Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
392
Views
0
Helpful
2
Replies

Cisco Phone Proxy

Leonardo Santana
Spotlight
Spotlight

‎02-14-2012 11:11 AM - edited ‎03-16-2019 09:35 AM

Hello,

For the phone-proxy to works properly does i need to put a certificate on the IP Phones?

The Locally Significant Certificate must be manually installed on the IP Phone. Installing the LSC requires the use of at least two USB eTokens and the CTL Client. The CTL Client is used to generate the necessary certificates on the CallManager. Once the CTL Provider and CAPF Services are activated on the cluster, the CTL Client can be run to generate the CTL file on the CallManager. Once this process completes it is then possible to set the "Certificate Operation" on the IP Phone to "Install/Upgrade" through the CCMAdmin Interface. This process must be used for all 7940/60 and older model IP Phones. Without the USB eToken and the CTL Client there is no way to install LSCs on IP Phones. The Part number for the USB eToken is: KEY-CCM-ADMIN-K9=

Note: Even if LSCs are deployed, the hard phone must first register and authenticate with a MIC since the phone-proxy does NOT allow auto-registration.

Is correct?

Thanks

Regards
Leonardo Santana

*** Rate All Helpful Responses***
Labels:
0 Helpful
2 Replies 2

Leonardo Santana
Spotlight
Spotlight

‎02-14-2012 11:52 AM

Other thing in what models of phone i need to use LSC or MIC?

Regards
Leonardo Santana

*** Rate All Helpful Responses***
0 Helpful

Joseph Martini
Cisco Employee
Cisco Employee
In response to Leonardo Santana

‎02-14-2012 05:00 PM

Yes all phones used with phone proxy require certificates (either a MIC or LSC).  7940/7960 phones are the only ones I know of that do not come with Manufacture Installed Certificates (MICs), so you would have to push a Locally Significant Certificate (LSC) to those phone models.  Anything newer like a 7941/61/70 comes with a MIC so those phones are ready to use with the phone proxy right out of the box if you want to use MICs instead of LSCs for authentication.

You also do not need to have the USB e-tokens to pass LSCs to the phones.  Here's how to do this so you don't have to purchase the e-tokens: https://supportforums.cisco.com/docs/DOC-12963.  Note that if you want to encrypt phones or pass LSCs to phones without locally (not behind an ASA) you would need the USB e-tokens.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents