Chapter 9 Troubleshooting and Maintenance

Troubleshooting Cisco Unified IP Phone Security

Troubleshooting Cisco Unified IP Phone Security

Table 9-1provides troubleshooting information for the security features on the Cisco Unified IP Phone. For information relating to the solutions for any of these issues, and for additional troubleshooting information about security and encryption, see Cisco Unified Communications Manager Security Guide.

Table 9-1

Cisco Unified IP Phone Security Troubleshooting

 

 

 

Problem

 

Possible Cause

 

 

Device authentication error.

CTL file does not have a Cisco Unified Communications Manager certificate

 

 

or has an incorrect certificate.

 

 

Phone cannot authenticate CTL file.

The security token that signed the updated CTL file does not exist in the CTL

 

 

file on the phone.

 

 

Phone cannot authenticate any of the

The configuration file may not be signed by the corresponding certificate in the

configuration files other than the ITL file.

phone’s Trust List.

 

 

Phone cannot authenticate any of the

The configuration file may not be signed by the corresponding certificate in the

configuration files other than the CTL file.

phone’s Trust List.

 

 

Phone does not register with Cisco Unified

The CTL file does not contain the correct information for the Cisco

Communications Manager.

Unified Communications Manager server.

 

 

Phone does not request signed configuration

The CTL file does not contain any TFTP entries with certificates.

files.

 

 

 

 

802.1X Enabled on Phone but Not Authenticating

 

 

 

Phone cannot obtain a DHCP-assigned IP

These errors typically indicate that 802.1X is enabled on the phone, but the

address

 

phone is unable to authenticate.

 

 

Phone does not register with Cisco Unified

1. Verify that you have properly configured the required components

Communications Manager

Supporting 802.1X Authentication on Cisco Unified IP Phones, page 1-19.

 

 

Phone status display as Configuring IP or

2. Confirm that the shared secret is configured on the phone. See Security

Registering

 

Configuration Menu, page 4-32for more information.

 

 

802.1X Authentication Status displays as

If the shared secret is configured, verify that you have the same shared

Held (see 802.1X Authentication and

secret entered on the authentication server.

Status, page 4-44).

If the shared secret is not configured, enter it, and ensure that it

 

 

Status menu displays 802.1x status as Failed

matches the shared secret on the authentication server.

(see Call Statistics Screen, page 8-14).

 

 

 

802.1X Not Enabled

 

Phone cannot obtain a DHCP-assigned IP address

Phone does not register with Cisco Unified Communications Manager

Phone status display as Configuring IP or Registering

802.1X Authentication Status displays as Disabled (see 802.1X Authentication and Status, page 4-44).

Status menu displays DHCP status as timing out (see Call Statistics Screen, page 8-14).

These errors typically indicate that 802.1X is not enabled on the phone. To enable it, see Security Configuration Menu, page 4-32for information on enabling 802.1X on the phone.

Cisco Unified IP Phone Administration Guide for Cisco Unified Communications Manager 8.6 (SCCP and SIP)

 

OL-23091-01

9-9

 

 

 

Page 203
Image 203
Cisco Systems 8.6 manual Troubleshooting Cisco Unified IP Phone Security, Problem Possible Cause