Note:
Because of POODLE vulnerability as defined in CVE-2014-3566, the 9600 Series IP
Deskphones do not support SSLv3.
If H.323 over TLS is enabled on the Communication Manager, the deskphone registers and opens
a H.323 signaling over TLS connection by using TCP port 1300. Mutual authentication is
supported and all registration and signaling packets are sent over TLS. The discovery messages
are sent over UDP. You can disable H.323 signaling over TLS from the CRAFT menu.
All 9600 Series IP Deskphones support HTTP authentication for backup and restore operations.
The non-volatile memory stores the authentication credentials and the realm. The non-volatile
memory is not overwritten if new phone software is downloaded. The default value of the
credentials and the realm are null, set at manufacture and at any other time that user-specific data
is removed from the phone or by the local administrative (Craft) CLEAR procedure.
A realm is the location of the user accounts. If you have set up a realm while installing the HTTP
server, the deskphone will prompt you to enter the realm address. For information about
configuring realm, see the instructions provided by your HTTP server vendor.
Note:
If you have not configured realm, you can enter * in the realm field, and proceed.
If an HTTP backup or restore operation requires authentication and the realm in the challenge
matches the stored realm, the stored credentials are used to respond to the challenge without
prompting the user. However, if the realms do not match, or if an authentication attempt using the
stored credentials fails, the user is then prompted to input new values for backup/restore
credentials.
If an HTTP authentication for a backup or restore operation is successful and if the user ID,
password, or realm used is different than the values currently stored in the phone, the new values
will replace the currently stored values.
You also have the following options to restrict or remove how the deskphone displays crucial
network information or uses the information. For more information on these options, see
Server
Administration on page 50.
• Support signaling channel encryption.
Note:
Signaling and audio are not encrypted when unnamed registration is effective.
• Restrict the response of the 9600 Series IP Deskphones to SNMP queries to only IP
addresses on a list you specify.
• Specify an SNMP community string for all SNMP messages the phone sends.
• Apply the security-related parameters, SNMP community string (SNMPSTRING), SNMP
Source IP addresses (SNMPADD), and Craft Access Code (PROCPSWD) that is
administered on the call server. Download the file with encrypted signaling in addition to
unencrypted HTTP or encrypted HTTPS.
Network requirements
March 2018 Administering Avaya 9608/9608G/9611G/9621G/9641G/9641GS IP Deskphones H.
323 36
Comments on this document? infodev@avaya.com
To Next Page
Loading...
