Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
529
Views
0
Helpful
2
Replies

CUCM 8 security and SCCP messages

Go to solution
emikelso
Level 4
Level 4

‎03-13-2011 09:24 AM - edited ‎03-16-2019 03:56 AM

When CTL is enabled on the cluster, even if the phones are set to non-secure, does it change the sccp signalling protocol?

I ask because we recently upgraded a 6.1.3 cluster to 8.0.3a, and upgraded the firmware on the 7945 phones to 9.0.3. I believe that before the phones all upgraded their firmware, CTL security was enabled on the cluster. It was then disabled, but I'm pretty sure the CallManager services and TFTP were not restarted after making this change, which is in the best practices for security. All phones that upgraded to 9.0.3 have a CTL/ITL file on them.

Some of the phones are contact center phones and are being recorded via SPAN to Envision software/server. The calls were not being recorded, and in the packet traces, it was found that the Skinny call control data coming from the phones/Call Manager is of a different structure and different protocol. Previously it was strictly Skinny, now it is coming across as cisco-sccp.

We downgraded those phones to 8.5.3 and it removed the CTL/ITL file and those phones can now be recorded.

CUCM 8.0.3a on UCS B-series.

SPANNING the phone ports to the Envision server

NICE uses BiB on the phone and this is not an issue.

Thanks!

Erin

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Joseph Martini
Cisco Employee
Cisco Employee

‎03-13-2011 01:19 PM

The problem you ran into is a common one, the SCCP version changed during your update and many recording applications that use SPAN sessions actually inspect the SCCP messaging to determine the call information.  Many of the recording applications that use this method have not been updated to understand the newer SCCP messages in the new SCCP version.  You found the correct workaround which is to downgrade the phone firmware which reverts the phone back to an older SCCP version.  Also having security enabled (cluster in mixed mode) has no impact on the signaling messages if the phone is configured with a non secure profile.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Joseph Martini
Cisco Employee
Cisco Employee

‎03-13-2011 01:19 PM

The problem you ran into is a common one, the SCCP version changed during your update and many recording applications that use SPAN sessions actually inspect the SCCP messaging to determine the call information.  Many of the recording applications that use this method have not been updated to understand the newer SCCP messages in the new SCCP version.  You found the correct workaround which is to downgrade the phone firmware which reverts the phone back to an older SCCP version.  Also having security enabled (cluster in mixed mode) has no impact on the signaling messages if the phone is configured with a non secure profile.

0 Helpful

Go to solution
emikelso
Level 4
Level 4
In response to Joseph Martini

‎03-14-2011 10:36 AM

Thanks so much for the reply. The customer is moving to NICE, and we should not have this issue any longer.

It's a lesson learned to ask the question prior to upgrades, what other applicaitons and versions they are running.

0 Helpful
Customers Also Viewed These Support Documents