Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Mixed Mode
- Thread starter mystaff
- Start date
If you don't know it's most likely not in secure mode.
It is quite involved and not something standard.
Do you have security profiles defined and assigned to phones?
Do the phones have authority certificates installed?
And finally when you establish a call do you get a secure indication tone?
You can make it mixed mode although I never understood the mixed mode purpose. You either encrypt or you don't.
Unless you are working for the defense dept or for a defense contractor why would you want to encrypt your voice?
It is quite involved and not something standard.
Do you have security profiles defined and assigned to phones?
Do the phones have authority certificates installed?
And finally when you establish a call do you get a secure indication tone?
You can make it mixed mode although I never understood the mixed mode purpose. You either encrypt or you don't.
Unless you are working for the defense dept or for a defense contractor why would you want to encrypt your voice?
- Thread starter
- #3
question 1 was already answered above but yes you can.
A security profile is what defines if the phone is non secure, requies authnentication or is encrypted.
As far as how I am not going to copy and paste what cisco already has very well documented.
Here is a doc to get you going:
You might want to look for the exact version of call manager you are running. This one is for 5.X but is should be close enough.
A couple of pointers. Not all devices support encryption. If you require encryption, make sure you encrypt your voice mail as well as your gateways along with SCCP and SIP devices (if supported). Also in a mixed mode environment, conversations between encrypted and non secure phones are not encrypted.
Let us know if you have specific questions.
A security profile is what defines if the phone is non secure, requies authnentication or is encrypted.
As far as how I am not going to copy and paste what cisco already has very well documented.
Here is a doc to get you going:
You might want to look for the exact version of call manager you are running. This one is for 5.X but is should be close enough.
A couple of pointers. Not all devices support encryption. If you require encryption, make sure you encrypt your voice mail as well as your gateways along with SCCP and SIP devices (if supported). Also in a mixed mode environment, conversations between encrypted and non secure phones are not encrypted.
Let us know if you have specific questions.
To switch your cluster to secure mode you need to use the CTL client plugin that runs on your windows machine. What needs to happen is turn on the CTL and the CAPF services, login as an admin via the client and connect to your cluster. Then you will need to have a hardware security keys you order from Cisco (a minimum of 2) and use them to sign your CTL file. Then select mixed mode cluster. You will then need to restart the call manager service on all servers and you are now running in mixed mode. Just follow the previous post tips to assign phones to a secure profile.
- Status
Similar threads
