variety of devices, ranging from office computers to network printers, all while maintaining optimal network performance. Additionally, the router supports both LAN and WAN interfaces, providing flexibility in deployment options.

Security is a crucial aspect of networking, and the Cisco 6901 does not disappoint in this regard. It comes equipped with advanced security features, including firewall capabilities, intrusion prevention, and VPN support. These features ensure that sensitive business data is protected from unauthorized access, while also providing secure remote access for employees.

Another essential characteristic of the Cisco 6901 is its support for various multimedia applications. The router comes with Quality of Service (QoS) features that prioritize voice, video, and data traffic, ensuring high-quality performance for applications such as VoIP and video conferencing. This is particularly valuable in today's business landscape, where effective communication is critical for success.

The Cisco 6901 is also designed for ease of management and configuration. It features a user-friendly interface that simplifies the setup process, along with comprehensive monitoring tools that enable administrators to keep an eye on network performance and address any issues proactively.

In summary, the Cisco Systems 6901 is a powerful, feature-rich router that combines advanced routing capabilities with robust security measures and multimedia support. Its flexibility, ease of management, and comprehensive service integration make it an excellent choice for businesses seeking to enhance their networking infrastructure. With the Cisco 6901, organizations can achieve efficient communication, secure data exchange, and high-performance network operations, positioning themselves well for future growth.
Top Page Image Contents