Filter
Top Products
12-9
Cisco Unified IP Phone 8961, 9951, and 9971 Administration Guide for Cisco Unified Communications Manager 8.5 (SIP)
OL-20861-01
Chapter 12 Troubleshooting and Maintenance
Troubleshooting Cisco Unified IP Phone Security
Troubleshooting Cisco Unified IP Phone Security
Table 12-1 provides troubleshooting information for the security features on the Cisco Unified IP Phone.
For information relating to the solutions for any of these issues, and for additional troubleshooting
information about security, refer to Cisco Unified Communications Manager Security Guide.
Table 12-1 Cisco Unified IP Phone Security Troubleshooting
Problem Possible Cause
CTL File Problems
Device authentication error. CTL file does not have a Cisco Unified Communications Manager
certificate or has an incorrect certificate.
Phone cannot authenticate CTL file. The security token that signed the updated CTL file does not exist
in the CTL file on the phone.
Phone cannot authenticate any of the configuration
files other than the CTL file.
There is a bad TFTP record.
The configuration file may not be signed by the corresponding
certificate in the phone’s Trust List.
Phone cannot authenticate any of the configuration
files other than ITL file.
The configuration file may not be signed by the corresponding
certificate in the phone’s Trust List.
Phone reports TFTP authorization failure.
• The TFTP address for the phone does not exist in the CTL file.
• If you created a new CTL file with a new TFTP record, the
existing CTL file on the phone may not contain a record for the
new TFTP server.
Phone does not register with Cisco Unified
Communications Manager.
The CTL file does not contain the correct information for the Cisco
Unified Communications Manager server.
Phone does not request signed configuration files. The CTL file does not contain any TFTP entries with certificates.
802.1X Enabled on Phone but Not Authenticating
Phone cannot obtain a DHCP-assigned IP address. These errors typically indicate that 802.1X authentication is enabled
on the phone, but the phone is unable to authenticate.
1. Verify that you have properly configured the required
components (see the “Supporting 802.1X Authentication on
Cisco Unified IP Phones” section on page 1-22 for more
information).
2. Confirm that the shared secret is configured on the phone (see
the“802.1X Authentication and Transaction Status” section on
page 7-15 for more information).
–
If the shared secret is configured, verify that you have the
same shared secret entered on the authentication server.
–
If the shared secret is not configured, enter it, and ensure
that it matches the one on the authentication server.
Phone does not register with Cisco Unified
Communications Manager.
Phone status display as “Configuring IP” or
“Registering”.
802.1X Authentication Status displays as “Held” (see
the “802.1X Authentication and Transaction Status”
section on page 7-15 for more details).
Status menu displays 802.1X status as “Failed” (see
the “Status Menu” section on page 10-2 for more
details).