Guest

Preview Tool

Cisco Bug: CSCuq33327 - Proxy TFTP configuration checklist - Additions

Last Modified

Jul 03, 2017

Products (13)

  • Cisco Unified Communications Manager (CallManager)
  • Cisco Intercompany Media Engine
  • Cisco Business Edition 5000 Version 8.6
  • Cisco Business Edition 5000 Version 9.1
  • Cisco Unity Connection Version 9.1
  • Cisco Business Edition 3000 Version 8.6
  • Cisco Business Edition 6000 Version 8.6
  • Cisco Unified Communications Manager Version 8.6
  • Cisco Unity Connection Version 8.6
  • Cisco Unified Communications Manager Version 10.0
View all products in Bug Search Tool Login Required

Known Affected Releases

10.0(1) 8.6(2) 9.1(2)

Description (partial)

Symptom:
- http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/rel_notes/8_6_2/delta/delta862.html#wp2230551

In the configuration checklist in the above link, we need to add the below.

a. Verify that full security mesh is established between home and proxy tftp clusters.
b. On home cluster: Keep the "Prepare Cluster for Rollback to pre 8.0" set to False. This makes sure that phone will have SBD enabled during normal operation.
c. On proxy tftp cluster: Set the "Prepare Cluster for Rollback to pre 8.0" to True. This disables SBD, causing the proxy tftp cluster to send an empty default ITL file to the phones.

?WARNING: By disabling SBD (Security By Default) on the proxy TFTP cluster, there is an opportunity for altering or establishing unauthorized trust on the phones. The unauthorized ITL file may result in compromising the integrity of the system. Phones depend on the information in the ITL (Initial Trust List) file to verify the integrity of provisioning data (configuration files) and authenticating servers for various services. The customer needs to determine if this risk is acceptable to them if this option is used.?

Conditions:
CUCM version 8.x, 9.x, 10.x
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.