Cisco Systems 7970G instruction

Chapter 9 Troubleshooting and Maintenance

		Troubleshooting Cisco Unified IP Phone Security
Table 9-1	Cisco Unified IP Phone Security Troubleshooting (continued)

Problem		Possible Cause

Phone reports TFTP authorization failure.		• The TFTP address for the phone does not exist in
		the CTL file.
		• If you created a new CTL file with a new TFTP
		record, the existing CTL file on the phone may
		not contain a record for the new TFTP server.

Phone does not register with Cisco		The CTL file does not contain the correct information
Unified CallManager.		for the Cisco Unified CallManager server or the
		Cisco Unified CallManager does not have the valid
		issuer of the phone’s certificate.

Phone does not request signed configuration		The CTL file does not contain any TFTP entries with
files.		certificates.

802.1X Enabled on Phone but Not Authenticating

Phone cannot obtain a DHCP-assigned IP address.

Phone does not register with

Cisco Unified CallManager.

Phone status display as “Configuring IP” or “Registering”.

802.1X Authentication Status displays as “Held” (see the “802.1X Authentication and Status” section on page 4-42for more details).

Status menu displays 802.1X status as “Failed” (see the “Status Menu” section on page 7-3for more details).

These errors typically indicate that 802.1X authentication is enabled on the phone, but the phone is unable to authenticate.

1.Verify that you have properly configured the required components (see the “Supporting 802.1X Authentication on Cisco Unified IP Phones” section on page 1-18for more information).

2.Confirm that the shared secret is configured on the phone (see the “802.1X Authentication and Status” section on page 4-42for more information).

–If the shared secret is configured, verify that you have the same shared secret entered on the authentication server.

–If the shared secret is not configured, enter it and ensure that it matches the one on the authentication server.

Cisco Unified IP Phone Administration Guide for Cisco Unified CallManager 5.1 (SIP), Cisco Unified IP Phones

