9-9
Cisco Unified IP Phone 7931G Administration Guide for Cisco Unified Communications Manager 8.0 (SCCP and SIP)
OL-20798-01
Chapter 9 Troubleshooting and Maintenance
Troubleshooting Cisco Unified IP Phone Security
Phone cannot authenticate any of the configuration files
other than the CTL file.
The configuration file may not be signed by the corresponding
certificate in the phone’s Trust List.
Phone does not register with
Cisco Unified Communications Manager.
The CTL file does not contain the correct information for the
Cisco Unified Communications Manager server.
Phone does not request signed configuration files. The CTL file does not contain any TFTP entries with certificates.
802.1X Enabled on Phone but Not Authenticating
Phone cannot obtain a DHCP-assigned IP address. These errors typically indicate that 802.1X authentication is
enabled on the phone, but the phone is unable to authenticate.
1. Verify that you have properly configured the required
components. (For more information, see Supporting 802.1X
Authentication on Cisco Unified IP Phones, page 1-18.)
2. Confirm that the shared secret is configured on the phone.
(For more information, see 802.1X Authentication and
Status, page 4-40.)
–
If the shared secret is configured, verify that you have the
same shared secret entered on the authentication server.
–
If the shared secret is not configured, enter it, and ensure
that it matches the one on the authentication server.
Phone does not register with
Cisco Unified Communications Manager.
Phone status display as “Configuring IP” or
“Registering”.
802.1X Authentication Status displays as “Held” (For
details, see 802.1X Authentication and Status,
page 4-40.)
Status menu displays 802.1X status as “Failed” (For
details, see Status Menu, page 7-2.)
802.1X Not Enabled
Phone cannot obtain a DHCP-assigned IP address These errors typically indicate that 802.1X authentication is not
enabled on the phone. To enable it, see 802.1X Authentication
and Status, page 4-40.
Phone does not register with
Cisco Unified Communications Manager
Phone status display as “Configuring IP” or “Registering”
802.1X Authentication Status displays as “Disabled”
Status menu displays DHCP status as timing out
Factory Reset Deleted 802.1X Shared Secret
Phone cannot obtain a DHCP-assigned IP address These errors typically indicate that the phone has completed a
factory reset while 802.1X was enabled. (See Performing a
Factory Reset, page 9-13.) A factory reset deletes the shared
secret, which is required for 802.1X authentication and network
access. To resolve this, you have two options:
• Temporarily disable 802.1X authentication on the switch.
• Temporarily move the phone to a network environment that
is not using 802.1X authentication.
Once the phone starts up normally in one of these conditions, you
can access the 802.1X configuration menus and re-enter the
shared secret. (See 802.1X Authentication and Status,
page 4-40.)
Phone does not register with
Cisco Unified Communications Manager
Phone status display as “Configuring IP” or “Registering”
Cannot access phone menus to verify 802.1X status
Table 9-1 Cisco Unified IP Phone Security Troubleshooting (continued)
Problem Possible Cause
To Next Page
Loading...
