Cisco Systems 7940G Manual De Usuario
8-9
Cisco Unified IP Phone 7960G/7940G Administration Guide for Cisco Unified Communications Manager 7.0 (SCCP)
OL-15498-01
Chapter 8 Troubleshooting and Maintenance
Troubleshooting Cisco Unified IP Phone Security
Troubleshooting Cisco Unified IP Phone Security
provides troubleshooting information for the security features on the Cisco Unified IP Phone.
For information relating to the solutions for any of these issues, and for additional troubleshooting
information about security and encryption, refer to Cisco Unified Communications Manager Security
Guide.
information about security and encryption, refer to Cisco Unified Communications Manager Security
Guide.
Because third-party troubleshooting tools that sniff media and TCP packets do not work after you enable
encryption, you must use Cisco Unified Communications Manager Administration to perform the
following tasks if a problem occurs:
encryption, you must use Cisco Unified Communications Manager Administration to perform the
following tasks if a problem occurs:
•
Analyze TCP packets for SCCP messages that are exchanged between
Cisco Unified Communications Manager and the device
Cisco Unified Communications Manager and the device
•
Extract the media encryption key material from SCCP messages and decrypt the media between the
devices
devices
Table 8-1
Cisco Unified IP Phone Security Troubleshooting
Problem
Possible Cause
LSC fails on the phone.
CAPF configuration error.
Device authentication error.
CTL file does not have a Cisco Unified Communications Manager certificate or has an
incorrect certificate.
incorrect certificate.
Phone cannot authenticate CTL file. The security token that signed the updated CTL file does not exist in the CTL file on
the phone.
Phone cannot authenticate any of the
configuration files other than the
CTL file.
configuration files other than the
CTL file.
Bad TFTP record.
Phone reports TFTP authorization
failure.
failure.
•
The TFTP address for the phone does not exist in the CTL file.
•
If you created a new CTL file with a new TFTP record, the existing CTL file on the
phone may not contain a record for the new TFTP server.
phone may not contain a record for the new TFTP server.
Phone does not register with Cisco
Unified Communications Manager.
Unified Communications Manager.
The CTL file does not contain the correct information for the Cisco
Unified Communications Manager server.
Unified Communications Manager server.
Phone does not interact with the
correct CAPF server to obtain the
locally-significant certificate.
correct CAPF server to obtain the
locally-significant certificate.
•
The CAPF utility runs on a different workstation/server than is specified in the CTL
file.
file.
•
The CAPF certificate has changed since the last update of the CTL file.
Phone does not request signed
configuration files.
configuration files.
•
The CTL file does not contain any TFTP server entry.
•
The CTL file does not contain any TFTP entries with certificates