Chapter 1 An Overview of the Cisco Unified IP Phone

Understanding Security Features for Cisco Unified IP Phones

Table 1-5

Security Restrictions with Conference Calls (continued)

 

 

 

 

 

 

Initiator’s Phone

 

 

 

 

Security Level

 

Feature Used

Security Level of Participants

Results of Action

 

 

 

 

 

Non-secure

 

cBarge

All participants are encrypted

Secure conference bridge

 

 

 

 

Conference changes to non-secure

 

 

 

 

 

Non-secure

 

MeetMe

Minimum security level is

Initiator receives message “Does not meet

 

 

 

encrypted

Security Level”, call rejected.

 

 

 

 

Secure (encrypted)

MeetMe

Minimum security level is

Secure conference bridge

 

 

 

authenticated

Conference accepts encrypted and

 

 

 

 

 

 

 

 

authenticated calls

 

 

 

 

Secure (encrypted)

MeetMe

Minimum security level is

Only secure conference bridge available and

 

 

 

non-secure

used

 

 

 

 

Conference accepts all calls

 

 

 

 

 

Supporting 802.1X Authentication on Cisco Unified IP Phones

These sections provide information about 802.1X support on the Cisco Unified IP Phones:

Overview, page 1-16

Required Network Components, page 1-16

Best Practices—Requirements and Recommendations, page 1-17

Overview

Cisco Unified IP phones and Cisco Catalyst switches have traditionally used Cisco Discovery Protocol (CDP) to identify each other and to determine parameters such as VLAN allocation and inline power requirements. However, CDP is not used to identify any locally attached PCs. Therefore, Cisco Unified IP Phones provide an EAPOL pass-through mechanism, whereby a PC locally attached to the IP phone may pass through EAPOL messages to the 802.1X authenticator in the LAN switch. This capability prevents the IP phone from having to act as the authenticator, yet allows the LAN switch to authenticate a data end point prior to accessing the network.

In conjunction with the EAPOL pass-through mechanism, Cisco Unified IP Phones provide a proxy EAPOL-Logoff mechanism. If the locally attached PC is disconnected from the IP phone, the LAN switch would not see the physical link fail, because the link between the LAN switch and the IP phone is maintained. To avoid compromising network integrity, the IP phone sends an EAPOL-Logoff message to the switch on behalf of the downstream PC, which triggers the LAN switch to clear the authentication entry for the downstream PC.

The Cisco Unified IP phones contain an 802.1X supplicant in addition to the EAPOL pass-through mechanism. This supplicant allows network administrators to control the connectivity of IP phones to the LAN switch ports. The IP phone 802.1X supplicant implements the EAP-MD5 option for 802.1X authentication.

Required Network Components

Support for 802.1X authentication on Cisco Unified IP Phones requires several components, including:

 

Cisco Unified IP Phone 7970G/7971G-GE Administration Guide for Cisco Unified Communications Manager 7.0

1-16

OL-15299-01

Page 29 Page 31
Page 30
Image 30
Cisco Systems 7970G, 7971G-GE manual Supporting 802.1X Authentication on Cisco Unified IP Phones, Overview
Page 29 Page 31

7970G, 7971G-GE specifications

The Cisco Systems 7971G-GE is a sophisticated IP phone designed for enterprise communication, offering a range of features that enhance productivity and collaboration. As part of the Cisco Unified Communications portfolio, this phone is known for its impressive technology and reliable performance.

One of the main features of the 7971G-GE is its high-resolution color display. The 5-inch LCD screen provides users with a visually appealing and intuitive interface, allowing for easy navigation through menus and contacts. The phone supports up to six lines, making it ideal for users who require multiple lines for simultaneous calls. Users can effortlessly manage calls with the ability to switch between lines and access important call features like hold, transfer, and conference calling.

In terms of audio quality, the Cisco 7971G-GE is equipped with high-definition voice technology. This feature ensures crystal-clear sound during calls, reducing background noise and enhancing the clarity of conversations. The phone also supports wideband audio codecs, enabling a richer voice experience that is particularly valuable in business environments.

The phone is designed with user convenience in mind. It offers programmable buttons that can be customized to suit individual needs, allowing easy access to frequently used functions or contact lists. Additionally, the presence indicator feature lets users see the availability of their colleagues in real-time, promoting more effective communication and collaboration.

Networking capabilities are another strong point of the Cisco 7971G-GE. The phone supports both Power over Ethernet (PoE) and standard Ethernet connectivity. This enables easy deployment without the need for additional power outlets. Moreover, the device is compatible with various Cisco communication platforms, integrating seamlessly with existing Cisco infrastructure, which is essential for businesses looking to upgrade their communications systems.

Security is a crucial consideration for modern enterprises, and Cisco addresses this with robust encryption features that protect voice and video calls. The phone supports secure signaling and media encryption, ensuring that sensitive conversations remain confidential.

Overall, the Cisco Systems 7971G-GE is a feature-rich IP phone that combines advanced technology with user-friendly design. Its high-definition audio, customizable features, and seamless integration with Cisco networks make it a popular choice for businesses seeking to improve their communication systems. With its reliability and performance, the Cisco 7971G-GE continues to support effective collaboration in an increasingly connected world.
Top Page Image Contents