Table of Contents
Advertisement
Chapter 9
Troubleshooting and Maintenance
Troubleshooting Cisco Unified IP Phone Security
Table 9-1
For information relating to the solutions for any of these issues, and for additional troubleshooting
information about security and encryption, see Cisco Unified Communications Manager Security Guide.
Table 9-1
Cisco Unified IP Phone Security Troubleshooting
Problem
Device authentication error.
Phone cannot authenticate CTL file.
Phone cannot authenticate any of the
configuration files other than the ITL file.
Phone cannot authenticate any of the
configuration files other than the CTL file.
Phone does not register with Cisco Unified
Communications Manager.
Phone does not request signed configuration
files.
802.1X Enabled on Phone but Not Authenticating
Phone cannot obtain a DHCP-assigned IP
address
Phone does not register with Cisco Unified
Communications Manager
Phone status display as Configuring IP or
Registering
802.1X Authentication Status displays as
Held (see
802.1X Authentication and
Status, page
4-44).
Status menu displays 802.1x status as Failed
(see
Call Statistics Screen, page
802.1X Not Enabled
Phone cannot obtain a DHCP-assigned IP
address
Phone does not register with Cisco Unified
Communications Manager
Phone status display as Configuring IP or
Registering
802.1X Authentication Status displays as
Disabled (see
802.1X Authentication and
Status, page
4-44).
Status menu displays DHCP status as timing
out (see
Call Statistics Screen, page
OL-23091-01
provides troubleshooting information for the security features on the Cisco Unified IP Phone.
Possible Cause
CTL file does not have a Cisco Unified Communications Manager certificate
or has an incorrect certificate.
The security token that signed the updated CTL file does not exist in the CTL
file on the phone.
The configuration file may not be signed by the corresponding certificate in the
phone's Trust List.
The configuration file may not be signed by the corresponding certificate in the
phone's Trust List.
The CTL file does not contain the correct information for the Cisco
Unified Communications Manager server.
The CTL file does not contain any TFTP entries with certificates.
These errors typically indicate that 802.1X is enabled on the phone, but the
phone is unable to authenticate.
Verify that you have properly configured the required components
1.
Supporting 802.1X Authentication on Cisco Unified IP Phones, page
Confirm that the shared secret is configured on the phone. See
2.
Configuration Menu, page 4-32
–
–
8-14).
These errors typically indicate that 802.1X is not enabled on the phone. To
enable it, see
enabling 802.1X on the phone.
8-14).
Cisco Unified IP Phone Administration Guide for Cisco Unified Communications Manager 8.6 (SCCP and SIP)
If the shared secret is configured, verify that you have the same shared
secret entered on the authentication server.
If the shared secret is not configured, enter it, and ensure that it
matches the shared secret on the authentication server.
Security Configuration Menu, page 4-32
Troubleshooting Cisco Unified IP Phone Security
for more information.
for information on
1-19.
Security
9-9
Advertisement
Table of Contents
Troubleshooting
