06-06-2012 11:50 AM - edited 03-16-2019 11:32 AM
HI
I have a call manager 6.1 and i will upgrade it to 8.5.
the issue is that i have a ctl installed in my version 6 and secured ip phone and i want to work with the same CTL in version 8 without upgrading it.
i don't want to have go through each phone and upgrade the CTL.
can upgrade my CUCM to 8 without modifying the CTL and what's the procedure.
Regards
06-06-2012 01:11 PM
can upgrade my CUCM to 8 without modifying the CTL and what's the procedure.
As long as you do not renew or regenerate any of the certificates included in the CTL (CUCM, TFTP, CAPF, etc) you can upgrade the cluster without rebuilding the CTL. Also, as long as a new version of the CTL is signed by at least one of the tokens that was included in the version already downloaded, the phone will automatically download a newer CTL version.
The CTL Client on your workstation would have to be upgraded the next time you need to modify the CTL though.
Lastly, be sure that you understand the new TVS and ITL mechanisms in CUCM 8.0+. Both of them interact with CTL if you have a mixed mode cluster.
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/security/8_6_1/secugd/secuview.html
06-06-2012 03:44 PM
Hi jonathan
when I upgrade the cluster, and i take a phone directly from version six to my new version 8 it doesn't want to register and is rejected (security issue) , when I remove the security profile from the phone then the phone moved from the version 6 to version 8 works.
the issue is that I have 4000 ip phone to move from the version 6 to version 8 and need the security to be set.
Regards
06-07-2012 09:14 AM
Moving a phone from one cluster to another, as opposed to upgrading the same 6.x cluster to 8.0 is an entirely different matter.
If you are changing clusters and both are in mixed mode than the new CTL must be signed by one of the tokens that was included in the 6.x CTL; otherwise, the phone will not accept the new CTL nor the ITL and by extension it's TFTP config file.
06-07-2012 03:45 PM
Hi jonathan,
In fact i am moving from physical to virtual,
Please tell me what's the procedure to do the upgrade without the need to go through all the phone.
should i sign the CTL before the DRS procedure in the version 6 or After?
If i sign the CTL and upload it to new CUCM 8, all the phone will automaticaly get new ctl? or there is a conflict between the old CTL and the new one?
if I have a DNS in my version 6 installation is there any issue for security if I install version 8 without DNS?
Thank you for your help
06-08-2012 08:03 AM
If you're migrating to UCS the way this should go is:
If you do a DRS backup and restore the certificates and the CTL file should come forward with it. I'm confused why you're talking about building a new 8.x cluster and moving toward it.
If you're deadset on doing a new cluster then you would want to reuse the same security tokens to sign your 8.x CTL file. Since those tokens are already trusted in the 6.x CTL the phone will accept the new CTL.
06-08-2012 08:23 AM
Hi jonathan,
Yes, I am using DRS from my 6 version to my version 8.
If I understand well, I have just to sign my version 6 CTL with version 8 call manager and phone can register with the version 8?
07-17-2012 11:28 PM
Hi Jonathan,
1stly Excellent post thanks for sharing !
quick questions regarding the upgrade and security
We are migrating a cluster from 7.1 MCS appliance to 8.6 on UCS,
The upgrade process we are using is as follows.
1. Upgrade exsiting 7.1.5 to 8.0.3 - Take DRS backup
2. Build 8.0.3 on new UCS using the DRS backup above
3. Upgrade this now to 8.6
Jonathan you mention --> If you do a DRS backup and restore the certificates and the CTL file should come forward with it.
Is there any chance the CTL file wont come across to 8.0.3 / then 8.6 after upgrdae on UCS or any platform?
And if for instance the CTL file didnt come across with upgrade what is the process to rectify?
Would we reuse the same security tokens from 7.1.5 to sign a new 8.x CTL file on the 8.6 box?
Also are there any gotchas we need to be aware i.e. dependancies that will effect the CTL for example
Changing hostname once we upgrade to 8.6 on UCS
Changing IP address once we upgrade to 8.6 on UCS
Changing DNS
Mac address changing
etc
thank you kindly
Allan
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: