Information Technology Reference
In-Depth Information
As already mentioned, some Cisco IP phone models come with MICs, but it is recommended that these be replaced by LSCs. LSCs
can be issued either by the CAPF or via the CAPF from a separate CA. When LSCs are issued by a separate CA, the CAPF acts as a
proxy when Cisco IP phones enroll with that CA.
Figure 7-2
illustrates how a Cisco IP phone can enroll and obtain a certificate directly from the CAPF or via the CAPF from an
external CA.
FIguRE 7-2
Cisco IP Phone
Enrollment
Cisco IP Phone Enrolls and
Obtains Certificate Directly from CAPF
CAPF Proxies Certificate
Enrollment to External CA
External
CA
2
CAPF Proxies Enrollment
to External CA
CAPF
CAPF
Cert for
Phone
Cert for
Phone
Cert for
Phone
3
External CA
Issues Cert
2
1
4
1
CAPF Issues Cert
to Cisco IP Phone
Cisco IP
Phone Enrolls
CAPF Sends Cert
to Cisco IP Phone
Cisco IP
Phone Enrolls
Protecting Voice Media and Signaling Traffic
Cisco CUCM supports two security modes:
Mixed mode:
In this mode, there are secure calls between devices that are security enabled, and nonsecure calls between
devices when at least one of the devices is not security enabled.
■
Nonsecure mode:
In this mode, all calls are nonsecure (the default).
■
