I am using CUCM 8.6 and would like to implement Secure Signalling for 6941 and CUPC endpoints.
The cluster is already live and requires to be made secure for signalling initially.
I am aware somewhat of the process involved.
We will be configuring signalling authenticaion initially and we have 6941's and CUPC client for users, 6941's have a MIC installed as default. I will be using Device Security Mode of Authenticated, the authentication mode will be based on MIC.
Is there anyway to bypass the use of CTL client and the request of a new CTL file and USB tokens?
I read contradictory information somewhere that the CTL files and token are not essential.
If there is no way to implement Device Security Mode of Authentication without CTL files and USB token then please advise as I wlll need to get the token ordered.
If you are not using CTL Files and therefore USB Keys, then with CUCM 8.0 or greater you can leverage Security by Default (SBD). However SBD does not provide the ability to authenticate or encrypt calls, it's primary purpose is to validate the configuration file of the phone as well as provide HTTPS based conttectivey to/from the device.
Myself and Akhil Behl (author of "Securing Cisco IP Telephony Networks") recently hosted a series of webinars that covers this topic in detail. I recommend you watch the following videos:
UnifiedFX Educational seminars on The Essentials of Endpoint Security & Compliance • Session 1: The Impact of Security by Default (Recording: http://goo.gl/2yJaKm) • Session 2: Understanding and Managing ITL & CTL Files (Recording: http://goo.gl/w05Dqh)
Are you getting this error “Installer User Interface Mode Not Supported. The installer cannot run in this UI mode. To specify the interface mode, use the -i command-line option, followed by the UI mode identifier. The value UI mode identifiers...
The below trick might come handy when you have to add a new node to a cluster but you don't have or is unsure of the security password for the publisher. This procedure has been around for ages.
1) Login into the CLI of the Publisher.