	OL-11524-01	9-13

Image 231

Cisco Systems 7970G manual 802.1X Enabled on Phone but Not Authenticating

Contents

Cisco Unified IP Phones 7970G/7971G-GE Page Page Page N T E N T S Products Vii Adding Phones with Cisco Unified CallManager Administration Viii Disabling a Headset Customizing and Modifying Configuration Files Configuring a Custom Background Image Troubleshooting and Maintenance Xii Monitoring the Voice Quality of Calls Xiii Xiv Audience Overview Xvi Organization Xvii Cisco Unified CallManager AdministrationRelated Documentation Cisco Unified IP Phones 7970G/7971G-GE Product Documentation DVD TroubleshootingObtaining Documentation Cisco.com Xix Documentation FeedbackCisco Product Security Overview Ordering Documentation For emergencies only security-alert@cisco.com Reporting Security Problems in Cisco Products Product Alerts and Field Notices Obtaining Technical AssistanceXxi Xxii Cisco Technical Support & Documentation Website Submitting a Service Request Definitions of Service Request SeverityXxiii Xxiv Obtaining Additional Publications and Information Italic font Document ConventionsConvention Description Boldface font Xxvi Italic screen font Waarschuwing Belangrijke Veiligheidsinstructies Varoitus Tärkeitä TurvallisuusohjeitaXxvii Warnung Wichtige Sicherheitshinweise Avvertenza Importanti Istruzioni Sulla SicurezzaXxviii Xxix Aviso Instruções Importantes DE Segurança Xxx Varning! Viktiga Säkerhetsanvisningar Xxxi Xxxii GEM Disse Anvisninger Xxxiii Xxxiv An Overview of the Cisco Unified IP Phone Cisco Unified IP Phone Understanding the Cisco Unified IP Phones 7970G/7971G-GEPage OL-11524-01 What Networking Protocols Are Used? Networking Protocol Purpose Usage NotesUnified CallManager System Guide Authentication on Cisco Unified IP Refer to the SupportingPhones section on page 1-18 for Network Configuration section on Related Topics Understanding the SIP Protocol Feature Overview Configuring Telephony Features Providing Users with Feature Information Guide Understanding Security Features for Cisco Unified IP PhonesTopic Reference Refer to Cisco Unified CallManager Security Topic Reference Overview of Supported Security Features Feature Description Authentication on Cisco Unified IP Phones section on More information, see the Device Configuration Menu Understanding Security Profiles Identifying Encrypted and Authenticated Phone CallsProcedure Select Security Configuration Related Topic Supporting 802.1X Authentication on Cisco Unified IP Phones Required Network Components OL-11524-01 Security Restrictions OL-11524-01 CallManager Administration Task Purpose For More InformationCallManager System Guide Refer to Cisco Unified See the Configuring Softkey See the Setting Up ServicesTemplates section on Installing Cisco Unified IP Phones See the Adding Users toCisco Unified CallManager Page Placement of the Cisco See the Providing PowerSee the Installing See the Adjusting IP Phone 7970 Guide SettingsNetwork Configuration OL-11524-01 A P T E R OL-11524-01 Vlan Telephony Features Available for the Phone, Providing Power to the Phone Power Guidelines Phone Power Consumption and Display BrightnessPower Type Guidelines Brightness Obtaining Additional Information about Power Power Outage Understanding Phone Configuration Files SIP Dial Rules Understanding the Phone Startup Process Step Description Related Topics Security Guide Unified CallManager Files, Understanding Requires MAC Method Address? Adding Phones to the Cisco Unified CallManager Database Adding Phones with Auto-Registration Adding Phones with Auto-Registration and Taps MAC Address of a Cisco Unified IP Phone section on Adding Phones with BAT Using Cisco Unified IP Phones with Different Protocols See the Configuring Startup Network Settings section on Converting a New Phone from Sccp to SIPConverting an In-Use Phone from Sccp to SIP Deploying a Phone in an Sccp and SIP Environment Converting an In-Use Phone from SIP to Sccp Determining the MAC Address of a Cisco Unified IP Phone Setting Up the Cisco Unified IP Phone Cisco Unified CallManager Configuration Before You BeginNetwork Requirements Safety Setting Up the Cisco Unified IP Phone Before You Begin Network and Access Ports Network and Access Ports, Handset, Speakerphone, Headset,Handset Headset Speakerphone Http//plantronics.com Audio Quality Subjective to the User Using External Devices with Your Cisco Unified IP Phone See the Headset section on Installing the Cisco Unified IP PhoneProcedure Reference See the Providing Power to Ports section on page 3-5 for See the Network and Access 130055 Adjusting Cisco Unified IP Phone Placement on the Desktop Adjusting the Placement of the Cisco Unified IP Phone See -2 below Securing the Phone with a Cable Lock Before You Begin Mounting the Phone to the Wall Parts Used in Wall Mounting the Cisco Unified IP Phone Verifying the Phone Startup Process OL-11524-01 Settings on the Cisco Unified IP Phone Configuring Startup Network Settings Before You Begin From the phone, press the Settings Security Configuration OL-11524-01 Configuring Settings on Cisco Unified IP Phone Related Topics Displaying a Configuration Menu Unlocking and Locking Options Editing Values Category Description Overview of Options Configurable from a Phone Values section on Network Configuration Menu Option Description To Change Refer to Cisco Unified CallManager Security Configuration Menu section Option Description To Change Vlan ID Scroll to the Dhcp Address Option Description To Change PC Vlan Device Configuration Menu CallManager Configuration Menu StateBlank CallManager Security Guide Designation DescriptionDevice Pool Unified CallManager Security Guide SIP Profile SIP Configuration MenuSIP General Configuration Menu, Line Settings Menu, Device Device Settings Usecallmanager Line Settings Menu Call Preferences Menu This option can also be Http Configuration Menu URL Configuration Menu, Locale Configuration Menu NTP Configuration Menu UI Configuration Menu Incoming call on the same line when Media Configuration Menu Administration System EnterpriseParameters Enabled or disabled for the phone. If Whose phone has the Recording Tone Receives. The remote party is the party Power Save