We have a requirement to have CUCM challenge for authentication when it receives an invite from a SIP 3rd Party Device. Apparently, this functionality is available on other PBXs. How do we configure it on CUCM?
This is that rare situation where I have to disagree with Chris. CUCM supports DIGEST Authentication - as the challenging party - on both the line and trunk side. It does not support replying to a DIGEST challenge though; for that you do need CUBE. This behavior is driven by the Security Profile assigned to the device/trunk. You can actually see an example of this in the Unity Connection Configuration guide where "with authentication" is one of the choose-your-own-adventure paths you can take.
Based on the phrase "3rd Party Device" (i.e. not trunk), I'm guessing you mean a phone/endpoint here. Copy the default security profile for 3rd party basic/advanced, require authentication, create an end user and set the DIGEST Password on it, then set that as the DIGEST User on the device.
Just be advised that the password is only protected by an MD5 hash within the SIP traffic so it's not secure from man-in-the-middle attacks unless you layer TLS on top of it.
You have reached the Cisco Logistics Support Center.. To Check Status of
your RMA, visit Product Returns & Replacements (RMA). Need help? Contact
us by Phone or Email. North Americas Phone: 1800 553 2447 Option 4
Email: firstname.lastname@example.org Europe Phone: +3...
The short answer is that you don't.... That isn't entirely true while at
the same time it kind of is, but for the most part you don't configure
the softkeys. You enable or disable them via TCL. Here is the long
answer. Be sure to read the whole thing or e...
Topology: IP Phone > Switches > Microsoft NPS setup to forward 802.1x
proxy to > ISE 2.1 patch 3 Authentication: EAP-TLS using Cisco MIC SANs
Phone Models 802.1X support? 802.1x flavor Addtl Comment EAP-MD5 EAP-TLS
Cisco 3905 Y Y N Cisco 6911 Y Y N Cisco ...