Cisco Cisco IP Contact Center Release 4.6.1 Design Guide

The IP phone device configuration in Unified CM provides the ability to disable a number of phone 
features to harden the phones, such as disabling the phone's PC port or restricting access of a PC to the 
voice VLAN. Changing some of these settings can disable the monitoring/recording feature of the 
Unified CCE solution. The settings are defined as follows:

PC Voice VLAN Access

Indicates whether the phone will allow a device attached to the PC port to access the Voice 
VLAN. Disabling Voice VLAN Access will prevent the attached PC from sending and receiving 
data on the Voice VLAN. It will also prevent the PC from receiving data sent and received by 
the phone. Disabling this feature will disable desktop-based monitoring and recording.

Recommended setting: Enabled (default)

Span to PC Port

Indicates whether the phone will forward packets transmitted and received on the Phone Port to 
the PC Port. To use this feature, PC Voice VLAN access must be enabled. Disabling this feature 
will disable desktop-based monitoring and recording.

Recommend setting: Enabled

The following setting should be disabled to prevent man-in-the-middle (MITM) attacks unless the 
third-party monitoring and/or recording application deployed uses this mechanism for capturing of voice 
streams. The CTI OS silent monitoring feature and CAD silent monitoring and recording do not depend 
on Gratuitous ARP.

Gratuitous ARP

Indicates whether the phone will learn MAC addresses from Gratuitous ARP responses.

Recommended setting: Disabled