cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
669
Views
0
Helpful
2
Replies

Can not register 7941G phone for MIC with CME

crscrsone
Level 1
Level 1

Dear all,

I try to register 7941G phone, (firwware=SCCP41.9-1-1SR1S)  with MIC to CME with 12.4(20)T2 in UC 500, I already set up the CA, tftp-server, cme-server, capf-server, sast1,
but no work, here is the configuration, Please advise, many thanks.

Regards,
James

!
hostname CCME
!
clock timezone JP 9
!
crypto pki server cme-ca
grant auto
database url flash:
!
crypto pki trustpoint TP-self-signed-3097569863
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3097569863
revocation-check none
rsakeypair TP-self-signed-3097569863
!
crypto pki trustpoint cme-ca
enrollment url http://192.168.20.1:80
revocation-check crl
rsakeypair skey 1024 1024
!
crypto pki trustpoint capf-server
enrollment url http://192.168.20.1:80
serial-number
revocation-check none
rsakeypair skey 1024 1024
!
crypto pki trustpoint cme-server
enrollment url http://192.168.20.1:80
serial-number
revocation-check none
rsakeypair skey 1024 1024
!
crypto pki trustpoint tftp-server
enrollment url http://192.168.20.1:80
serial-number
revocation-check none
rsakeypair skey 1024 1024
!
crypto pki trustpoint sast1
enrollment url http://192.168.20.1:80
serial-number
revocation-check none
rsakeypair skey 1024 1024
!
!
crypto pki certificate chain TP-self-signed-3097569863
certificate self-signed 01
308201FB 30820164....
   quit
crypto pki certificate chain cme-ca ---> this is CA
certificate ca 01
  308201FB.....
   quit
crypto pki certificate chain capf-server --->Capf
certificate 03
  308201FF......
   quit
certificate 02
  308201FF...... 
   quit
certificate ca 01
  308201FB...... 
   quit
crypto pki certificate chain cme-server --> CMe server
certificate 05
  308201FF...... 
   quit
certificate 04
  308201FF...... 
   quit
certificate ca 01
  308201FB......
   quit
crypto pki certificate chain tftp-server --->tftp server
certificate 07
  308201FF...... 
   quit
certificate 06
  308201FF...... 
   quit
certificate ca 01
  308201FB...... 
   quit
crypto pki certificate chain sast1 ---> sast1
certificate 09
  308201FF...... 
   quit
certificate 08
  308201FF...... 
   quit
certificate ca 01
  308201FB...... 
   quit
!
ctl-client
server cme 192.168.20.1 trustpoint cme-server
server tftp 192.168.20.1 trustpoint tftp-server
server capf 192.168.20.1 trustpoint capf-server
sast1 trustpoint sast1
!
capf-server
port 3804
auth-mode null-string
cert-enroll-trustpoint cme-ca password 1 11584B5643475D5B5C
trustpoint-label capf-server
source-addr 192.168.20.1
!
!
ip http server
no ip http secure-server
ip http path flash:/gui
!
!
telephony-service
secure-signaling trustpoint cme-server
cnf-file perphone
tftp-server-credentials trustpoint tftp-server
server-security-mode non-secure
create cnf-files version-stamp Jan 01 2002 00:00:00
!
!
ephone-dn  1  dual-line
number 178
!
ephone  6
device-security-mode authenticated
mac-address 0017.95B0.E733
type 7941
button  1:1
!
___________________________________________________________

CCME#show capf-server summary
CAPF Server Configuration Details
        Trustpoint for TLS With Phone: capf-server
        Trustpoint for CA operation: cme-ca
        Source Address: 192.168.20.1
        Listening Port: 3804
        Phone Key Size: 1024
        Phone KeyGen Retries: 3
        Phone KeyGen Timeout: 30 minutes
        Device Authentication Mode: Null-String

___________________________________________________________

CCME#sh ctl-client
CTL Client Information
----------------------
        SAST 1 Certificate Trustpoint: sast1
        SAST 1 Certificate Trustpoint:
        List of Trusted Servers in the CTL
                CME     192.168.20.1    cme-server
                TFTP    192.168.20.1    tftp-server
                CAPF    192.168.20.1    capf-server

_______________________________________________________________

CCME#sh ver
Cisco IOS Software, UC500 Software (UC500-ADVIPSERVICESK9-M), Version 12.4(20)T2
, RELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport

________________________________________________________________

CCME#sh telephony-service security-info

Skinny Server Trustpoint for TLS: cme-server
TFTP Credentials Trustpoint: tftp-server
Server Security Mode: Non Secure
Global Device Security Mode: Non-Secure
CCME#

Phone=CP7941G
firwware=SCCP41.9-1-1SR1S

2 Replies 2

crscrsone
Level 1
Level 1

Hi all,

I find the answers, thnaks

James

I have the same problem. What was the solution? Thanks