Re: CUCM cluster IP address change

zkraust · ‎09-06-2021

Hello,

I am changing my publisher, TFTP and two subscribers IP addresses. I am concerned about IP phone certificates and issues with registration after the TFTP server IP address changes. What’s the best way to make sure my ip phones come up after charging the IP address of the cluster

Jaime Valencia · ‎09-06-2021

Have you looked at the procedure to change the server's IP?

It does NOT causes certificates to be regenerated as the certificates by default DO NOT contain the IP, only the hostname/FQDN as applicable.

If you chose to use the IP as the hostname, then you would also need to change the "hostname" of your server and that would cause certificates to be regenerated, then you would need to follow the online documentation on ITL/SBD and the proper timing to make sure your devices never lose trust with CUCM.

HTH

java

if this helps, please rate

zkraust · ‎09-07-2021

Hello Jamie, I have used some of your videos on youtube (self registration comes to mind) in the past, so thanks for all you do in sharing knowledge. Can you send the link to the documentation for ITL/SBD. IP address is used as the hostname in this cluster

Roger Kallberg · ‎09-07-2021

Security By Default (SBD) is well documented. If you do a little search for it with your favourite search engine you’ll find all you’ll need.

As you use IP address as the name of the servers in your cluster certificates isn’t even part of your setup, or at least not as something that is trusted automatically as they do not have information about the IPs in the SAN. My recommendation would be to do the change in two stages, first you set the server names to be the actual names you have set in DNS. This should hopefully match the information you have in the certificate SAN. After this is done reset all your devices and make sure they can register without issues. Secondly once your sure that your phones does not have any issues with this change you can proceed with the change of IP address on your servers.