Filter
Top Products
9-9
Cisco Unified IP Phone Administration Guide for Cisco Unified Communications Manager 8.6 (SCCP and SIP)
OL-23091-01
Chapter 9 Troubleshooting and Maintenance
Troubleshooting Cisco Unified IP Phone Security
Troubleshooting Cisco Unified IP Phone Security
Table 9-1 provides troubleshooting information for the security features on the Cisco Unified IP Phone.
For information relating to the solutions for any of these issues, and for additional troubleshooting
information about security and encryption, see Cisco Unified Communications Manager Security Guide.
Ta b l e 9-1 Cisco Unified IP Phone Security Troubleshooting
Problem Possible Cause
Device authentication error. CTL file does not have a Cisco Unified Communications Manager certificate
or has an incorrect certificate.
Phone cannot authenticate CTL file. The security token that signed the updated CTL file does not exist in the CTL
file on the phone.
Phone cannot authenticate any of the
configuration files other than the ITL file.
The configuration file may not be signed by the corresponding certificate in the
phone’s Trust List.
Phone cannot authenticate any of the
configuration files other than the CTL file.
The configuration file may not be signed by the corresponding certificate in the
phone’s Trust List.
Phone does not register with Cisco Unified
Communications Manager.
The CTL file does not contain the correct information for the Cisco
Unified
Communications Manager server.
Phone does not request signed configuration
files.
The CTL file does not contain any TFTP entries with certificates.
802.1X Enabled on Phone but Not Authenticating
Phone cannot obtain a DHCP-assigned IP
address
These errors typically indicate that 802.1X is enabled on the phone, but the
phone is unable to authenticate.
1. Verify that you have properly configured the required components
Supporting 802.1X Authentication on Cisco Unified IP Phones, page 1-19.
2. Confirm that the shared secret is configured on the phone. See Security
Configuration Menu, page 4-32 for more information.
–
If the shared secret is configured, verify that you have the same shared
secret entered on the authentication server.
–
If the shared secret is not configured, enter it, and ensure that it
matches the shared secret on the authentication server.
Phone does not register with Cisco Unified
Communications Manager
Phone status display as Configuring IP or
Registering
802.1X Authentication Status displays as
Held (see
802.1X Authentication and
Status, page 4-44).
Status menu displays 802.1x status as Failed
(see
Call Statistics Screen, page 8-14).
802.1X Not Enabled
Phone cannot obtain a DHCP-assigned IP
address
These errors typically indicate that 802.1X is not enabled on the phone. To
enable it, see
Security Configuration Menu, page 4-32 for information on
enabling 802.1X on the phone.
Phone does not register with Cisco Unified
Communications Manager
Phone status display as Configuring IP or
Registering
802.1X Authentication Status displays as
Disabled (see
802.1X Authentication and
Status, page 4-44).
Status menu displays DHCP status as timing
out (see
Call Statistics Screen, page 8-14).