Troubleshooting Cisco Unified IP Phone Security

Chapter 9 Troubleshooting and Maintenance

Table 9-1provides troubleshooting information for the security features on the Cisco Unified IP Phone. For information relating to the solutions for any of these issues, and for additional troubleshooting information about security and encryption, see Cisco Unified Communications Manager Security Guide.

Table 9-1	Cisco Unified IP Phone Security Troubleshooting

Problem		Possible Cause

Device authentication error.		CTL file does not have a Cisco Unified Communications Manager certificate
		or has an incorrect certificate.

Phone cannot authenticate CTL file.		The security token that signed the updated CTL file does not exist in the CTL
		file on the phone.

Phone cannot authenticate any of the		The configuration file may not be signed by the corresponding certificate in the
configuration files other than the ITL file.		phone’s Trust List.

Phone cannot authenticate any of the		The configuration file may not be signed by the corresponding certificate in the
configuration files other than the CTL file.		phone’s Trust List.

Phone does not register with Cisco Unified		The CTL file does not contain the correct information for the Cisco
Communications Manager.		Unified Communications Manager server.

Phone does not request signed configuration		The CTL file does not contain any TFTP entries with certificates.
files.

802.1X Enabled on Phone but Not Authenticating

Phone cannot obtain a DHCP-assigned IP		These errors typically indicate that 802.1X is enabled on the phone, but the
address		phone is unable to authenticate.

Phone does not register with Cisco Unified		1. Verify that you have properly configured the required components
Communications Manager		Supporting 802.1X Authentication on Cisco Unified IP Phones, page 1-19.

Phone status display as Configuring IP or		2. Confirm that the shared secret is configured on the phone. See Security
Registering		Configuration Menu, page 4-32for more information.

802.1X Authentication Status displays as		– If the shared secret is configured, verify that you have the same shared
Held (see 802.1X Authentication and		secret entered on the authentication server.
Status, page 4-44).		– If the shared secret is not configured, enter it, and ensure that it

Status menu displays 802.1x status as Failed
Status menu displays 802.1x status as Failed		matches the shared secret on the authentication server.
(see Call Statistics Screen, page 8-14).

802.1X Not Enabled

Phone cannot obtain a DHCP-assigned IP address

Phone does not register with Cisco Unified Communications Manager

Phone status display as Configuring IP or Registering

802.1X Authentication Status displays as Disabled (see 802.1X Authentication and Status, page 4-44).

Status menu displays DHCP status as timing out (see Call Statistics Screen, page 8-14).

These errors typically indicate that 802.1X is not enabled on the phone. To enable it, see Security Configuration Menu, page 4-32for information on enabling 802.1X on the phone.

Cisco Unified IP Phone Administration Guide for Cisco Unified Communications Manager 8.6 (SCCP and SIP)

	OL-23091-01	9-9

Cisco Systems 8.6 manual Troubleshooting Cisco Unified IP Phone Security, Problem Possible Cause

Models: 8.6

Troubleshooting Cisco Unified IP Phone Security

Problem

Possible Cause

Configuration Menu, page 4-32for more information.

Status, page 4-44).

(see Call Statistics Screen, page 8-14).