Configuration Menu Security Configuration Menu Ethernet Configuration Menu Responses. Disabling the phone’s Network Configuration QoS Configuration Menu WAN by storing images locally Call Statistics Screen, Streaming Statistics, Security Configuration Menu CTL File Screen section on List Screen section onCisco Unified CallManager Security See the 802.1X Authentication CTL File ScreenStatus section on Unlocking the CTL File Configuration Menu section on Trust List Screen 802.1X Authentication and Status Authentication Choose Settings SecurityConfiguration Authentication Device 802.1X Authentication Real-Time Status Configuring Features, Templates Services, and Users Feature Description Configuration Reference Telephony Features Available for the Phone Administration Guide Features and Services GuideSystem Guide, Call Pickup System Guide CallManager Features Release 5.11, Cisco Unified Administration Guide, CallCisco Unified CallManager New Changed Information Guide Text, on the phone screen DND New and Changed Information Features and Services Guide section CallManager System Guide, Cisco Administration Guide, MusicServices Guide, Presence System Guide, Music on Unified CallManager System Administration Guide , Cisco Rings section on Creating Custom Phone Refer to the Cisco Unified IP Phone Administration Guide, TimeService Application Development System Guide, Time-of-Day Configuring Corporate Directories and Personal Directories Configuring Personal Directory Configuring Corporate Directories Modifying Phone Button Templates Configuring Softkey Templates Setting Up Services Managing the User Options Web Pages Adding Users to Cisco Unified CallManager User Management End User Giving Users Access to the User Options Web Pages Customizing the Cisco Unified IP Phone Creating Custom Phone Rings Ringlist.xml File Format Requirements PCM File Requirements for Custom Ring Types Configuring a Custom Phone Ring List.xml File Format Requirements Creating Custom Background Images List.xml Example PNG File Requirements for Custom Background Images Configuring a Custom Background Image Configuring Wideband Headset Codec Configuring the Idle Display OL-11524-01 Page Field Description Field Description OL-11524-01 A P T E R CTL Model Information Screen See the Using Cisco Unified IP Status MenuPhones with Different Protocols Select Status Messages Status Messages Screen Adding Phones with Cisco Unified CallManager Administration section onNetwork Configuration Menu section Message Description Possible Explanation and Action Unified CallManager Administration Guide Address. See the Network Configuration Settings Security Configuration802.1X Authentication option on the phone Authentication and Status section on Message Description Possible Explanation and Action Network Configuration Menu section on Phone. See the Firmware Versions Screen Section on page 7-15 to verify the phoneDevice Phone Section on page 4-7 section for details See the Network Configuration Menu Message Description Possible Explanation and Action Select Network Statistics Network Statistics Screen PC port is in a link up state and has auto-negotiated Select Firmware Versions Firmware Versions Screen Select Call Statistics Call Statistics Screen Monitoring the Voice Quality of Calls section on MOS LQK OL-11524-01 Monitoring the Cisco Unified IP Phone Remotely Accessing the Web Page for a Phone Network Statistics, Device Logs, Streaming Statistics,Http//IPaddress Disabling and Enabling Web Page Access Choose Device Phone Device Information UDI Network Configuration Network Configuration Description Description Description Network Statistics Ethernet Information Area Items Description Device Logs Streaming Statistics MOS LQK Streaming Statistics Related Topics Page OL-11524-01 Troubleshooting and Maintenance Resolving Startup Problems Troubleshooting and Maintenance Resolving Startup Problems Identifying Error Messages Verifying IP Addressing and Routing Choose Tools Control Center Cisco CallManager Serviceability Creating a New Configuration File Symptom Cisco Unified IP Phone Unable to Obtain IP Address Cisco Unified IP Phone Resets Unexpectedly Verifying Physical ConnectionIdentifying Intermittent Network Outages Verifying Dhcp Settings Checking Static IP Address SettingsVerifying Voice Vlan Configuration Verifying that the Phones Have Not Been Intentionally Reset Eliminating DNS or Other Connectivity Errors Problem Possible Cause Checking Power Connection 802.1X Enabled on Phone but Not Authenticating 802.1X Not Enabled Summary Explanation General Troubleshooting Tips See the Call Statistics Screen section on page 7-16 for Unlocking and Locking Options section on page 4-4 for Halfduxcollisionexceedthreshold Performing a Basic Reset, Performing a Factory Reset, Unlocking and Locking Options Performing a Basic ResetOperation Performing Explanation Locking Options section on Performing a Factory Reset Monitoring the Voice Quality of Calls Using the Quality Report Tool Using Voice Quality Metrics Troubleshooting Tips Condition Where to Go for More Troubleshooting Information Cleaning the Cisco Unified IP Phone Providing Information to Users Via a Website How Users Obtain Support for the Cisco Unified IP Phone How Users Access the Online Help System on the Phone How Users Get Copies of Cisco Unified IP Phone Manuals Unified CallManager section on How Users Access a Voice Messaging System How Users Configure Personal Directory Click Next Configuring the Synchronizer OL-11524-01 P E N D I X B Cisco Unified IP Phone Features CMC Calling Features Cisco Unified IP Phone 7970G/7971G-GE Cisco IP Phone Service Application Development Notes for Release 4.13 orCisco Ipma User Guide Cisco IP Phone Expansion Module Cisco CallManager Features and ServicesCisco CallManager Attendant Console User Guide Adding Language Overlays to Phone Buttons Supporting International Users Installing the Cisco Unified CallManager Locale Installer Specification Value or Range Technical Specifications Network and Access Port Pinouts Cable Specifications Network Port Connector Access Port ConnectorPin Number Function IN-1 Numerics IN-2 IN-3 IN-4 IN-5 IN-6 IN-7 IN-8 IN-9 IN-10 IN-11 IN-12 IN-13 Vlan IN-14